| Server IP : 103.4.122.14 / Your IP : 216.73.216.103 Web Server : Apache/2.4.62 (Unix) OpenSSL/1.0.2k-fips System : Linux cwp2.slnet.com.au 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 User : statewid ( 1251) PHP Version : 8.3.31 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/local/apache/domlogs/ |
Upload File : |
[Mon Nov 10 21:24:25.104575 2025] [:error] [pid 31136:tid 31154] [client 37.111.157.42:23344] [client 37.111.157.42] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 37.111.157.42, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRHniftvd8w_jsstCaigRgAAAM0"]
[Mon Nov 10 21:24:25.109607 2025] [:error] [pid 31136:tid 31154] [client 37.111.157.42:23344] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Mon Nov 10 21:24:25.110114 2025] [:error] [pid 31029:tid 31051] [client 37.111.157.42:23346] [client 37.111.157.42] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 37.111.157.42, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRHniQaWYU_3FzBvTGj4qQAAAAI"]
[Mon Nov 10 21:24:25.114704 2025] [:error] [pid 31029:tid 31051] [client 37.111.157.42:23346] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Tue Nov 11 03:52:12.210571 2025] [:error] [pid 43523:tid 43530] [client 194.5.82.117:37521] File does not exist: /usr/local/apache/htdocs/suspended-page/makeasmtp.php
[Tue Nov 11 08:19:57.776624 2025] [:error] [pid 19559:tid 19583] [client 203.2.64.59:47535] [client 203.2.64.59] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRKBLU2A7XQJ15MEH8CiwQAAAhQ"]
[Tue Nov 11 11:31:22.196963 2025] [:error] [pid 53449:tid 53470] [client 170.106.37.134:53722] [client 170.106.37.134] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRKuCtpz08j5NoUSzp_eiAAAAVA"]
[Tue Nov 11 14:37:26.528445 2025] [:error] [pid 53449:tid 53462] [client 49.7.227.204:59004] [client 49.7.227.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRLZptpz08j5NoUSzp8o3gAAAUg"]
[Tue Nov 11 18:48:19.604217 2025] [:error] [pid 43205:tid 43215] [client 43.157.170.126:54882] [client 43.157.170.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRMUc748SbhIkX6TjwN4bgAAAQc"]
[Tue Nov 11 23:24:39.177262 2025] [:error] [pid 49628:tid 49631] [client 43.153.102.138:40634] [client 43.153.102.138] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRNVN782AgnfnwL7V2ZYrwAAAIE"]
[Wed Nov 12 02:17:07.554783 2025] [:error] [pid 40745:tid 40767] [client 43.133.187.11:41928] [client 43.133.187.11] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRN9o8dgIR-a_T0XcdAbPwAAABE"]
[Wed Nov 12 02:46:50.456181 2025] [:error] [pid 54518:tid 54522] [client 209.38.17.94:37036] [client 209.38.17.94] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aROEmqZo3QGSqi1oDHlP8QAAAQI"]
[Wed Nov 12 02:46:50.523056 2025] [:error] [pid 54518:tid 54523] [client 209.38.17.94:43066] [client 209.38.17.94] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aROEmqZo3QGSqi1oDHlP8gAAAQM"]
[Wed Nov 12 03:37:17.916977 2025] [:error] [pid 5539:tid 5572] [client 175.6.217.4:38272] [client 175.6.217.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aROQbbpvPPcBzWUzARpoKwAAANQ"]
[Wed Nov 12 04:14:03.001732 2025] [:error] [pid 57312:tid 57319] [client 37.140.223.239:25463] [client 37.140.223.239] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 37.140.223.239, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aROZC40cuHgB17JK5qWYhAAAAMI"]
[Wed Nov 12 04:14:03.005438 2025] [:error] [pid 57312:tid 57319] [client 37.140.223.239:25463] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php
[Wed Nov 12 05:38:32.590207 2025] [:error] [pid 57224:tid 57288] [client 37.140.223.244:63965] [client 37.140.223.244] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 37.140.223.244, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aROs2Bs7oZ7imwCSdAkDBgAAAIQ"]
[Wed Nov 12 05:38:32.594174 2025] [:error] [pid 57224:tid 57288] [client 37.140.223.244:63965] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php
[Wed Nov 12 06:17:42.692136 2025] [:error] [pid 32959:tid 32971] [client 45.148.10.249:46654] [client 45.148.10.249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.env.dev"] [unique_id "aRO2Bnoyrq7OJfcFnDjamwAAAQg"]
[Wed Nov 12 07:08:21.513463 2025] [:error] [pid 57223:tid 57270] [client 194.61.40.157:50967] [client 194.61.40.157] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/advanced-product-fields-for-woocommerce/db.php"] [unique_id "aRPB5RUU8_2aS__aG8Zk1gAAAE0"]
[Wed Nov 12 07:08:21.901964 2025] [:error] [pid 32959:tid 32969] [client 194.61.40.115:50113] [client 194.61.40.115] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/so-pinyin-slugs/inc/main_json.php"] [unique_id "aRPB5Xoyrq7OJfcFnDj74QAAAQY"]
[Wed Nov 12 07:08:22.120094 2025] [:error] [pid 32959:tid 32979] [client 194.61.40.117:61891] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/theme-check/main.php"] [unique_id "aRPB5noyrq7OJfcFnDj74gAAARA"]
[Wed Nov 12 07:08:22.417214 2025] [:error] [pid 32959:tid 32976] [client 194.61.40.152:48577] [client 194.61.40.152] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/network/index.php"] [unique_id "aRPB5noyrq7OJfcFnDj75AAAAQ0"]
[Wed Nov 12 07:08:22.820700 2025] [:error] [pid 57312:tid 57317] [client 194.61.40.150:23581] [client 194.61.40.150] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/covr-wpcom/assets/fonts/manrope_normal.php"] [unique_id "aRPB5o0cuHgB17JK5qXm8gAAAMA"]
[Wed Nov 12 07:08:23.405931 2025] [:error] [pid 57312:tid 57329] [client 194.61.40.126:57223] [client 194.61.40.126] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/222.php"] [unique_id "aRPB540cuHgB17JK5qXm9QAAAMw"]
[Wed Nov 12 07:08:24.117125 2025] [:error] [pid 57223:tid 57278] [client 194.61.40.147:30855] [client 194.61.40.147] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/wp-parsidate/includes/admin/acf-fields-adyrui.php"] [unique_id "aRPB6BUU8_2aS__aG8Zk2QAAAFU"]
[Wed Nov 12 07:08:24.612591 2025] [:error] [pid 57224:tid 57302] [client 194.61.40.117:23367] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/aback.php"] [unique_id "aRPB6Bs7oZ7imwCSdAklUQAAAJI"]
[Wed Nov 12 07:08:24.911482 2025] [:error] [pid 57312:tid 57324] [client 194.61.40.139:44715] [client 194.61.40.139] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/new.php"] [unique_id "aRPB6I0cuHgB17JK5qXm-AAAAMc"]
[Wed Nov 12 07:08:25.315371 2025] [:error] [pid 32959:tid 32969] [client 194.61.40.129:50779] [client 194.61.40.129] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/ad.php"] [unique_id "aRPB6Xoyrq7OJfcFnDj76QAAAQY"]
[Wed Nov 12 07:08:25.714161 2025] [:error] [pid 32959:tid 32966] [client 194.61.40.152:60051] [client 194.61.40.152] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/moderation.php"] [unique_id "aRPB6Xoyrq7OJfcFnDj76gAAAQM"]
[Wed Nov 12 07:08:26.203869 2025] [:error] [pid 57223:tid 57277] [client 194.61.40.141:59101] [client 194.61.40.141] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/classwithtostring.php"] [unique_id "aRPB6hUU8_2aS__aG8Zk3AAAAFQ"]
[Wed Nov 12 07:08:26.803993 2025] [:error] [pid 57312:tid 57326] [client 194.61.40.111:46541] [client 194.61.40.111] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/themes.php"] [unique_id "aRPB6o0cuHgB17JK5qXm-gAAAMk"]
[Wed Nov 12 07:08:27.507066 2025] [:error] [pid 57223:tid 57268] [client 194.61.40.130:64495] [client 194.61.40.130] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/jindex.php"] [unique_id "aRPB6xUU8_2aS__aG8Zk4AAAAEs"]
[Wed Nov 12 07:08:28.806985 2025] [:error] [pid 32959:tid 32963] [client 194.61.40.126:39683] [client 194.61.40.126] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wso.php"] [unique_id "aRPB7Hoyrq7OJfcFnDj77AAAAQA"]
[Wed Nov 12 07:08:29.498424 2025] [:error] [pid 57312:tid 57322] [client 194.61.40.124:63045] [client 194.61.40.124] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/erinyani/default.php"] [unique_id "aRPB7Y0cuHgB17JK5qXm_wAAAMU"]
[Wed Nov 12 07:08:29.894445 2025] [:error] [pid 57312:tid 57324] [client 194.61.40.159:60971] [client 194.61.40.159] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/leaf.php"] [unique_id "aRPB7Y0cuHgB17JK5qXnAAAAAMc"]
[Wed Nov 12 07:08:30.416914 2025] [:error] [pid 57222:tid 57251] [client 194.61.40.136:44579] [client 194.61.40.136] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/mainhosting/default.php"] [unique_id "aRPB7mGJazH5XCcA91dKoAAAABg"]
[Wed Nov 12 07:08:31.607083 2025] [:error] [pid 57224:tid 57291] [client 194.61.40.136:46387] [client 194.61.40.136] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/about.php"] [unique_id "aRPB7xs7oZ7imwCSdAklXAAAAIc"]
[Wed Nov 12 07:08:32.810668 2025] [:error] [pid 57222:tid 57249] [client 194.61.40.137:41159] [client 194.61.40.137] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/inc.php"] [unique_id "aRPB8GGJazH5XCcA91dKowAAABY"]
[Wed Nov 12 07:08:33.601941 2025] [:error] [pid 57224:tid 57287] [client 194.61.40.132:45285] [client 194.61.40.132] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/system_log.php"] [unique_id "aRPB8Rs7oZ7imwCSdAklXQAAAIM"]
[Wed Nov 12 07:08:34.407821 2025] [:error] [pid 57223:tid 57258] [client 194.61.40.132:57439] [client 194.61.40.132] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/gg.php"] [unique_id "aRPB8hUU8_2aS__aG8Zk6gAAAEE"]
[Wed Nov 12 07:08:35.105018 2025] [:error] [pid 32959:tid 32977] [client 194.61.40.132:22153] [client 194.61.40.132] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/sim.php"] [unique_id "aRPB83oyrq7OJfcFnDj79QAAAQ4"]
[Wed Nov 12 07:08:35.518601 2025] [:error] [pid 57312:tid 57339] [client 194.61.40.130:24521] [client 194.61.40.130] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/admin/function.php"] [unique_id "aRPB840cuHgB17JK5qXnDAAAANY"]
[Wed Nov 12 07:08:35.815628 2025] [:error] [pid 32959:tid 32972] [client 194.61.40.125:57531] [client 194.61.40.125] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/core.php"] [unique_id "aRPB83oyrq7OJfcFnDj7-AAAAQk"]
[Wed Nov 12 07:08:36.492720 2025] [:error] [pid 57223:tid 57279] [client 194.61.40.131:26055] [client 194.61.40.131] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/mail.php"] [unique_id "aRPB9BUU8_2aS__aG8Zk7QAAAFY"]
[Wed Nov 12 07:08:37.219353 2025] [:error] [pid 57223:tid 57267] [client 194.61.40.128:56063] [client 194.61.40.128] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/about.php"] [unique_id "aRPB9RUU8_2aS__aG8Zk7gAAAEo"]
[Wed Nov 12 07:08:38.010941 2025] [:error] [pid 57312:tid 57336] [client 194.61.40.122:52723] [client 194.61.40.122] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/xml.php"] [unique_id "aRPB9o0cuHgB17JK5qXnEAAAANM"]
[Wed Nov 12 07:08:38.905721 2025] [:error] [pid 57224:tid 57297] [client 194.61.40.165:61309] [client 194.61.40.165] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/css.php"] [unique_id "aRPB9hs7oZ7imwCSdAklYQAAAI0"]
[Wed Nov 12 07:08:40.018293 2025] [:error] [pid 57312:tid 57321] [client 194.61.40.136:54503] [client 194.61.40.136] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/images/class-config.php"] [unique_id "aRPB-I0cuHgB17JK5qXnFAAAAMQ"]
[Wed Nov 12 07:08:40.800244 2025] [:error] [pid 57222:tid 57241] [client 194.61.40.112:46849] [client 194.61.40.112] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/g.php"] [unique_id "aRPB-GGJazH5XCcA91dKqQAAAA4"]
[Wed Nov 12 07:08:41.008718 2025] [:error] [pid 57224:tid 57285] [client 194.61.40.136:46545] [client 194.61.40.136] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-mail.php"] [unique_id "aRPB-Rs7oZ7imwCSdAklZQAAAIE"]
[Wed Nov 12 07:08:42.303814 2025] [:error] [pid 57223:tid 57257] [client 194.61.40.118:28461] [client 194.61.40.118] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/default.php"] [unique_id "aRPB-hUU8_2aS__aG8Zk8gAAAEA"]
[Wed Nov 12 07:08:43.116623 2025] [:error] [pid 57224:tid 57293] [client 194.61.40.115:53315] [client 194.61.40.115] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/back.php"] [unique_id "aRPB-xs7oZ7imwCSdAklaAAAAIk"]
[Wed Nov 12 07:08:44.804528 2025] [:error] [pid 57222:tid 57239] [client 194.61.40.163:57397] [client 194.61.40.163] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/wp-conflg.php"] [unique_id "aRPB_GGJazH5XCcA91dKqgAAAAw"]
[Wed Nov 12 07:08:45.704936 2025] [:error] [pid 32959:tid 32963] [client 194.61.40.117:62273] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/content.php"] [unique_id "aRPB_Xoyrq7OJfcFnDj8BwAAAQA"]
[Wed Nov 12 07:08:46.806918 2025] [:error] [pid 57312:tid 57340] [client 194.61.40.148:31325] [client 194.61.40.148] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/leafmailer2.8.php"] [unique_id "aRPB_o0cuHgB17JK5qXnHwAAANc"]
[Wed Nov 12 07:08:47.518594 2025] [:error] [pid 57224:tid 57302] [client 194.61.40.140:36727] [client 194.61.40.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/modules/mod_simplefileuploadv1.3/elements/filemanager.php"] [unique_id "aRPB_xs7oZ7imwCSdAklagAAAJI"]
[Wed Nov 12 07:08:47.713438 2025] [:error] [pid 57224:tid 57284] [client 194.61.40.120:51113] [client 194.61.40.120] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/modules/mod_simplefileuploadv1.3/elements/up.php"] [unique_id "aRPB_xs7oZ7imwCSdAklawAAAIA"]
[Wed Nov 12 07:08:49.321198 2025] [:error] [pid 57312:tid 57324] [client 194.61.40.165:62969] [client 194.61.40.165] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wsa.php"] [unique_id "aRPCAY0cuHgB17JK5qXnIAAAAMc"]
[Wed Nov 12 07:08:51.817675 2025] [:error] [pid 57224:tid 57289] [client 194.61.40.161:59081] [client 194.61.40.161] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/f35.php"] [unique_id "aRPCAxs7oZ7imwCSdAklcQAAAIU"]
[Wed Nov 12 07:08:52.697436 2025] [:error] [pid 57312:tid 57322] [client 194.61.40.144:39963] [client 194.61.40.144] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-l0gin.php"] [unique_id "aRPCBI0cuHgB17JK5qXnKAAAAMU"]
[Wed Nov 12 07:08:53.512747 2025] [:error] [pid 32959:tid 32976] [client 194.61.40.113:59927] [client 194.61.40.113] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/uploads/index.php"] [unique_id "aRPCBXoyrq7OJfcFnDj8IgAAAQ0"]
[Wed Nov 12 07:08:54.122589 2025] [:error] [pid 32959:tid 32985] [client 194.61.40.153:60887] [client 194.61.40.153] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/twentyfifteen/shell3.php"] [unique_id "aRPCBnoyrq7OJfcFnDj8IwAAARY"]
[Wed Nov 12 07:08:54.812992 2025] [:error] [pid 32959:tid 32978] [client 194.61.40.140:62181] [client 194.61.40.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/azusa/inc/wp-host.php"] [unique_id "aRPCBnoyrq7OJfcFnDj8JQAAAQ8"]
[Wed Nov 12 07:08:55.503612 2025] [:error] [pid 32959:tid 32971] [client 194.61.40.158:32695] [client 194.61.40.158] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/better-wp-security/vendor-prod/composer/autoload.php"] [unique_id "aRPCB3oyrq7OJfcFnDj8KQAAAQg"]
[Wed Nov 12 07:08:56.093173 2025] [:error] [pid 57312:tid 57341] [client 194.61.40.113:22503] [client 194.61.40.113] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/woocommerce-to-wechatapp/vendor/overtrue/wechat/src/OpenPlatform/Authorizer/MiniProgram/Domain/Current.php"] [unique_id "aRPCCI0cuHgB17JK5qXnNQAAANg"]
[Wed Nov 12 07:08:56.718045 2025] [:error] [pid 57222:tid 57239] [client 194.61.40.130:60737] [client 194.61.40.130] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/an.php"] [unique_id "aRPCCGGJazH5XCcA91dKtgAAAAw"]
[Wed Nov 12 07:08:58.118647 2025] [:error] [pid 57223:tid 57266] [client 194.61.40.115:64049] [client 194.61.40.115] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/languages/ga.php"] [unique_id "aRPCChUU8_2aS__aG8ZlFAAAAEk"]
[Wed Nov 12 07:08:59.009190 2025] [:error] [pid 32959:tid 32970] [client 194.61.40.133:56345] [client 194.61.40.133] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/post-author-name/index.php"] [unique_id "aRPCC3oyrq7OJfcFnDj8MQAAAQc"]
[Wed Nov 12 07:08:59.625154 2025] [:error] [pid 32959:tid 32978] [client 194.61.40.140:61827] [client 194.61.40.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/theme-check/main.php"] [unique_id "aRPCC3oyrq7OJfcFnDj8NQAAAQ8"]
[Wed Nov 12 07:09:00.620242 2025] [:error] [pid 32959:tid 32973] [client 194.61.40.124:30871] [client 194.61.40.124] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/list/144.php"] [unique_id "aRPCDHoyrq7OJfcFnDj8OgAAAQo"]
[Wed Nov 12 07:09:01.517845 2025] [:error] [pid 57312:tid 57329] [client 194.61.40.113:57349] [client 194.61.40.113] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/mach.php"] [unique_id "aRPCDY0cuHgB17JK5qXnZQAAAMw"]
[Wed Nov 12 07:09:02.205601 2025] [:error] [pid 57224:tid 57301] [client 194.61.40.120:32053] [client 194.61.40.120] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/images/wp-conflg.php"] [unique_id "aRPCDhs7oZ7imwCSdAklnQAAAJE"]
[Wed Nov 12 07:09:03.206675 2025] [:error] [pid 57312:tid 57320] [client 194.61.40.130:33475] [client 194.61.40.130] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/advanced-llms-txt-generator/assets/css/css_json.php"] [unique_id "aRPCD40cuHgB17JK5qXnawAAAMM"]
[Wed Nov 12 07:09:03.715837 2025] [:error] [pid 32959:tid 32978] [client 194.61.40.126:62695] [client 194.61.40.126] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/kontol/kiw.php"] [unique_id "aRPCD3oyrq7OJfcFnDj8RwAAAQ8"]
[Wed Nov 12 07:09:04.116937 2025] [:error] [pid 32959:tid 32971] [client 194.61.40.152:29749] [client 194.61.40.152] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/theme-check/theme-check.php"] [unique_id "aRPCEHoyrq7OJfcFnDj8TQAAAQg"]
[Wed Nov 12 07:09:06.623926 2025] [:error] [pid 57224:tid 57303] [client 194.61.40.148:56919] [client 194.61.40.148] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/js_composer/include/templates/shortcodes/lock.php"] [unique_id "aRPCEhs7oZ7imwCSdAklowAAAJM"]
[Wed Nov 12 07:09:07.417627 2025] [:error] [pid 57224:tid 57287] [client 194.61.40.138:25745] [client 194.61.40.138] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/autoload_classmap.php"] [unique_id "aRPCExs7oZ7imwCSdAklpQAAAIM"]
[Wed Nov 12 07:09:07.906394 2025] [:error] [pid 57222:tid 57236] [client 194.61.40.163:24621] [client 194.61.40.163] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/chosen.php"] [unique_id "aRPCE2GJazH5XCcA91dKvwAAAAk"]
[Wed Nov 12 07:09:08.692207 2025] [:error] [pid 57312:tid 57334] [client 194.61.40.150:57067] [client 194.61.40.150] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/wp-conflg.php"] [unique_id "aRPCFI0cuHgB17JK5qXndgAAANE"]
[Wed Nov 12 07:09:09.710526 2025] [:error] [pid 57224:tid 57291] [client 194.61.40.130:44003] [client 194.61.40.130] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/pwnd/cloud.php"] [unique_id "aRPCFRs7oZ7imwCSdAklpwAAAIc"]
[Wed Nov 12 07:09:10.323476 2025] [:error] [pid 57223:tid 57263] [client 194.61.40.133:54235] [client 194.61.40.133] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/wp-content.php"] [unique_id "aRPCFhUU8_2aS__aG8ZlJQAAAEY"]
[Wed Nov 12 07:09:10.913229 2025] [:error] [pid 57223:tid 57271] [client 194.61.40.144:64637] [client 194.61.40.144] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-post-data.php"] [unique_id "aRPCFhUU8_2aS__aG8ZlJgAAAE4"]
[Wed Nov 12 07:09:11.817113 2025] [:error] [pid 57224:tid 57296] [client 194.61.40.149:20863] [client 194.61.40.149] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/autoload_classmap.php"] [unique_id "aRPCFxs7oZ7imwCSdAklqQAAAIw"]
[Wed Nov 12 07:09:12.716229 2025] [:error] [pid 57222:tid 57227] [client 194.61.40.152:27491] [client 194.61.40.152] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/m.php"] [unique_id "aRPCGGGJazH5XCcA91dKywAAAAA"]
[Wed Nov 12 07:09:13.503443 2025] [:error] [pid 32959:tid 32986] [client 194.61.40.154:65325] [client 194.61.40.154] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/colors/coffee/colors_26.php"] [unique_id "aRPCGXoyrq7OJfcFnDj8YgAAARc"]
[Wed Nov 12 07:09:14.017912 2025] [:error] [pid 32959:tid 32974] [client 194.61.40.154:22913] [client 194.61.40.154] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/"] [unique_id "aRPCGnoyrq7OJfcFnDj8ZAAAAQs"]
[Wed Nov 12 07:09:14.507879 2025] [:error] [pid 57312:tid 57338] [client 194.61.40.117:46599] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-backing.php"] [unique_id "aRPCGo0cuHgB17JK5qXnhAAAANU"]
[Wed Nov 12 07:09:15.114940 2025] [:error] [pid 57223:tid 57270] [client 194.61.40.149:37039] [client 194.61.40.149] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/pwnd/wp-backing.php"] [unique_id "aRPCGxUU8_2aS__aG8ZlKgAAAE0"]
[Wed Nov 12 07:09:15.622218 2025] [:error] [pid 57223:tid 57261] [client 194.61.40.110:27991] [client 194.61.40.110] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/covr-wpcom/assets/fonts/manrope.php"] [unique_id "aRPCGxUU8_2aS__aG8ZlKwAAAEQ"]
[Wed Nov 12 07:09:16.217567 2025] [:error] [pid 57312:tid 57332] [client 194.61.40.111:53209] [client 194.61.40.111] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/colors/blue/acxx.php"] [unique_id "aRPCHI0cuHgB17JK5qXnhgAAAM8"]
[Wed Nov 12 07:09:16.999090 2025] [:error] [pid 32959:tid 32978] [client 194.61.40.158:48227] [client 194.61.40.158] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/colors/modern/about.php"] [unique_id "aRPCHHoyrq7OJfcFnDj8agAAAQ8"]
[Wed Nov 12 07:09:17.611891 2025] [:error] [pid 32959:tid 32976] [client 194.61.40.136:20649] [client 194.61.40.136] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/includes/class-ftp.php"] [unique_id "aRPCHXoyrq7OJfcFnDj8bgAAAQ0"]
[Wed Nov 12 07:09:18.103046 2025] [:error] [pid 57312:tid 57334] [client 194.61.40.115:33379] [client 194.61.40.115] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/languages/about.php"] [unique_id "aRPCHo0cuHgB17JK5qXnjAAAANE"]
[Wed Nov 12 07:09:20.514139 2025] [:error] [pid 57312:tid 57319] [client 194.61.40.118:23287] [client 194.61.40.118] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/akismet/_inc/img/about.php"] [unique_id "aRPCII0cuHgB17JK5qXnkAAAAMI"]
[Wed Nov 12 07:09:21.991726 2025] [:error] [pid 57222:tid 57230] [client 194.61.40.132:27035] [client 194.61.40.132] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/call-now-button/src/about.php"] [unique_id "aRPCIWGJazH5XCcA91dK0QAAAAM"]
[Wed Nov 12 07:09:22.701641 2025] [:error] [pid 57222:tid 57237] [client 194.61.40.162:62333] [client 194.61.40.162] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/wordpress-seo/about.php"] [unique_id "aRPCImGJazH5XCcA91dK0gAAAAo"]
[Wed Nov 12 07:09:23.216292 2025] [:error] [pid 57223:tid 57263] [client 194.61.40.153:43773] [client 194.61.40.153] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/wordpress-seo/admin/pages/about.php"] [unique_id "aRPCIxUU8_2aS__aG8ZlMwAAAEY"]
[Wed Nov 12 07:09:24.001724 2025] [:error] [pid 57223:tid 57273] [client 194.61.40.122:43993] [client 194.61.40.122] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/wp-mail-smtp/assets/about.php"] [unique_id "aRPCJBUU8_2aS__aG8ZlNAAAAFA"]
[Wed Nov 12 07:09:25.013299 2025] [:error] [pid 32959:tid 32980] [client 194.61.40.126:31733] [client 194.61.40.126] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/wp-optimize/vendor/mrclay/minify/static/about.php"] [unique_id "aRPCJXoyrq7OJfcFnDj8dwAAARE"]
[Wed Nov 12 07:09:26.016437 2025] [:error] [pid 57312:tid 57338] [client 194.61.40.123:23359] [client 194.61.40.123] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/wp-smushit/_src/js/common/about.php"] [unique_id "aRPCJo0cuHgB17JK5qXnmQAAANU"]
[Wed Nov 12 07:09:26.713036 2025] [:error] [pid 57223:tid 57272] [client 194.61.40.136:39917] [client 194.61.40.136] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/wp-smushit/core/modules/background/about.php"] [unique_id "aRPCJhUU8_2aS__aG8ZlNQAAAE8"]
[Wed Nov 12 07:09:27.104967 2025] [:error] [pid 57224:tid 57305] [client 194.61.40.118:28727] [client 194.61.40.118] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/astra/about.php"] [unique_id "aRPCJxs7oZ7imwCSdAkltgAAAJU"]
[Wed Nov 12 07:09:27.507449 2025] [:error] [pid 57312:tid 57322] [client 194.61.40.125:40553] [client 194.61.40.125] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/astra/inc/blog/about.php"] [unique_id "aRPCJ40cuHgB17JK5qXnnAAAAMU"]
[Wed Nov 12 07:09:27.915524 2025] [:error] [pid 32959:tid 32982] [client 194.61.40.113:61397] [client 194.61.40.113] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/astra/template-parts/advanced-footer/about.php"] [unique_id "aRPCJ3oyrq7OJfcFnDj8gwAAARM"]
[Wed Nov 12 07:09:28.316171 2025] [:error] [pid 57222:tid 57243] [client 194.61.40.118:58545] [client 194.61.40.118] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/astra/wp-login.php"] [unique_id "aRPCKGGJazH5XCcA91dK2AAAABA"]
[Wed Nov 12 07:09:28.897789 2025] [:error] [pid 32959:tid 32970] [client 194.61.40.152:27617] [client 194.61.40.152] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/paradox/option-tree/assets/js/vendor/jquery/about.php"] [unique_id "aRPCKHoyrq7OJfcFnDj8iAAAAQc"]
[Wed Nov 12 07:09:29.402622 2025] [:error] [pid 57312:tid 57329] [client 194.61.40.129:34047] [client 194.61.40.129] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/twentytwentyfive/assets/fonts/roboto-slab/about.php"] [unique_id "aRPCKY0cuHgB17JK5qXnpAAAAMw"]
[Wed Nov 12 07:09:29.615828 2025] [:error] [pid 57312:tid 57336] [client 194.61.40.144:27061] [client 194.61.40.144] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/wpseo-import/about.php"] [unique_id "aRPCKY0cuHgB17JK5qXnpgAAANM"]
[Wed Nov 12 07:09:30.297628 2025] [:error] [pid 57222:tid 57227] [client 194.61.40.139:65461] [client 194.61.40.139] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/src/Cookie/about.php"] [unique_id "aRPCKmGJazH5XCcA91dK3QAAAAA"]
[Wed Nov 12 07:09:30.905131 2025] [:error] [pid 32959:tid 32966] [client 194.61.40.110:47281] [client 194.61.40.110] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/src/Proxy/about.php"] [unique_id "aRPCKnoyrq7OJfcFnDj8nAAAAQM"]
[Wed Nov 12 07:09:31.319434 2025] [:error] [pid 57312:tid 57325] [client 194.61.40.161:55571] [client 194.61.40.161] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/src/Utility/about.php"] [unique_id "aRPCK40cuHgB17JK5qXnrwAAAMg"]
[Wed Nov 12 07:09:31.715903 2025] [:error] [pid 32959:tid 32980] [client 194.61.40.141:38647] [client 194.61.40.141] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/comment-date/about.php"] [unique_id "aRPCK3oyrq7OJfcFnDj8pgAAARE"]
[Wed Nov 12 07:09:32.121883 2025] [:error] [pid 57222:tid 57248] [client 194.61.40.148:32273] [client 194.61.40.148] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/comments-pagination-numbers/about.php"] [unique_id "aRPCLGGJazH5XCcA91dK5wAAABU"]
[Wed Nov 12 07:09:32.621019 2025] [:error] [pid 57312:tid 57326] [client 194.61.40.162:33685] [client 194.61.40.162] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/comments-title/about.php"] [unique_id "aRPCLI0cuHgB17JK5qXntQAAAMk"]
[Wed Nov 12 07:09:33.192934 2025] [:error] [pid 57312:tid 57333] [client 194.61.40.132:34151] [client 194.61.40.132] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/image/about.php"] [unique_id "aRPCLY0cuHgB17JK5qXntwAAANA"]
[Wed Nov 12 07:09:33.911159 2025] [:error] [pid 57223:tid 57276] [client 194.61.40.166:51361] [client 194.61.40.166] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/latest-posts/about.php"] [unique_id "aRPCLRUU8_2aS__aG8ZlSQAAAFM"]
[Wed Nov 12 07:09:34.405464 2025] [:error] [pid 57312:tid 57329] [client 194.61.40.157:54925] [client 194.61.40.157] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/more/about.php"] [unique_id "aRPCLo0cuHgB17JK5qXnuQAAAMw"]
[Wed Nov 12 07:09:34.619051 2025] [:error] [pid 57224:tid 57285] [client 194.61.40.135:65251] [client 194.61.40.135] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/page-list-item/about.php"] [unique_id "aRPCLhs7oZ7imwCSdAklvAAAAIE"]
[Wed Nov 12 07:09:35.409137 2025] [:error] [pid 57222:tid 57244] [client 194.61.40.148:56593] [client 194.61.40.148] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/site-title/about.php"] [unique_id "aRPCL2GJazH5XCcA91dK7AAAABE"]
[Wed Nov 12 07:09:36.803497 2025] [:error] [pid 57222:tid 57241] [client 194.61.40.132:21669] [client 194.61.40.132] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/components/index.php"] [unique_id "aRPCMGGJazH5XCcA91dK7wAAAA4"]
[Wed Nov 12 07:09:37.503125 2025] [:error] [pid 57222:tid 57239] [client 194.61.40.151:46915] [client 194.61.40.151] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/about.php"] [unique_id "aRPCMWGJazH5XCcA91dK8QAAAAw"]
[Wed Nov 12 07:09:37.815255 2025] [:error] [pid 57223:tid 57274] [client 194.61.40.137:41925] [client 194.61.40.137] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/plugins/wptextpattern/about.php"] [unique_id "aRPCMRUU8_2aS__aG8ZlTQAAAFE"]
[Wed Nov 12 07:09:38.107006 2025] [:error] [pid 57223:tid 57271] [client 194.61.40.151:33391] [client 194.61.40.151] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/wp-login.php"] [unique_id "aRPCMhUU8_2aS__aG8ZlTgAAAE4"]
[Wed Nov 12 07:09:38.507363 2025] [:error] [pid 57222:tid 57235] [client 194.61.40.162:54527] [client 194.61.40.162] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rest-api/av.php"] [unique_id "aRPCMmGJazH5XCcA91dK8wAAAAg"]
[Wed Nov 12 07:09:39.318967 2025] [:error] [pid 32959:tid 32986] [client 194.61.40.130:57873] [client 194.61.40.130] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/namespaced/Core/about.php"] [unique_id "aRPCM3oyrq7OJfcFnDj8wgAAARc"]
[Wed Nov 12 07:09:40.200122 2025] [:error] [pid 57222:tid 57240] [client 194.61.40.116:62063] [client 194.61.40.116] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/new.php"] [unique_id "aRPCNGGJazH5XCcA91dK9QAAAA0"]
[Wed Nov 12 07:09:40.895412 2025] [:error] [pid 32959:tid 32968] [client 194.61.40.148:33111] [client 194.61.40.148] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/block-directory/index.php"] [unique_id "aRPCNHoyrq7OJfcFnDj8ywAAAQU"]
[Wed Nov 12 07:09:41.416692 2025] [:error] [pid 57222:tid 57230] [client 194.61.40.126:25563] [client 194.61.40.126] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/back.php"] [unique_id "aRPCNWGJazH5XCcA91dK9gAAAAM"]
[Wed Nov 12 07:09:42.110532 2025] [:error] [pid 57223:tid 57260] [client 194.61.40.128:53701] [client 194.61.40.128] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/aves.php"] [unique_id "aRPCNhUU8_2aS__aG8ZlUgAAAEM"]
[Wed Nov 12 07:09:42.817459 2025] [:error] [pid 57312:tid 57317] [client 194.61.40.114:62313] [client 194.61.40.114] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/index.php"] [unique_id "aRPCNo0cuHgB17JK5qXnxwAAAMA"]
[Wed Nov 12 07:09:43.421937 2025] [:error] [pid 32959:tid 32987] [client 194.61.40.109:22281] [client 194.61.40.109] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/admin.php"] [unique_id "aRPCN3oyrq7OJfcFnDj8zwAAARg"]
[Wed Nov 12 07:09:44.118288 2025] [:error] [pid 32959:tid 32986] [client 194.61.40.150:46593] [client 194.61.40.150] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aRPCOHoyrq7OJfcFnDj80wAAARc"]
[Wed Nov 12 07:09:44.810567 2025] [:error] [pid 57223:tid 57257] [client 194.61.40.166:21257] [client 194.61.40.166] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/m.php"] [unique_id "aRPCOBUU8_2aS__aG8ZlVQAAAEA"]
[Wed Nov 12 07:09:45.318966 2025] [:error] [pid 57222:tid 57243] [client 194.61.40.114:40037] [client 194.61.40.114] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/admin.php"] [unique_id "aRPCOWGJazH5XCcA91dK-AAAABA"]
[Wed Nov 12 07:09:45.711913 2025] [:error] [pid 57224:tid 57299] [client 194.61.40.163:52277] [client 194.61.40.163] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/css/index.php"] [unique_id "aRPCORs7oZ7imwCSdAklzAAAAI8"]
[Wed Nov 12 07:09:46.215535 2025] [:error] [pid 57224:tid 57300] [client 194.61.40.165:21797] [client 194.61.40.165] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/file.php"] [unique_id "aRPCOhs7oZ7imwCSdAklzQAAAJA"]
[Wed Nov 12 07:09:46.704472 2025] [:error] [pid 57223:tid 57275] [client 194.61.40.114:55445] [client 194.61.40.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/index.php"] [unique_id "aRPCOhUU8_2aS__aG8ZlVwAAAFI"]
[Wed Nov 12 07:09:47.118706 2025] [:error] [pid 57224:tid 57291] [client 194.61.40.132:41813] [client 194.61.40.132] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp.php"] [unique_id "aRPCOxs7oZ7imwCSdAkl0QAAAIc"]
[Wed Nov 12 07:09:47.616751 2025] [:error] [pid 32959:tid 32963] [client 194.61.40.112:51615] [client 194.61.40.112] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/bless.php"] [unique_id "aRPCO3oyrq7OJfcFnDj83gAAAQA"]
[Wed Nov 12 07:09:48.398690 2025] [:error] [pid 57312:tid 57335] [client 194.61.40.115:45639] [client 194.61.40.115] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/ioxi-o.php"] [unique_id "aRPCPI0cuHgB17JK5qXn0gAAANI"]
[Wed Nov 12 07:09:50.818047 2025] [:error] [pid 32959:tid 32963] [client 194.61.40.110:63523] [client 194.61.40.110] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/load.php"] [unique_id "aRPCPnoyrq7OJfcFnDj85QAAAQA"]
[Wed Nov 12 07:09:51.811468 2025] [:error] [pid 57224:tid 57295] [client 194.61.40.137:25315] [client 194.61.40.137] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/index.php"] [unique_id "aRPCPxs7oZ7imwCSdAkl2QAAAIs"]
[Wed Nov 12 07:09:52.512051 2025] [:error] [pid 57223:tid 57276] [client 194.61.40.128:20991] [client 194.61.40.128] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/simple.php"] [unique_id "aRPCQBUU8_2aS__aG8ZlXAAAAFM"]
[Wed Nov 12 07:09:53.015974 2025] [:error] [pid 57222:tid 57231] [client 194.61.40.149:23621] [client 194.61.40.149] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/about.php"] [unique_id "aRPCQWGJazH5XCcA91dK_QAAAAQ"]
[Wed Nov 12 07:09:53.407594 2025] [:error] [pid 57224:tid 57286] [client 194.61.40.165:33505] [client 194.61.40.165] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/"] [unique_id "aRPCQRs7oZ7imwCSdAkl3QAAAII"]
[Wed Nov 12 07:09:54.499933 2025] [:error] [pid 57222:tid 57238] [client 194.61.40.159:53203] [client 194.61.40.159] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/uploads/2024/index.php"] [unique_id "aRPCQmGJazH5XCcA91dK_gAAAAs"]
[Wed Nov 12 07:09:55.306262 2025] [:error] [pid 57224:tid 57303] [client 194.61.40.110:21587] [client 194.61.40.110] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/files.php"] [unique_id "aRPCQxs7oZ7imwCSdAkl4AAAAJM"]
[Wed Nov 12 07:09:56.097021 2025] [:error] [pid 32959:tid 32979] [client 194.61.40.148:34381] [client 194.61.40.148] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/classwithtostring.php"] [unique_id "aRPCRHoyrq7OJfcFnDj88QAAARA"]
[Wed Nov 12 07:09:56.899888 2025] [:error] [pid 57312:tid 57317] [client 194.61.40.166:54147] [client 194.61.40.166] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/includes/index.php"] [unique_id "aRPCRI0cuHgB17JK5qXn5AAAAMA"]
[Wed Nov 12 07:09:57.910643 2025] [:error] [pid 57312:tid 57324] [client 194.61.40.120:53557] [client 194.61.40.120] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/moon.php"] [unique_id "aRPCRY0cuHgB17JK5qXn5gAAAMc"]
[Wed Nov 12 07:09:58.707584 2025] [:error] [pid 57223:tid 57275] [client 194.61.40.144:36017] [client 194.61.40.144] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/admin/index.php"] [unique_id "aRPCRhUU8_2aS__aG8ZlZQAAAFI"]
[Wed Nov 12 07:09:59.602384 2025] [:error] [pid 57312:tid 57331] [client 194.61.40.163:27029] [client 194.61.40.163] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/about.php"] [unique_id "aRPCR40cuHgB17JK5qXn7QAAAM4"]
[Wed Nov 12 07:10:01.009752 2025] [:error] [pid 32959:tid 32971] [client 194.61.40.154:58881] [client 194.61.40.154] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/images/admin.php"] [unique_id "aRPCSXoyrq7OJfcFnDj89wAAAQg"]
[Wed Nov 12 07:10:01.714543 2025] [:error] [pid 57312:tid 57333] [client 194.61.40.154:39427] [client 194.61.40.154] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/inputs.php"] [unique_id "aRPCSY0cuHgB17JK5qXn9gAAANA"]
[Wed Nov 12 07:10:03.413846 2025] [:error] [pid 57224:tid 57308] [client 194.61.40.165:58593] [client 194.61.40.165] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/index.php"] [unique_id "aRPCSxs7oZ7imwCSdAkl7gAAAJg"]
[Wed Nov 12 07:10:04.117479 2025] [:error] [pid 32959:tid 32984] [client 194.61.40.135:31091] [client 194.61.40.135] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/admin-header.php"] [unique_id "aRPCTHoyrq7OJfcFnDj8_wAAARU"]
[Wed Nov 12 07:10:06.109877 2025] [:error] [pid 57224:tid 57302] [client 194.61.40.151:58749] [client 194.61.40.151] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/core-plugin/include.php"] [unique_id "aRPCThs7oZ7imwCSdAkl9AAAAJI"]
[Wed Nov 12 07:10:07.625840 2025] [:error] [pid 57223:tid 57265] [client 194.61.40.118:30921] [client 194.61.40.118] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/autoload_classmap/function.php"] [unique_id "aRPCTxUU8_2aS__aG8ZlbQAAAEg"]
[Wed Nov 12 07:10:07.812849 2025] [:error] [pid 32959:tid 32977] [client 194.61.40.111:57595] [client 194.61.40.111] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/uploads/"] [unique_id "aRPCT3oyrq7OJfcFnDj9CAAAAQ4"]
[Wed Nov 12 07:10:08.713038 2025] [:error] [pid 32959:tid 32967] [client 194.61.40.161:41923] [client 194.61.40.161] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/404.php"] [unique_id "aRPCUHoyrq7OJfcFnDj9CgAAAQQ"]
[Wed Nov 12 07:10:09.592239 2025] [:error] [pid 57223:tid 57267] [client 194.61.40.134:46937] [client 194.61.40.134] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/index.php"] [unique_id "aRPCURUU8_2aS__aG8ZlcAAAAEo"]
[Wed Nov 12 07:10:10.701883 2025] [:error] [pid 32959:tid 32973] [client 194.61.40.118:29737] [client 194.61.40.118] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/class.api.php"] [unique_id "aRPCUnoyrq7OJfcFnDj9DwAAAQo"]
[Wed Nov 12 07:10:12.120675 2025] [:error] [pid 32959:tid 32986] [client 194.61.40.137:63777] [client 194.61.40.137] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/languages/index.php"] [unique_id "aRPCVHoyrq7OJfcFnDj9EgAAARc"]
[Wed Nov 12 07:10:13.115905 2025] [:error] [pid 32959:tid 32983] [client 194.61.40.139:27327] [client 194.61.40.139] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/revslider/includes/external/page/index.php"] [unique_id "aRPCVXoyrq7OJfcFnDj9FwAAARQ"]
[Wed Nov 12 07:10:13.919832 2025] [:error] [pid 57312:tid 57341] [client 194.61.40.147:22733] [client 194.61.40.147] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-config-sample.php"] [unique_id "aRPCVY0cuHgB17JK5qXoCAAAANg"]
[Wed Nov 12 07:10:14.819052 2025] [:error] [pid 57222:tid 57245] [client 194.61.40.134:29865] [client 194.61.40.134] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/js/index.php"] [unique_id "aRPCVmGJazH5XCcA91dLFQAAABI"]
[Wed Nov 12 07:10:15.717116 2025] [:error] [pid 32959:tid 32986] [client 194.61.40.148:62575] [client 194.61.40.148] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/index.php"] [unique_id "aRPCV3oyrq7OJfcFnDj9HAAAARc"]
[Wed Nov 12 07:10:15.917095 2025] [:error] [pid 57223:tid 57275] [client 194.61.40.144:27813] [client 194.61.40.144] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/includes/nav.php"] [unique_id "aRPCVxUU8_2aS__aG8ZldwAAAFI"]
[Wed Nov 12 07:10:16.592940 2025] [:error] [pid 57223:tid 57259] [client 194.61.40.123:20459] [client 194.61.40.123] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/sketch/404.php"] [unique_id "aRPCWBUU8_2aS__aG8ZleQAAAEI"]
[Wed Nov 12 07:10:17.403706 2025] [:error] [pid 57312:tid 57339] [client 194.61.40.117:20199] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/files/"] [unique_id "aRPCWY0cuHgB17JK5qXoEQAAANY"]
[Wed Nov 12 07:10:18.319571 2025] [:error] [pid 57223:tid 57277] [client 194.61.40.114:63709] [client 194.61.40.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/index.php"] [unique_id "aRPCWhUU8_2aS__aG8ZlewAAAFQ"]
[Wed Nov 12 07:10:19.906018 2025] [:error] [pid 57224:tid 57292] [client 194.61.40.165:63397] [client 194.61.40.165] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/404.php"] [unique_id "aRPCWxs7oZ7imwCSdAkmBwAAAIg"]
[Wed Nov 12 07:10:21.914408 2025] [:error] [pid 32959:tid 32964] [client 194.61.40.121:60779] [client 194.61.40.121] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/"] [unique_id "aRPCXXoyrq7OJfcFnDj9JAAAAQE"]
[Wed Nov 12 07:10:23.014502 2025] [:error] [pid 57312:tid 57322] [client 194.61.40.132:31945] [client 194.61.40.132] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/bltm/wp-login.php"] [unique_id "aRPCX40cuHgB17JK5qXoHQAAAMU"]
[Wed Nov 12 07:10:23.909881 2025] [:error] [pid 57223:tid 57260] [client 194.61.40.112:20867] [client 194.61.40.112] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/k.php"] [unique_id "aRPCXxUU8_2aS__aG8ZlggAAAEM"]
[Wed Nov 12 07:10:24.898696 2025] [:error] [pid 32959:tid 32981] [client 194.61.40.154:22005] [client 194.61.40.154] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/hello.php"] [unique_id "aRPCYHoyrq7OJfcFnDj9LAAAARI"]
[Wed Nov 12 07:10:25.519238 2025] [:error] [pid 32959:tid 32986] [client 194.61.40.112:24357] [client 194.61.40.112] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/block-bindings/"] [unique_id "aRPCYXoyrq7OJfcFnDj9MQAAARc"]
[Wed Nov 12 07:10:26.000244 2025] [:error] [pid 32959:tid 32982] [client 194.61.40.153:33509] [client 194.61.40.153] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/maint/index.php"] [unique_id "aRPCYXoyrq7OJfcFnDj9NAAAARM"]
[Wed Nov 12 07:10:27.603886 2025] [:error] [pid 57312:tid 57326] [client 194.61.40.149:47931] [client 194.61.40.149] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/js/privacy-tools.min.php"] [unique_id "aRPCY40cuHgB17JK5qXoIgAAAMk"]
[Wed Nov 12 07:10:28.429406 2025] [:error] [pid 57224:tid 57293] [client 194.61.40.112:32027] [client 194.61.40.112] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/jcrop/Jcrop.php"] [unique_id "aRPCZBs7oZ7imwCSdAkmEgAAAIk"]
[Wed Nov 12 07:10:30.134614 2025] [:error] [pid 32959:tid 32971] [client 194.61.40.113:58243] [client 194.61.40.113] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-links.php"] [unique_id "aRPCZnoyrq7OJfcFnDj9OwAAAQg"]
[Wed Nov 12 07:10:30.839056 2025] [:error] [pid 57223:tid 57272] [client 194.61.40.153:61105] [client 194.61.40.153] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/chosen.php"] [unique_id "aRPCZhUU8_2aS__aG8ZliwAAAE8"]
[Wed Nov 12 07:10:31.110231 2025] [:error] [pid 57312:tid 57319] [client 194.61.40.134:30479] [client 194.61.40.134] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/images/index.php"] [unique_id "aRPCZ40cuHgB17JK5qXoKwAAAMI"]
[Wed Nov 12 07:10:31.395324 2025] [:error] [pid 57224:tid 57307] [client 194.61.40.109:28183] [client 194.61.40.109] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-file.php"] [unique_id "aRPCZxs7oZ7imwCSdAkmFQAAAJc"]
[Wed Nov 12 07:10:32.026058 2025] [:error] [pid 57312:tid 57339] [client 194.61.40.139:36283] [client 194.61.40.139] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/shell.php"] [unique_id "aRPCaI0cuHgB17JK5qXoLQAAANY"]
[Wed Nov 12 07:10:32.222971 2025] [:error] [pid 32959:tid 32977] [client 194.61.40.146:56005] [client 194.61.40.146] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/ws.php"] [unique_id "aRPCaHoyrq7OJfcFnDj9PwAAAQ4"]
[Wed Nov 12 07:10:32.426507 2025] [:error] [pid 32959:tid 32985] [client 194.61.40.128:46101] [client 194.61.40.128] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/ty.php"] [unique_id "aRPCaHoyrq7OJfcFnDj9QgAAARY"]
[Wed Nov 12 07:10:33.209243 2025] [:error] [pid 57223:tid 57268] [client 194.61.40.151:28943] [client 194.61.40.151] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/readme.php"] [unique_id "aRPCaRUU8_2aS__aG8ZljQAAAEs"]
[Wed Nov 12 07:10:34.312478 2025] [:error] [pid 32959:tid 32967] [client 194.61.40.125:58373] [client 194.61.40.125] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/maint/about.php"] [unique_id "aRPCanoyrq7OJfcFnDj9RwAAAQQ"]
[Wed Nov 12 07:10:35.109506 2025] [:error] [pid 32959:tid 32978] [client 194.61.40.161:29575] [client 194.61.40.161] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/edit.php"] [unique_id "aRPCa3oyrq7OJfcFnDj9SQAAAQ8"]
[Wed Nov 12 07:10:36.309920 2025] [:error] [pid 57312:tid 57320] [client 194.61.40.133:49399] [client 194.61.40.133] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/license.php"] [unique_id "aRPCbI0cuHgB17JK5qXoMQAAAMM"]
[Wed Nov 12 07:10:37.006001 2025] [:error] [pid 57223:tid 57258] [client 194.61.40.147:62387] [client 194.61.40.147] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/includes/admin-ajax.php"] [unique_id "aRPCbRUU8_2aS__aG8ZlkwAAAEE"]
[Wed Nov 12 07:10:38.012058 2025] [:error] [pid 32959:tid 32982] [client 194.61.40.157:61951] [client 194.61.40.157] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/WordPressCore/include.php"] [unique_id "aRPCbnoyrq7OJfcFnDj9XQAAARM"]
[Wed Nov 12 07:10:39.218725 2025] [:error] [pid 57224:tid 57308] [client 194.61.40.131:56063] [client 194.61.40.131] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content.php"] [unique_id "aRPCbxs7oZ7imwCSdAkmIwAAAJg"]
[Wed Nov 12 07:10:41.000322 2025] [:error] [pid 57224:tid 57292] [client 194.61.40.158:58457] [client 194.61.40.158] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-configs.php"] [unique_id "aRPCcBs7oZ7imwCSdAkmKAAAAIg"]
[Wed Nov 12 07:10:41.712518 2025] [:error] [pid 57312:tid 57317] [client 194.61.40.111:37573] [client 194.61.40.111] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/index.php"] [unique_id "aRPCcY0cuHgB17JK5qXoMgAAAMA"]
[Wed Nov 12 07:10:42.415202 2025] [:error] [pid 57312:tid 57338] [client 194.61.40.150:45393] [client 194.61.40.150] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/components/index.php"] [unique_id "aRPCco0cuHgB17JK5qXoNgAAANU"]
[Wed Nov 12 07:10:43.294159 2025] [:error] [pid 57223:tid 57266] [client 194.61.40.125:37747] [client 194.61.40.125] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/1.php"] [unique_id "aRPCcxUU8_2aS__aG8ZlmwAAAEk"]
[Wed Nov 12 07:10:44.100357 2025] [:error] [pid 57222:tid 57239] [client 194.61.40.156:37187] [client 194.61.40.156] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/system.php"] [unique_id "aRPCdGGJazH5XCcA91dLNgAAAAw"]
[Wed Nov 12 07:10:44.795911 2025] [:error] [pid 57224:tid 57291] [client 194.61.40.157:45441] [client 194.61.40.157] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/radio.php"] [unique_id "aRPCdBs7oZ7imwCSdAkmMgAAAIc"]
[Wed Nov 12 07:10:45.519086 2025] [:error] [pid 57312:tid 57335] [client 194.61.40.153:33885] [client 194.61.40.153] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/zasf"] [unique_id "aRPCdY0cuHgB17JK5qXoOQAAANI"]
[Wed Nov 12 07:10:46.415795 2025] [:error] [pid 57222:tid 57250] [client 194.61.40.128:46477] [client 194.61.40.128] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/av.php"] [unique_id "aRPCdmGJazH5XCcA91dLNwAAABc"]
[Wed Nov 12 07:10:47.109926 2025] [:error] [pid 57312:tid 57332] [client 194.61.40.144:37243] [client 194.61.40.144] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-json-ajax-session.php"] [unique_id "aRPCd40cuHgB17JK5qXoPAAAAM8"]
[Wed Nov 12 07:10:47.907628 2025] [:error] [pid 57312:tid 57328] [client 194.61.40.166:32223] [client 194.61.40.166] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRPCd40cuHgB17JK5qXoQAAAAMs"]
[Wed Nov 12 07:10:48.815708 2025] [:error] [pid 57222:tid 57249] [client 194.61.40.147:40713] [client 194.61.40.147] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/index.php"] [unique_id "aRPCeGGJazH5XCcA91dLOQAAABY"]
[Wed Nov 12 07:10:52.508809 2025] [:error] [pid 32959:tid 32972] [client 194.61.40.135:49595] [client 194.61.40.135] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-conflg.php"] [unique_id "aRPCfHoyrq7OJfcFnDj9iAAAAQk"]
[Wed Nov 12 07:10:53.915379 2025] [:error] [pid 57312:tid 57332] [client 194.61.40.141:64733] [client 194.61.40.141] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/wp-login.php"] [unique_id "aRPCfY0cuHgB17JK5qXoQwAAAM8"]
[Wed Nov 12 07:10:54.709918 2025] [:error] [pid 57224:tid 57295] [client 194.61.40.157:56123] [client 194.61.40.157] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/"] [unique_id "aRPCfhs7oZ7imwCSdAkmPwAAAIs"]
[Wed Nov 12 07:10:55.395273 2025] [:error] [pid 57222:tid 57229] [client 194.61.40.149:63749] [client 194.61.40.149] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/pomo/index.php"] [unique_id "aRPCf2GJazH5XCcA91dLPgAAAAI"]
[Wed Nov 12 07:10:56.097519 2025] [:error] [pid 57312:tid 57329] [client 194.61.40.157:22581] [client 194.61.40.157] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/archives/"] [unique_id "aRPCgI0cuHgB17JK5qXoSQAAAMw"]
[Wed Nov 12 07:10:57.594677 2025] [:error] [pid 57223:tid 57261] [client 194.61.40.136:53269] [client 194.61.40.136] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/"] [unique_id "aRPCgRUU8_2aS__aG8ZlqAAAAEQ"]
[Wed Nov 12 07:10:58.594626 2025] [:error] [pid 57312:tid 57341] [client 194.61.40.117:23557] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/fonts/index.php"] [unique_id "aRPCgo0cuHgB17JK5qXoTwAAANg"]
[Wed Nov 12 07:10:59.417114 2025] [:error] [pid 57312:tid 57322] [client 194.61.40.164:27089] [client 194.61.40.164] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/js/widgets/index.php"] [unique_id "aRPCg40cuHgB17JK5qXoUgAAAMU"]
[Wed Nov 12 07:10:59.613563 2025] [:error] [pid 57224:tid 57306] [client 194.61.40.146:29629] [client 194.61.40.146] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/index.php"] [unique_id "aRPCgxs7oZ7imwCSdAkmQwAAAJY"]
[Wed Nov 12 07:11:00.308706 2025] [:error] [pid 32959:tid 32980] [client 194.61.40.118:29279] [client 194.61.40.118] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/options.php"] [unique_id "aRPChHoyrq7OJfcFnDj9lgAAARE"]
[Wed Nov 12 07:11:00.921090 2025] [:error] [pid 57223:tid 57269] [client 194.61.40.126:51719] [client 194.61.40.126] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/uploads/about.php"] [unique_id "aRPChBUU8_2aS__aG8ZlqQAAAEw"]
[Wed Nov 12 07:11:01.122761 2025] [:error] [pid 32959:tid 32974] [client 194.61.40.109:62549] [client 194.61.40.109] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/bypass.php"] [unique_id "aRPChXoyrq7OJfcFnDj9mAAAAQs"]
[Wed Nov 12 07:11:01.905236 2025] [:error] [pid 57312:tid 57339] [client 194.61.40.150:23071] [client 194.61.40.150] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/shell/index.php"] [unique_id "aRPChY0cuHgB17JK5qXoVwAAANY"]
[Wed Nov 12 07:11:02.620769 2025] [:error] [pid 32959:tid 32985] [client 194.61.40.114:52287] [client 194.61.40.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/wp-login.php"] [unique_id "aRPChnoyrq7OJfcFnDj9nQAAARY"]
[Wed Nov 12 07:11:03.320398 2025] [:error] [pid 57224:tid 57285] [client 194.61.40.131:65161] [client 194.61.40.131] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/admin-wolf.php"] [unique_id "aRPChxs7oZ7imwCSdAkmSgAAAIE"]
[Wed Nov 12 07:11:04.503840 2025] [:error] [pid 57223:tid 57272] [client 194.61.40.117:20997] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-signup.php"] [unique_id "aRPCiBUU8_2aS__aG8ZlqwAAAE8"]
[Wed Nov 12 07:11:05.118187 2025] [:error] [pid 32959:tid 32983] [client 194.61.40.131:49425] [client 194.61.40.131] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/index.php"] [unique_id "aRPCiXoyrq7OJfcFnDj9oAAAARQ"]
[Wed Nov 12 07:11:06.295255 2025] [:error] [pid 32959:tid 32964] [client 194.61.40.117:44917] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/index.php"] [unique_id "aRPCinoyrq7OJfcFnDj9owAAAQE"]
[Wed Nov 12 07:11:07.500785 2025] [:error] [pid 32959:tid 32985] [client 194.61.40.161:26163] [client 194.61.40.161] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/colors/blue/"] [unique_id "aRPCi3oyrq7OJfcFnDj9pgAAARY"]
[Wed Nov 12 07:11:09.219733 2025] [:error] [pid 57312:tid 57326] [client 194.61.40.156:25381] [client 194.61.40.156] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aRPCjY0cuHgB17JK5qXoYQAAAMk"]
[Wed Nov 12 07:11:10.295166 2025] [:error] [pid 57222:tid 57245] [client 194.61.40.164:28683] [client 194.61.40.164] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-trackback.php"] [unique_id "aRPCjmGJazH5XCcA91dLRgAAABI"]
[Wed Nov 12 07:11:11.297832 2025] [:error] [pid 32959:tid 32972] [client 194.61.40.109:47755] [client 194.61.40.109] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rest-api/index.php"] [unique_id "aRPCj3oyrq7OJfcFnDj9qgAAAQk"]
[Wed Nov 12 07:11:12.220472 2025] [:error] [pid 57312:tid 57329] [client 194.61.40.117:64575] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/themes/inlite/"] [unique_id "aRPCkI0cuHgB17JK5qXoagAAAMw"]
[Wed Nov 12 07:11:13.206682 2025] [:error] [pid 57224:tid 57304] [client 194.61.40.152:55683] [client 194.61.40.152] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/gecko-litespeed.php"] [unique_id "aRPCkRs7oZ7imwCSdAkmVwAAAJQ"]
[Wed Nov 12 07:11:14.394663 2025] [:error] [pid 57224:tid 57298] [client 194.61.40.120:37775] [client 194.61.40.120] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/"] [unique_id "aRPCkhs7oZ7imwCSdAkmWwAAAI4"]
[Wed Nov 12 07:11:16.018006 2025] [:error] [pid 32959:tid 32974] [client 194.61.40.146:50937] [client 194.61.40.146] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/packed.php"] [unique_id "aRPClHoyrq7OJfcFnDj9swAAAQs"]
[Wed Nov 12 07:11:17.115700 2025] [:error] [pid 57224:tid 57295] [client 194.61.40.113:42427] [client 194.61.40.113] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/admin.php"] [unique_id "aRPClRs7oZ7imwCSdAkmXQAAAIs"]
[Wed Nov 12 07:11:19.101912 2025] [:error] [pid 32959:tid 32969] [client 194.61.40.132:41815] [client 194.61.40.132] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/"] [unique_id "aRPCl3oyrq7OJfcFnDj9uwAAAQY"]
[Wed Nov 12 07:11:20.797980 2025] [:error] [pid 57223:tid 57273] [client 194.61.40.149:57193] [client 194.61.40.149] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/ini.php"] [unique_id "aRPCmBUU8_2aS__aG8ZltgAAAFA"]
[Wed Nov 12 07:11:22.318112 2025] [:error] [pid 32959:tid 32986] [client 194.61.40.164:30911] [client 194.61.40.164] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/worksec.php"] [unique_id "aRPCmnoyrq7OJfcFnDj9xgAAARc"]
[Wed Nov 12 07:11:23.613478 2025] [:error] [pid 57224:tid 57288] [client 194.61.40.118:22669] [client 194.61.40.118] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/index/function.php"] [unique_id "aRPCmxs7oZ7imwCSdAkmYwAAAIQ"]
[Wed Nov 12 07:11:25.814611 2025] [:error] [pid 32959:tid 32969] [client 194.61.40.111:41721] [client 194.61.40.111] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/block-supports/index.php"] [unique_id "aRPCnXoyrq7OJfcFnDj9zgAAAQY"]
[Wed Nov 12 07:11:27.018830 2025] [:error] [pid 57222:tid 57238] [client 194.61.40.116:46999] [client 194.61.40.116] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-signin.php"] [unique_id "aRPCn2GJazH5XCcA91dLUwAAAAs"]
[Wed Nov 12 07:11:27.817575 2025] [:error] [pid 57224:tid 57300] [client 194.61.40.141:22867] [client 194.61.40.141] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/user/about.php"] [unique_id "aRPCnxs7oZ7imwCSdAkmaAAAAJA"]
[Wed Nov 12 07:11:28.718626 2025] [:error] [pid 57222:tid 57242] [client 194.61.40.140:40099] [client 194.61.40.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/login.php"] [unique_id "aRPCoGGJazH5XCcA91dLVgAAAA8"]
[Wed Nov 12 07:11:29.912028 2025] [:error] [pid 57223:tid 57276] [client 194.61.40.154:24223] [client 194.61.40.154] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aRPCoRUU8_2aS__aG8ZlwwAAAFM"]
[Wed Nov 12 07:11:30.870951 2025] [:error] [pid 57312:tid 57324] [client 194.61.40.161:65009] [client 194.61.40.161] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/mah.php"] [unique_id "aRPCoo0cuHgB17JK5qXohwAAAMc"]
[Wed Nov 12 07:11:31.809732 2025] [:error] [pid 57312:tid 57340] [client 194.61.40.165:43205] [client 194.61.40.165] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/colors/index.php"] [unique_id "aRPCo40cuHgB17JK5qXoiQAAANc"]
[Wed Nov 12 07:11:32.718669 2025] [:error] [pid 57312:tid 57317] [client 194.61.40.158:24435] [client 194.61.40.158] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/as.php"] [unique_id "aRPCpI0cuHgB17JK5qXojAAAAMA"]
[Wed Nov 12 07:11:32.993194 2025] [:error] [pid 57224:tid 57293] [client 194.61.40.118:53865] [client 194.61.40.118] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/pwnd/block-support.php"] [unique_id "aRPCpBs7oZ7imwCSdAkmcQAAAIk"]
[Wed Nov 12 07:11:34.020507 2025] [:error] [pid 57224:tid 57289] [client 194.61.40.124:44759] [client 194.61.40.124] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rest-api/fields/index.php"] [unique_id "aRPCphs7oZ7imwCSdAkmdAAAAIU"]
[Wed Nov 12 07:11:34.804569 2025] [:error] [pid 32959:tid 32981] [client 194.61.40.135:35145] [client 194.61.40.135] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/adminfuns.php"] [unique_id "aRPCpnoyrq7OJfcFnDj94AAAARI"]
[Wed Nov 12 07:11:35.515881 2025] [:error] [pid 57222:tid 57251] [client 194.61.40.125:60307] [client 194.61.40.125] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/admin.php"] [unique_id "aRPCp2GJazH5XCcA91dLWwAAABg"]
[Wed Nov 12 07:11:36.211703 2025] [:error] [pid 32959:tid 32970] [client 194.61.40.122:52111] [client 194.61.40.122] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/"] [unique_id "aRPCqHoyrq7OJfcFnDj94gAAAQc"]
[Wed Nov 12 07:11:36.910788 2025] [:error] [pid 57312:tid 57336] [client 194.61.40.121:41993] [client 194.61.40.121] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/mini.php"] [unique_id "aRPCqI0cuHgB17JK5qXolAAAANM"]
[Wed Nov 12 07:11:38.124531 2025] [:error] [pid 57222:tid 57247] [client 194.61.40.115:62605] [client 194.61.40.115] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/new.php"] [unique_id "aRPCqmGJazH5XCcA91dLXQAAABQ"]
[Wed Nov 12 07:11:38.817684 2025] [:error] [pid 32959:tid 32967] [client 194.61.40.155:60585] [client 194.61.40.155] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/buy.php"] [unique_id "aRPCqnoyrq7OJfcFnDj95QAAAQQ"]
[Wed Nov 12 07:11:39.608850 2025] [:error] [pid 32959:tid 32964] [client 194.61.40.121:37717] [client 194.61.40.121] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/f.php"] [unique_id "aRPCq3oyrq7OJfcFnDj95gAAAQE"]
[Wed Nov 12 07:11:40.501480 2025] [:error] [pid 57224:tid 57307] [client 194.61.40.158:30183] [client 194.61.40.158] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-header.php"] [unique_id "aRPCrBs7oZ7imwCSdAkmfgAAAJc"]
[Wed Nov 12 07:11:41.523237 2025] [:error] [pid 57224:tid 57293] [client 194.61.40.139:59879] [client 194.61.40.139] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/bolt.php"] [unique_id "aRPCrRs7oZ7imwCSdAkmggAAAIk"]
[Wed Nov 12 07:11:41.720025 2025] [:error] [pid 57312:tid 57332] [client 194.61.40.159:22671] [client 194.61.40.159] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/twentytwentyfour/"] [unique_id "aRPCrY0cuHgB17JK5qXooQAAAM8"]
[Wed Nov 12 07:11:44.210204 2025] [:error] [pid 57224:tid 57289] [client 194.61.40.140:38303] [client 194.61.40.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/buy.php"] [unique_id "aRPCsBs7oZ7imwCSdAkmhwAAAIU"]
[Wed Nov 12 07:11:45.818813 2025] [:error] [pid 57222:tid 57243] [client 194.61.40.150:41749] [client 194.61.40.150] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/shell3.php"] [unique_id "aRPCsWGJazH5XCcA91dLYQAAABA"]
[Wed Nov 12 07:11:46.013966 2025] [:error] [pid 32959:tid 32965] [client 194.61.40.113:58277] [client 194.61.40.113] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/admin.php"] [unique_id "aRPCsnoyrq7OJfcFnDj98QAAAQI"]
[Wed Nov 12 07:11:46.715911 2025] [:error] [pid 57222:tid 57236] [client 194.61.40.113:22813] [client 194.61.40.113] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/lock360.php"] [unique_id "aRPCsmGJazH5XCcA91dLYgAAAAk"]
[Wed Nov 12 07:11:47.513888 2025] [:error] [pid 32959:tid 32987] [client 194.61.40.162:25301] [client 194.61.40.162] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/covr-wpcom/assets/fonts/manrope.php"] [unique_id "aRPCs3oyrq7OJfcFnDj98wAAARg"]
[Wed Nov 12 07:11:47.714786 2025] [:error] [pid 57224:tid 57285] [client 194.61.40.165:64515] [client 194.61.40.165] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-conflg/function.php"] [unique_id "aRPCsxs7oZ7imwCSdAkmiwAAAIE"]
[Wed Nov 12 07:11:48.517710 2025] [:error] [pid 57224:tid 57301] [client 194.61.40.118:28311] [client 194.61.40.118] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/uploaded_script.php"] [unique_id "aRPCtBs7oZ7imwCSdAkmjAAAAJE"]
[Wed Nov 12 07:11:49.195916 2025] [:error] [pid 57222:tid 57238] [client 194.61.40.125:23099] [client 194.61.40.125] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rest-api/about.php"] [unique_id "aRPCtWGJazH5XCcA91dLZAAAAAs"]
[Wed Nov 12 07:11:50.213024 2025] [:error] [pid 32959:tid 32967] [client 194.61.40.154:20829] [client 194.61.40.154] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/about/function.php"] [unique_id "aRPCtnoyrq7OJfcFnDj9-QAAAQQ"]
[Wed Nov 12 07:11:51.231696 2025] [:error] [pid 57222:tid 57250] [client 194.61.40.150:40903] [client 194.61.40.150] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/languages/admin.php"] [unique_id "aRPCt2GJazH5XCcA91dLZQAAABc"]
[Wed Nov 12 07:11:52.325520 2025] [:error] [pid 57224:tid 57307] [client 194.61.40.158:63691] [client 194.61.40.158] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/item.php"] [unique_id "aRPCuBs7oZ7imwCSdAkmkgAAAJc"]
[Wed Nov 12 07:11:52.505638 2025] [:error] [pid 57224:tid 57297] [client 194.61.40.129:24535] [client 194.61.40.129] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/index.php"] [unique_id "aRPCuBs7oZ7imwCSdAkmkwAAAI0"]
[Wed Nov 12 07:11:54.110727 2025] [:error] [pid 32959:tid 32985] [client 194.61.40.158:43733] [client 194.61.40.158] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/news-portal/error.php"] [unique_id "aRPCunoyrq7OJfcFnDj-AgAAARY"]
[Wed Nov 12 07:11:56.313906 2025] [:error] [pid 57222:tid 57241] [client 194.61.40.158:24299] [client 194.61.40.158] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-info.php"] [unique_id "aRPCvGGJazH5XCcA91dLagAAAA4"]
[Wed Nov 12 07:11:57.518450 2025] [:error] [pid 57224:tid 57295] [client 194.61.40.130:22595] [client 194.61.40.130] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/a.php"] [unique_id "aRPCvRs7oZ7imwCSdAkmnAAAAIs"]
[Wed Nov 12 07:11:58.512284 2025] [:error] [pid 32959:tid 32980] [client 194.61.40.153:46361] [client 194.61.40.153] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/twentyfive/include.php"] [unique_id "aRPCvnoyrq7OJfcFnDj-CgAAARE"]
[Wed Nov 12 07:11:59.407233 2025] [:error] [pid 32959:tid 32965] [client 194.61.40.123:24943] [client 194.61.40.123] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/index2.php"] [unique_id "aRPCv3oyrq7OJfcFnDj-CwAAAQI"]
[Wed Nov 12 07:12:00.224933 2025] [:error] [pid 57312:tid 57323] [client 194.61.40.163:23281] [client 194.61.40.163] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/b.php"] [unique_id "aRPCwI0cuHgB17JK5qXowgAAAMY"]
[Wed Nov 12 07:12:00.420007 2025] [:error] [pid 57222:tid 57227] [client 194.61.40.146:28913] [client 194.61.40.146] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/options.php"] [unique_id "aRPCwGGJazH5XCcA91dLcgAAAAA"]
[Wed Nov 12 07:12:01.515104 2025] [:error] [pid 57312:tid 57327] [client 194.61.40.144:20539] [client 194.61.40.144] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/s.php"] [unique_id "aRPCwY0cuHgB17JK5qXoxAAAAMo"]
[Wed Nov 12 07:12:03.098247 2025] [:error] [pid 57312:tid 57317] [client 194.61.40.146:44749] [client 194.61.40.146] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/colors/sunrise/index.php"] [unique_id "aRPCw40cuHgB17JK5qXoxQAAAMA"]
[Wed Nov 12 07:12:03.817930 2025] [:error] [pid 57312:tid 57325] [client 194.61.40.128:36607] [client 194.61.40.128] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/about.php"] [unique_id "aRPCw40cuHgB17JK5qXoxgAAAMg"]
[Wed Nov 12 07:12:04.412650 2025] [:error] [pid 57223:tid 57264] [client 194.61.40.162:53703] [client 194.61.40.162] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/dist/"] [unique_id "aRPCxBUU8_2aS__aG8Zl9gAAAEc"]
[Wed Nov 12 07:12:05.811180 2025] [:error] [pid 57222:tid 57242] [client 194.61.40.122:34149] [client 194.61.40.122] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-conf.php"] [unique_id "aRPCxWGJazH5XCcA91dLeQAAAA8"]
[Wed Nov 12 07:12:06.509779 2025] [:error] [pid 57222:tid 57247] [client 194.61.40.151:33189] [client 194.61.40.151] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/x.php"] [unique_id "aRPCxmGJazH5XCcA91dLfgAAABQ"]
[Wed Nov 12 07:12:07.318241 2025] [:error] [pid 57224:tid 57294] [client 194.61.40.147:65213] [client 194.61.40.147] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/uploads/wp.php"] [unique_id "aRPCxxs7oZ7imwCSdAkmrAAAAIo"]
[Wed Nov 12 07:12:08.093699 2025] [:error] [pid 32959:tid 32987] [client 194.61.40.110:58507] [client 194.61.40.110] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/class.php"] [unique_id "aRPCyHoyrq7OJfcFnDj-HgAAARg"]
[Wed Nov 12 07:12:09.017065 2025] [:error] [pid 57222:tid 57230] [client 194.61.40.140:52573] [client 194.61.40.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-files.php"] [unique_id "aRPCyWGJazH5XCcA91dLgQAAAAM"]
[Wed Nov 12 07:12:09.895791 2025] [:error] [pid 57224:tid 57303] [client 194.61.40.131:57323] [client 194.61.40.131] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/"] [unique_id "aRPCyRs7oZ7imwCSdAkmsAAAAJM"]
[Wed Nov 12 07:12:10.716543 2025] [:error] [pid 32959:tid 32983] [client 194.61.40.166:58941] [client 194.61.40.166] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/admin.php"] [unique_id "aRPCynoyrq7OJfcFnDj-KwAAARQ"]
[Wed Nov 12 07:12:11.904683 2025] [:error] [pid 57224:tid 57298] [client 194.61.40.129:44379] [client 194.61.40.129] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/maint/wp-login.php"] [unique_id "aRPCyxs7oZ7imwCSdAkmtwAAAI4"]
[Wed Nov 12 07:12:12.701158 2025] [:error] [pid 57222:tid 57236] [client 194.61.40.162:50193] [client 194.61.40.162] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/db.php"] [unique_id "aRPCzGGJazH5XCcA91dLhwAAAAk"]
[Wed Nov 12 07:12:14.712592 2025] [:error] [pid 57223:tid 57264] [client 194.61.40.165:62689] [client 194.61.40.165] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/m.php"] [unique_id "aRPCzhUU8_2aS__aG8ZmCgAAAEc"]
[Wed Nov 12 07:12:15.803572 2025] [:error] [pid 57223:tid 57276] [client 194.61.40.114:48845] [client 194.61.40.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/chosen.php"] [unique_id "aRPCzxUU8_2aS__aG8ZmCwAAAFM"]
[Wed Nov 12 07:12:16.318134 2025] [:error] [pid 32959:tid 32975] [client 194.61.40.114:59181] [client 194.61.40.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/about.php"] [unique_id "aRPC0Hoyrq7OJfcFnDj-OAAAAQw"]
[Wed Nov 12 07:12:17.809258 2025] [:error] [pid 57224:tid 57284] [client 194.61.40.114:33319] [client 194.61.40.114] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/bk/index.php"] [unique_id "aRPC0Rs7oZ7imwCSdAkmwQAAAIA"]
[Wed Nov 12 07:12:18.414155 2025] [:error] [pid 57224:tid 57285] [client 194.61.40.164:20551] [client 194.61.40.164] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/log.php"] [unique_id "aRPC0hs7oZ7imwCSdAkmwgAAAIE"]
[Wed Nov 12 07:12:19.116543 2025] [:error] [pid 32959:tid 32967] [client 194.61.40.162:36305] [client 194.61.40.162] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/navigation/index.php"] [unique_id "aRPC03oyrq7OJfcFnDj-QwAAAQQ"]
[Wed Nov 12 07:12:19.797442 2025] [:error] [pid 57224:tid 57290] [client 194.61.40.139:58291] [client 194.61.40.139] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/"] [unique_id "aRPC0xs7oZ7imwCSdAkmxgAAAIY"]
[Wed Nov 12 07:12:20.715999 2025] [:error] [pid 57224:tid 57292] [client 194.61.40.109:32111] [client 194.61.40.109] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/"] [unique_id "aRPC1Bs7oZ7imwCSdAkmyAAAAIg"]
[Wed Nov 12 07:12:21.416626 2025] [:error] [pid 57224:tid 57296] [client 194.61.40.134:22985] [client 194.61.40.134] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/post.php"] [unique_id "aRPC1Rs7oZ7imwCSdAkmyQAAAIw"]
[Wed Nov 12 07:12:22.210997 2025] [:error] [pid 57312:tid 57329] [client 194.61.40.135:48747] [client 194.61.40.135] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/radio.php"] [unique_id "aRPC1o0cuHgB17JK5qXo3AAAAMw"]
[Wed Nov 12 07:12:22.916916 2025] [:error] [pid 57222:tid 57240] [client 194.61.40.128:64117] [client 194.61.40.128] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/contact.php"] [unique_id "aRPC1mGJazH5XCcA91dLkAAAAA0"]
[Wed Nov 12 07:12:23.718131 2025] [:error] [pid 57223:tid 57279] [client 194.61.40.135:50881] [client 194.61.40.135] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/wp-conflg.php"] [unique_id "aRPC1xUU8_2aS__aG8ZmFgAAAFY"]
[Wed Nov 12 07:12:24.609885 2025] [:error] [pid 57312:tid 57334] [client 194.61.40.132:20605] [client 194.61.40.132] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/error.php"] [unique_id "aRPC2I0cuHgB17JK5qXo4AAAANE"]
[Wed Nov 12 07:12:25.997788 2025] [:error] [pid 57312:tid 57332] [client 194.61.40.109:54413] [client 194.61.40.109] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/lib/"] [unique_id "aRPC2Y0cuHgB17JK5qXo5QAAAM8"]
[Wed Nov 12 07:12:27.197237 2025] [:error] [pid 57224:tid 57301] [client 194.61.40.137:50561] [client 194.61.40.137] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rest-api/endpoints/"] [unique_id "aRPC2xs7oZ7imwCSdAkm0wAAAJE"]
[Wed Nov 12 07:12:28.215867 2025] [:error] [pid 57224:tid 57296] [client 194.61.40.121:50207] [client 194.61.40.121] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/"] [unique_id "aRPC3Bs7oZ7imwCSdAkm1wAAAIw"]
[Wed Nov 12 07:12:29.295969 2025] [:error] [pid 32959:tid 32967] [client 194.61.40.155:28475] [client 194.61.40.155] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/leafmailer.php"] [unique_id "aRPC3Xoyrq7OJfcFnDj-UgAAAQQ"]
[Wed Nov 12 07:12:30.401562 2025] [:error] [pid 57223:tid 57274] [client 194.61.40.120:65075] [client 194.61.40.120] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/byp.php"] [unique_id "aRPC3hUU8_2aS__aG8ZmHQAAAFE"]
[Wed Nov 12 07:12:31.415671 2025] [:error] [pid 32959:tid 32986] [client 194.61.40.110:39181] [client 194.61.40.110] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rest-api/search/"] [unique_id "aRPC33oyrq7OJfcFnDj-WQAAARc"]
[Wed Nov 12 07:12:32.312511 2025] [:error] [pid 57223:tid 57258] [client 194.61.40.140:57709] [client 194.61.40.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/uploads/index.php"] [unique_id "aRPC4BUU8_2aS__aG8ZmIQAAAEE"]
[Wed Nov 12 07:12:32.518514 2025] [:error] [pid 57224:tid 57290] [client 194.61.40.163:22013] [client 194.61.40.163] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/images/index.php"] [unique_id "aRPC4Bs7oZ7imwCSdAkm3gAAAIY"]
[Wed Nov 12 07:12:33.608502 2025] [:error] [pid 57222:tid 57231] [client 194.61.40.117:24079] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/update/function.php"] [unique_id "aRPC4WGJazH5XCcA91dLlgAAAAQ"]
[Wed Nov 12 07:12:34.599837 2025] [:error] [pid 57312:tid 57330] [client 194.61.40.128:36669] [client 194.61.40.128] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/assets/"] [unique_id "aRPC4o0cuHgB17JK5qXo8AAAAM0"]
[Wed Nov 12 07:12:36.698185 2025] [:error] [pid 32959:tid 32963] [client 194.61.40.144:37395] [client 194.61.40.144] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/menu.php"] [unique_id "aRPC5Hoyrq7OJfcFnDj-YwAAAQA"]
[Wed Nov 12 07:12:37.794913 2025] [:error] [pid 57312:tid 57327] [client 194.61.40.147:37269] [client 194.61.40.147] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/colors/blue/index.php"] [unique_id "aRPC5Y0cuHgB17JK5qXo8gAAAMo"]
[Wed Nov 12 07:12:39.621757 2025] [:error] [pid 57224:tid 57289] [client 194.61.40.166:58311] [client 194.61.40.166] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/upload/"] [unique_id "aRPC5xs7oZ7imwCSdAkm7QAAAIU"]
[Wed Nov 12 07:12:40.913125 2025] [:error] [pid 32959:tid 32987] [client 194.61.40.148:58977] [client 194.61.40.148] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/function/function.php"] [unique_id "aRPC6Hoyrq7OJfcFnDj-eQAAARg"]
[Wed Nov 12 07:12:42.519000 2025] [:error] [pid 57223:tid 57273] [client 194.61.40.148:47775] [client 194.61.40.148] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/abcd.php"] [unique_id "aRPC6hUU8_2aS__aG8ZmOgAAAFA"]
[Wed Nov 12 07:12:43.413196 2025] [:error] [pid 57224:tid 57295] [client 194.61.40.135:43987] [client 194.61.40.135] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aRPC6xs7oZ7imwCSdAkm7wAAAIs"]
[Wed Nov 12 07:12:44.694405 2025] [:error] [pid 32959:tid 32979] [client 194.61.40.115:44867] [client 194.61.40.115] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/includes/about.php"] [unique_id "aRPC7Hoyrq7OJfcFnDj-igAAARA"]
[Wed Nov 12 07:12:45.915224 2025] [:error] [pid 57312:tid 57333] [client 194.61.40.151:51641] [client 194.61.40.151] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/info.php"] [unique_id "aRPC7Y0cuHgB17JK5qXpEAAAANA"]
[Wed Nov 12 07:12:48.391260 2025] [:error] [pid 57312:tid 57330] [client 194.61.40.139:53537] [client 194.61.40.139] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/calendar/index.php"] [unique_id "aRPC8I0cuHgB17JK5qXpFAAAAM0"]
[Wed Nov 12 07:12:49.418713 2025] [:error] [pid 32959:tid 32977] [client 194.61.40.161:53135] [client 194.61.40.161] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/pomo/wp-login.php"] [unique_id "aRPC8Xoyrq7OJfcFnDj-mQAAAQ4"]
[Wed Nov 12 07:12:50.714635 2025] [:error] [pid 57312:tid 57326] [client 194.61.40.147:52257] [client 194.61.40.147] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/index.php"] [unique_id "aRPC8o0cuHgB17JK5qXpGQAAAMk"]
[Wed Nov 12 07:12:51.814212 2025] [:error] [pid 32959:tid 32966] [client 194.61.40.118:37763] [client 194.61.40.118] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/wp-conflg.php"] [unique_id "aRPC83oyrq7OJfcFnDj-oQAAAQM"]
[Wed Nov 12 07:12:52.708764 2025] [:error] [pid 57223:tid 57267] [client 194.61.40.137:28783] [client 194.61.40.137] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/block-patterns/index.php"] [unique_id "aRPC9BUU8_2aS__aG8ZmRQAAAEo"]
[Wed Nov 12 07:12:53.812734 2025] [:error] [pid 32959:tid 32985] [client 194.61.40.141:41237] [client 194.61.40.141] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/about.php"] [unique_id "aRPC9Xoyrq7OJfcFnDj-pAAAARY"]
[Wed Nov 12 07:12:54.893342 2025] [:error] [pid 57224:tid 57295] [client 194.61.40.166:25311] [client 194.61.40.166] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/languages/themes/"] [unique_id "aRPC9hs7oZ7imwCSdAknCQAAAIs"]
[Wed Nov 12 07:12:55.903453 2025] [:error] [pid 57223:tid 57281] [client 194.61.40.133:53367] [client 194.61.40.133] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/2.php"] [unique_id "aRPC9xUU8_2aS__aG8ZmSgAAAFg"]
[Wed Nov 12 07:12:57.615490 2025] [:error] [pid 57222:tid 57231] [client 194.61.40.156:50431] [client 194.61.40.156] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/function.php"] [unique_id "aRPC-WGJazH5XCcA91dLzgAAAAQ"]
[Wed Nov 12 07:12:58.719643 2025] [:error] [pid 57312:tid 57318] [client 194.61.40.153:28499] [client 194.61.40.153] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/about.php"] [unique_id "aRPC-o0cuHgB17JK5qXpLAAAAME"]
[Wed Nov 12 07:13:00.003512 2025] [:error] [pid 57312:tid 57341] [client 194.61.40.122:46023] [client 194.61.40.122] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/chosen/function.php"] [unique_id "aRPC_I0cuHgB17JK5qXpMwAAANg"]
[Wed Nov 12 07:13:02.112027 2025] [:error] [pid 57222:tid 57232] [client 194.61.40.115:38073] [client 194.61.40.115] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/alfa.php"] [unique_id "aRPC_mGJazH5XCcA91dL1QAAAAU"]
[Wed Nov 12 07:13:03.097613 2025] [:error] [pid 57224:tid 57294] [client 194.61.40.114:23199] [client 194.61.40.114] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/seotheme/mar.php"] [unique_id "aRPC_xs7oZ7imwCSdAknFgAAAIo"]
[Wed Nov 12 07:13:03.912903 2025] [:error] [pid 57222:tid 57228] [client 194.61.40.137:54131] [client 194.61.40.137] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/js/wp-conflg.php"] [unique_id "aRPC_2GJazH5XCcA91dL1wAAAAE"]
[Wed Nov 12 07:13:04.713165 2025] [:error] [pid 57222:tid 57231] [client 194.61.40.140:42027] [client 194.61.40.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/item.php"] [unique_id "aRPDAGGJazH5XCcA91dL2wAAAAQ"]
[Wed Nov 12 07:13:05.407634 2025] [:error] [pid 57222:tid 57229] [client 194.61.40.128:60239] [client 194.61.40.128] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/crop/index.php"] [unique_id "aRPDAWGJazH5XCcA91dL3gAAAAI"]
[Wed Nov 12 07:13:07.115975 2025] [:error] [pid 32959:tid 32983] [client 194.61.40.156:25025] [client 194.61.40.156] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/include.php"] [unique_id "aRPDA3oyrq7OJfcFnDj-0QAAARQ"]
[Wed Nov 12 07:13:08.410803 2025] [:error] [pid 32959:tid 32970] [client 194.61.40.124:29631] [client 194.61.40.124] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/cgi-bin/user/index.php"] [unique_id "aRPDBHoyrq7OJfcFnDj-1wAAAQc"]
[Wed Nov 12 07:13:09.317414 2025] [:error] [pid 57222:tid 57233] [client 194.61.40.117:48135] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/twentytwentyfive/assets/fonts/beiruti/index.php"] [unique_id "aRPDBWGJazH5XCcA91dL5gAAAAY"]
[Wed Nov 12 07:13:10.217594 2025] [:error] [pid 32959:tid 32983] [client 194.61.40.121:43645] [client 194.61.40.121] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/languages/plugins/wp-login.php"] [unique_id "aRPDBnoyrq7OJfcFnDj-2gAAARQ"]
[Wed Nov 12 07:13:11.232246 2025] [:error] [pid 57223:tid 57270] [client 194.61.40.125:34607] [client 194.61.40.125] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/config.php"] [unique_id "aRPDBxUU8_2aS__aG8ZmZQAAAE0"]
[Wed Nov 12 07:13:13.114058 2025] [:error] [pid 57224:tid 57287] [client 194.61.40.152:31389] [client 194.61.40.152] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/xmrlpc.php"] [unique_id "aRPDCRs7oZ7imwCSdAknIgAAAIM"]
[Wed Nov 12 07:13:15.216811 2025] [:error] [pid 57223:tid 57280] [client 194.61.40.159:49131] [client 194.61.40.159] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/twentytwentyfour/patterns/wp-good.php"] [unique_id "aRPDCxUU8_2aS__aG8ZmegAAAFc"]
[Wed Nov 12 07:13:17.104700 2025] [:error] [pid 57223:tid 57269] [client 194.61.40.131:42823] [client 194.61.40.131] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/codemirror/index.php"] [unique_id "aRPDDRUU8_2aS__aG8ZmgAAAAEw"]
[Wed Nov 12 07:13:18.892213 2025] [:error] [pid 57224:tid 57300] [client 194.61.40.159:46833] [client 194.61.40.159] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/js/widgets/admin.php"] [unique_id "aRPDDhs7oZ7imwCSdAknLgAAAJA"]
[Wed Nov 12 07:13:19.820477 2025] [:error] [pid 57312:tid 57323] [client 194.61.40.146:62843] [client 194.61.40.146] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-Owl.php"] [unique_id "aRPDD40cuHgB17JK5qXpdAAAAMY"]
[Wed Nov 12 07:13:21.816698 2025] [:error] [pid 32959:tid 32968] [client 194.61.40.148:48875] [client 194.61.40.148] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/languages/plugins/about.php"] [unique_id "aRPDEXoyrq7OJfcFnDj-8gAAAQU"]
[Wed Nov 12 07:13:22.100541 2025] [:error] [pid 57222:tid 57232] [client 194.61.40.155:56653] [client 194.61.40.155] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/click.php"] [unique_id "aRPDEmGJazH5XCcA91dL_gAAAAU"]
[Wed Nov 12 07:13:24.218182 2025] [:error] [pid 32959:tid 32963] [client 194.61.40.122:65491] [client 194.61.40.122] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/cong.php"] [unique_id "aRPDFHoyrq7OJfcFnDj--gAAAQA"]
[Wed Nov 12 07:13:25.393981 2025] [:error] [pid 57223:tid 57262] [client 194.61.40.139:48851] [client 194.61.40.139] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/html-api/"] [unique_id "aRPDFRUU8_2aS__aG8ZmiAAAAEU"]
[Wed Nov 12 07:13:26.212391 2025] [:error] [pid 57224:tid 57297] [client 194.61.40.114:39723] [client 194.61.40.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/themes.php"] [unique_id "aRPDFhs7oZ7imwCSdAknPgAAAI0"]
[Wed Nov 12 07:13:27.117155 2025] [:error] [pid 57312:tid 57323] [client 194.61.40.134:53331] [client 194.61.40.134] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/aa.php"] [unique_id "aRPDF40cuHgB17JK5qXphgAAAMY"]
[Wed Nov 12 07:13:28.118694 2025] [:error] [pid 57224:tid 57286] [client 194.61.40.148:46511] [client 194.61.40.148] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/ss.php"] [unique_id "aRPDGBs7oZ7imwCSdAknQAAAAII"]
[Wed Nov 12 07:13:28.316787 2025] [:error] [pid 57222:tid 57248] [client 194.61.40.124:64835] [client 194.61.40.124] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/classic-editor/wp-login.php"] [unique_id "aRPDGGGJazH5XCcA91dMBAAAABU"]
[Wed Nov 12 07:13:29.521231 2025] [:error] [pid 57312:tid 57333] [client 194.61.40.151:30661] [client 194.61.40.151] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/cc.php"] [unique_id "aRPDGY0cuHgB17JK5qXpiwAAANA"]
[Wed Nov 12 07:13:31.394668 2025] [:error] [pid 32959:tid 32974] [client 194.61.40.116:45293] [client 194.61.40.116] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/classwithtostring.php"] [unique_id "aRPDG3oyrq7OJfcFnDj_BQAAAQs"]
[Wed Nov 12 07:13:33.505940 2025] [:error] [pid 32959:tid 32966] [client 194.61.40.152:31379] [client 194.61.40.152] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/languages/wp-login.php"] [unique_id "aRPDHXoyrq7OJfcFnDj_CwAAAQM"]
[Wed Nov 12 07:13:34.810854 2025] [:error] [pid 57224:tid 57289] [client 194.61.40.166:29733] [client 194.61.40.166] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wander.php"] [unique_id "aRPDHhs7oZ7imwCSdAknSgAAAIU"]
[Wed Nov 12 07:13:35.992054 2025] [:error] [pid 57222:tid 57244] [client 194.61.40.162:32419] [client 194.61.40.162] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/version.php"] [unique_id "aRPDH2GJazH5XCcA91dMDQAAABE"]
[Wed Nov 12 07:13:37.621145 2025] [:error] [pid 57224:tid 57305] [client 194.61.40.150:59361] [client 194.61.40.150] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/about.php"] [unique_id "aRPDIRs7oZ7imwCSdAknTAAAAJU"]
[Wed Nov 12 07:13:40.014547 2025] [:error] [pid 57222:tid 57235] [client 194.61.40.134:30749] [client 194.61.40.134] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/xx.php"] [unique_id "aRPDJGGJazH5XCcA91dMFwAAAAg"]
[Wed Nov 12 07:13:41.098134 2025] [:error] [pid 57223:tid 57272] [client 194.61.40.134:38685] [client 194.61.40.134] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Renderer/"] [unique_id "aRPDJRUU8_2aS__aG8ZmmwAAAE8"]
[Wed Nov 12 07:13:41.819497 2025] [:error] [pid 57224:tid 57296] [client 194.61.40.130:31607] [client 194.61.40.130] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/product.php"] [unique_id "aRPDJRs7oZ7imwCSdAknVwAAAIw"]
[Wed Nov 12 07:13:42.893658 2025] [:error] [pid 57222:tid 57235] [client 194.61.40.120:55021] [client 194.61.40.120] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/chosen.php"] [unique_id "aRPDJmGJazH5XCcA91dMHgAAAAg"]
[Wed Nov 12 07:13:44.725382 2025] [:error] [pid 57222:tid 57248] [client 194.61.40.166:64321] [client 194.61.40.166] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/elp.php"] [unique_id "aRPDKGGJazH5XCcA91dMJAAAABU"]
[Wed Nov 12 07:13:45.014693 2025] [:error] [pid 57222:tid 57241] [client 194.61.40.111:51923] [client 194.61.40.111] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/yasnu.php"] [unique_id "aRPDKWGJazH5XCcA91dMJQAAAA4"]
[Wed Nov 12 07:13:46.504461 2025] [:error] [pid 57312:tid 57317] [client 194.61.40.156:34499] [client 194.61.40.156] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/"] [unique_id "aRPDKo0cuHgB17JK5qXpqAAAAMA"]
[Wed Nov 12 07:13:46.716287 2025] [:error] [pid 57223:tid 57269] [client 194.61.40.135:44267] [client 194.61.40.135] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/classwithtostring.php"] [unique_id "aRPDKhUU8_2aS__aG8ZmoQAAAEw"]
[Wed Nov 12 07:13:47.892417 2025] [:error] [pid 57222:tid 57243] [client 194.61.40.155:45069] [client 194.61.40.155] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/"] [unique_id "aRPDK2GJazH5XCcA91dMKgAAABA"]
[Wed Nov 12 07:13:49.319865 2025] [:error] [pid 57222:tid 57231] [client 194.61.40.165:57419] [client 194.61.40.165] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/pki-validation/index.php"] [unique_id "aRPDLWGJazH5XCcA91dMLwAAAAQ"]
[Wed Nov 12 07:13:50.410180 2025] [:error] [pid 57222:tid 57235] [client 194.61.40.159:63499] [client 194.61.40.159] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/about.php"] [unique_id "aRPDLmGJazH5XCcA91dMMwAAAAg"]
[Wed Nov 12 07:13:50.615214 2025] [:error] [pid 32959:tid 32973] [client 194.61.40.109:53109] [client 194.61.40.109] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/flower.php"] [unique_id "aRPDLnoyrq7OJfcFnDj_LQAAAQo"]
[Wed Nov 12 07:13:51.811933 2025] [:error] [pid 57312:tid 57335] [client 194.61.40.130:36265] [client 194.61.40.130] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/plugins/directionality/index.php"] [unique_id "aRPDL40cuHgB17JK5qXpwAAAANI"]
[Wed Nov 12 07:13:53.517071 2025] [:error] [pid 57222:tid 57232] [client 194.61.40.166:58027] [client 194.61.40.166] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/block-supports/autoload_classmap.php"] [unique_id "aRPDMWGJazH5XCcA91dMQgAAAAU"]
[Wed Nov 12 07:13:57.593621 2025] [:error] [pid 57224:tid 57306] [client 194.61.40.124:55125] [client 194.61.40.124] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/wp.php"] [unique_id "aRPDNRs7oZ7imwCSdAknbwAAAJY"]
[Wed Nov 12 07:13:59.311260 2025] [:error] [pid 32959:tid 32983] [client 194.61.40.117:50323] [client 194.61.40.117] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/details/about.php"] [unique_id "aRPDN3oyrq7OJfcFnDj_XQAAARQ"]
[Wed Nov 12 07:14:00.619987 2025] [:error] [pid 57312:tid 57340] [client 194.61.40.112:39719] [client 194.61.40.112] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/pwnd/pwnd.php"] [unique_id "aRPDOI0cuHgB17JK5qXp4QAAANc"]
[Wed Nov 12 07:14:02.215345 2025] [:error] [pid 57223:tid 57270] [client 194.61.40.111:32923] [client 194.61.40.111] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/tinyfilemanager/tinyfilemanager.php"] [unique_id "aRPDOhUU8_2aS__aG8Zm3gAAAE0"]
[Wed Nov 12 07:14:03.499673 2025] [:error] [pid 57224:tid 57287] [client 194.61.40.153:62477] [client 194.61.40.153] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/tinyfilemanager.php"] [unique_id "aRPDOxs7oZ7imwCSdAkneAAAAIM"]
[Wed Nov 12 07:14:05.318129 2025] [:error] [pid 57312:tid 57323] [client 194.61.40.129:34427] [client 194.61.40.129] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/fm.php"] [unique_id "aRPDPY0cuHgB17JK5qXp9AAAAMY"]
[Wed Nov 12 07:14:07.418392 2025] [:error] [pid 57223:tid 57269] [client 194.61.40.157:57787] [client 194.61.40.157] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/filemanager.php"] [unique_id "aRPDPxUU8_2aS__aG8Zm4wAAAEw"]
[Wed Nov 12 07:14:08.405081 2025] [:error] [pid 57223:tid 57266] [client 194.61.40.163:50849] [client 194.61.40.163] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/tiny.php"] [unique_id "aRPDQBUU8_2aS__aG8Zm5QAAAEk"]
[Wed Nov 12 11:21:04.971159 2025] [:error] [pid 60180:tid 60189] [client 47.254.85.115:53162] [client 47.254.85.115] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aRP9IFhgd7ccS8EZg1qyZwAAAUc"]
[Wed Nov 12 11:21:05.805902 2025] [:error] [pid 60095:tid 60101] [client 47.254.85.115:53470] [client 47.254.85.115] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/api/.env"] [unique_id "aRP9IXlw2elroagFF1q3VAAAAEI"]
[Wed Nov 12 11:21:06.455628 2025] [:error] [pid 60096:tid 60135] [client 47.254.85.115:53706] [client 47.254.85.115] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/env/.env"] [unique_id "aRP9IjmzkhCvvk8DXOwfPgAAAIk"]
[Wed Nov 12 11:41:01.365754 2025] [:error] [pid 60096:tid 60145] [client 62.60.130.228:63656] [client 62.60.130.228] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 62.60.130.228, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aRQBzTmzkhCvvk8DXOwlvgAAAJA"], referer: https://twitter.com/
[Wed Nov 12 11:41:01.370828 2025] [:error] [pid 60096:tid 60145] [client 62.60.130.228:63656] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php, referer: https://twitter.com/
[Wed Nov 12 13:52:31.497389 2025] [:error] [pid 60095:tid 60119] [client 157.230.19.140:42504] [client 157.230.19.140] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/v2/api-docs"] [unique_id "aRQgn3lw2elroagFF1rp6QAAAFQ"]
[Wed Nov 12 13:52:32.455317 2025] [:error] [pid 60096:tid 60132] [client 157.230.19.140:42518] [client 157.230.19.140] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/v3/api-docs"] [unique_id "aRQgoDmzkhCvvk8DXOxUgwAAAIY"]
[Wed Nov 12 13:52:33.238844 2025] [:error] [pid 60096:tid 60145] [client 157.230.19.140:42524] [client 157.230.19.140] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/api-docs/swagger.json"] [unique_id "aRQgoTmzkhCvvk8DXOxUhQAAAJA"]
[Wed Nov 12 13:52:34.038879 2025] [:error] [pid 60095:tid 60111] [client 157.230.19.140:42530] [client 157.230.19.140] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/api/swagger.json"] [unique_id "aRQgonlw2elroagFF1rp6wAAAEw"]
[Wed Nov 12 13:52:34.767364 2025] [:error] [pid 60405:tid 60413] [client 157.230.19.140:42542] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/@vite/env"] [unique_id "aRQgonMGv_mlVi6mf5qkWwAAAAU"]
[Wed Nov 12 13:52:35.496690 2025] [:error] [pid 60096:tid 60158] [client 157.230.19.140:46772] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/actuator/env"] [unique_id "aRQgozmzkhCvvk8DXOxUiQAAAJg"]
[Wed Nov 12 13:52:36.219524 2025] [:error] [pid 60180:tid 60182] [client 157.230.19.140:46782] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/server"] [unique_id "aRQgpFhgd7ccS8EZg1rrOwAAAUA"]
[Wed Nov 12 13:52:36.939475 2025] [:error] [pid 60096:tid 60133] [client 157.230.19.140:46786] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/.vscode/sftp.json"] [unique_id "aRQgpDmzkhCvvk8DXOxUjQAAAIc"]
[Wed Nov 12 13:52:37.718544 2025] [:error] [pid 60096:tid 60130] [client 157.230.19.140:46790] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/about"] [unique_id "aRQgpTmzkhCvvk8DXOxUkAAAAIQ"]
[Wed Nov 12 13:52:38.446733 2025] [:error] [pid 60095:tid 60103] [client 157.230.19.140:46794] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/debug/default/view"] [unique_id "aRQgpnlw2elroagFF1rp7AAAAEQ"]
[Wed Nov 12 13:52:39.173271 2025] [:error] [pid 12744:tid 12765] [client 157.230.19.140:46804] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/v2/_catalog"] [unique_id "aRQgp51cp_ouUvkFj0XjUAAAARE"]
[Wed Nov 12 13:52:39.911517 2025] [:error] [pid 60095:tid 60109] [client 157.230.19.140:46812] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "aRQgp3lw2elroagFF1rp7gAAAEo"]
[Wed Nov 12 13:52:40.689445 2025] [:error] [pid 60180:tid 60194] [client 157.230.19.140:46816] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/server-status"] [unique_id "aRQgqFhgd7ccS8EZg1rrQAAAAUw"]
[Wed Nov 12 13:52:41.453274 2025] [:error] [pid 60180:tid 60191] [client 157.230.19.140:46822] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/login.action"] [unique_id "aRQgqVhgd7ccS8EZg1rrQQAAAUk"]
[Wed Nov 12 13:52:42.289724 2025] [:error] [pid 60405:tid 60423] [client 157.230.19.140:46830] [client 157.230.19.140] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/_all_dbs"] [unique_id "aRQgqnMGv_mlVi6mf5qkYwAAAA8"]
[Wed Nov 12 13:52:43.034679 2025] [:error] [pid 60180:tid 60188] [client 157.230.19.140:46832] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/.DS_Store"] [unique_id "aRQgq1hgd7ccS8EZg1rrQwAAAUY"]
[Wed Nov 12 13:52:44.023457 2025] [:error] [pid 60097:tid 60169] [client 157.230.19.140:46846] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.env"] [unique_id "aRQgrMdT5oio_TbWpi8p-QAAANA"]
[Wed Nov 12 13:52:44.935482 2025] [:error] [pid 12744:tid 12758] [client 157.230.19.140:46414] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRQgrJ1cp_ouUvkFj0XjWAAAAQo"]
[Wed Nov 12 13:52:45.886502 2025] [:error] [pid 60180:tid 60192] [client 157.230.19.140:46430] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/s/4313e2232313e243e2330313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties"] [unique_id "aRQgrVhgd7ccS8EZg1rrSAAAAUo"]
[Wed Nov 12 13:52:46.768518 2025] [:error] [pid 60096:tid 60129] [client 157.230.19.140:46446] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/config.json"] [unique_id "aRQgrjmzkhCvvk8DXOxUlwAAAIM"]
[Wed Nov 12 13:52:47.538235 2025] [:error] [pid 12744:tid 12752] [client 157.230.19.140:46448] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/telescope/requests"] [unique_id "aRQgr51cp_ouUvkFj0XjWQAAAQQ"]
[Wed Nov 12 13:52:48.271272 2025] [:error] [pid 12744:tid 12749] [client 157.230.19.140:46460] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/info.php"] [unique_id "aRQgsJ1cp_ouUvkFj0XjYwAAAQE"]
[Wed Nov 12 13:52:49.000210 2025] [:error] [pid 60180:tid 60196] [client 157.230.19.140:46464] [client 157.230.19.140] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRQgsFhgd7ccS8EZg1rrTQAAAU4"]
[Wed Nov 12 17:07:15.297817 2025] [:error] [pid 12744:tid 12758] [client 81.184.74.33:62154] [client 81.184.74.33] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 81.184.74.33, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRROQ51cp_ouUvkFj0U3KwAAAQo"]
[Wed Nov 12 17:07:15.305271 2025] [:error] [pid 12744:tid 12758] [client 81.184.74.33:62154] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Wed Nov 12 18:01:43.696320 2025] [:error] [pid 60095:tid 60104] [client 142.93.0.66:37058] [client 142.93.0.66] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v2/api-docs"] [unique_id "aRRbB3lw2elroagFF1omRAAAAEU"]
[Wed Nov 12 18:01:44.314536 2025] [:error] [pid 12744:tid 12766] [client 142.93.0.66:37074] [client 142.93.0.66] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v3/api-docs"] [unique_id "aRRbCJ1cp_ouUvkFj0VKawAAARI"]
[Wed Nov 12 18:01:44.946196 2025] [:error] [pid 60096:tid 60141] [client 142.93.0.66:37076] [client 142.93.0.66] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/api-docs/swagger.json"] [unique_id "aRRbCDmzkhCvvk8DXOyU9AAAAI4"]
[Wed Nov 12 18:01:45.563508 2025] [:error] [pid 60096:tid 60140] [client 142.93.0.66:37086] [client 142.93.0.66] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/api/swagger.json"] [unique_id "aRRbCTmzkhCvvk8DXOyU9wAAAI0"]
[Wed Nov 12 18:01:46.184696 2025] [:error] [pid 60097:tid 60162] [client 142.93.0.66:37088] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/@vite/env"] [unique_id "aRRbCsdT5oio_TbWpi9ttQAAAMk"]
[Wed Nov 12 18:01:46.804642 2025] [:error] [pid 60096:tid 60158] [client 142.93.0.66:42862] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/actuator/env"] [unique_id "aRRbCjmzkhCvvk8DXOyU-QAAAJg"]
[Wed Nov 12 18:01:47.423055 2025] [:error] [pid 60095:tid 60114] [client 142.93.0.66:42868] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/server"] [unique_id "aRRbC3lw2elroagFF1omSQAAAE8"]
[Wed Nov 12 18:01:48.041404 2025] [:error] [pid 23737:tid 23762] [client 142.93.0.66:42878] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/.vscode/sftp.json"] [unique_id "aRRbDBQUsVVfOZWgW_WQJQAAAY0"]
[Wed Nov 12 18:01:48.660575 2025] [:error] [pid 60095:tid 60109] [client 142.93.0.66:42882] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/about"] [unique_id "aRRbDHlw2elroagFF1omSgAAAEo"]
[Wed Nov 12 18:01:49.278582 2025] [:error] [pid 60180:tid 60186] [client 142.93.0.66:42886] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/debug/default/view"] [unique_id "aRRbDVhgd7ccS8EZg1o0cAAAAUQ"]
[Wed Nov 12 18:01:49.898312 2025] [:error] [pid 60097:tid 60144] [client 142.93.0.66:42894] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/v2/_catalog"] [unique_id "aRRbDcdT5oio_TbWpi9tuwAAAME"]
[Wed Nov 12 18:01:50.518767 2025] [:error] [pid 60097:tid 60177] [client 142.93.0.66:42906] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "aRRbDsdT5oio_TbWpi9tvQAAANg"]
[Wed Nov 12 18:01:51.138670 2025] [:error] [pid 12744:tid 12762] [client 142.93.0.66:42922] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/server-status"] [unique_id "aRRbD51cp_ouUvkFj0VKbwAAAQ4"]
[Wed Nov 12 18:01:51.758343 2025] [:error] [pid 60405:tid 60422] [client 142.93.0.66:42936] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/login.action"] [unique_id "aRRbD3MGv_mlVi6mf5rw5gAAAA4"]
[Wed Nov 12 18:01:52.377347 2025] [:error] [pid 23737:tid 23773] [client 142.93.0.66:42952] [client 142.93.0.66] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/_all_dbs"] [unique_id "aRRbEBQUsVVfOZWgW_WQKQAAAZg"]
[Wed Nov 12 18:01:52.997360 2025] [:error] [pid 60097:tid 60144] [client 142.93.0.66:42956] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/.DS_Store"] [unique_id "aRRbEMdT5oio_TbWpi9txAAAAME"]
[Wed Nov 12 18:01:53.615945 2025] [:error] [pid 60097:tid 60154] [client 142.93.0.66:42972] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aRRbEcdT5oio_TbWpi9tyAAAAMY"]
[Wed Nov 12 18:01:54.235411 2025] [:error] [pid 60405:tid 60413] [client 142.93.0.66:42978] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRRbEnMGv_mlVi6mf5rw6wAAAAU"]
[Wed Nov 12 18:01:54.866574 2025] [:error] [pid 60405:tid 60418] [client 142.93.0.66:42988] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/s/4313e2232313e243e2330313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties"] [unique_id "aRRbEnMGv_mlVi6mf5rw7QAAAAo"]
[Wed Nov 12 18:01:55.485210 2025] [:error] [pid 60405:tid 60424] [client 142.93.0.66:42998] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/config.json"] [unique_id "aRRbE3MGv_mlVi6mf5rw7wAAABA"]
[Wed Nov 12 18:01:56.104376 2025] [:error] [pid 60097:tid 60171] [client 142.93.0.66:43006] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/telescope/requests"] [unique_id "aRRbFMdT5oio_TbWpi9tzQAAANI"]
[Wed Nov 12 18:01:56.721708 2025] [:error] [pid 23737:tid 23755] [client 142.93.0.66:43886] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/info.php"] [unique_id "aRRbFBQUsVVfOZWgW_WQMgAAAYY"]
[Wed Nov 12 18:01:57.339210 2025] [:error] [pid 23737:tid 23756] [client 142.93.0.66:43898] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 1). String match "Go-http-client" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "36"] [id "771003"] [msg "Blocked bad bot user-agent: Go-http-client"] [tag "bad_bot"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRRbFRQUsVVfOZWgW_WQNAAAAYc"]
[Wed Nov 12 23:54:07.720135 2025] [:error] [pid 23737:tid 23762] [client 93.123.109.7:40402] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRStnxQUsVVfOZWgW_UEQAAAAY0"]
[Thu Nov 13 03:25:14.148204 2025] [:error] [pid 60095:tid 60115] [client 159.75.151.97:35850] [client 159.75.151.97] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aRTfGnlw2elroagFF1qStgAAAFA"]
[Thu Nov 13 03:25:16.373135 2025] [:error] [pid 60180:tid 60203] [client 159.75.151.97:57906] [client 159.75.151.97] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/api/.env"] [unique_id "aRTfHFhgd7ccS8EZg1q0DAAAAVU"]
[Thu Nov 13 04:14:46.260101 2025] [:error] [pid 51491:tid 51500] [client 45.153.34.41:55108] [client 45.153.34.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRTqttQaME15TQuGVKThzwAAAMQ"]
[Thu Nov 13 05:44:31.492445 2025] [:error] [pid 22566:tid 22592] [client 45.149.173.233:40242] [client 45.149.173.233] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 45.149.173.233, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRT_vzfdqWaUbu3e06-KiQAAARg"]
[Thu Nov 13 05:44:31.498348 2025] [:error] [pid 22566:tid 22592] [client 45.149.173.233:40242] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Thu Nov 13 05:44:33.226135 2025] [:error] [pid 22566:tid 22579] [client 45.149.173.233:40242] [client 45.149.173.233] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp1/wp-includes/wlwmanifest.xml"] [unique_id "aRT_wTfdqWaUbu3e06-KlgAAAQs"]
[Thu Nov 13 05:44:33.522796 2025] [:error] [pid 22222:tid 22241] [client 45.149.173.233:40248] [client 45.149.173.233] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/test/wp-includes/wlwmanifest.xml"] [unique_id "aRT_wTL-5qXvQuZkA4GiNQAAAA8"]
[Thu Nov 13 05:44:33.818728 2025] [:error] [pid 22222:tid 22229] [client 45.149.173.233:40262] [client 45.149.173.233] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/media/wp-includes/wlwmanifest.xml"] [unique_id "aRT_wTL-5qXvQuZkA4GiNgAAAAM"]
[Thu Nov 13 05:44:34.115535 2025] [:error] [pid 22566:tid 22574] [client 45.149.173.233:40270] [client 45.149.173.233] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp2/wp-includes/wlwmanifest.xml"] [unique_id "aRT_wjfdqWaUbu3e06-KlwAAAQY"]
[Thu Nov 13 05:44:34.410192 2025] [:error] [pid 22223:tid 22270] [client 45.149.173.233:40278] [client 45.149.173.233] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/site/wp-includes/wlwmanifest.xml"] [unique_id "aRT_wt6it_tNBGH9EAEWUwAAAFE"]
[Thu Nov 13 05:44:34.705312 2025] [:error] [pid 22224:tid 22298] [client 45.149.173.233:40288] [client 45.149.173.233] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cms/wp-includes/wlwmanifest.xml"] [unique_id "aRT_wruEVuTj3a_UBfD_2wAAAJI"]
[Thu Nov 13 05:44:35.000905 2025] [:error] [pid 22224:tid 22280] [client 45.149.173.233:40294] [client 45.149.173.233] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/sito/wp-includes/wlwmanifest.xml"] [unique_id "aRT_wruEVuTj3a_UBfD_3AAAAIA"]
[Thu Nov 13 07:30:28.516884 2025] [:error] [pid 34451:tid 34476] [client 85.203.36.150:31573] [client 85.203.36.150] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aRUYlDRcD8KetQb4RaqnWAAAAVc"]
[Thu Nov 13 10:27:00.602474 2025] [:error] [pid 62215:tid 62219] [client 43.166.247.155:56432] [client 43.166.247.155] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRVB9EvClof1c6XaOBUMywAAAMA"]
[Thu Nov 13 11:49:45.279835 2025] [:error] [pid 62217:tid 62291] [client 43.157.158.178:53620] [client 43.157.158.178] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRVVWRjGU3T9wKBmdNe8JwAAAFE"]
[Thu Nov 13 12:51:06.476141 2025] [:error] [pid 6086:tid 6105] [client 180.193.207.92:54891] [client 180.193.207.92] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 180.193.207.92, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRVjun9_6CRZzjZnAe2pMgAAARA"]
[Thu Nov 13 12:51:06.481815 2025] [:error] [pid 6086:tid 6105] [client 180.193.207.92:54891] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Thu Nov 13 17:27:06.722972 2025] [:error] [pid 6086:tid 6096] [client 49.7.227.204:44884] [client 49.7.227.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRWkan9_6CRZzjZnAe0tXQAAAQc"]
[Thu Nov 13 17:48:44.529978 2025] [:error] [pid 62216:tid 62247] [client 94.247.172.129:35622] [client 94.247.172.129] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "close, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRWpfOpyFB9M2aVQhwMy1gAAAAA"]
[Thu Nov 13 17:55:44.362938 2025] [:error] [pid 62303:tid 62323] [client 150.241.107.255:56629] [client 150.241.107.255] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRWrIL-hlFTtVrZw8jDoHQAAAJA"]
[Thu Nov 13 17:55:44.909018 2025] [:error] [pid 6086:tid 6097] [client 150.241.107.255:56843] [client 150.241.107.255] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRWrIH9_6CRZzjZnAe0zagAAAQg"]
[Thu Nov 13 17:55:45.453923 2025] [:error] [pid 62303:tid 62331] [client 150.241.107.255:57234] [client 150.241.107.255] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/wlwmanifest.xml"] [unique_id "aRWrIb-hlFTtVrZw8jDoMQAAAJg"]
[Thu Nov 13 18:30:26.663760 2025] [:error] [pid 62215:tid 62233] [client 43.157.95.131:51872] [client 43.157.95.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRWzQkvClof1c6XaOBW5ZwAAAM4"]
[Thu Nov 13 18:43:21.519050 2025] [:error] [pid 62215:tid 62231] [client 103.62.235.2:35550] [client 103.62.235.2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRW2SUvClof1c6XaOBW_AgAAAMw"]
[Thu Nov 13 18:43:22.354993 2025] [:error] [pid 44354:tid 44381] [client 103.62.235.2:56586] [client 103.62.235.2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRW2SnqKopQhy3G4s3mENwAAAZY"]
[Thu Nov 13 21:51:34.196303 2025] [:error] [pid 5086:tid 5103] [client 49.51.47.100:45346] [client 49.51.47.100] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRXiZh_dsYLFCHw574inzgAAAQ4"]
[Thu Nov 13 23:12:34.780769 2025] [:error] [pid 4994:tid 5074] [client 3.254.60.6:32884] [client 3.254.60.6] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRX1YgVaYoYtjfBbabUlNAAAAJU"]
[Thu Nov 13 23:20:36.732384 2025] [:error] [pid 4994:tid 5062] [client 18.228.22.209:44614] [client 18.228.22.209] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRX3RAVaYoYtjfBbabUnmAAAAIk"]
[Fri Nov 14 00:02:58.480470 2025] [:error] [pid 4993:tid 5036] [client 121.229.185.160:35733] [client 121.229.185.160] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRYBMsl_cC0Js5xNCU1wBAAAAAo"]
[Fri Nov 14 02:08:16.566113 2025] [:error] [pid 56495:tid 56512] [client 43.153.58.28:41656] [client 43.153.58.28] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRYekFwO8wZZL5WJceXR7gAAAM0"]
[Fri Nov 14 02:21:14.978523 2025] [:error] [pid 56586:tid 56604] [client 159.65.154.187:55182] [client 159.65.154.187] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 159.65.154.187, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aRYhmq7eYD3G9deYMP5WPgAAAY0"]
[Fri Nov 14 02:21:14.985855 2025] [:error] [pid 56586:tid 56604] [client 159.65.154.187:55182] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php
[Fri Nov 14 06:23:37.365795 2025] [:error] [pid 47155:tid 47201] [client 179.186.168.55:50315] [client 179.186.168.55] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 179.186.168.55, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRZaaZipxRXMZJH8hmj9kwAAAE8"]
[Fri Nov 14 06:23:37.371291 2025] [:error] [pid 47155:tid 47201] [client 179.186.168.55:50315] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Fri Nov 14 11:07:23.225115 2025] [:error] [pid 59105:tid 59110] [client 43.166.239.145:40630] [client 43.166.239.145] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRac67d-anP1JpNfuSLu8wAAAUM"]
[Fri Nov 14 12:02:42.756072 2025] [:error] [pid 16573:tid 16580] [client 2.57.122.173:57558] [client 2.57.122.173] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRap4iPGexfUk9FDoEIUlwAAAEI"]
[Fri Nov 14 12:29:07.358879 2025] [:error] [pid 16709:tid 16711] [client 125.75.66.97:36237] [client 125.75.66.97] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRawE6NdzfVNC4oipLWzbgAAAUA"]
[Fri Nov 14 17:06:03.127357 2025] [:error] [pid 16709:tid 16716] [client 43.130.228.73:33850] [client 43.130.228.73] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRbw-6NdzfVNC4oipLVMMwAAAUU"]
[Fri Nov 14 18:36:26.098164 2025] [:error] [pid 1170:tid 1177] [client 143.110.217.244:60512] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v2/api-docs"] [unique_id "aRcGKg5pkvzCDzzjItRIFAAAAAU"]
[Fri Nov 14 18:36:26.714355 2025] [:error] [pid 16574:tid 16614] [client 143.110.217.244:60522] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v3/api-docs"] [unique_id "aRcGKv6XQqe4NqaoE9I9QwAAAIc"]
[Fri Nov 14 18:36:27.330594 2025] [:error] [pid 1170:tid 1196] [client 143.110.217.244:60536] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/api-docs/swagger.json"] [unique_id "aRcGKw5pkvzCDzzjItRIFwAAABg"]
[Fri Nov 14 18:36:27.945916 2025] [:error] [pid 16709:tid 16712] [client 143.110.217.244:60548] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/api/swagger.json"] [unique_id "aRcGK6NdzfVNC4oipLVwOwAAAUE"]
[Fri Nov 14 18:36:28.563080 2025] [:error] [pid 1170:tid 1185] [client 143.110.217.244:60556] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/@vite/env"] [unique_id "aRcGLA5pkvzCDzzjItRIGgAAAA0"]
[Fri Nov 14 18:36:29.178069 2025] [:error] [pid 16709:tid 16716] [client 143.110.217.244:60564] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/actuator/env"] [unique_id "aRcGLaNdzfVNC4oipLVwPAAAAUU"]
[Fri Nov 14 18:36:29.793271 2025] [:error] [pid 1170:tid 1194] [client 143.110.217.244:39224] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/server"] [unique_id "aRcGLQ5pkvzCDzzjItRIGwAAABY"]
[Fri Nov 14 18:36:30.409441 2025] [:error] [pid 16709:tid 16733] [client 143.110.217.244:39238] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.vscode/sftp.json"] [unique_id "aRcGLqNdzfVNC4oipLVwQAAAAVY"]
[Fri Nov 14 18:36:31.034822 2025] [:error] [pid 16575:tid 16642] [client 143.110.217.244:39246] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/about"] [unique_id "aRcGL-6qT670YxigvbCOTgAAAMg"]
[Fri Nov 14 18:36:31.651136 2025] [:error] [pid 16575:tid 16639] [client 143.110.217.244:39256] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/debug/default/view"] [unique_id "aRcGL-6qT670YxigvbCOUAAAAMU"]
[Fri Nov 14 18:36:32.266025 2025] [:error] [pid 16709:tid 16713] [client 143.110.217.244:39260] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v2/_catalog"] [unique_id "aRcGMKNdzfVNC4oipLVwRAAAAUI"]
[Fri Nov 14 18:36:32.881370 2025] [:error] [pid 1170:tid 1174] [client 143.110.217.244:39266] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "aRcGMA5pkvzCDzzjItRIIAAAAAI"]
[Fri Nov 14 18:36:33.496941 2025] [:error] [pid 16573:tid 16584] [client 143.110.217.244:39268] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/server-status"] [unique_id "aRcGMSPGexfUk9FDoEKjcgAAAEY"]
[Fri Nov 14 18:36:34.112564 2025] [:error] [pid 16709:tid 16720] [client 143.110.217.244:39282] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/login.action"] [unique_id "aRcGMqNdzfVNC4oipLVwRwAAAUk"]
[Fri Nov 14 18:36:34.727702 2025] [:error] [pid 16671:tid 16701] [client 143.110.217.244:39290] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/_all_dbs"] [unique_id "aRcGMjsoHwEAmeIzZXBfqQAAARg"]
[Fri Nov 14 18:36:35.343957 2025] [:error] [pid 16671:tid 16679] [client 143.110.217.244:39292] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.DS_Store"] [unique_id "aRcGMzsoHwEAmeIzZXBfqwAAAQI"]
[Fri Nov 14 18:36:35.958083 2025] [:error] [pid 1170:tid 1193] [client 143.110.217.244:39308] [client 143.110.217.244] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aRcGMw5pkvzCDzzjItRIIQAAABU"]
[Fri Nov 14 18:36:36.571016 2025] [:error] [pid 16575:tid 16646] [client 143.110.217.244:39322] [client 143.110.217.244] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRcGNO6qT670YxigvbCOVQAAAMw"]
[Fri Nov 14 18:36:37.187061 2025] [:error] [pid 16573:tid 16588] [client 143.110.217.244:39324] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/s/4313e2232313e243e2330313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties"] [unique_id "aRcGNSPGexfUk9FDoEKjdgAAAEo"]
[Fri Nov 14 18:36:37.804036 2025] [:error] [pid 16573:tid 16597] [client 143.110.217.244:39334] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/config.json"] [unique_id "aRcGNSPGexfUk9FDoEKjdwAAAFM"]
[Fri Nov 14 18:36:38.418451 2025] [:error] [pid 16671:tid 16680] [client 143.110.217.244:39344] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/telescope/requests"] [unique_id "aRcGNjsoHwEAmeIzZXBfrAAAAQM"]
[Fri Nov 14 18:36:39.034072 2025] [:error] [pid 16709:tid 16711] [client 143.110.217.244:39348] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/info.php"] [unique_id "aRcGN6NdzfVNC4oipLVwTAAAAUA"]
[Fri Nov 14 18:36:39.650053 2025] [:error] [pid 16671:tid 16691] [client 143.110.217.244:33068] [client 143.110.217.244] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRcGNzsoHwEAmeIzZXBfrgAAAQ4"]
[Fri Nov 14 18:55:08.802797 2025] [:error] [pid 16709:tid 16734] [client 121.229.185.160:49004] [client 121.229.185.160] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRcKjKNdzfVNC4oipLV1awAAAVc"]
[Fri Nov 14 22:59:18.679948 2025] [:error] [pid 1170:tid 1178] [client 170.106.165.186:58634] [client 170.106.165.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRdDxg5pkvzCDzzjItS0NwAAAAY"]
[Fri Nov 14 23:08:53.645210 2025] [:error] [pid 16573:tid 16600] [client 43.157.95.131:40488] [client 43.157.95.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRdGBSPGexfUk9FDoELpYQAAAFY"]
[Sat Nov 15 01:34:32.419992 2025] [:error] [pid 45907:tid 45922] [client 182.43.70.143:54419] [client 182.43.70.143] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRdoKFAqmYxCpnT9gJGHHwAAAUs"]
[Sat Nov 15 03:50:19.317068 2025] [:error] [pid 10386:tid 10399] [client 34.125.68.163:52202] [client 34.125.68.163] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aReH-9h9QLimDNE-fblfGQAAAAE"]
[Sat Nov 15 06:17:10.733059 2025] [:error] [pid 27911:tid 27985] [client 4.205.179.237:22471] [client 4.205.179.237] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/network.php"] [unique_id "aReqZsGzUdrhGBIfiKTMEAAAAJE"]
[Sat Nov 15 06:17:11.212734 2025] [:error] [pid 27910:tid 27961] [client 4.205.179.237:22498] [client 4.205.179.237] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 4.205.179.237, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/upgrade-temp-backup/wp-login.php"] [unique_id "aReqZ46e1LusHMYkS7ZezgAAAFQ"]
[Sat Nov 15 06:17:12.528575 2025] [:error] [pid 27910:tid 27955] [client 4.205.179.237:22498] File does not exist: /usr/local/apache/htdocs/suspended-page/default.php
[Sat Nov 15 06:17:12.771848 2025] [:error] [pid 27910:tid 27945] [client 4.205.179.237:22498] File does not exist: /usr/local/apache/htdocs/suspended-page/ty.php
[Sat Nov 15 06:17:14.405690 2025] [:error] [pid 27910:tid 27942] [client 4.205.179.237:22498] [client 4.205.179.237] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/fm.php"] [unique_id "aReqao6e1LusHMYkS7Ze7AAAAEE"]
[Sat Nov 15 06:17:15.040962 2025] [:error] [pid 27911:tid 27991] [client 4.205.179.237:22514] File does not exist: /usr/local/apache/htdocs/suspended-page/ini.php
[Sat Nov 15 06:17:15.674919 2025] [:error] [pid 27911:tid 27983] [client 4.205.179.237:22514] [client 4.205.179.237] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/network/about.php"] [unique_id "aReqa8GzUdrhGBIfiKTMKQAAAI8"]
[Sat Nov 15 06:17:16.157473 2025] [:error] [pid 27909:tid 27930] [client 4.205.179.237:22475] [client 4.205.179.237] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/network/about.php"] [unique_id "aReqbCTfZ6B57n8HepWX2gAAABE"]
[Sat Nov 15 06:17:16.641903 2025] [:error] [pid 27910:tid 27960] [client 4.205.179.237:22486] [client 4.205.179.237] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/network/about.php"] [unique_id "aReqbI6e1LusHMYkS7Ze8wAAAFM"]
[Sat Nov 15 06:17:17.094902 2025] [:error] [pid 27911:tid 27968] [client 4.205.179.237:22467] [client 4.205.179.237] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/network/about.php"] [unique_id "aReqbcGzUdrhGBIfiKTMKwAAAIA"]
[Sat Nov 15 13:53:18.283344 2025] [:error] [pid 19961:tid 20006] [client 60.188.57.0:43301] [client 60.188.57.0] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRgVTjar7Si-84EApVRHdQAAAc0"]
[Sat Nov 15 20:26:25.863616 2025] [:error] [pid 27997:tid 28018] [client 45.134.79.103:63275] [client 45.134.79.103] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRhxcdpja_6cDxKbxFnq0AAAANM"]
[Sat Nov 15 20:26:26.505808 2025] [:error] [pid 20654:tid 20659] [client 45.134.79.103:63483] [client 45.134.79.103] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRhxcncS7eC8vO76_ycI1gAAA4I"]
[Sat Nov 15 20:26:27.152897 2025] [:error] [pid 22613:tid 22615] [client 45.134.79.103:63736] [client 45.134.79.103] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/wlwmanifest.xml"] [unique_id "aRhxcyoyR3cDsIRGPRnSRAAAAgA"]
[Sat Nov 15 23:21:26.863093 2025] [:error] [pid 20654:tid 20665] [client 87.200.168.251:21443] [client 87.200.168.251] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 87.200.168.251, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRiadncS7eC8vO76_ycn5gAAA4g"]
[Sat Nov 15 23:21:26.874314 2025] [:error] [pid 20654:tid 20665] [client 87.200.168.251:21443] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Sun Nov 16 01:03:22.365760 2025] [:error] [pid 20346:tid 20370] [client 165.22.210.134:40132] [client 165.22.210.134] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aRiyWp7hsydZdIoVTlt9EAAAAxU"]
[Sun Nov 16 01:03:23.789854 2025] [:error] [pid 19959:tid 19990] [client 165.22.210.134:40142] [client 165.22.210.134] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRiyW8jejiTUP1-IawMUTQAAAZg"]
[Sun Nov 16 02:08:47.902028 2025] [:error] [pid 19959:tid 19985] [client 43.157.43.147:58340] [client 43.157.43.147] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRjBr8jejiTUP1-IawMhAwAAAZM"]
[Sun Nov 16 03:18:46.181153 2025] [:error] [pid 27972:tid 27993] [client 182.42.104.32:56493] [client 182.42.104.32] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRjSFm8yq0TdrNn1vm1npAAAANM"]
[Sun Nov 16 07:18:42.915680 2025] [:error] [pid 52471:tid 52546] [client 49.51.183.75:53398] [client 49.51.183.75] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRkKUtmWsFzjR5CEgDW7nAAAAI4"]
[Sun Nov 16 10:07:55.300225 2025] [:error] [pid 52469:tid 52486] [client 43.130.57.76:46710] [client 43.130.57.76] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRkx-06HaXpHeEZ98Z1D6wAAAAk"]
[Sun Nov 16 12:33:57.390881 2025] [:error] [pid 34271:tid 34286] [client 185.213.154.209:51552] [client 185.213.154.209] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aRlUNUNmlZhoZZV1BUB8gwAAAk0"]
[Sun Nov 16 12:33:57.391299 2025] [:error] [pid 34271:tid 34279] [client 185.213.154.209:51572] [client 185.213.154.209] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aRlUNUNmlZhoZZV1BUB8hAAAAkY"]
[Sun Nov 16 18:20:41.822077 2025] [:error] [pid 52471:tid 52532] [client 155.94.163.116:60435] [client 155.94.163.116] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/"] [unique_id "aRmledmWsFzjR5CEgDVUTgAAAIA"], referer: binance.com
[Sun Nov 16 20:09:42.145354 2025] [:error] [pid 34164:tid 34183] [client 43.201.30.120:38918] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aRm_Bu93ccBCLD8-Q4Zo5QAAAY8"]
[Sun Nov 16 20:09:49.666172 2025] [:error] [pid 34164:tid 34190] [client 43.201.30.120:40382] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.backup"] [unique_id "aRm_De93ccBCLD8-Q4Zo7gAAAZY"]
[Sun Nov 16 20:09:49.666189 2025] [:error] [pid 34133:tid 34156] [client 43.201.30.120:40372] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.local"] [unique_id "aRm_DfSAB3iwXVRY0gGh9wAAAVU"]
[Sun Nov 16 20:09:49.684212 2025] [:error] [pid 52563:tid 52578] [client 43.201.30.120:40424] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.dev"] [unique_id "aRm_Dc-l3ey-hVJ5Auu_GwAAAMw"]
[Sun Nov 16 20:09:49.714242 2025] [:error] [pid 34133:tid 34138] [client 43.201.30.120:40394] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.production"] [unique_id "aRm_DfSAB3iwXVRY0gGh-AAAAUM"]
[Sun Nov 16 20:09:49.724895 2025] [:error] [pid 34133:tid 34142] [client 43.201.30.120:40392] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.sample"] [unique_id "aRm_DfSAB3iwXVRY0gGh-QAAAUc"]
[Sun Nov 16 20:09:49.764978 2025] [:error] [pid 34227:tid 34251] [client 43.201.30.120:40402] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.test"] [unique_id "aRm_DX108zGLYs9eMuhJxQAAAhY"]
[Sun Nov 16 20:09:49.773413 2025] [:error] [pid 52563:tid 52588] [client 43.201.30.120:40418] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.prod"] [unique_id "aRm_Dc-l3ey-hVJ5Auu_HAAAANY"]
[Sun Nov 16 20:09:49.798474 2025] [:error] [pid 34133:tid 34143] [client 43.201.30.120:40398] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.development"] [unique_id "aRm_DfSAB3iwXVRY0gGh-gAAAUg"]
[Sun Nov 16 20:09:49.912464 2025] [:error] [pid 34133:tid 34150] [client 43.201.30.120:40434] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.staging"] [unique_id "aRm_DfSAB3iwXVRY0gGh-wAAAU8"]
[Sun Nov 16 20:09:49.985798 2025] [:error] [pid 34164:tid 34192] [client 43.201.30.120:40420] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env~"] [unique_id "aRm_De93ccBCLD8-Q4Zo8AAAAZg"]
[Sun Nov 16 20:09:50.198179 2025] [:error] [pid 34227:tid 34237] [client 43.201.30.120:40450] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.bak"] [unique_id "aRm_Dn108zGLYs9eMuhJxwAAAgg"]
[Sun Nov 16 20:09:50.214592 2025] [:error] [pid 52563:tid 52580] [client 43.201.30.120:40448] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.old"] [unique_id "aRm_Ds-l3ey-hVJ5Auu_HgAAAM4"]
[Sun Nov 16 20:09:51.475332 2025] [:error] [pid 34271:tid 34273] [client 43.201.30.120:40452] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.orig"] [unique_id "aRm_D0NmlZhoZZV1BUDOBgAAAkA"]
[Sun Nov 16 20:09:51.520868 2025] [:error] [pid 52469:tid 52483] [client 43.201.30.120:40460] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.tmp"] [unique_id "aRm_D06HaXpHeEZ98Z38LAAAAAY"]
[Sun Nov 16 20:09:51.522615 2025] [:error] [pid 34271:tid 34291] [client 43.201.30.120:40474] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/admin/.env.save"] [unique_id "aRm_D0NmlZhoZZV1BUDOBwAAAlI"]
[Sun Nov 16 20:09:51.527985 2025] [:error] [pid 52563:tid 52583] [client 43.201.30.120:40546] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/admin/.env.bak"] [unique_id "aRm_D8-l3ey-hVJ5Auu_IAAAANE"]
[Sun Nov 16 20:09:51.529538 2025] [:error] [pid 20556:tid 20563] [client 43.201.30.120:40490] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.dist"] [unique_id "aRm_D0kbyEckbWtBcCKijAAAAQU"]
[Sun Nov 16 20:09:51.530111 2025] [:error] [pid 34271:tid 34287] [client 43.201.30.120:40506] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/api/.env"] [unique_id "aRm_D0NmlZhoZZV1BUDOCAAAAk4"]
[Sun Nov 16 20:09:51.541340 2025] [:error] [pid 34271:tid 34283] [client 43.201.30.120:40492] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/admin/.env"] [unique_id "aRm_D0NmlZhoZZV1BUDOCQAAAko"]
[Sun Nov 16 20:09:51.555319 2025] [:error] [pid 52563:tid 52585] [client 43.201.30.120:40538] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/api/.env.save"] [unique_id "aRm_D8-l3ey-hVJ5Auu_IQAAANM"]
[Sun Nov 16 20:09:51.563566 2025] [:error] [pid 20556:tid 20574] [client 43.201.30.120:40522] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/admin/.env.old"] [unique_id "aRm_D0kbyEckbWtBcCKijQAAARA"]
[Sun Nov 16 20:09:51.565982 2025] [:error] [pid 34301:tid 34320] [client 43.201.30.120:40536] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.save"] [unique_id "aRm_D7GPoZwUGuFNREvepQAAApA"]
[Sun Nov 16 20:09:51.614083 2025] [:error] [pid 52563:tid 52581] [client 43.201.30.120:40560] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.swp"] [unique_id "aRm_D8-l3ey-hVJ5Auu_IgAAAM8"]
[Sun Nov 16 20:09:51.830974 2025] [:error] [pid 52471:tid 52538] [client 43.201.30.120:40566] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/api/.env.bak"] [unique_id "aRm_D9mWsFzjR5CEgDVsTgAAAIY"]
[Sun Nov 16 20:09:51.942397 2025] [:error] [pid 34165:tid 34214] [client 43.201.30.120:40578] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/app/.env.old"] [unique_id "aRm_D3hG2YTKEjXchwk57QAAAdM"]
[Sun Nov 16 20:09:51.961176 2025] [:error] [pid 20556:tid 20562] [client 43.201.30.120:40614] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/app/.env.bak"] [unique_id "aRm_D0kbyEckbWtBcCKijgAAAQQ"]
[Sun Nov 16 20:09:51.961181 2025] [:error] [pid 34301:tid 34324] [client 43.201.30.120:40598] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/config/.env"] [unique_id "aRm_D7GPoZwUGuFNREvepgAAApQ"]
[Sun Nov 16 20:09:51.986060 2025] [:error] [pid 34164:tid 34177] [client 43.201.30.120:40628] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/api/.env.old"] [unique_id "aRm_D-93ccBCLD8-Q4Zo8QAAAYk"]
[Sun Nov 16 20:09:52.004543 2025] [:error] [pid 34271:tid 34297] [client 43.201.30.120:40604] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/app/.env.save"] [unique_id "aRm_EENmlZhoZZV1BUDOCgAAAlg"]
[Sun Nov 16 20:09:52.022433 2025] [:error] [pid 52563:tid 52567] [client 43.201.30.120:40582] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/config/.env.save"] [unique_id "aRm_EM-l3ey-hVJ5Auu_JQAAAME"]
[Sun Nov 16 20:09:52.052496 2025] [:error] [pid 34301:tid 34312] [client 43.201.30.120:40630] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/app/.env"] [unique_id "aRm_ELGPoZwUGuFNREvepwAAAog"]
[Sun Nov 16 20:09:52.091631 2025] [:error] [pid 52563:tid 52587] [client 43.201.30.120:40622] [client 43.201.30.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/config/.env.bak"] [unique_id "aRm_EM-l3ey-hVJ5Auu_JgAAANU"]
[Sun Nov 16 22:04:22.985663 2025] [:error] [pid 52471:tid 52540] [client 190.239.42.201:52841] [client 190.239.42.201] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 190.239.42.201, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRnZ5tmWsFzjR5CEgDWFVQAAAIg"]
[Sun Nov 16 22:04:22.990563 2025] [:error] [pid 52471:tid 52540] [client 190.239.42.201:52841] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Sun Nov 16 22:10:16.306467 2025] [:error] [pid 20556:tid 20561] [client 41.90.186.191:1531] [client 41.90.186.191] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 41.90.186.191, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRnbSEkbyEckbWtBcCLEkQAAAQM"]
[Sun Nov 16 22:10:16.311154 2025] [:error] [pid 20556:tid 20561] [client 41.90.186.191:1531] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Mon Nov 17 02:36:56.358038 2025] [:error] [pid 65480:tid 330] [client 172.200.56.243:65242] File does not exist: /usr/local/apache/htdocs/suspended-page/aa.php
[Mon Nov 17 02:36:57.750764 2025] [:error] [pid 65480:tid 330] [client 172.200.56.243:65242] File does not exist: /usr/local/apache/htdocs/suspended-page/abcd.php
[Mon Nov 17 02:36:57.997713 2025] [:error] [pid 65480:tid 329] [client 172.200.56.243:65242] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php
[Mon Nov 17 02:36:58.226253 2025] [:error] [pid 65480:tid 325] [client 172.200.56.243:65242] File does not exist: /usr/local/apache/htdocs/suspended-page/buy.php
[Mon Nov 17 02:36:58.749534 2025] [:error] [pid 65480:tid 345] [client 172.200.56.243:65242] File does not exist: /usr/local/apache/htdocs/suspended-page/edit.php
[Mon Nov 17 02:36:58.986037 2025] [:error] [pid 65480:tid 326] [client 172.200.56.243:65242] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Mon Nov 17 02:36:59.201778 2025] [:error] [pid 65480:tid 350] [client 172.200.56.243:65242] File does not exist: /usr/local/apache/htdocs/suspended-page/flower.php
[Mon Nov 17 02:36:59.652988 2025] [:error] [pid 65480:tid 342] [client 172.200.56.243:65242] File does not exist: /usr/local/apache/htdocs/suspended-page/info.php
[Mon Nov 17 02:36:59.891942 2025] [:error] [pid 65480:tid 346] [client 172.200.56.243:65242] File does not exist: /usr/local/apache/htdocs/suspended-page/ioxi-o.php
[Mon Nov 17 02:37:00.123317 2025] [:error] [pid 65480:tid 321] [client 172.200.56.243:65242] [client 172.200.56.243] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nc4.php"] [unique_id "aRoZzA3NjAS-v6ul5QCHUAAAAME"]
[Mon Nov 17 02:37:00.566724 2025] [:error] [pid 55657:tid 55717] [client 172.200.56.243:64597] [client 172.200.56.243] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nc4.php"] [unique_id "aRoZzB2pywrNN427_XRZ0wAAAcc"]
[Mon Nov 17 02:37:01.021294 2025] [:error] [pid 55745:tid 55747] [client 172.200.56.243:65182] [client 172.200.56.243] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nc4.php"] [unique_id "aRoZzYZk0eT801XQsauXLAAAAEA"]
[Mon Nov 17 02:37:01.498160 2025] [:error] [pid 55655:tid 55672] [client 172.200.56.243:65273] [client 172.200.56.243] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nc4.php"] [unique_id "aRoZzSGT_hu1vaVuRSSKpwAAAA0"]
[Mon Nov 17 03:34:54.175068 2025] [:error] [pid 19117:tid 19142] [client 95.154.200.37:52992] [client 95.154.200.37] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/js/mage/adminhtml/sales.js"] [unique_id "aRonXqKfAyjjpAj5a3ikagAAAMY"]
[Mon Nov 17 03:34:56.197923 2025] [:error] [pid 18996:tid 19043] [client 95.154.200.37:52996] [client 95.154.200.37] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/js/mage/adminhtml/sales.js"] [unique_id "aRonYGppjRfYaw_xJpsbFQAAAEE"]
[Mon Nov 17 03:34:57.159933 2025] [:error] [pid 18996:tid 19066] [client 95.154.200.37:53000] [client 95.154.200.37] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/js/mage/adminhtml/tools.js"] [unique_id "aRonYWppjRfYaw_xJpsbGQAAAFg"]
[Mon Nov 17 03:34:58.116377 2025] [:error] [pid 18996:tid 19055] [client 95.154.200.37:53008] [client 95.154.200.37] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/js/mage/translate_inline.js"] [unique_id "aRonYmppjRfYaw_xJpsbIgAAAE0"]
[Mon Nov 17 03:34:59.074610 2025] [:error] [pid 19117:tid 19136] [client 95.154.200.37:44568] [client 95.154.200.37] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/skin/adminhtml/default/default/boxes.css"] [unique_id "aRonY6KfAyjjpAj5a3ikcgAAAMA"]
[Mon Nov 17 03:35:00.036081 2025] [:error] [pid 18996:tid 19049] [client 95.154.200.37:44576] [client 95.154.200.37] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/js/prototype/validation.js"] [unique_id "aRonZGppjRfYaw_xJpsbKgAAAEc"]
[Mon Nov 17 03:35:00.993607 2025] [:error] [pid 18997:tid 19080] [client 95.154.200.37:44580] [client 95.154.200.37] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/RELEASE_NOTES.txt"] [unique_id "aRonZMzSgi4K0UUOQIBIawAAAIs"]
[Mon Nov 17 06:20:33.970192 2025] [:error] [pid 39537:tid 39544] [client 172.200.56.243:13275] File does not exist: /usr/local/apache/htdocs/suspended-page/ioxi-o.php
[Mon Nov 17 06:20:34.321863 2025] [:error] [pid 39537:tid 39544] [client 172.200.56.243:13275] File does not exist: /usr/local/apache/htdocs/suspended-page/file17.php
[Mon Nov 17 06:20:34.537218 2025] [:error] [pid 39537:tid 39549] [client 172.200.56.243:13275] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Mon Nov 17 06:20:35.166203 2025] [:error] [pid 39537:tid 39541] [client 172.200.56.243:13275] File does not exist: /usr/local/apache/htdocs/suspended-page/aw.php
[Mon Nov 17 06:20:36.419691 2025] [:error] [pid 39537:tid 39548] [client 172.200.56.243:13275] [client 172.200.56.243] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/yanierin/akcc.php"] [unique_id "aRpONIZRrh1pcrdcLB_ygwAAAMg"]
[Mon Nov 17 06:20:36.844839 2025] [:error] [pid 39449:tid 39466] [client 172.200.56.243:13255] [client 172.200.56.243] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/yanierin/akcc.php"] [unique_id "aRpONKUCymTA3MDfzLOdFgAAAAw"]
[Mon Nov 17 06:20:37.250862 2025] [:error] [pid 39451:tid 39521] [client 172.200.56.243:13191] [client 172.200.56.243] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/yanierin/akcc.php"] [unique_id "aRpONefgkqXTS0SO3fB3GgAAAI0"]
[Mon Nov 17 06:20:37.671445 2025] [:error] [pid 39450:tid 39489] [client 172.200.56.243:13252] [client 172.200.56.243] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/yanierin/akcc.php"] [unique_id "aRpONeoZqPB4_7vNEDSiuQAAAEg"]
[Mon Nov 17 07:01:43.886908 2025] [:error] [pid 39451:tid 39525] [client 91.224.92.177:62422] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-confiq.php
[Mon Nov 17 07:01:44.566779 2025] [:error] [pid 39449:tid 39466] [client 91.224.92.177:63282] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-confiq.php
[Mon Nov 17 11:36:03.566792 2025] [:error] [pid 39537:tid 39556] [client 43.157.147.3:38470] [client 43.157.147.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRqYI4ZRrh1pcrdcLB9vPQAAANA"]
[Mon Nov 17 12:06:18.294168 2025] [:error] [pid 39449:tid 39477] [client 182.42.111.213:42758] [client 182.42.111.213] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRqfOqUCymTA3MDfzLMCqgAAABc"]
[Mon Nov 17 17:18:28.527954 2025] [:error] [pid 39449:tid 39472] [client 43.130.228.73:59380] [client 43.130.228.73] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRroZKUCymTA3MDfzLMy4QAAABI"]
[Mon Nov 17 18:39:12.758733 2025] [:error] [pid 39449:tid 39475] [client 106.119.167.146:58674] [client 106.119.167.146] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRr7UKUCymTA3MDfzLNHjAAAABU"]
[Tue Nov 18 04:17:38.416298 2025] [:error] [pid 61482:tid 61503] [client 159.65.153.77:23554] [client 159.65.153.77] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.env"] [unique_id "aRuC4vtNHsWZClVWav4p8wAAANA"]
[Tue Nov 18 04:17:40.139614 2025] [:error] [pid 61392:tid 61439] [client 159.65.153.77:23562] [client 159.65.153.77] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aRuC5HSmvb496zZxueKu8gAAAEo"]
[Tue Nov 18 06:18:36.053458 2025] [:error] [pid 61392:tid 61451] [client 57.154.46.156:9668] File does not exist: /usr/local/apache/htdocs/suspended-page/aa.php
[Tue Nov 18 06:18:36.302755 2025] [:error] [pid 61392:tid 61439] [client 57.154.46.156:9668] File does not exist: /usr/local/apache/htdocs/suspended-page/abcd.php
[Tue Nov 18 06:18:36.492376 2025] [:error] [pid 61392:tid 61445] [client 57.154.46.156:9668] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php
[Tue Nov 18 06:18:36.821160 2025] [:error] [pid 61392:tid 61447] [client 57.154.46.156:9668] File does not exist: /usr/local/apache/htdocs/suspended-page/buy.php
[Tue Nov 18 06:18:37.251334 2025] [:error] [pid 61392:tid 61450] [client 57.154.46.156:9668] File does not exist: /usr/local/apache/htdocs/suspended-page/edit.php
[Tue Nov 18 06:18:37.600719 2025] [:error] [pid 61392:tid 61444] [client 57.154.46.156:9668] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Tue Nov 18 06:18:37.878947 2025] [:error] [pid 61392:tid 61441] [client 57.154.46.156:9668] File does not exist: /usr/local/apache/htdocs/suspended-page/flower.php
[Tue Nov 18 06:18:38.275067 2025] [:error] [pid 61392:tid 61446] [client 57.154.46.156:9668] File does not exist: /usr/local/apache/htdocs/suspended-page/info.php
[Tue Nov 18 06:18:38.453063 2025] [:error] [pid 61392:tid 61430] [client 57.154.46.156:9668] File does not exist: /usr/local/apache/htdocs/suspended-page/ioxi-o.php
[Tue Nov 18 06:18:38.623648 2025] [:error] [pid 61392:tid 61449] [client 57.154.46.156:9668] [client 57.154.46.156] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nc4.php"] [unique_id "aRufPnSmvb496zZxueLOqgAAAFQ"]
[Tue Nov 18 06:18:39.038207 2025] [:error] [pid 61391:tid 61407] [client 57.154.46.156:29750] [client 57.154.46.156] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nc4.php"] [unique_id "aRufP4wXIKmhlnkP3-dgPQAAAAc"]
[Tue Nov 18 06:18:39.529521 2025] [:error] [pid 61392:tid 61453] [client 57.154.46.156:10138] [client 57.154.46.156] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nc4.php"] [unique_id "aRufP3Smvb496zZxueLOrAAAAFg"]
[Tue Nov 18 06:18:39.872267 2025] [:error] [pid 29195:tid 29199] [client 57.154.46.156:10131] [client 57.154.46.156] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nc4.php"] [unique_id "aRufPxMeonxy_4yeOTU6EQAAAQI"]
[Tue Nov 18 10:04:27.139610 2025] [:error] [pid 28635:tid 28652] [client 43.166.245.120:40658] [client 43.166.245.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRvUK2B61AnWhG54Xz3nPwAAAc4"]
[Tue Nov 18 15:19:22.462919 2025] [:error] [pid 44624:tid 44637] [client 210.1.100.79:15745] [client 210.1.100.79] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 210.1.100.79, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRwd-illffozoBluWCUlWAAAAYo"]
[Tue Nov 18 15:19:22.470253 2025] [:error] [pid 44624:tid 44637] [client 210.1.100.79:15745] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Tue Nov 18 17:46:28.542457 2025] [:error] [pid 44560:tid 44582] [client 84.247.191.22:49607] [client 84.247.191.22] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/"] [unique_id "aRxAdAnbP7etF3q5-5uIoQAAAMs"], referer: binance.com
[Tue Nov 18 18:02:11.349936 2025] [:error] [pid 44624:tid 44638] [client 101.32.49.171:40464] [client 101.32.49.171] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aRxEIyllffozoBluWCV9VAAAAYs"]
[Tue Nov 18 21:37:29.404954 2025] [:error] [pid 44472:tid 44553] [client 45.134.79.103:62720] [client 45.134.79.103] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRx2mYKhGwkiLjv8BQweyAAAAVY"]
[Tue Nov 18 21:37:30.107686 2025] [:error] [pid 44472:tid 44550] [client 45.134.79.103:52529] [client 45.134.79.103] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aRx2moKhGwkiLjv8BQwe3AAAAVM"]
[Tue Nov 18 21:37:30.791909 2025] [:error] [pid 1387:tid 1399] [client 45.134.79.103:63369] [client 45.134.79.103] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/wlwmanifest.xml"] [unique_id "aRx2mkzBvalKyx3hMvWenAAAAAY"]
[Wed Nov 19 04:07:03.136809 2025] [:error] [pid 52819:tid 52890] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/form.php, referer: https://www.google.de/
[Wed Nov 19 04:07:03.296732 2025] [:error] [pid 52819:tid 52883] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/aa.php, referer: https://www.google.de/
[Wed Nov 19 04:07:03.459229 2025] [:error] [pid 52819:tid 52895] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/abcd.php, referer: https://www.google.com/
[Wed Nov 19 04:07:03.623150 2025] [:error] [pid 52819:tid 52902] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php, referer: https://www.yahoo.com/
[Wed Nov 19 04:07:03.789924 2025] [:error] [pid 52819:tid 52884] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/.__info.php, referer: https://www.google.fr/
[Wed Nov 19 04:07:04.296210 2025] [:error] [pid 52819:tid 52894] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/info.php, referer: https://www.google.com/
[Wed Nov 19 04:07:04.457372 2025] [:error] [pid 52819:tid 52900] [client 20.25.163.76:53593] [client 20.25.163.76] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 20.25.163.76, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aRzR6N9UEqhArnX57Z-4awAAAJY"], referer: https://duckduckgo.com/
[Wed Nov 19 04:07:04.462955 2025] [:error] [pid 52819:tid 52900] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php, referer: https://duckduckgo.com/
[Wed Nov 19 04:07:04.839655 2025] [:error] [pid 52819:tid 52886] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/aaa.php, referer: https://www.google.com/
[Wed Nov 19 04:07:04.999679 2025] [:error] [pid 52819:tid 52901] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php, referer: https://www.bing.com/
[Wed Nov 19 04:07:05.551389 2025] [:error] [pid 52819:tid 52890] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/adminfuns.php, referer: https://www.google.de/
[Wed Nov 19 04:07:05.712825 2025] [:error] [pid 52819:tid 52883] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/akcc.php, referer: https://duckduckgo.com/
[Wed Nov 19 04:07:05.903232 2025] [:error] [pid 52819:tid 52902] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/alfa.php, referer: https://www.bing.com/
[Wed Nov 19 04:07:06.080728 2025] [:error] [pid 52819:tid 52881] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/build.php, referer: https://www.google.de/
[Wed Nov 19 04:07:06.695572 2025] [:error] [pid 52819:tid 52889] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/buy.php, referer: https://www.bing.com/
[Wed Nov 19 04:07:06.857269 2025] [:error] [pid 52819:tid 52900] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php, referer: https://www.google.de/
[Wed Nov 19 04:07:07.053783 2025] [:error] [pid 52819:tid 52892] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/classwithtostring.php, referer: https://www.google.co.uk/
[Wed Nov 19 04:07:07.260534 2025] [:error] [pid 52819:tid 52901] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/default.php, referer: https://www.bing.com/
[Wed Nov 19 04:07:07.422985 2025] [:error] [pid 52819:tid 52897] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/edit.php, referer: https://www.google.com/
[Wed Nov 19 04:07:07.585492 2025] [:error] [pid 52819:tid 52898] [client 20.25.163.76:53593] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php, referer: https://www.google.com/
[Wed Nov 19 04:07:07.742601 2025] [:error] [pid 52819:tid 52890] [client 20.25.163.76:53593] [client 20.25.163.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/filemanager.php"] [unique_id "aRzR699UEqhArnX57Z-4hAAAAIw"], referer: https://www.google.fr/
[Wed Nov 19 04:07:08.461373 2025] [:error] [pid 52819:tid 52893] [client 20.25.163.76:54346] File does not exist: /usr/local/apache/htdocs/suspended-page/flower.php, referer: https://www.google.de/
[Wed Nov 19 04:07:09.526289 2025] [:error] [pid 52819:tid 52894] [client 20.25.163.76:54346] File does not exist: /usr/local/apache/htdocs/suspended-page/go.php, referer: https://duckduckgo.com/
[Wed Nov 19 04:07:10.036106 2025] [:error] [pid 52819:tid 52892] [client 20.25.163.76:54346] File does not exist: /usr/local/apache/htdocs/suspended-page/ioxi-o.php, referer: https://www.bing.com/
[Wed Nov 19 04:07:10.203518 2025] [:error] [pid 52819:tid 52901] [client 20.25.163.76:54346] File does not exist: /usr/local/apache/htdocs/suspended-page/mari.php, referer: https://duckduckgo.com/
[Wed Nov 19 04:07:10.368825 2025] [:error] [pid 52819:tid 52885] [client 20.25.163.76:54346] File does not exist: /usr/local/apache/htdocs/suspended-page/moon.php, referer: https://www.google.fr/
[Wed Nov 19 04:07:10.531838 2025] [:error] [pid 52819:tid 52890] [client 20.25.163.76:54346] File does not exist: /usr/local/apache/htdocs/suspended-page/nc4.php, referer: https://www.google.de/
[Wed Nov 19 04:07:11.794923 2025] [:error] [pid 52819:tid 52887] [client 20.25.163.76:54346] [client 20.25.163.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/style-engine/index.php"] [unique_id "aRzR799UEqhArnX57Z-4oAAAAIk"], referer: https://www.yahoo.com/
[Wed Nov 19 04:07:13.282225 2025] [:error] [pid 52817:tid 52829] [client 20.25.163.76:53600] File does not exist: /usr/local/apache/htdocs/suspended-page/xleet.php, referer: https://www.bing.com/
[Wed Nov 19 04:07:13.771967 2025] [:error] [pid 52817:tid 52826] [client 20.25.163.76:53600] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-good.php, referer: https://www.google.de/
[Wed Nov 19 04:07:14.255403 2025] [:error] [pid 52817:tid 52845] [client 20.25.163.76:53600] File does not exist: /usr/local/apache/htdocs/suspended-page/xmrlpc.php, referer: https://www.google.fr/
[Wed Nov 19 04:07:14.743961 2025] [:error] [pid 52817:tid 52834] [client 20.25.163.76:53600] File does not exist: /usr/local/apache/htdocs/suspended-page/asasx.php, referer: https://www.bing.com/
[Wed Nov 19 04:07:15.336676 2025] [:error] [pid 52817:tid 52825] [client 20.25.163.76:53600] File does not exist: /usr/local/apache/htdocs/suspended-page/autoload_classmap.php, referer: https://duckduckgo.com/
[Wed Nov 19 04:07:15.494232 2025] [:error] [pid 52817:tid 52823] [client 20.25.163.76:53600] File does not exist: /usr/local/apache/htdocs/suspended-page/cong.php, referer: https://www.google.de/
[Wed Nov 19 04:07:15.654009 2025] [:error] [pid 52817:tid 52833] [client 20.25.163.76:53600] File does not exist: /usr/local/apache/htdocs/suspended-page/file2.php, referer: https://www.google.fr/
[Wed Nov 19 04:07:16.544060 2025] [:error] [pid 52817:tid 52822] [client 20.25.163.76:53600] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-cron.php, referer: https://duckduckgo.com/
[Wed Nov 19 04:07:17.242807 2025] [:error] [pid 52817:tid 52831] [client 20.25.163.76:53600] [client 20.25.163.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/fonts/index.php"] [unique_id "aRzR9aXbKs2PYLPddPYENwAAAAk"], referer: https://www.bing.com/
[Wed Nov 19 07:30:35.916966 2025] [:error] [pid 6919:tid 6922] [client 18.191.165.250:55972] [client 18.191.165.250] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR0Bm0YFdN1s_9xJVUmqnAAAAQA"]
[Wed Nov 19 07:30:36.315891 2025] [:error] [pid 6554:tid 6570] [client 18.191.165.250:56004] [client 18.191.165.250] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR0BnN8rvPWLafJFqmVWhQAAAAo"]
[Wed Nov 19 07:30:36.707717 2025] [:error] [pid 6555:tid 6604] [client 18.191.165.250:56067] [client 18.191.165.250] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR0BnEbVJm8eMsGMTCONbwAAAE0"]
[Wed Nov 19 07:30:37.102701 2025] [:error] [pid 6644:tid 6668] [client 18.191.165.250:56143] [client 18.191.165.250] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR0BnU0i6Rf788MB6sbZXwAAANY"]
[Wed Nov 19 07:30:37.496052 2025] [:error] [pid 6644:tid 6661] [client 18.191.165.250:56235] [client 18.191.165.250] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR0BnU0i6Rf788MB6sbZbQAAAM8"]
[Wed Nov 19 09:20:27.099079 2025] [:error] [pid 6919:tid 6933] [client 123.187.240.242:35022] [client 123.187.240.242] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR0bW0YFdN1s_9xJVUnRbgAAAQs"]
[Wed Nov 19 12:49:13.869636 2025] [:error] [pid 6919:tid 6937] [client 101.32.208.70:35824] [client 101.32.208.70] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR1MSUYFdN1s_9xJVUkhxAAAAQ8"]
[Wed Nov 19 20:35:57.690520 2025] [:error] [pid 6554:tid 6560] [client 104.196.176.201:58031] [client 104.196.176.201] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/media/system/js/core.js"] [unique_id "aR25rd8rvPWLafJFqmX7aAAAAAE"]
[Wed Nov 19 23:07:44.832393 2025] [:error] [pid 26664:tid 26683] [client 43.159.141.150:60050] [client 43.159.141.150] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aR3dQIpWc1yoj2P7MeAZMwAAAU8"]
[Thu Nov 20 03:47:37.117752 2025] [:error] [pid 8872:tid 8896] [client 186.206.216.131:61230] [client 186.206.216.131] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 186.206.216.131, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aR4e2TkBDH0q-89RJLFYeQAAA1U"]
[Thu Nov 20 03:47:37.126217 2025] [:error] [pid 8872:tid 8896] [client 186.206.216.131:61230] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Thu Nov 20 04:43:21.127724 2025] [:error] [pid 55340:tid 55346] [client 113.219.218.197:39710] [client 113.219.218.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aR4r6fOxD-NeMydTybCzEwAAAAE"]
[Thu Nov 20 05:12:43.557594 2025] [:error] [pid 55430:tid 55456] [client 134.149.35.232:18511] File does not exist: /usr/local/apache/htdocs/suspended-page/404.php
[Thu Nov 20 05:12:43.814700 2025] [:error] [pid 55430:tid 55446] [client 134.149.35.232:18511] File does not exist: /usr/local/apache/htdocs/suspended-page/CLA.php
[Thu Nov 20 05:12:44.069487 2025] [:error] [pid 55430:tid 55453] [client 134.149.35.232:18511] File does not exist: /usr/local/apache/htdocs/suspended-page/aa.php
[Thu Nov 20 05:12:44.325259 2025] [:error] [pid 55430:tid 55433] [client 134.149.35.232:18511] File does not exist: /usr/local/apache/htdocs/suspended-page/abcd.php
[Thu Nov 20 05:12:44.766379 2025] [:error] [pid 55430:tid 55436] [client 134.149.35.232:18511] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Thu Nov 20 05:12:45.303657 2025] [:error] [pid 55430:tid 55447] [client 134.149.35.232:18511] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php
[Thu Nov 20 05:12:45.572618 2025] [:error] [pid 55430:tid 55454] [client 134.149.35.232:18511] File does not exist: /usr/local/apache/htdocs/suspended-page/adminer.php
[Thu Nov 20 05:12:45.827504 2025] [:error] [pid 55430:tid 55438] [client 134.149.35.232:18511] File does not exist: /usr/local/apache/htdocs/suspended-page/ahax.php
[Thu Nov 20 05:12:46.084436 2025] [:error] [pid 55430:tid 55452] [client 134.149.35.232:18511] File does not exist: /usr/local/apache/htdocs/suspended-page/alfa.php
[Thu Nov 20 05:12:46.359588 2025] [:error] [pid 55430:tid 55457] [client 134.149.35.232:18511] File does not exist: /usr/local/apache/htdocs/suspended-page/astab.php
[Thu Nov 20 05:12:46.615345 2025] [:error] [pid 55430:tid 55450] [client 134.149.35.232:18511] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/atomlib.php"] [unique_id "aR4yzvPZXaIMEU4pE7s20QAAANE"]
[Thu Nov 20 05:12:50.240290 2025] [:error] [pid 55342:tid 55382] [client 134.149.35.232:18455] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/atomlib.php"] [unique_id "aR4y0rg6x32Tvk7fIG8tSgAAAEo"]
[Thu Nov 20 05:12:51.735969 2025] [:error] [pid 55342:tid 55392] [client 134.149.35.232:18514] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/atomlib.php"] [unique_id "aR4y07g6x32Tvk7fIG8tTQAAAFQ"]
[Thu Nov 20 05:13:00.855073 2025] [:error] [pid 55343:tid 55415] [client 134.149.35.232:18493] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/atomlib.php"] [unique_id "aR4y3FWlO3EnyVMV7w7w2wAAAJA"]
[Thu Nov 20 05:13:01.549266 2025] [:error] [pid 55342:tid 55376] [client 134.149.35.232:18487] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless.php"] [unique_id "aR4y3bg6x32Tvk7fIG8tUwAAAEQ"]
[Thu Nov 20 05:13:02.639360 2025] [:error] [pid 55430:tid 55438] [client 134.149.35.232:18449] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless.php"] [unique_id "aR4y3vPZXaIMEU4pE7s29QAAAMU"]
[Thu Nov 20 05:13:05.074626 2025] [:error] [pid 55340:tid 55357] [client 134.149.35.232:18458] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless.php"] [unique_id "aR4y4fOxD-NeMydTybC6tQAAAAw"]
[Thu Nov 20 05:13:06.580832 2025] [:error] [pid 55340:tid 55354] [client 134.149.35.232:18481] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless.php"] [unique_id "aR4y4vOxD-NeMydTybC6uAAAAAk"]
[Thu Nov 20 05:13:12.250861 2025] [:error] [pid 55342:tid 55395] [client 134.149.35.232:18491] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless2.php"] [unique_id "aR4y6Lg6x32Tvk7fIG8thQAAAFc"]
[Thu Nov 20 05:13:15.703130 2025] [:error] [pid 55430:tid 55439] [client 134.149.35.232:18472] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless2.php"] [unique_id "aR4y6_PZXaIMEU4pE7s3EwAAAMY"]
[Thu Nov 20 05:13:16.972966 2025] [:error] [pid 55343:tid 55417] [client 134.149.35.232:18469] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless2.php"] [unique_id "aR4y7FWlO3EnyVMV7w7w7QAAAJI"]
[Thu Nov 20 05:13:19.441827 2025] [:error] [pid 55343:tid 55423] [client 134.149.35.232:18477] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless2.php"] [unique_id "aR4y71WlO3EnyVMV7w7w9gAAAJg"]
[Thu Nov 20 05:13:24.801461 2025] [:error] [pid 55340:tid 55363] [client 134.149.35.232:18433] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bolt.php"] [unique_id "aR4y9POxD-NeMydTybC6xwAAABI"]
[Thu Nov 20 05:13:27.537330 2025] [:error] [pid 55340:tid 55360] [client 134.149.35.232:18470] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bolt.php"] [unique_id "aR4y9_OxD-NeMydTybC6zwAAAA8"]
[Thu Nov 20 05:13:28.396606 2025] [:error] [pid 55342:tid 55378] [client 134.149.35.232:18465] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bolt.php"] [unique_id "aR4y-Lg6x32Tvk7fIG8tkgAAAEY"]
[Thu Nov 20 05:13:29.871045 2025] [:error] [pid 55430:tid 55442] [client 134.149.35.232:18498] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bolt.php"] [unique_id "aR4y-fPZXaIMEU4pE7s3JgAAAMk"]
[Thu Nov 20 05:13:37.967547 2025] [:error] [pid 55340:tid 55360] [client 134.149.35.232:18566] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/build.php"] [unique_id "aR4zAfOxD-NeMydTybC61wAAAA8"]
[Thu Nov 20 05:13:40.246217 2025] [:error] [pid 55342:tid 55377] [client 134.149.35.232:18508] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/build.php"] [unique_id "aR4zBLg6x32Tvk7fIG8tnQAAAEU"]
[Thu Nov 20 05:13:42.357386 2025] [:error] [pid 55430:tid 55448] [client 134.149.35.232:18447] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/build.php"] [unique_id "aR4zBvPZXaIMEU4pE7s3PgAAAM8"]
[Thu Nov 20 05:13:46.420938 2025] [:error] [pid 55342:tid 55392] [client 134.149.35.232:18437] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Thu Nov 20 05:13:47.099053 2025] [:error] [pid 55342:tid 55373] [client 134.149.35.232:18437] File does not exist: /usr/local/apache/htdocs/suspended-page/config.php
[Thu Nov 20 05:13:47.374370 2025] [:error] [pid 55342:tid 55391] [client 134.149.35.232:18437] File does not exist: /usr/local/apache/htdocs/suspended-page/cool.php
[Thu Nov 20 05:13:47.628388 2025] [:error] [pid 55342:tid 55378] [client 134.149.35.232:18437] File does not exist: /usr/local/apache/htdocs/suspended-page/css.php
[Thu Nov 20 05:13:47.908095 2025] [:error] [pid 55342:tid 55393] [client 134.149.35.232:18437] File does not exist: /usr/local/apache/htdocs/suspended-page/dejavu.php
[Thu Nov 20 05:13:48.260492 2025] [:error] [pid 55342:tid 55377] [client 134.149.35.232:18437] File does not exist: /usr/local/apache/htdocs/suspended-page/faq.php
[Thu Nov 20 05:13:48.538422 2025] [:error] [pid 55342:tid 55381] [client 134.149.35.232:18437] File does not exist: /usr/local/apache/htdocs/suspended-page/ffile.php
[Thu Nov 20 05:13:48.850061 2025] [:error] [pid 55342:tid 55386] [client 134.149.35.232:18437] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Thu Nov 20 05:13:49.109777 2025] [:error] [pid 55342:tid 55380] [client 134.149.35.232:18437] File does not exist: /usr/local/apache/htdocs/suspended-page/file17.php
[Thu Nov 20 05:13:49.464820 2025] [:error] [pid 55342:tid 55376] [client 134.149.35.232:18437] File does not exist: /usr/local/apache/htdocs/suspended-page/file2.php
[Thu Nov 20 05:13:49.767365 2025] [:error] [pid 55342:tid 55387] [client 134.149.35.232:18437] File does not exist: /usr/local/apache/htdocs/suspended-page/file4.php
[Thu Nov 20 05:13:50.018687 2025] [:error] [pid 55342:tid 55389] [client 134.149.35.232:18437] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file5.php"] [unique_id "aR4zDrg6x32Tvk7fIG8ttgAAAFE"]
[Thu Nov 20 05:13:54.638928 2025] [:error] [pid 55342:tid 55391] [client 134.149.35.232:18474] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file5.php"] [unique_id "aR4zErg6x32Tvk7fIG8tvAAAAFM"]
[Thu Nov 20 05:13:59.087015 2025] [:error] [pid 55343:tid 55417] [client 134.149.35.232:18494] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file5.php"] [unique_id "aR4zF1WlO3EnyVMV7w7xGQAAAJI"]
[Thu Nov 20 05:14:01.821940 2025] [:error] [pid 55430:tid 55452] [client 134.149.35.232:18536] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file5.php"] [unique_id "aR4zGfPZXaIMEU4pE7s3awAAANM"]
[Thu Nov 20 05:14:02.633062 2025] [:error] [pid 55430:tid 55455] [client 134.149.35.232:18503] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file7.php"] [unique_id "aR4zGvPZXaIMEU4pE7s3bgAAANY"]
[Thu Nov 20 05:14:04.907864 2025] [:error] [pid 55342:tid 55392] [client 134.149.35.232:18451] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file7.php"] [unique_id "aR4zHLg6x32Tvk7fIG8txgAAAFQ"]
[Thu Nov 20 05:14:05.873399 2025] [:error] [pid 55343:tid 55410] [client 134.149.35.232:18480] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file7.php"] [unique_id "aR4zHVWlO3EnyVMV7w7xIAAAAIs"]
[Thu Nov 20 05:14:09.973245 2025] [:error] [pid 55430:tid 55451] [client 134.149.35.232:18512] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file7.php"] [unique_id "aR4zIfPZXaIMEU4pE7s3gQAAANI"]
[Thu Nov 20 05:14:11.769988 2025] [:error] [pid 55340:tid 55364] [client 134.149.35.232:18488] [client 134.149.35.232] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/fm.php"] [unique_id "aR4zI_OxD-NeMydTybC7AAAAABM"]
[Thu Nov 20 05:14:14.962922 2025] [:error] [pid 55343:tid 55405] [client 134.149.35.232:18483] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gfile.php"] [unique_id "aR4zJlWlO3EnyVMV7w7xRQAAAIY"]
[Thu Nov 20 05:14:16.193703 2025] [:error] [pid 55430:tid 55436] [client 134.149.35.232:18457] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gfile.php"] [unique_id "aR4zKPPZXaIMEU4pE7s3jwAAAMM"]
[Thu Nov 20 05:14:17.307345 2025] [:error] [pid 55343:tid 55401] [client 134.149.35.232:18515] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gfile.php"] [unique_id "aR4zKVWlO3EnyVMV7w7xRwAAAII"]
[Thu Nov 20 05:14:21.389019 2025] [:error] [pid 55340:tid 55347] [client 134.149.35.232:18460] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gfile.php"] [unique_id "aR4zLfOxD-NeMydTybC7BwAAAAI"]
[Thu Nov 20 05:14:24.073091 2025] [:error] [pid 55340:tid 55363] [client 134.149.35.232:18452] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gmo.php"] [unique_id "aR4zMPOxD-NeMydTybC7CAAAABI"]
[Thu Nov 20 05:14:25.804497 2025] [:error] [pid 55340:tid 55369] [client 134.149.35.232:18475] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gmo.php"] [unique_id "aR4zMfOxD-NeMydTybC7CgAAABg"]
[Thu Nov 20 05:14:30.579340 2025] [:error] [pid 55340:tid 55353] [client 134.149.35.232:18531] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gmo.php"] [unique_id "aR4zNvOxD-NeMydTybC7DQAAAAg"]
[Thu Nov 20 05:14:32.412301 2025] [:error] [pid 55343:tid 55419] [client 134.149.35.232:18506] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gmo.php"] [unique_id "aR4zOFWlO3EnyVMV7w7xXwAAAJQ"]
[Thu Nov 20 05:14:34.367585 2025] [:error] [pid 55342:tid 55379] [client 134.149.35.232:18497] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/golden.php"] [unique_id "aR4zOrg6x32Tvk7fIG8t8QAAAEc"]
[Thu Nov 20 05:14:36.862072 2025] [:error] [pid 55340:tid 55362] [client 134.149.35.232:18528] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/golden.php"] [unique_id "aR4zPPOxD-NeMydTybC7OwAAABE"]
[Thu Nov 20 05:14:38.668722 2025] [:error] [pid 55342:tid 55390] [client 134.149.35.232:18468] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/golden.php"] [unique_id "aR4zPrg6x32Tvk7fIG8t-AAAAFI"]
[Thu Nov 20 05:14:40.479577 2025] [:error] [pid 55340:tid 55364] [client 134.149.35.232:18453] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/golden.php"] [unique_id "aR4zQPOxD-NeMydTybC7QgAAABM"]
[Thu Nov 20 05:14:42.619865 2025] [:error] [pid 55430:tid 55439] [client 134.149.35.232:18513] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aR4zQvPZXaIMEU4pE7s36gAAAMY"]
[Thu Nov 20 05:14:43.771589 2025] [:error] [pid 55430:tid 55434] [client 134.149.35.232:18495] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aR4zQ_PZXaIMEU4pE7s37gAAAME"]
[Thu Nov 20 05:14:46.580341 2025] [:error] [pid 55343:tid 55409] [client 134.149.35.232:18581] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aR4zRlWlO3EnyVMV7w7xcQAAAIo"]
[Thu Nov 20 05:14:49.149503 2025] [:error] [pid 55340:tid 55355] [client 134.149.35.232:18501] File does not exist: /usr/local/apache/htdocs/suspended-page/goods.php
[Thu Nov 20 05:14:49.407392 2025] [:error] [pid 55340:tid 55354] [client 134.149.35.232:18501] File does not exist: /usr/local/apache/htdocs/suspended-page/index.php
[Thu Nov 20 05:14:49.663134 2025] [:error] [pid 55340:tid 55345] [client 134.149.35.232:18501] File does not exist: /usr/local/apache/htdocs/suspended-page/k.php
[Thu Nov 20 05:14:49.930240 2025] [:error] [pid 55340:tid 55363] [client 134.149.35.232:18501] File does not exist: /usr/local/apache/htdocs/suspended-page/lc.php
[Thu Nov 20 05:14:50.183606 2025] [:error] [pid 55340:tid 55365] [client 134.149.35.232:18501] File does not exist: /usr/local/apache/htdocs/suspended-page/lv.php
[Thu Nov 20 05:14:50.438659 2025] [:error] [pid 55340:tid 55369] [client 134.149.35.232:18501] File does not exist: /usr/local/apache/htdocs/suspended-page/manager.php
[Thu Nov 20 05:14:51.011118 2025] [:error] [pid 55340:tid 55349] [client 134.149.35.232:18501] File does not exist: /usr/local/apache/htdocs/suspended-page/nc4.php
[Thu Nov 20 05:14:51.268298 2025] [:error] [pid 55340:tid 55356] [client 134.149.35.232:18501] File does not exist: /usr/local/apache/htdocs/suspended-page/num.php
[Thu Nov 20 05:14:51.524309 2025] [:error] [pid 55340:tid 55350] [client 134.149.35.232:18501] File does not exist: /usr/local/apache/htdocs/suspended-page/ol.php
[Thu Nov 20 05:14:51.779159 2025] [:error] [pid 55340:tid 55353] [client 134.149.35.232:18501] File does not exist: /usr/local/apache/htdocs/suspended-page/ot.php
[Thu Nov 20 05:14:52.140619 2025] [:error] [pid 55340:tid 55364] [client 134.149.35.232:18501] File does not exist: /usr/local/apache/htdocs/suspended-page/past.php
[Thu Nov 20 05:14:52.391357 2025] [:error] [pid 55340:tid 55359] [client 134.149.35.232:18501] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pepe.php"] [unique_id "aR4zTPOxD-NeMydTybC7VQAAAA4"]
[Thu Nov 20 05:14:55.881121 2025] [:error] [pid 55342:tid 55395] [client 134.149.35.232:18445] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pepe.php"] [unique_id "aR4zT7g6x32Tvk7fIG8uBwAAAFc"]
[Thu Nov 20 05:14:56.650822 2025] [:error] [pid 55343:tid 55407] [client 134.149.35.232:18546] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pepe.php"] [unique_id "aR4zUFWlO3EnyVMV7w7xdwAAAIg"]
[Thu Nov 20 05:14:57.911074 2025] [:error] [pid 55342:tid 55385] [client 134.149.35.232:18432] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pepe.php"] [unique_id "aR4zUbg6x32Tvk7fIG8uCgAAAE0"]
[Thu Nov 20 05:15:01.056547 2025] [:error] [pid 55342:tid 55379] [client 134.149.35.232:18545] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pp.php"] [unique_id "aR4zVbg6x32Tvk7fIG8uGwAAAEc"]
[Thu Nov 20 05:15:04.986782 2025] [:error] [pid 55430:tid 55443] [client 134.149.35.232:18509] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pp.php"] [unique_id "aR4zWPPZXaIMEU4pE7s4DAAAAMo"]
[Thu Nov 20 05:15:05.890102 2025] [:error] [pid 55430:tid 55450] [client 134.149.35.232:18502] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pp.php"] [unique_id "aR4zWfPZXaIMEU4pE7s4EAAAANE"]
[Thu Nov 20 05:15:10.147480 2025] [:error] [pid 55340:tid 55352] [client 134.149.35.232:18553] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pp.php"] [unique_id "aR4zXvOxD-NeMydTybC7jgAAAAc"]
[Thu Nov 20 05:15:11.088966 2025] [:error] [pid 55343:tid 55415] [client 134.149.35.232:18448] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/re.php"] [unique_id "aR4zX1WlO3EnyVMV7w7xfwAAAJA"]
[Thu Nov 20 05:15:13.460205 2025] [:error] [pid 55430:tid 55444] [client 134.149.35.232:18523] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/re.php"] [unique_id "aR4zYfPZXaIMEU4pE7s4GAAAAMs"]
[Thu Nov 20 05:15:18.178484 2025] [:error] [pid 55343:tid 55414] [client 134.149.35.232:18521] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/re.php"] [unique_id "aR4zZlWlO3EnyVMV7w7xhAAAAI8"]
[Thu Nov 20 05:15:21.190640 2025] [:error] [pid 55340:tid 55364] [client 134.149.35.232:18464] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/re.php"] [unique_id "aR4zafOxD-NeMydTybC7mQAAABM"]
[Thu Nov 20 05:15:24.163637 2025] [:error] [pid 55430:tid 55438] [client 134.149.35.232:18500] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ss.php"] [unique_id "aR4zbPPZXaIMEU4pE7s4KgAAAMU"]
[Thu Nov 20 05:15:26.390946 2025] [:error] [pid 55340:tid 55361] [client 134.149.35.232:18524] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ss.php"] [unique_id "aR4zbvOxD-NeMydTybC7ogAAABA"]
[Thu Nov 20 05:15:30.998725 2025] [:error] [pid 55343:tid 55409] [client 134.149.35.232:18471] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ss.php"] [unique_id "aR4zclWlO3EnyVMV7w7xmQAAAIo"]
[Thu Nov 20 05:15:32.106741 2025] [:error] [pid 55430:tid 55455] [client 134.149.35.232:18554] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ss.php"] [unique_id "aR4zdPPZXaIMEU4pE7s4QgAAANY"]
[Thu Nov 20 05:15:34.227665 2025] [:error] [pid 55430:tid 55446] [client 134.149.35.232:18469] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aR4zdvPZXaIMEU4pE7s4TQAAAM0"]
[Thu Nov 20 05:15:39.968447 2025] [:error] [pid 55342:tid 55392] [client 134.149.35.232:18463] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aR4ze7g6x32Tvk7fIG8uVgAAAFQ"]
[Thu Nov 20 05:15:46.237997 2025] [:error] [pid 55430:tid 55445] [client 134.149.35.232:18446] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aR4zgvPZXaIMEU4pE7s4YQAAAMw"]
[Thu Nov 20 05:15:49.557729 2025] [:error] [pid 55430:tid 55448] [client 134.149.35.232:18434] [client 134.149.35.232] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-blog.php"] [unique_id "aR4zhfPZXaIMEU4pE7s4aAAAAM8"]
[Thu Nov 20 05:15:55.366890 2025] [:error] [pid 55340:tid 55366] [client 134.149.35.232:18479] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-blog.php
[Thu Nov 20 05:15:55.792521 2025] [:error] [pid 55340:tid 55348] [client 134.149.35.232:18479] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-class.php
[Thu Nov 20 05:15:56.061798 2025] [:error] [pid 55340:tid 55367] [client 134.149.35.232:18479] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-logiin.php
[Thu Nov 20 05:15:56.320044 2025] [:error] [pid 55340:tid 55355] [client 134.149.35.232:18479] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-mn.php
[Thu Nov 20 05:15:56.753954 2025] [:error] [pid 55340:tid 55354] [client 134.149.35.232:18479] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-update.php
[Thu Nov 20 05:15:57.009415 2025] [:error] [pid 55340:tid 55345] [client 134.149.35.232:18479] File does not exist: /usr/local/apache/htdocs/suspended-page/wsa.php
[Thu Nov 20 05:15:57.272653 2025] [:error] [pid 55340:tid 55346] [client 134.149.35.232:18479] File does not exist: /usr/local/apache/htdocs/suspended-page/xl.php
[Thu Nov 20 05:15:57.634805 2025] [:error] [pid 55340:tid 55369] [client 134.149.35.232:18479] File does not exist: /usr/local/apache/htdocs/suspended-page/z.php
[Thu Nov 20 10:06:25.804311 2025] [:error] [pid 34405:tid 34407] [client 89.185.82.43:36076] [client 89.185.82.43] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aR53oTFpvu8oRK7ATfuuFQAAAQA"]
[Thu Nov 20 10:51:41.527681 2025] [:error] [pid 55430:tid 55451] [client 223.244.35.77:53045] [client 223.244.35.77] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR6CPfPZXaIMEU4pE7uOQQAAANI"]
[Thu Nov 20 11:19:33.776780 2025] [:error] [pid 804:tid 817] [client 89.185.82.43:55406] [client 89.185.82.43] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.env"] [unique_id "aR6IxfaRHpUlPL9O0LksEQAAAYM"]
[Thu Nov 20 12:10:20.207365 2025] [:error] [pid 55340:tid 55366] [client 98.81.111.26:63973] [client 98.81.111.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR6UrPOxD-NeMydTybBJfwAAABU"]
[Thu Nov 20 12:15:48.927947 2025] [:error] [pid 34444:tid 34451] [client 98.81.111.26:60330] [client 98.81.111.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR6V9FNEol4jlmmA_GP0QgAAAUU"]
[Thu Nov 20 12:15:49.331160 2025] [:error] [pid 34405:tid 34408] [client 98.81.111.26:61578] [client 98.81.111.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR6V9TFpvu8oRK7ATfvMqQAAAQE"]
[Thu Nov 20 12:15:49.734399 2025] [:error] [pid 55343:tid 55408] [client 98.81.111.26:62992] [client 98.81.111.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR6V9VWlO3EnyVMV7w5oiwAAAIk"]
[Thu Nov 20 12:15:50.141321 2025] [:error] [pid 55342:tid 55385] [client 98.81.111.26:64263] [client 98.81.111.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR6V9rg6x32Tvk7fIG-O7wAAAE0"]
[Thu Nov 20 12:15:50.551875 2025] [:error] [pid 55430:tid 55438] [client 98.81.111.26:49591] [client 98.81.111.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR6V9vPZXaIMEU4pE7ul8wAAAMU"]
[Thu Nov 20 14:16:27.667060 2025] [:error] [pid 55342:tid 55373] [client 20.78.210.154:61835] File does not exist: /usr/local/apache/htdocs/suspended-page/link.php
[Thu Nov 20 14:16:27.784705 2025] [:error] [pid 55342:tid 55394] [client 20.78.210.154:61835] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Thu Nov 20 14:16:27.912844 2025] [:error] [pid 55342:tid 55378] [client 20.78.210.154:61835] File does not exist: /usr/local/apache/htdocs/suspended-page/mail.php
[Thu Nov 20 14:16:28.050583 2025] [:error] [pid 55342:tid 55383] [client 20.78.210.154:61835] File does not exist: /usr/local/apache/htdocs/suspended-page/lock360.php
[Thu Nov 20 14:16:28.168615 2025] [:error] [pid 55342:tid 55396] [client 20.78.210.154:61835] File does not exist: /usr/local/apache/htdocs/suspended-page/function.php
[Thu Nov 20 14:16:28.287306 2025] [:error] [pid 55342:tid 55385] [client 20.78.210.154:61835] File does not exist: /usr/local/apache/htdocs/suspended-page/classwithtostring.php
[Thu Nov 20 14:16:30.120283 2025] [:error] [pid 55342:tid 55385] [client 20.78.210.154:61835] File does not exist: /usr/local/apache/htdocs/suspended-page/1.php
[Thu Nov 20 14:16:30.364475 2025] [:error] [pid 55342:tid 55384] [client 20.78.210.154:61835] File does not exist: /usr/local/apache/htdocs/suspended-page/autoload_classmap.php
[Thu Nov 20 14:16:30.481455 2025] [:error] [pid 55342:tid 55387] [client 20.78.210.154:61835] File does not exist: /usr/local/apache/htdocs/suspended-page/post.php
[Thu Nov 20 14:16:30.599755 2025] [:error] [pid 55342:tid 55389] [client 20.78.210.154:61835] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-conflg.php
[Thu Nov 20 14:16:30.714196 2025] [:error] [pid 55342:tid 55376] [client 20.78.210.154:61835] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aR6yPrg6x32Tvk7fIG-ofAAAAEQ"]
[Thu Nov 20 14:16:31.337447 2025] [:error] [pid 55430:tid 55452] [client 20.78.210.154:61876] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aR6yP_PZXaIMEU4pE7vR6QAAANM"]
[Thu Nov 20 14:16:31.779175 2025] [:error] [pid 40636:tid 40659] [client 20.78.210.154:63178] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aR6yPwK8BWUoW3xq0HDjqQAAA5M"]
[Thu Nov 20 14:16:32.667078 2025] [:error] [pid 55430:tid 55438] [client 20.78.210.154:4944] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aR6yQPPZXaIMEU4pE7vR6gAAAMU"]
[Thu Nov 20 14:16:33.798802 2025] [:error] [pid 40445:tid 40479] [client 20.78.210.154:58513] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/alfa.php"] [unique_id "aR6yQVH-MuFcoWRjXpYQqgAAAkQ"]
[Thu Nov 20 14:16:34.556395 2025] [:error] [pid 40415:tid 40436] [client 20.78.210.154:4958] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/alfa.php"] [unique_id "aR6yQqhjIyLSv09svwNr1gAAAdI"]
[Thu Nov 20 14:16:35.505229 2025] [:error] [pid 34405:tid 34414] [client 20.78.210.154:4939] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/alfa.php"] [unique_id "aR6yQzFpvu8oRK7ATfvpEwAAAQc"]
[Thu Nov 20 14:16:36.078009 2025] [:error] [pid 40445:tid 40489] [client 20.78.210.154:63187] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/alfa.php"] [unique_id "aR6yRFH-MuFcoWRjXpYQqwAAAk4"]
[Thu Nov 20 14:16:36.938060 2025] [:error] [pid 40508:tid 40529] [client 20.78.210.154:63214] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aR6yRKxXNVCMW_ksxPtJ8QAAApM"]
[Thu Nov 20 14:16:37.769122 2025] [:error] [pid 40415:tid 40435] [client 20.78.210.154:63218] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aR6yRahjIyLSv09svwNr2QAAAdE"]
[Thu Nov 20 14:16:38.554317 2025] [:error] [pid 40445:tid 40481] [client 20.78.210.154:56090] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aR6yRlH-MuFcoWRjXpYQrQAAAkY"]
[Thu Nov 20 14:16:39.691564 2025] [:error] [pid 40537:tid 40550] [client 20.78.210.154:56077] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aR6yR6KlsL5kxTa3c1y60QAAAsk"]
[Thu Nov 20 14:16:40.270291 2025] [:error] [pid 55343:tid 55412] [client 20.78.210.154:56098] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-trackback.php"] [unique_id "aR6ySFWlO3EnyVMV7w6G4QAAAI0"]
[Thu Nov 20 14:16:40.852051 2025] [:error] [pid 40445:tid 40476] [client 20.78.210.154:58525] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-trackback.php"] [unique_id "aR6ySFH-MuFcoWRjXpYQsQAAAkE"]
[Thu Nov 20 14:16:41.689251 2025] [:error] [pid 55430:tid 55456] [client 20.78.210.154:61845] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-trackback.php"] [unique_id "aR6ySfPZXaIMEU4pE7vR9QAAANc"]
[Thu Nov 20 14:16:42.630124 2025] [:error] [pid 40537:tid 40541] [client 20.78.210.154:58551] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-trackback.php"] [unique_id "aR6ySqKlsL5kxTa3c1y60gAAAsA"]
[Thu Nov 20 14:16:43.482644 2025] [:error] [pid 40508:tid 40533] [client 20.78.210.154:4953] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/about.php"] [unique_id "aR6yS6xXNVCMW_ksxPtJ-AAAApc"]
[Thu Nov 20 14:16:44.226664 2025] [:error] [pid 40537:tid 40560] [client 20.78.210.154:58535] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/about.php"] [unique_id "aR6yTKKlsL5kxTa3c1y61AAAAtM"]
[Thu Nov 20 14:16:46.446737 2025] [:error] [pid 55430:tid 55452] [client 20.78.210.154:63206] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/about.php"] [unique_id "aR6yTvPZXaIMEU4pE7vR9wAAANM"]
[Thu Nov 20 14:16:47.397171 2025] [:error] [pid 40508:tid 40515] [client 20.78.210.154:56066] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/about.php"] [unique_id "aR6yT6xXNVCMW_ksxPtJ-gAAAoU"]
[Thu Nov 20 14:16:48.480686 2025] [:error] [pid 40537:tid 40549] [client 20.78.210.154:61853] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/themes.php"] [unique_id "aR6yUKKlsL5kxTa3c1y62AAAAsg"]
[Thu Nov 20 14:16:49.807091 2025] [:error] [pid 40636:tid 40660] [client 20.78.210.154:61830] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/themes.php"] [unique_id "aR6yUQK8BWUoW3xq0HDjsgAAA5Q"]
[Thu Nov 20 14:16:50.162458 2025] [:error] [pid 55342:tid 55385] [client 20.78.210.154:61836] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/themes.php"] [unique_id "aR6yUrg6x32Tvk7fIG-onQAAAE0"]
[Thu Nov 20 14:16:51.449616 2025] [:error] [pid 40537:tid 40563] [client 20.78.210.154:62381] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/themes.php"] [unique_id "aR6yU6KlsL5kxTa3c1y62QAAAtY"]
[Thu Nov 20 14:16:52.486343 2025] [:error] [pid 40445:tid 40482] [client 20.78.210.154:63213] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aR6yVFH-MuFcoWRjXpYQuAAAAkc"]
[Thu Nov 20 14:16:53.375965 2025] [:error] [pid 40445:tid 40477] [client 20.78.210.154:61870] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aR6yVVH-MuFcoWRjXpYQugAAAkI"]
[Thu Nov 20 14:16:53.698056 2025] [:error] [pid 40415:tid 40428] [client 20.78.210.154:56069] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aR6yVahjIyLSv09svwNr4gAAAco"]
[Thu Nov 20 14:16:54.424353 2025] [:error] [pid 40445:tid 40488] [client 20.78.210.154:56095] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aR6yVlH-MuFcoWRjXpYQvQAAAk0"]
[Thu Nov 20 14:16:54.812125 2025] [:error] [pid 55340:tid 55353] [client 20.78.210.154:4990] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/simple.php"] [unique_id "aR6yVvOxD-NeMydTybBwXQAAAAg"]
[Thu Nov 20 14:16:56.071755 2025] [:error] [pid 40445:tid 40496] [client 20.78.210.154:63209] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/simple.php"] [unique_id "aR6yWFH-MuFcoWRjXpYQxAAAAlU"]
[Thu Nov 20 14:16:56.837430 2025] [:error] [pid 55340:tid 55369] [client 20.78.210.154:61848] [client 20.78.210.154] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/simple.php"] [unique_id "aR6yWPOxD-NeMydTybBwYQAAABg"]
[Thu Nov 20 19:57:57.008939 2025] [:error] [pid 40636:tid 40652] [client 64.225.75.246:55030] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/v2/api-docs"] [unique_id "aR8CRQK8BWUoW3xq0HAajwAAA4w"]
[Thu Nov 20 19:57:57.850427 2025] [:error] [pid 55342:tid 55374] [client 64.225.75.246:55046] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/v3/api-docs"] [unique_id "aR8CRbg6x32Tvk7fIG_tMAAAAEI"]
[Thu Nov 20 19:57:58.689845 2025] [:error] [pid 55343:tid 55422] [client 64.225.75.246:55062] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/api-docs/swagger.json"] [unique_id "aR8CRlWlO3EnyVMV7w6-1wAAAJc"]
[Thu Nov 20 19:57:59.583611 2025] [:error] [pid 55430:tid 55440] [client 64.225.75.246:55076] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/api/swagger.json"] [unique_id "aR8CR_PZXaIMEU4pE7sN9AAAAMc"]
[Thu Nov 20 19:58:00.320453 2025] [:error] [pid 40508:tid 40519] [client 64.225.75.246:55086] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/@vite/env"] [unique_id "aR8CSKxXNVCMW_ksxPvCSwAAAok"]
[Thu Nov 20 19:58:01.090140 2025] [:error] [pid 55342:tid 55382] [client 64.225.75.246:55092] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/actuator/env"] [unique_id "aR8CSbg6x32Tvk7fIG_tOAAAAEo"]
[Thu Nov 20 19:58:02.070143 2025] [:error] [pid 55343:tid 55415] [client 64.225.75.246:55108] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/server"] [unique_id "aR8CSlWlO3EnyVMV7w6-3AAAAJA"]
[Thu Nov 20 19:58:02.888421 2025] [:error] [pid 55342:tid 55385] [client 64.225.75.246:55116] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/.vscode/sftp.json"] [unique_id "aR8CSrg6x32Tvk7fIG_tOQAAAE0"]
[Thu Nov 20 19:58:03.646469 2025] [:error] [pid 55340:tid 55353] [client 64.225.75.246:55118] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/about"] [unique_id "aR8CS_OxD-NeMydTybCrqwAAAAg"]
[Thu Nov 20 19:58:04.381724 2025] [:error] [pid 40537:tid 40559] [client 64.225.75.246:55120] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/debug/default/view"] [unique_id "aR8CTKKlsL5kxTa3c1zv2gAAAtI"]
[Thu Nov 20 19:58:05.114568 2025] [:error] [pid 55340:tid 55364] [client 64.225.75.246:55130] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/v2/_catalog"] [unique_id "aR8CTfOxD-NeMydTybCrrQAAABM"]
[Thu Nov 20 19:58:05.924699 2025] [:error] [pid 55430:tid 55433] [client 64.225.75.246:55132] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "aR8CTfPZXaIMEU4pE7sN_AAAAMA"]
[Thu Nov 20 19:58:06.712305 2025] [:error] [pid 40445:tid 40482] [client 64.225.75.246:55146] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/server-status"] [unique_id "aR8CTlH-MuFcoWRjXpZwhQAAAkc"]
[Thu Nov 20 19:58:07.429708 2025] [:error] [pid 40415:tid 40421] [client 64.225.75.246:57096] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/login.action"] [unique_id "aR8CT6hjIyLSv09svwO4_gAAAcM"]
[Thu Nov 20 19:58:08.148450 2025] [:error] [pid 55430:tid 55439] [client 64.225.75.246:57098] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/_all_dbs"] [unique_id "aR8CUPPZXaIMEU4pE7sOAAAAAMY"]
[Thu Nov 20 19:58:08.866358 2025] [:error] [pid 40415:tid 40431] [client 64.225.75.246:57106] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/.DS_Store"] [unique_id "aR8CUKhjIyLSv09svwO5AAAAAc0"]
[Thu Nov 20 19:58:09.582841 2025] [:error] [pid 40537:tid 40560] [client 64.225.75.246:57110] [client 64.225.75.246] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.env"] [unique_id "aR8CUaKlsL5kxTa3c1zv3gAAAtM"]
[Thu Nov 20 19:58:10.301115 2025] [:error] [pid 55430:tid 55436] [client 64.225.75.246:57118] [client 64.225.75.246] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aR8CUvPZXaIMEU4pE7sOAgAAAMM"]
[Thu Nov 20 19:58:11.020487 2025] [:error] [pid 40445:tid 40477] [client 64.225.75.246:57124] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/s/4313e2232313e243e2330313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties"] [unique_id "aR8CU1H-MuFcoWRjXpZwjQAAAkI"]
[Thu Nov 20 19:58:11.738321 2025] [:error] [pid 40415:tid 40427] [client 64.225.75.246:57138] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/config.json"] [unique_id "aR8CU6hjIyLSv09svwO5AgAAAck"]
[Thu Nov 20 19:58:12.456932 2025] [:error] [pid 40537:tid 40549] [client 64.225.75.246:57152] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/telescope/requests"] [unique_id "aR8CVKKlsL5kxTa3c1zv4AAAAsg"]
[Thu Nov 20 19:58:13.176512 2025] [:error] [pid 34405:tid 34419] [client 64.225.75.246:57158] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/info.php"] [unique_id "aR8CVTFpvu8oRK7ATfsofwAAAQw"]
[Thu Nov 20 19:58:13.921657 2025] [:error] [pid 55430:tid 55439] [client 64.225.75.246:57162] [client 64.225.75.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aR8CVfPZXaIMEU4pE7sODAAAAMY"]
[Fri Nov 21 00:03:11.564401 2025] [:error] [pid 40445:tid 40494] [client 111.172.249.49:50358] [client 111.172.249.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR87v1H-MuFcoWRjXpbIugAAAlM"]
[Fri Nov 21 00:07:52.437499 2025] [:error] [pid 40445:tid 40478] [client 177.154.3.231:61236] [client 177.154.3.231] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 177.154.3.231, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aR882FH-MuFcoWRjXpbKQwAAAkM"]
[Fri Nov 21 00:07:52.442396 2025] [:error] [pid 40445:tid 40478] [client 177.154.3.231:61236] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Fri Nov 21 01:13:29.346225 2025] [:error] [pid 13522:tid 13719] [client 146.190.63.48:50468] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v2/api-docs"] [unique_id "aR9MOaOM9BReD2C3mbLZ0QAAAFM"]
[Fri Nov 21 01:13:29.839449 2025] [:error] [pid 13805:tid 13815] [client 146.190.63.48:50474] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v3/api-docs"] [unique_id "aR9MOVurU5-GZdwKvr671AAAAUc"]
[Fri Nov 21 01:13:30.340804 2025] [:error] [pid 13506:tid 13691] [client 146.190.63.48:50482] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/api-docs/swagger.json"] [unique_id "aR9MOqTbGYpGB-467xZIqgAAABU"]
[Fri Nov 21 01:13:30.831700 2025] [:error] [pid 13536:tid 13750] [client 146.190.63.48:50496] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/api/swagger.json"] [unique_id "aR9MOqwnCU8z6PX3-ZmvUQAAAJc"]
[Fri Nov 21 01:13:31.338721 2025] [:error] [pid 13536:tid 13745] [client 146.190.63.48:50510] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/@vite/env"] [unique_id "aR9MO6wnCU8z6PX3-ZmvUwAAAJI"]
[Fri Nov 21 01:13:31.829746 2025] [:error] [pid 13506:tid 13672] [client 146.190.63.48:50526] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/actuator/env"] [unique_id "aR9MO6TbGYpGB-467xZIrAAAAAI"]
[Fri Nov 21 01:13:32.321850 2025] [:error] [pid 13805:tid 13809] [client 146.190.63.48:50534] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/server"] [unique_id "aR9MPFurU5-GZdwKvr672AAAAUE"]
[Fri Nov 21 01:13:32.813137 2025] [:error] [pid 13522:tid 13702] [client 146.190.63.48:50548] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.vscode/sftp.json"] [unique_id "aR9MPKOM9BReD2C3mbLZ2gAAAEI"]
[Fri Nov 21 01:13:33.306038 2025] [:error] [pid 13536:tid 13740] [client 146.190.63.48:50564] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/about"] [unique_id "aR9MPawnCU8z6PX3-ZmvVQAAAI0"]
[Fri Nov 21 01:13:33.799451 2025] [:error] [pid 13536:tid 13731] [client 146.190.63.48:50566] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/debug/default/view"] [unique_id "aR9MPawnCU8z6PX3-ZmvWAAAAIQ"]
[Fri Nov 21 01:13:34.290831 2025] [:error] [pid 13506:tid 13679] [client 146.190.63.48:50578] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v2/_catalog"] [unique_id "aR9MPqTbGYpGB-467xZIrwAAAAk"]
[Fri Nov 21 01:13:34.780810 2025] [:error] [pid 13522:tid 13720] [client 146.190.63.48:50590] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "aR9MPqOM9BReD2C3mbLZ3AAAAFQ"]
[Fri Nov 21 01:13:35.283173 2025] [:error] [pid 13536:tid 13743] [client 146.190.63.48:50594] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/server-status"] [unique_id "aR9MP6wnCU8z6PX3-ZmvWwAAAJA"]
[Fri Nov 21 01:13:35.773198 2025] [:error] [pid 13805:tid 13813] [client 146.190.63.48:50600] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/login.action"] [unique_id "aR9MP1urU5-GZdwKvr673AAAAUU"]
[Fri Nov 21 01:13:36.268272 2025] [:error] [pid 13506:tid 13693] [client 146.190.63.48:50606] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/_all_dbs"] [unique_id "aR9MQKTbGYpGB-467xZItwAAABc"]
[Fri Nov 21 01:13:36.760036 2025] [:error] [pid 13522:tid 13719] [client 146.190.63.48:50618] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.DS_Store"] [unique_id "aR9MQKOM9BReD2C3mbLZ4AAAAFM"]
[Fri Nov 21 01:13:37.249421 2025] [:error] [pid 13506:tid 13691] [client 146.190.63.48:50626] [client 146.190.63.48] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aR9MQaTbGYpGB-467xZIuwAAABU"]
[Fri Nov 21 01:13:37.739917 2025] [:error] [pid 13805:tid 13812] [client 146.190.63.48:50632] [client 146.190.63.48] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aR9MQVurU5-GZdwKvr673gAAAUQ"]
[Fri Nov 21 01:13:38.231961 2025] [:error] [pid 13506:tid 13694] [client 146.190.63.48:50638] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/s/4313e2232313e243e2330313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties"] [unique_id "aR9MQqTbGYpGB-467xZIvwAAABg"]
[Fri Nov 21 01:13:38.724061 2025] [:error] [pid 13805:tid 13828] [client 146.190.63.48:50644] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/config.json"] [unique_id "aR9MQlurU5-GZdwKvr674AAAAVQ"]
[Fri Nov 21 01:13:39.213442 2025] [:error] [pid 13536:tid 13742] [client 146.190.63.48:46106] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/telescope/requests"] [unique_id "aR9MQ6wnCU8z6PX3-ZmvXgAAAI8"]
[Fri Nov 21 01:13:39.703211 2025] [:error] [pid 13506:tid 13681] [client 146.190.63.48:46116] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/info.php"] [unique_id "aR9MQ6TbGYpGB-467xZIxgAAAAs"]
[Fri Nov 21 01:13:40.197369 2025] [:error] [pid 13522:tid 13712] [client 146.190.63.48:46122] [client 146.190.63.48] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR9MRKOM9BReD2C3mbLZ6QAAAEw"]
[Fri Nov 21 02:48:38.294602 2025] [:error] [pid 13536:tid 13744] [client 93.123.109.7:54186] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aR9ihqwnCU8z6PX3-ZnQgwAAAJE"]
[Fri Nov 21 04:17:40.314089 2025] [:error] [pid 13412:tid 13419] [client 43.153.10.83:49408] [client 43.153.10.83] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aR93ZH3-knz3ZB6HogGa4AAAAMI"]
[Fri Nov 21 07:38:28.716327 2025] [:error] [pid 17882:tid 17901] [client 43.166.136.153:32818] [client 43.166.136.153] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR-mdIwFFssEn348h94nYQAAAVE"]
[Fri Nov 21 12:36:45.881481 2025] [:error] [pid 13325:tid 13331] [client 58.49.233.126:57906] [client 58.49.233.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aR_sXSBUXj9tD75On3AHogAAAAE"]
[Fri Nov 21 14:47:19.857595 2025] [:error] [pid 25521:tid 25543] [client 213.21.239.4:58292] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSAK9_hXnBMilDddn3W0kwAAANQ"]
[Fri Nov 21 15:11:55.291006 2025] [:error] [pid 25554:tid 25572] [client 213.21.239.4:52030] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSAQux-NtB-9AzFZrk4jNgAAAQ4"]
[Fri Nov 21 15:46:22.024321 2025] [:error] [pid 25554:tid 25582] [client 213.21.239.4:49406] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.svn/wc.db"] [unique_id "aSAYzh-NtB-9AzFZrk4-SgAAARg"]
[Fri Nov 21 15:51:00.953657 2025] [:error] [pid 25431:tid 25492] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/manager.php
[Fri Nov 21 15:51:01.383863 2025] [:error] [pid 25431:tid 25511] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/bless.php
[Fri Nov 21 15:51:01.817833 2025] [:error] [pid 25431:tid 25495] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/O-Simple.php
[Fri Nov 21 15:51:02.245875 2025] [:error] [pid 25431:tid 25498] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/lock360.php
[Fri Nov 21 15:51:02.682883 2025] [:error] [pid 25431:tid 25489] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/zwso.php
[Fri Nov 21 15:51:03.115640 2025] [:error] [pid 25431:tid 25502] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Fri Nov 21 15:51:03.560237 2025] [:error] [pid 25431:tid 25508] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Fri Nov 21 15:51:03.999793 2025] [:error] [pid 25431:tid 25509] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php
[Fri Nov 21 15:51:04.860613 2025] [:error] [pid 25431:tid 25492] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/mah.php
[Fri Nov 21 15:51:05.737351 2025] [:error] [pid 25431:tid 25510] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/core.php
[Fri Nov 21 15:51:06.168772 2025] [:error] [pid 25431:tid 25488] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/robots.php
[Fri Nov 21 15:51:06.600355 2025] [:error] [pid 25431:tid 25508] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/inputs.php
[Fri Nov 21 15:51:07.044537 2025] [:error] [pid 25431:tid 25511] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/mini.php
[Fri Nov 21 15:51:07.555100 2025] [:error] [pid 25431:tid 25488] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/goods.php
[Fri Nov 21 15:51:07.996950 2025] [:error] [pid 25431:tid 25499] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/file5.php
[Fri Nov 21 15:51:08.424093 2025] [:error] [pid 25431:tid 25487] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/ahax.php
[Fri Nov 21 15:51:08.857307 2025] [:error] [pid 25431:tid 25496] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/f35.php
[Fri Nov 21 15:51:09.283887 2025] [:error] [pid 25431:tid 25500] [client 45.132.227.58:40205] File does not exist: /usr/local/apache/htdocs/suspended-page/simple.php
[Fri Nov 21 15:51:15.349919 2025] [:error] [pid 25431:tid 25511] [client 45.132.227.58:40205] [client 45.132.227.58] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-content/plugins/pwnd/pwnd.php"] [unique_id "aSAZ88klhXxmoIExII0h0QAAAJg"]
[Fri Nov 21 15:51:17.491754 2025] [:error] [pid 25521:tid 25542] [client 136.144.42.74:27727] [client 136.144.42.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/worksec.php"] [unique_id "aSAZ9fhXnBMilDddn3XYfQAAANM"]
[Fri Nov 21 15:51:19.656025 2025] [:error] [pid 25554:tid 25572] [client 45.132.227.64:49085] File does not exist: /usr/local/apache/htdocs/suspended-page/classwithtostring.php
[Fri Nov 21 15:51:20.938903 2025] [:error] [pid 25554:tid 25558] [client 45.132.227.64:49085] [client 45.132.227.64] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/tinyfilemanager.php"] [unique_id "aSAZ-B-NtB-9AzFZrk5CRQAAAQA"]
[Fri Nov 21 15:51:22.665415 2025] [:error] [pid 25429:tid 25442] [client 172.98.32.84:47883] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Fri Nov 21 15:51:23.131666 2025] [:error] [pid 25429:tid 25436] [client 172.98.32.84:47883] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/index.php"] [unique_id "aSAZ-z4rZbRSr7vu-NOYQAAAAAM"]
[Fri Nov 21 15:51:24.442873 2025] [:error] [pid 46939:tid 46966] [client 136.144.42.69:55521] File does not exist: /usr/local/apache/htdocs/suspended-page/buy.php
[Fri Nov 21 15:51:26.612309 2025] [:error] [pid 46939:tid 46956] [client 136.144.42.69:55521] [client 136.144.42.69] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/dyqvcfqv.php"] [unique_id "aSAZ_u0OmVoxD4VZ_ZlcIAAAAU4"]
[Fri Nov 21 15:51:27.890640 2025] [:error] [pid 25430:tid 25473] [client 172.98.32.91:30423] [client 172.98.32.91] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/about.php"] [unique_id "aSAZ_6pnWJcWt_4foXk1cAAAAE0"]
[Fri Nov 21 15:51:28.749724 2025] [:error] [pid 25554:tid 25574] [client 172.98.32.97:54265] [client 172.98.32.97] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/crop/admin.php"] [unique_id "aSAaAB-NtB-9AzFZrk5CbgAAARA"]
[Fri Nov 21 15:51:31.215021 2025] [:error] [pid 46939:tid 46964] [client 172.98.32.97:62255] [client 172.98.32.97] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/wp-conflg.php"] [unique_id "aSAaA-0OmVoxD4VZ_ZlcZgAAAVY"]
[Fri Nov 21 15:51:32.107301 2025] [:error] [pid 25430:tid 25481] [client 172.98.32.84:42129] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/admin.php"] [unique_id "aSAaBKpnWJcWt_4foXk1iQAAAFU"]
[Fri Nov 21 15:51:32.983773 2025] [:error] [pid 46939:tid 46966] [client 45.132.227.54:55325] [client 45.132.227.54] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/wp-login.php"] [unique_id "aSAaBO0OmVoxD4VZ_ZlccgAAAVg"]
[Fri Nov 21 15:51:34.273730 2025] [:error] [pid 46939:tid 46946] [client 172.98.32.99:44067] [client 172.98.32.99] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/options.php"] [unique_id "aSAaBu0OmVoxD4VZ_ZlcggAAAUQ"]
[Fri Nov 21 15:51:35.148933 2025] [:error] [pid 25521:tid 25525] [client 45.132.227.60:35491] File does not exist: /usr/local/apache/htdocs/suspended-page/inc.php
[Fri Nov 21 15:51:35.997685 2025] [:error] [pid 25521:tid 25529] [client 45.132.227.60:35491] [client 45.132.227.60] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/filemanager.php"] [unique_id "aSAaB_hXnBMilDddn3XY6wAAAMY"]
[Fri Nov 21 15:51:37.704867 2025] [:error] [pid 25429:tid 25450] [client 136.144.42.79:32587] [client 136.144.42.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/admin.php"] [unique_id "aSAaCT4rZbRSr7vu-NOYsQAAABE"]
[Fri Nov 21 15:51:39.049807 2025] [:error] [pid 46939:tid 46943] [client 45.132.227.62:34179] [client 45.132.227.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/jquery/jquery.php"] [unique_id "aSAaC-0OmVoxD4VZ_ZlcwAAAAUE"]
[Fri Nov 21 15:51:39.933160 2025] [:error] [pid 25554:tid 25573] [client 172.98.32.98:47923] File does not exist: /usr/local/apache/htdocs/suspended-page/function.php
[Fri Nov 21 15:51:40.356189 2025] [:error] [pid 25554:tid 25568] [client 172.98.32.98:47923] [client 172.98.32.98] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-supports/autoload_classmap.php"] [unique_id "aSAaDB-NtB-9AzFZrk5C_gAAAQo"]
[Fri Nov 21 15:51:41.273339 2025] [:error] [pid 46939:tid 46946] [client 45.132.227.67:60239] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-signup.php
[Fri Nov 21 15:51:42.579394 2025] [:error] [pid 46939:tid 46944] [client 45.132.227.67:60239] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-blog.php
[Fri Nov 21 15:51:43.873875 2025] [:error] [pid 46939:tid 46961] [client 45.132.227.67:60239] [client 45.132.227.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/blocks/table/int/tmpl/index.php"] [unique_id "aSAaD-0OmVoxD4VZ_ZldAAAAAVM"]
[Fri Nov 21 15:51:44.731779 2025] [:error] [pid 25554:tid 25568] [client 136.144.42.77:34273] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-l0gin.php
[Fri Nov 21 15:51:45.160321 2025] [:error] [pid 25554:tid 25570] [client 136.144.42.77:34273] [client 136.144.42.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/jquery/suggest.php"] [unique_id "aSAaER-NtB-9AzFZrk5DNQAAAQw"]
[Fri Nov 21 15:51:46.020415 2025] [:error] [pid 25554:tid 25574] [client 45.132.227.55:48477] File does not exist: /usr/local/apache/htdocs/suspended-page/new.php
[Fri Nov 21 15:51:46.936176 2025] [:error] [pid 25554:tid 25559] [client 45.132.227.55:48477] [client 45.132.227.55] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/defaults.php"] [unique_id "aSAaEh-NtB-9AzFZrk5DUwAAAQE"]
[Fri Nov 21 15:51:48.294676 2025] [:error] [pid 25431:tid 25507] [client 172.98.32.93:53413] [client 172.98.32.93] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/index.php"] [unique_id "aSAaFMklhXxmoIExII0i7QAAAJQ"]
[Fri Nov 21 15:51:49.573692 2025] [:error] [pid 25554:tid 25559] [client 172.98.32.84:58959] File does not exist: /usr/local/apache/htdocs/suspended-page/natural.php
[Fri Nov 21 15:51:50.001681 2025] [:error] [pid 25554:tid 25562] [client 172.98.32.84:58959] File does not exist: /usr/local/apache/htdocs/suspended-page/item.php
[Fri Nov 21 15:51:50.851521 2025] [:error] [pid 25554:tid 25572] [client 172.98.32.84:58959] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/index.php"] [unique_id "aSAaFh-NtB-9AzFZrk5DegAAAQ4"]
[Fri Nov 21 15:51:52.151604 2025] [:error] [pid 25431:tid 25489] [client 172.98.32.100:41099] [client 172.98.32.100] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/about.php"] [unique_id "aSAaGMklhXxmoIExII0jAgAAAII"]
[Fri Nov 21 15:51:53.428648 2025] [:error] [pid 25521:tid 25526] [client 136.144.42.80:22175] [client 136.144.42.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/index.php"] [unique_id "aSAaGfhXnBMilDddn3XZkAAAAMM"]
[Fri Nov 21 15:51:54.307151 2025] [:error] [pid 25430:tid 25480] [client 45.132.227.59:35015] [client 45.132.227.59] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/about.php/wp-content/x/index.php"] [unique_id "aSAaGqpnWJcWt_4foXk2MQAAAFQ"]
[Fri Nov 21 15:51:55.178150 2025] [:error] [pid 25429:tid 25450] [client 45.132.227.61:51671] [client 45.132.227.61] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/about.php"] [unique_id "aSAaGz4rZbRSr7vu-NOZMgAAABE"]
[Fri Nov 21 15:51:56.952235 2025] [:error] [pid 46939:tid 46961] [client 45.132.227.66:49473] File does not exist: /usr/local/apache/htdocs/suspended-page/default.php
[Fri Nov 21 15:51:57.377914 2025] [:error] [pid 46939:tid 46948] [client 45.132.227.66:49473] [client 45.132.227.66] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/info.php"] [unique_id "aSAaHe0OmVoxD4VZ_ZldhgAAAUY"]
[Fri Nov 21 15:51:58.227782 2025] [:error] [pid 25431:tid 25498] [client 172.98.32.77:23161] [client 172.98.32.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class.api.php"] [unique_id "aSAaHsklhXxmoIExII0jGQAAAIs"]
[Fri Nov 21 15:51:59.083641 2025] [:error] [pid 25430:tid 25482] [client 172.98.32.78:63591] [client 172.98.32.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/fonts/index.php"] [unique_id "aSAaH6pnWJcWt_4foXk2VAAAAFY"]
[Fri Nov 21 15:52:00.819409 2025] [:error] [pid 25554:tid 25574] [client 45.132.227.68:27017] File does not exist: /usr/local/apache/htdocs/suspended-page/dropdown.php
[Fri Nov 21 15:52:01.691942 2025] [:error] [pid 25554:tid 25567] [client 45.132.227.68:27017] File does not exist: /usr/local/apache/htdocs/suspended-page/db.php
[Fri Nov 21 15:52:03.424708 2025] [:error] [pid 25554:tid 25559] [client 45.132.227.68:27017] [client 45.132.227.68] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/admin.php"] [unique_id "aSAaIx-NtB-9AzFZrk5D9gAAAQE"]
[Fri Nov 21 15:52:05.651457 2025] [:error] [pid 25521:tid 25526] [client 172.98.32.76:23899] [client 172.98.32.76] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 172.98.32.76, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/js/wp-login.php"] [unique_id "aSAaJfhXnBMilDddn3XaCgAAAMM"]
[Fri Nov 21 15:52:06.103378 2025] [:error] [pid 25521:tid 25531] [client 172.98.32.76:23899] File does not exist: /usr/local/apache/htdocs/suspended-page/install.php
[Fri Nov 21 15:52:08.296376 2025] [:error] [pid 25521:tid 25542] [client 172.98.32.76:23899] File does not exist: /usr/local/apache/htdocs/suspended-page/bypass.php
[Fri Nov 21 15:52:08.733326 2025] [:error] [pid 25521:tid 25540] [client 172.98.32.76:23899] File does not exist: /usr/local/apache/htdocs/suspended-page/class.php
[Fri Nov 21 15:52:10.896730 2025] [:error] [pid 25521:tid 25547] [client 172.98.32.76:23899] [client 172.98.32.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/rest-api/about.php"] [unique_id "aSAaKvhXnBMilDddn3XaQgAAANg"]
[Fri Nov 21 15:52:12.200846 2025] [:error] [pid 25429:tid 25433] [client 136.144.42.78:27877] File does not exist: /usr/local/apache/htdocs/suspended-page/init.php
[Fri Nov 21 15:52:12.629451 2025] [:error] [pid 25429:tid 25454] [client 136.144.42.78:27877] [client 136.144.42.78] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 136.144.42.78, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/user/wp-login.php"] [unique_id "aSAaLD4rZbRSr7vu-NOZsQAAABU"]
[Fri Nov 21 15:52:13.503681 2025] [:error] [pid 25429:tid 25448] [client 136.144.42.78:27877] [client 136.144.42.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/item.php"] [unique_id "aSAaLT4rZbRSr7vu-NOZuwAAAA8"]
[Fri Nov 21 15:52:16.118900 2025] [:error] [pid 25554:tid 25578] [client 45.132.227.62:61963] File does not exist: /usr/local/apache/htdocs/suspended-page/adminfuns.php
[Fri Nov 21 15:52:16.998060 2025] [:error] [pid 25554:tid 25564] [client 45.132.227.62:61963] File does not exist: /usr/local/apache/htdocs/suspended-page/wp_wlx.php
[Fri Nov 21 15:52:17.873991 2025] [:error] [pid 25554:tid 25559] [client 45.132.227.62:61963] [client 45.132.227.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/husky301.php"] [unique_id "aSAaMR-NtB-9AzFZrk5EcQAAAQE"]
[Fri Nov 21 15:52:18.756744 2025] [:error] [pid 25554:tid 25579] [client 45.132.227.63:52565] File does not exist: /usr/local/apache/htdocs/suspended-page/wp.php
[Fri Nov 21 15:52:20.071001 2025] [:error] [pid 25554:tid 25561] [client 45.132.227.63:52565] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-header.php
[Fri Nov 21 15:52:20.981259 2025] [:error] [pid 25554:tid 25570] [client 45.132.227.63:52565] File does not exist: /usr/local/apache/htdocs/suspended-page/Marvins.php
[Fri Nov 21 15:52:21.917798 2025] [:error] [pid 25554:tid 25573] [client 45.132.227.63:52565] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-class.php
[Fri Nov 21 15:52:22.348833 2025] [:error] [pid 25554:tid 25560] [client 45.132.227.63:52565] [client 45.132.227.63] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/index.php"] [unique_id "aSAaNh-NtB-9AzFZrk5EmwAAAQI"]
[Fri Nov 21 15:52:23.220400 2025] [:error] [pid 25430:tid 25467] [client 136.144.42.72:48713] File does not exist: /usr/local/apache/htdocs/suspended-page/xx.php
[Fri Nov 21 15:52:23.654837 2025] [:error] [pid 25430:tid 25462] [client 136.144.42.72:48713] File does not exist: /usr/local/apache/htdocs/suspended-page/autoload_classmap.php
[Fri Nov 21 15:52:24.083566 2025] [:error] [pid 25430:tid 25476] [client 136.144.42.72:48713] [client 136.144.42.72] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/classwithtostring.php"] [unique_id "aSAaOKpnWJcWt_4foXk3EAAAAFA"]
[Fri Nov 21 15:52:25.390290 2025] [:error] [pid 25554:tid 25558] [client 172.98.32.79:22369] File does not exist: /usr/local/apache/htdocs/suspended-page/content.php
[Fri Nov 21 15:52:27.458062 2025] [:error] [pid 25554:tid 25578] [client 172.98.32.79:22369] [client 172.98.32.79] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 172.98.32.79, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/wp-login.php"] [unique_id "aSAaOx-NtB-9AzFZrk5E2QAAARQ"]
[Fri Nov 21 15:52:27.921171 2025] [:error] [pid 25554:tid 25579] [client 172.98.32.79:22369] [client 172.98.32.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/rest-api/endpoints/index.php"] [unique_id "aSAaOx-NtB-9AzFZrk5E3AAAARU"]
[Fri Nov 21 15:52:33.259814 2025] [:error] [pid 25431:tid 25492] [client 45.132.227.66:39791] File does not exist: /usr/local/apache/htdocs/suspended-page/web.php
[Fri Nov 21 15:52:35.980295 2025] [:error] [pid 25431:tid 25497] [client 45.132.227.66:39791] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-trackback.php
[Fri Nov 21 15:52:36.412673 2025] [:error] [pid 25431:tid 25505] [client 45.132.227.66:39791] [client 45.132.227.66] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/bypass.php"] [unique_id "aSAaRMklhXxmoIExII0kRAAAAJI"]
[Fri Nov 21 15:52:37.343409 2025] [:error] [pid 25429:tid 25433] [client 172.98.32.87:25653] File does not exist: /usr/local/apache/htdocs/suspended-page/radio.php
[Fri Nov 21 15:52:38.675349 2025] [:error] [pid 25429:tid 25453] [client 172.98.32.87:25653] [client 172.98.32.87] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 172.98.32.87, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/css/colors/midnight/wp-login.php"] [unique_id "aSAaRj4rZbRSr7vu-NOaSAAAABQ"]
[Fri Nov 21 15:52:39.117763 2025] [:error] [pid 25429:tid 25442] [client 172.98.32.87:25653] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-conflg.php
[Fri Nov 21 15:52:39.576105 2025] [:error] [pid 25429:tid 25454] [client 172.98.32.87:25653] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-setup.php
[Fri Nov 21 15:52:40.037017 2025] [:error] [pid 25429:tid 25439] [client 172.98.32.87:25653] File does not exist: /usr/local/apache/htdocs/suspended-page/ms-themes.php
[Fri Nov 21 15:52:40.472705 2025] [:error] [pid 25429:tid 25451] [client 172.98.32.87:25653] [client 172.98.32.87] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/about.php"] [unique_id "aSAaSD4rZbRSr7vu-NOaZwAAABI"]
[Fri Nov 21 15:52:41.373818 2025] [:error] [pid 25431:tid 25496] [client 45.132.227.62:50445] File does not exist: /usr/local/apache/htdocs/suspended-page/style.php
[Fri Nov 21 15:52:41.804642 2025] [:error] [pid 25431:tid 25498] [client 45.132.227.62:50445] [client 45.132.227.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/infi.php"] [unique_id "aSAaScklhXxmoIExII0kbQAAAIs"]
[Fri Nov 21 15:52:44.789186 2025] [:error] [pid 25521:tid 25537] [client 172.98.32.80:25621] File does not exist: /usr/local/apache/htdocs/suspended-page/x.php
[Fri Nov 21 15:52:45.220391 2025] [:error] [pid 25521:tid 25527] [client 172.98.32.80:25621] [client 172.98.32.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/index.php"] [unique_id "aSAaTfhXnBMilDddn3XbdAAAAMQ"]
[Fri Nov 21 15:52:46.984759 2025] [:error] [pid 25554:tid 25572] [client 172.98.32.97:49163] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-user.php
[Fri Nov 21 15:52:47.424358 2025] [:error] [pid 25554:tid 25565] [client 172.98.32.97:49163] [client 172.98.32.97] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/pomo/about.php"] [unique_id "aSAaTx-NtB-9AzFZrk5FhAAAAQc"]
[Fri Nov 21 15:52:48.287724 2025] [:error] [pid 25431:tid 25496] [client 172.98.32.88:62065] [client 172.98.32.88] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/pomo/index.php"] [unique_id "aSAaUMklhXxmoIExII0kwQAAAIk"]
[Fri Nov 21 15:52:49.245428 2025] [:error] [pid 25521:tid 25533] [client 172.98.32.100:36971] File does not exist: /usr/local/apache/htdocs/suspended-page/config.php
[Fri Nov 21 15:52:49.688312 2025] [:error] [pid 25521:tid 25538] [client 172.98.32.100:36971] File does not exist: /usr/local/apache/htdocs/suspended-page/special.php
[Fri Nov 21 15:52:51.487236 2025] [:error] [pid 25521:tid 25533] [client 172.98.32.100:36971] [client 172.98.32.100] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-patterns/autoload_classmap.php"] [unique_id "aSAaU_hXnBMilDddn3XbnQAAAMo"]
[Fri Nov 21 15:52:52.812658 2025] [:error] [pid 25429:tid 25440] [client 172.98.32.93:56797] [client 172.98.32.93] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/about.php"] [unique_id "aSAaVD4rZbRSr7vu-NOawAAAAAc"]
[Fri Nov 21 15:52:55.084996 2025] [:error] [pid 46939:tid 46958] [client 45.132.227.68:55847] [client 45.132.227.68] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/edit.php"] [unique_id "aSAaV-0OmVoxD4VZ_ZlfVAAAAVA"]
[Fri Nov 21 15:52:55.976948 2025] [:error] [pid 46939:tid 46943] [client 45.132.227.66:34951] File does not exist: /usr/local/apache/htdocs/suspended-page/webdb.php
[Fri Nov 21 15:52:56.851468 2025] [:error] [pid 46939:tid 46958] [client 45.132.227.66:34951] File does not exist: /usr/local/apache/htdocs/suspended-page/file2.php
[Fri Nov 21 15:52:57.282598 2025] [:error] [pid 46939:tid 46944] [client 45.132.227.66:34951] [client 45.132.227.66] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/wp-work.php"] [unique_id "aSAaWe0OmVoxD4VZ_ZlfZQAAAUI"]
[Fri Nov 21 15:52:58.176787 2025] [:error] [pid 25429:tid 25438] [client 172.98.32.96:28991] File does not exist: /usr/local/apache/htdocs/suspended-page/alfa.php
[Fri Nov 21 15:52:59.064089 2025] [:error] [pid 25429:tid 25443] [client 172.98.32.96:28991] [client 172.98.32.96] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/click.php"] [unique_id "aSAaWz4rZbRSr7vu-NOa6AAAAAo"]
[Fri Nov 21 15:53:01.335653 2025] [:error] [pid 25430:tid 25480] [client 45.132.227.52:36851] [client 45.132.227.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/random_compat/chosen.php"] [unique_id "aSAaXapnWJcWt_4foXk39gAAAFQ"]
[Fri Nov 21 15:53:02.647075 2025] [:error] [pid 46939:tid 46951] [client 136.144.42.73:64731] File does not exist: /usr/local/apache/htdocs/suspended-page/edit.php
[Fri Nov 21 15:53:04.049310 2025] [:error] [pid 46939:tid 46957] [client 136.144.42.73:64731] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-links-opml.php
[Fri Nov 21 15:53:04.958455 2025] [:error] [pid 46939:tid 46949] [client 136.144.42.73:64731] File does not exist: /usr/local/apache/htdocs/suspended-page/atomlib.php
[Fri Nov 21 15:53:05.386736 2025] [:error] [pid 46939:tid 46962] [client 136.144.42.73:64731] [client 136.144.42.73] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/jquery/bypass.php"] [unique_id "aSAaYe0OmVoxD4VZ_ZlflAAAAVQ"]
[Fri Nov 21 15:53:06.279517 2025] [:error] [pid 46939:tid 46961] [client 172.98.32.78:53011] [client 172.98.32.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/xl2023.php"] [unique_id "aSAaYu0OmVoxD4VZ_ZlfnQAAAVM"]
[Fri Nov 21 15:53:07.141883 2025] [:error] [pid 46939:tid 46955] [client 172.98.32.84:55867] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/admin.php"] [unique_id "aSAaY-0OmVoxD4VZ_ZlfqQAAAU0"]
[Fri Nov 21 15:53:08.025985 2025] [:error] [pid 25431:tid 25496] [client 136.144.42.72:25107] [client 136.144.42.72] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/media/dog.php"] [unique_id "aSAaZMklhXxmoIExII0lZgAAAIk"]
[Fri Nov 21 15:53:08.938516 2025] [:error] [pid 25521:tid 25524] [client 172.98.32.99:33061] File does not exist: /usr/local/apache/htdocs/suspended-page/xp.php
[Fri Nov 21 15:53:09.367876 2025] [:error] [pid 25521:tid 25547] [client 172.98.32.99:33061] [client 172.98.32.99] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/applicationd.php"] [unique_id "aSAaZfhXnBMilDddn3Xb9gAAANg"]
[Fri Nov 21 15:53:10.290194 2025] [:error] [pid 25430:tid 25479] [client 172.98.32.82:54687] [client 172.98.32.82] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/index.php"] [unique_id "aSAaZqpnWJcWt_4foXk4JgAAAFM"]
[Fri Nov 21 15:53:11.179131 2025] [:error] [pid 25429:tid 25452] [client 45.132.227.62:59297] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-links.php
[Fri Nov 21 15:53:12.077214 2025] [:error] [pid 25429:tid 25437] [client 45.132.227.62:59297] [client 45.132.227.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/index.php"] [unique_id "aSAaaD4rZbRSr7vu-NObRQAAAAQ"]
[Fri Nov 21 15:53:12.943655 2025] [:error] [pid 25521:tid 25530] [client 45.132.227.66:28521] [client 45.132.227.66] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/index.php"] [unique_id "aSAaaPhXnBMilDddn3XcEwAAAMc"]
[Fri Nov 21 15:53:13.804300 2025] [:error] [pid 25554:tid 25581] [client 172.98.32.99:41037] [client 172.98.32.99] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/pomo/admin.php"] [unique_id "aSAaaR-NtB-9AzFZrk5GcgAAARc"]
[Fri Nov 21 15:53:14.691814 2025] [:error] [pid 46939:tid 46955] [client 172.98.32.78:22121] [client 172.98.32.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/security.php"] [unique_id "aSAaau0OmVoxD4VZ_Zlf7QAAAU0"]
[Fri Nov 21 15:53:16.053662 2025] [:error] [pid 46939:tid 46961] [client 45.132.227.58:30659] [client 45.132.227.58] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/autoload_classmap.php"] [unique_id "aSAabO0OmVoxD4VZ_Zlf_wAAAVM"]
[Fri Nov 21 15:53:17.808404 2025] [:error] [pid 25429:tid 25435] [client 45.132.227.68:26369] [client 45.132.227.68] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/fonts/about.php"] [unique_id "aSAabT4rZbRSr7vu-NObYgAAAAI"]
[Fri Nov 21 15:53:18.721306 2025] [:error] [pid 25429:tid 25438] [client 45.132.227.53:30747] File does not exist: /usr/local/apache/htdocs/suspended-page/moon.php
[Fri Nov 21 15:53:20.115396 2025] [:error] [pid 25429:tid 25436] [client 45.132.227.53:30747] File does not exist: /usr/local/apache/htdocs/suspended-page/webadmin.php
[Fri Nov 21 15:53:20.545832 2025] [:error] [pid 25429:tid 25446] [client 45.132.227.53:30747] [client 45.132.227.53] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/about.php"] [unique_id "aSAacD4rZbRSr7vu-NObggAAAA0"]
[Fri Nov 21 15:53:23.754461 2025] [:error] [pid 25430:tid 25464] [client 172.98.32.77:65427] File does not exist: /usr/local/apache/htdocs/suspended-page/xl2023.php
[Fri Nov 21 15:53:24.216463 2025] [:error] [pid 25430:tid 25469] [client 172.98.32.77:65427] File does not exist: /usr/local/apache/htdocs/suspended-page/go.php
[Fri Nov 21 15:53:26.487923 2025] [:error] [pid 25430:tid 25480] [client 172.98.32.77:65427] [client 172.98.32.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/file.php"] [unique_id "aSAadqpnWJcWt_4foXk4hgAAAFQ"]
[Fri Nov 21 15:53:28.686395 2025] [:error] [pid 46939:tid 46945] [client 172.98.32.81:43735] [client 172.98.32.81] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/dedi1.php"] [unique_id "aSAaeO0OmVoxD4VZ_ZlgfQAAAUM"]
[Fri Nov 21 15:53:29.547695 2025] [:error] [pid 25431:tid 25497] [client 45.132.227.56:40125] [client 45.132.227.56] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/pomo/autoload_classmap.php"] [unique_id "aSAaecklhXxmoIExII0l6QAAAIo"]
[Fri Nov 21 15:53:32.194820 2025] [:error] [pid 25521:tid 25525] [client 172.98.32.80:23755] [client 172.98.32.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/wp-login.php"] [unique_id "aSAafPhXnBMilDddn3XcqwAAAMI"]
[Fri Nov 21 15:53:33.959207 2025] [:error] [pid 25431:tid 25491] [client 172.98.32.94:52527] File does not exist: /usr/local/apache/htdocs/suspended-page/hehehehe.php
[Fri Nov 21 15:53:34.394432 2025] [:error] [pid 25431:tid 25506] [client 172.98.32.94:52527] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/install.php
[Fri Nov 21 15:53:34.835815 2025] [:error] [pid 25431:tid 25498] [client 172.98.32.94:52527] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/plugins.php
[Fri Nov 21 15:53:35.268307 2025] [:error] [pid 25431:tid 25492] [client 172.98.32.94:52527] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/license.php
[Fri Nov 21 15:53:37.474349 2025] [:error] [pid 25431:tid 25506] [client 172.98.32.94:52527] [client 172.98.32.94] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/about.php"] [unique_id "aSAagcklhXxmoIExII0mLQAAAJM"]
[Fri Nov 21 15:53:38.379644 2025] [:error] [pid 25521:tid 25540] [client 172.98.32.85:27277] [client 172.98.32.85] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/dist/edit-widgets/index.php"] [unique_id "aSAagvhXnBMilDddn3XczwAAANE"]
[Fri Nov 21 15:53:39.280190 2025] [:error] [pid 46939:tid 46960] [client 45.132.227.52:56443] [client 45.132.227.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/dist/edit-widgets/about.php"] [unique_id "aSAag-0OmVoxD4VZ_ZlgtQAAAVI"]
[Fri Nov 21 15:53:40.160165 2025] [:error] [pid 25429:tid 25433] [client 45.132.227.53:56043] [client 45.132.227.53] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/src/Exception/Http/about.php"] [unique_id "aSAahD4rZbRSr7vu-NOcFAAAAAA"]
[Fri Nov 21 15:53:41.019973 2025] [:error] [pid 25521:tid 25526] [client 172.98.32.76:37977] [client 172.98.32.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Renderer/index.php"] [unique_id "aSAahfhXnBMilDddn3Xc2QAAAMM"]
[Fri Nov 21 15:53:41.882482 2025] [:error] [pid 25554:tid 25574] [client 45.132.227.56:45979] [client 45.132.227.56] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/index.php"] [unique_id "aSAahR-NtB-9AzFZrk5HUQAAARA"]
[Fri Nov 21 15:53:43.737773 2025] [:error] [pid 46939:tid 46948] [client 45.132.227.63:58453] [client 45.132.227.63] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/media/index.php"] [unique_id "aSAah-0OmVoxD4VZ_Zlg2wAAAUY"]
[Fri Nov 21 15:53:44.606027 2025] [:error] [pid 25431:tid 25503] [client 172.98.32.99:60421] [client 172.98.32.99] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/skins/lightgray/img/index.php"] [unique_id "aSAaiMklhXxmoIExII0mhQAAAJA"]
[Fri Nov 21 15:53:45.465016 2025] [:error] [pid 25429:tid 25447] [client 172.98.32.96:51831] [client 172.98.32.96] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/skins/lightgray/img/about.php"] [unique_id "aSAaiT4rZbRSr7vu-NOcNgAAAA4"]
[Fri Nov 21 15:53:46.360895 2025] [:error] [pid 25554:tid 25578] [client 172.98.32.81:51847] [client 172.98.32.81] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/skins/lightgray/img/wp-login.php"] [unique_id "aSAaih-NtB-9AzFZrk5HaQAAARQ"]
[Fri Nov 21 15:53:48.094266 2025] [:error] [pid 25429:tid 25439] [client 172.98.32.89:24993] [client 172.98.32.89] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/fonts/themes.php"] [unique_id "aSAajD4rZbRSr7vu-NOcSgAAAAY"]
[Fri Nov 21 15:53:49.419748 2025] [:error] [pid 25554:tid 25577] [client 45.132.227.52:62663] [client 45.132.227.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/index.php"] [unique_id "aSAajR-NtB-9AzFZrk5HhAAAARM"]
[Fri Nov 21 15:53:50.379658 2025] [:error] [pid 25430:tid 25484] [client 172.98.32.79:25041] File does not exist: /usr/local/apache/htdocs/suspended-page/byp.php
[Fri Nov 21 15:53:51.327960 2025] [:error] [pid 25430:tid 25476] [client 172.98.32.79:25041] [client 172.98.32.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/media/wp-login.php"] [unique_id "aSAaj6pnWJcWt_4foXk5EwAAAFA"]
[Fri Nov 21 15:53:53.104356 2025] [:error] [pid 46939:tid 46945] [client 172.98.32.84:45481] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/about.php"] [unique_id "aSAake0OmVoxD4VZ_ZlhFgAAAUM"]
[Fri Nov 21 15:53:54.882348 2025] [:error] [pid 46939:tid 46946] [client 172.98.32.86:47363] File does not exist: /usr/local/apache/htdocs/suspended-page/class.api.php
[Fri Nov 21 15:53:55.330196 2025] [:error] [pid 46939:tid 46943] [client 172.98.32.86:47363] [client 172.98.32.86] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/wp-login.php"] [unique_id "aSAak-0OmVoxD4VZ_ZlhNgAAAUE"]
[Fri Nov 21 15:53:56.677118 2025] [:error] [pid 25431:tid 25507] [client 172.98.32.98:57717] File does not exist: /usr/local/apache/htdocs/suspended-page/system_log.php
[Fri Nov 21 15:53:57.112219 2025] [:error] [pid 25431:tid 25494] [client 172.98.32.98:57717] File does not exist: /usr/local/apache/htdocs/suspended-page/.alf.php
[Fri Nov 21 15:53:57.599011 2025] [:error] [pid 25431:tid 25498] [client 172.98.32.98:57717] File does not exist: /usr/local/apache/htdocs/suspended-page/wso.php
[Fri Nov 21 15:53:58.050073 2025] [:error] [pid 25431:tid 25492] [client 172.98.32.98:57717] [client 172.98.32.98] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/blocks/about.php"] [unique_id "aSAalsklhXxmoIExII0nAwAAAIU"]
[Fri Nov 21 15:53:59.006175 2025] [:error] [pid 25554:tid 25577] [client 136.144.42.69:58859] File does not exist: /usr/local/apache/htdocs/suspended-page/flower.php
[Fri Nov 21 15:53:59.462180 2025] [:error] [pid 25554:tid 25570] [client 136.144.42.69:58859] [client 136.144.42.69] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/wp-class.php"] [unique_id "aSAalx-NtB-9AzFZrk5HzgAAAQw"]
[Fri Nov 21 15:54:01.283246 2025] [:error] [pid 25429:tid 25442] [client 136.144.42.70:41633] File does not exist: /usr/local/apache/htdocs/suspended-page/ioxi-o.php
[Fri Nov 21 15:54:01.750927 2025] [:error] [pid 25429:tid 25457] [client 136.144.42.70:41633] File does not exist: /usr/local/apache/htdocs/suspended-page/info.php
[Fri Nov 21 15:54:02.188100 2025] [:error] [pid 25429:tid 25452] [client 136.144.42.70:41633] File does not exist: /usr/local/apache/htdocs/suspended-page/setup.php
[Fri Nov 21 15:54:04.692928 2025] [:error] [pid 25429:tid 25445] [client 136.144.42.70:41633] File does not exist: /usr/local/apache/htdocs/suspended-page/as.php
[Fri Nov 21 15:54:05.124337 2025] [:error] [pid 25429:tid 25449] [client 136.144.42.70:41633] File does not exist: /usr/local/apache/htdocs/suspended-page/cc.php
[Fri Nov 21 15:54:06.009214 2025] [:error] [pid 25429:tid 25443] [client 136.144.42.70:41633] File does not exist: /usr/local/apache/htdocs/suspended-page/ab.php
[Fri Nov 21 15:54:07.371690 2025] [:error] [pid 25429:tid 25434] [client 136.144.42.70:41633] File does not exist: /usr/local/apache/htdocs/suspended-page/doc.php
[Fri Nov 21 15:54:07.808306 2025] [:error] [pid 25429:tid 25450] [client 136.144.42.70:41633] [client 136.144.42.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/html-api/chosen.php"] [unique_id "aSAanz4rZbRSr7vu-NOcswAAABE"]
[Fri Nov 21 15:54:08.679122 2025] [:error] [pid 25554:tid 25569] [client 45.132.227.56:31219] [client 45.132.227.56] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/autoload_classmap.php"] [unique_id "aSAaoB-NtB-9AzFZrk5IGAAAAQs"]
[Fri Nov 21 15:54:09.556493 2025] [:error] [pid 46939:tid 46964] [client 136.144.42.74:64261] [client 136.144.42.74] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 136.144.42.74, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aSAaoe0OmVoxD4VZ_ZlhzwAAAVY"]
[Fri Nov 21 15:54:09.559230 2025] [:error] [pid 46939:tid 46964] [client 136.144.42.74:64261] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php
[Fri Nov 21 15:54:09.991375 2025] [:error] [pid 46939:tid 46953] [client 136.144.42.74:64261] File does not exist: /usr/local/apache/htdocs/suspended-page/mar.php
[Fri Nov 21 15:54:10.421988 2025] [:error] [pid 46939:tid 46957] [client 136.144.42.74:64261] [client 136.144.42.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/providers/index.php"] [unique_id "aSAaou0OmVoxD4VZ_Zlh2wAAAU8"]
[Fri Nov 21 15:54:11.725810 2025] [:error] [pid 46939:tid 46954] [client 172.98.32.78:28519] File does not exist: /usr/local/apache/htdocs/suspended-page/1.php
[Fri Nov 21 15:54:12.155677 2025] [:error] [pid 46939:tid 46947] [client 172.98.32.78:28519] [client 172.98.32.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/index.php"] [unique_id "aSAapO0OmVoxD4VZ_Zlh6wAAAUU"]
[Fri Nov 21 15:54:13.019560 2025] [:error] [pid 25431:tid 25494] [client 172.98.32.90:34217] [client 172.98.32.90] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/index.php"] [unique_id "aSAapcklhXxmoIExII0ngwAAAIc"]
[Fri Nov 21 15:54:15.657945 2025] [:error] [pid 25521:tid 25524] [client 172.98.32.88:43961] [client 172.98.32.88] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/about.php"] [unique_id "aSAap_hXnBMilDddn3XdngAAAME"]
[Fri Nov 21 15:54:16.580566 2025] [:error] [pid 25521:tid 25536] [client 45.132.227.62:55219] [client 45.132.227.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/fm.php"] [unique_id "aSAaqPhXnBMilDddn3XdoQAAAM0"]
[Fri Nov 21 15:54:18.792618 2025] [:error] [pid 25429:tid 25449] [client 136.144.42.80:30919] File does not exist: /usr/local/apache/htdocs/suspended-page/ini.php
[Fri Nov 21 15:54:19.744646 2025] [:error] [pid 25429:tid 25444] [client 136.144.42.80:30919] [client 136.144.42.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/blocks/calendar/index.php"] [unique_id "aSAaqz4rZbRSr7vu-NOc3gAAAAs"]
[Fri Nov 21 15:54:21.573497 2025] [:error] [pid 25431:tid 25504] [client 45.132.227.57:50353] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/atomlib.php
[Fri Nov 21 15:54:22.447073 2025] [:error] [pid 25431:tid 25508] [client 45.132.227.57:50353] [client 45.132.227.57] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/function.php"] [unique_id "aSAarsklhXxmoIExII0n6AAAAJU"]
[Fri Nov 21 15:54:23.360916 2025] [:error] [pid 25430:tid 25471] [client 172.98.32.79:43057] [client 172.98.32.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/plugins.php"] [unique_id "aSAar6pnWJcWt_4foXk50wAAAEs"]
[Fri Nov 21 15:54:24.714579 2025] [:error] [pid 25521:tid 25530] [client 172.98.32.84:58567] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-content.php
[Fri Nov 21 15:54:25.151477 2025] [:error] [pid 25521:tid 25546] [client 172.98.32.84:58567] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/chosen.php"] [unique_id "aSAasfhXnBMilDddn3Xd3AAAANc"]
[Fri Nov 21 15:54:26.034729 2025] [:error] [pid 25521:tid 25523] [client 172.98.32.93:65147] [client 172.98.32.93] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Renderer/about.php"] [unique_id "aSAasvhXnBMilDddn3Xd4gAAAMA"]
[Fri Nov 21 15:54:27.851074 2025] [:error] [pid 25554:tid 25572] [client 172.98.32.89:42561] File does not exist: /usr/local/apache/htdocs/suspended-page/customize.php
[Fri Nov 21 15:54:28.283221 2025] [:error] [pid 25554:tid 25561] [client 172.98.32.89:42561] File does not exist: /usr/local/apache/htdocs/suspended-page/license.php
[Fri Nov 21 15:54:29.216299 2025] [:error] [pid 25554:tid 25576] [client 172.98.32.89:42561] File does not exist: /usr/local/apache/htdocs/suspended-page/lock.php
[Fri Nov 21 15:54:30.122216 2025] [:error] [pid 25554:tid 25570] [client 172.98.32.89:42561] [client 172.98.32.89] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/atomlib.php"] [unique_id "aSAath-NtB-9AzFZrk5IxQAAAQw"]
[Fri Nov 21 15:54:31.013905 2025] [:error] [pid 25521:tid 25536] [client 136.144.42.79:31783] [client 136.144.42.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/rest-api/index.php"] [unique_id "aSAat_hXnBMilDddn3Xd_QAAAM0"]
[Fri Nov 21 15:54:33.250575 2025] [:error] [pid 25430:tid 25470] [client 136.144.42.75:62781] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-good.php
[Fri Nov 21 15:54:33.713033 2025] [:error] [pid 25430:tid 25461] [client 136.144.42.75:62781] [client 136.144.42.75] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/index.php"] [unique_id "aSAauapnWJcWt_4foXk6EQAAAEE"]
[Fri Nov 21 15:54:34.603032 2025] [:error] [pid 25429:tid 25441] [client 45.132.227.58:65087] [client 45.132.227.58] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/wp-conflg.php"] [unique_id "aSAauj4rZbRSr7vu-NOdSQAAAAg"]
[Fri Nov 21 15:54:35.463174 2025] [:error] [pid 25521:tid 25529] [client 45.132.227.64:36821] [client 45.132.227.64] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/autoload_classmap.php"] [unique_id "aSAau_hXnBMilDddn3XeLwAAAMY"]
[Fri Nov 21 15:54:38.230389 2025] [:error] [pid 25554:tid 25582] [client 172.98.32.93:54345] File does not exist: /usr/local/apache/htdocs/suspended-page/ff2.php
[Fri Nov 21 15:54:38.661301 2025] [:error] [pid 25554:tid 25575] [client 172.98.32.93:54345] [client 172.98.32.93] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Exception-wp.php"] [unique_id "aSAavh-NtB-9AzFZrk5I_QAAARE"]
[Fri Nov 21 15:54:39.967442 2025] [:error] [pid 46939:tid 46966] [client 172.98.32.98:41519] [client 172.98.32.98] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/rest-api/autoload_classmap.php"] [unique_id "aSAav-0OmVoxD4VZ_ZljHQAAAVg"]
[Fri Nov 21 15:54:40.829961 2025] [:error] [pid 25554:tid 25576] [client 172.98.32.82:47669] File does not exist: /usr/local/apache/htdocs/suspended-page/jp.php
[Fri Nov 21 15:54:41.261090 2025] [:error] [pid 25554:tid 25565] [client 172.98.32.82:47669] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-atom.php
[Fri Nov 21 15:54:42.138226 2025] [:error] [pid 25554:tid 25571] [client 172.98.32.82:47669] File does not exist: /usr/local/apache/htdocs/suspended-page/up.php
[Fri Nov 21 15:54:45.009133 2025] [:error] [pid 25554:tid 25564] [client 172.98.32.82:47669] [client 172.98.32.82] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 172.98.32.82, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/js/wp-login.php"] [unique_id "aSAaxR-NtB-9AzFZrk5JJQAAAQY"]
[Fri Nov 21 15:54:45.902632 2025] [:error] [pid 25554:tid 25571] [client 172.98.32.82:47669] File does not exist: /usr/local/apache/htdocs/suspended-page/worm.PhP
[Fri Nov 21 15:54:46.336145 2025] [:error] [pid 25554:tid 25568] [client 172.98.32.82:47669] File does not exist: /usr/local/apache/htdocs/suspended-page/ext.php
[Fri Nov 21 15:54:47.956869 2025] [:error] [pid 25554:tid 25568] [client 172.98.32.82:47669] File does not exist: /usr/local/apache/htdocs/suspended-page/delpaths.php
[Fri Nov 21 15:54:48.835446 2025] [:error] [pid 25554:tid 25567] [client 172.98.32.82:47669] [client 172.98.32.82] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/bk/index.php"] [unique_id "aSAayB-NtB-9AzFZrk5JRQAAAQk"]
[Fri Nov 21 15:54:49.725595 2025] [:error] [pid 25429:tid 25457] [client 172.98.32.85:38253] [client 172.98.32.85] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 172.98.32.85, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-content/plugins/wp-login.php"] [unique_id "aSAayT4rZbRSr7vu-NOdnwAAABg"]
[Fri Nov 21 15:54:51.048142 2025] [:error] [pid 25429:tid 25455] [client 172.98.32.85:38253] File does not exist: /usr/local/apache/htdocs/suspended-page/gifclass.php
[Fri Nov 21 15:54:51.491799 2025] [:error] [pid 25429:tid 25456] [client 172.98.32.85:38253] File does not exist: /usr/local/apache/htdocs/suspended-page/plugin.php
[Fri Nov 21 15:54:52.373637 2025] [:error] [pid 25429:tid 25447] [client 172.98.32.85:38253] File does not exist: /usr/local/apache/htdocs/suspended-page/update-core.php
[Fri Nov 21 15:54:53.268990 2025] [:error] [pid 25429:tid 25438] [client 172.98.32.85:38253] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-mail.php
[Fri Nov 21 15:54:54.579787 2025] [:error] [pid 25429:tid 25453] [client 172.98.32.85:38253] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/content.php
[Fri Nov 21 15:54:58.758666 2025] [:error] [pid 25429:tid 25444] [client 172.98.32.85:38253] File does not exist: /usr/local/apache/htdocs/suspended-page/aa.php
[Fri Nov 21 15:54:59.216607 2025] [:error] [pid 25429:tid 25441] [client 172.98.32.85:38253] File does not exist: /usr/local/apache/htdocs/suspended-page/index2.php
[Fri Nov 21 15:55:01.510178 2025] [:error] [pid 25429:tid 25456] [client 172.98.32.85:38253] File does not exist: /usr/local/apache/htdocs/suspended-page/shell.php
[Fri Nov 21 15:55:02.389676 2025] [:error] [pid 25429:tid 25435] [client 172.98.32.85:38253] [client 172.98.32.85] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/about.php"] [unique_id "aSAa1j4rZbRSr7vu-NOeIgAAAAI"]
[Fri Nov 21 15:55:04.168992 2025] [:error] [pid 25430:tid 25483] [client 172.98.32.94:20933] File does not exist: /usr/local/apache/htdocs/suspended-page/hehe.php
[Fri Nov 21 15:55:04.597788 2025] [:error] [pid 25430:tid 25476] [client 172.98.32.94:20933] [client 172.98.32.94] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/fonts/autoload_classmap.php"] [unique_id "aSAa2KpnWJcWt_4foXk62wAAAFA"]
[Fri Nov 21 15:55:05.933287 2025] [:error] [pid 25554:tid 25564] [client 45.132.227.58:46443] File does not exist: /usr/local/apache/htdocs/suspended-page/dir.php
[Fri Nov 21 15:55:06.362780 2025] [:error] [pid 25554:tid 25576] [client 45.132.227.58:46443] [client 45.132.227.58] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/atomlib.php"] [unique_id "aSAa2h-NtB-9AzFZrk5JyAAAARI"]
[Fri Nov 21 15:55:08.127655 2025] [:error] [pid 25431:tid 25504] [client 45.132.227.66:59043] File does not exist: /usr/local/apache/htdocs/suspended-page/nf_tracking.php
[Fri Nov 21 15:55:09.006815 2025] [:error] [pid 25431:tid 25508] [client 45.132.227.66:59043] File does not exist: /usr/local/apache/htdocs/suspended-page/filefuns.php
[Fri Nov 21 15:55:09.890972 2025] [:error] [pid 25431:tid 25501] [client 45.132.227.66:59043] File does not exist: /usr/local/apache/htdocs/suspended-page/l.php
[Fri Nov 21 15:55:10.321983 2025] [:error] [pid 25431:tid 25495] [client 45.132.227.66:59043] File does not exist: /usr/local/apache/htdocs/suspended-page/repeater.php
[Fri Nov 21 15:55:11.209226 2025] [:error] [pid 25431:tid 25506] [client 45.132.227.66:59043] [client 45.132.227.66] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/autoload_classmap.php"] [unique_id "aSAa38klhXxmoIExII0pPwAAAJM"]
[Fri Nov 21 15:55:12.095255 2025] [:error] [pid 25429:tid 25456] [client 172.98.32.77:24259] File does not exist: /usr/local/apache/htdocs/suspended-page/contacts.php
[Fri Nov 21 15:55:12.540932 2025] [:error] [pid 25429:tid 25443] [client 172.98.32.77:24259] File does not exist: /usr/local/apache/htdocs/suspended-page/wsa.php
[Fri Nov 21 15:55:12.995003 2025] [:error] [pid 25429:tid 25433] [client 172.98.32.77:24259] [client 172.98.32.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/about.php"] [unique_id "aSAa4D4rZbRSr7vu-NOeYQAAAAA"]
[Fri Nov 21 15:55:14.309991 2025] [:error] [pid 25429:tid 25440] [client 45.132.227.52:42175] [client 45.132.227.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/index.php"] [unique_id "aSAa4j4rZbRSr7vu-NOebAAAAAc"]
[Fri Nov 21 15:55:15.629947 2025] [:error] [pid 25554:tid 25571] [client 172.98.32.93:51059] File does not exist: /usr/local/apache/htdocs/suspended-page/lv.php
[Fri Nov 21 15:55:16.960128 2025] [:error] [pid 25554:tid 25561] [client 172.98.32.93:51059] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/file.php
[Fri Nov 21 15:55:17.463018 2025] [:error] [pid 25554:tid 25565] [client 172.98.32.93:51059] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php
[Fri Nov 21 15:55:19.151083 2025] [:error] [pid 25554:tid 25565] [client 172.98.32.93:51059] [client 172.98.32.93] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/autoload_classmap.php"] [unique_id "aSAa5x-NtB-9AzFZrk5KGAAAAQc"]
[Fri Nov 21 15:55:20.048694 2025] [:error] [pid 25521:tid 25542] [client 172.98.32.77:43129] [client 172.98.32.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/wp-conflg.php"] [unique_id "aSAa6PhXnBMilDddn3XfBgAAANM"]
[Fri Nov 21 15:55:23.155986 2025] [:error] [pid 25521:tid 25538] [client 45.132.227.67:33309] File does not exist: /usr/local/apache/htdocs/suspended-page/tox.php
[Fri Nov 21 15:55:24.039576 2025] [:error] [pid 25521:tid 25539] [client 45.132.227.67:33309] [client 45.132.227.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/dist/default.php"] [unique_id "aSAa7PhXnBMilDddn3XfPwAAANA"]
[Fri Nov 21 15:55:25.388870 2025] [:error] [pid 25429:tid 25435] [client 172.98.32.79:54407] [client 172.98.32.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/tiny.php"] [unique_id "aSAa7T4rZbRSr7vu-NOepwAAAAI"]
[Fri Nov 21 15:55:26.704004 2025] [:error] [pid 25554:tid 25562] [client 136.144.42.75:64953] File does not exist: /usr/local/apache/htdocs/suspended-page/themes.php
[Fri Nov 21 15:55:27.182943 2025] [:error] [pid 25554:tid 25578] [client 136.144.42.75:64953] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-themes.php
[Fri Nov 21 15:55:27.615300 2025] [:error] [pid 25554:tid 25580] [client 136.144.42.75:64953] [client 136.144.42.75] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/src/index.php"] [unique_id "aSAa7x-NtB-9AzFZrk5KWAAAARY"]
[Fri Nov 21 15:55:29.016356 2025] [:error] [pid 25431:tid 25488] [client 136.144.42.80:62355] File does not exist: /usr/local/apache/htdocs/suspended-page/mariju.php
[Fri Nov 21 15:55:29.471506 2025] [:error] [pid 25431:tid 25490] [client 136.144.42.80:62355] File does not exist: /usr/local/apache/htdocs/suspended-page/waf_defender.php
[Fri Nov 21 15:55:30.348755 2025] [:error] [pid 25431:tid 25500] [client 136.144.42.80:62355] File does not exist: /usr/local/apache/htdocs/suspended-page/av.php
[Fri Nov 21 15:55:31.725306 2025] [:error] [pid 25431:tid 25502] [client 136.144.42.80:62355] [client 136.144.42.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Parse/about.php"] [unique_id "aSAa88klhXxmoIExII0pwwAAAI8"]
[Fri Nov 21 15:55:32.937085 2025] [:error] [pid 46939:tid 46948] [client 45.132.227.65:60231] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php
[Fri Nov 21 15:55:34.273381 2025] [:error] [pid 46939:tid 46950] [client 45.132.227.65:60231] [client 45.132.227.65] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/wp-conflg.php"] [unique_id "aSAa9u0OmVoxD4VZ_ZllXwAAAUg"]
[Fri Nov 21 15:55:35.660938 2025] [:error] [pid 25431:tid 25495] [client 172.98.32.81:35575] File does not exist: /usr/local/apache/htdocs/suspended-page/theme.php
[Fri Nov 21 15:55:36.965111 2025] [:error] [pid 25431:tid 25502] [client 172.98.32.81:35575] File does not exist: /usr/local/apache/htdocs/suspended-page/Simple.php
[Fri Nov 21 15:55:37.397358 2025] [:error] [pid 25431:tid 25509] [client 172.98.32.81:35575] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php
[Fri Nov 21 15:55:38.313091 2025] [:error] [pid 25431:tid 25496] [client 172.98.32.81:35575] [client 172.98.32.81] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 172.98.32.81, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/css/colors/ocean/wp-login.php"] [unique_id "aSAa-sklhXxmoIExII0p6wAAAIk"]
[Fri Nov 21 15:55:40.534816 2025] [:error] [pid 25431:tid 25488] [client 172.98.32.81:35575] [client 172.98.32.81] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Cache/upfile.php"] [unique_id "aSAa_MklhXxmoIExII0p_AAAAIE"]
[Fri Nov 21 15:55:41.407416 2025] [:error] [pid 25429:tid 25449] [client 136.144.42.74:51087] File does not exist: /usr/local/apache/htdocs/suspended-page/small.php
[Fri Nov 21 15:55:41.862730 2025] [:error] [pid 25429:tid 25444] [client 136.144.42.74:51087] [client 136.144.42.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/plugins/fullscreen/about.php"] [unique_id "aSAa_T4rZbRSr7vu-NOfFgAAAAs"]
[Fri Nov 21 15:55:42.792750 2025] [:error] [pid 46939:tid 46942] [client 45.132.227.57:38399] File does not exist: /usr/local/apache/htdocs/suspended-page/NewFile.php
[Fri Nov 21 15:55:43.680667 2025] [:error] [pid 46939:tid 46943] [client 45.132.227.57:38399] File does not exist: /usr/local/apache/htdocs/suspended-page/error.php
[Fri Nov 21 15:55:44.578504 2025] [:error] [pid 46939:tid 46963] [client 45.132.227.57:38399] [client 45.132.227.57] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-widget-search-function.php"] [unique_id "aSAbAO0OmVoxD4VZ_ZllowAAAVU"]
[Fri Nov 21 15:55:45.921461 2025] [:error] [pid 25554:tid 25558] [client 172.98.32.90:31645] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-files.php
[Fri Nov 21 15:55:46.400268 2025] [:error] [pid 25554:tid 25566] [client 172.98.32.90:31645] File does not exist: /usr/local/apache/htdocs/suspended-page/functions.php
[Fri Nov 21 15:55:47.332660 2025] [:error] [pid 25554:tid 25569] [client 172.98.32.90:31645] [client 172.98.32.90] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Canonical.php"] [unique_id "aSAbAx-NtB-9AzFZrk5K8QAAAQs"]
[Fri Nov 21 15:55:48.731227 2025] [:error] [pid 46939:tid 46945] [client 45.132.227.59:30187] [client 45.132.227.59] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/autoload_classmap.php"] [unique_id "aSAbBO0OmVoxD4VZ_ZlltgAAAUM"]
[Fri Nov 21 15:55:49.631724 2025] [:error] [pid 25430:tid 25465] [client 172.98.32.79:20767] File does not exist: /usr/local/apache/htdocs/suspended-page/aks.php
[Fri Nov 21 15:55:50.083686 2025] [:error] [pid 25430:tid 25463] [client 172.98.32.79:20767] File does not exist: /usr/local/apache/htdocs/suspended-page/litespeed.php
[Fri Nov 21 15:55:51.033247 2025] [:error] [pid 25430:tid 25475] [client 172.98.32.79:20767] [client 172.98.32.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-feed-index.php"] [unique_id "aSAbB6pnWJcWt_4foXk74wAAAE8"]
[Fri Nov 21 15:55:51.902276 2025] [:error] [pid 46939:tid 46948] [client 45.132.227.68:52625] File does not exist: /usr/local/apache/htdocs/suspended-page/wpn.php
[Fri Nov 21 15:55:52.850003 2025] [:error] [pid 46939:tid 46946] [client 45.132.227.68:52625] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/iR7SzrsOUEP.php
[Fri Nov 21 15:55:53.281696 2025] [:error] [pid 46939:tid 46966] [client 45.132.227.68:52625] [client 45.132.227.68] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/class-wp-customize-nav-menu-section-boolean.php"] [unique_id "aSAbCe0OmVoxD4VZ_Zll1gAAAVg"]
[Fri Nov 21 15:55:54.599188 2025] [:error] [pid 25430:tid 25467] [client 45.132.227.62:51563] [client 45.132.227.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/db.php"] [unique_id "aSAbCqpnWJcWt_4foXk7-wAAAEc"]
[Fri Nov 21 15:55:55.558138 2025] [:error] [pid 25429:tid 25441] [client 172.98.32.79:43147] [client 172.98.32.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-wp-dependency-float.php"] [unique_id "aSAbCz4rZbRSr7vu-NOffgAAAAg"]
[Fri Nov 21 15:55:56.456592 2025] [:error] [pid 25430:tid 25470] [client 45.132.227.54:38995] [client 45.132.227.54] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/index.php"] [unique_id "aSAbDKpnWJcWt_4foXk8BQAAAEo"]
[Fri Nov 21 15:55:57.344094 2025] [:error] [pid 46939:tid 46963] [client 172.98.32.89:51551] [client 172.98.32.89] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/purna.php"] [unique_id "aSAbDe0OmVoxD4VZ_Zll9wAAAVU"]
[Fri Nov 21 15:55:58.244829 2025] [:error] [pid 25431:tid 25501] [client 172.98.32.93:40705] [client 172.98.32.93] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/interactivity-api/interactivity-api-class.php"] [unique_id "aSAbDsklhXxmoIExII0qvgAAAI4"]
[Fri Nov 21 15:55:59.130526 2025] [:error] [pid 25430:tid 25470] [client 172.98.32.91:22895] [client 172.98.32.91] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/l10n/class-wp-widddget-pages.php"] [unique_id "aSAbD6pnWJcWt_4foXk8FgAAAEo"]
[Fri Nov 21 15:56:01.736345 2025] [:error] [pid 25429:tid 25453] [client 172.98.32.99:39277] [client 172.98.32.99] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/class-wp-customize-nav-menu-auto-add-control-repository.php"] [unique_id "aSAbET4rZbRSr7vu-NOflAAAABQ"]
[Fri Nov 21 15:56:02.700583 2025] [:error] [pid 25521:tid 25533] [client 172.98.32.86:26547] [client 172.98.32.86] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/script-loader-react-refresh-runtime.min-soap.php"] [unique_id "aSAbEvhXnBMilDddn3XgZQAAAMo"]
[Fri Nov 21 15:56:03.605320 2025] [:error] [pid 46939:tid 46957] [client 45.132.227.53:31969] [client 45.132.227.53] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/module.audio-video.riff-set.php"] [unique_id "aSAbE-0OmVoxD4VZ_ZlmMgAAAU8"]
[Fri Nov 21 15:56:04.976829 2025] [:error] [pid 25429:tid 25456] [client 45.132.227.65:48015] [client 45.132.227.65] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/utils/license.php"] [unique_id "aSAbFD4rZbRSr7vu-NOfswAAABc"]
[Fri Nov 21 15:56:06.764565 2025] [:error] [pid 25430:tid 25477] [client 45.132.227.59:43665] [client 45.132.227.59] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/options.php"] [unique_id "aSAbFqpnWJcWt_4foXk8RwAAAFE"]
[Fri Nov 21 15:56:07.667175 2025] [:error] [pid 25521:tid 25524] [client 172.98.32.96:51023] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/wp-load.php
[Fri Nov 21 15:56:09.535103 2025] [:error] [pid 25521:tid 25545] [client 172.98.32.96:51023] [client 172.98.32.96] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 172.98.32.96, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-content/themes/bltm/wp-login.php"] [unique_id "aSAbGfhXnBMilDddn3XgsgAAANY"]
[Fri Nov 21 15:56:12.185263 2025] [:error] [pid 25521:tid 25537] [client 172.98.32.96:51023] [client 172.98.32.96] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/feed-rsss.php"] [unique_id "aSAbHPhXnBMilDddn3XgzgAAAM4"]
[Fri Nov 21 15:56:13.043600 2025] [:error] [pid 25430:tid 25467] [client 172.98.32.76:55545] [client 172.98.32.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/goto.php"] [unique_id "aSAbHapnWJcWt_4foXk8iwAAAEc"]
[Fri Nov 21 15:56:15.302411 2025] [:error] [pid 25554:tid 25582] [client 136.144.42.78:55169] File does not exist: /usr/local/apache/htdocs/suspended-page/Sanskrit.php
[Fri Nov 21 15:56:15.760479 2025] [:error] [pid 25554:tid 25571] [client 136.144.42.78:55169] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-fmfile.php
[Fri Nov 21 15:56:17.587710 2025] [:error] [pid 25554:tid 25580] [client 136.144.42.78:55169] File does not exist: /usr/local/apache/htdocs/suspended-page/memberfuns.php
[Fri Nov 21 15:56:18.034039 2025] [:error] [pid 25554:tid 25567] [client 136.144.42.78:55169] File does not exist: /usr/local/apache/htdocs/suspended-page/infos.php
[Fri Nov 21 15:56:19.889765 2025] [:error] [pid 25554:tid 25572] [client 136.144.42.78:55169] File does not exist: /usr/local/apache/htdocs/suspended-page/options-writing.php
[Fri Nov 21 15:56:20.349203 2025] [:error] [pid 25554:tid 25571] [client 136.144.42.78:55169] File does not exist: /usr/local/apache/htdocs/suspended-page/options-reading.php
[Fri Nov 21 15:56:20.788831 2025] [:error] [pid 25554:tid 25561] [client 136.144.42.78:55169] File does not exist: /usr/local/apache/htdocs/suspended-page/wsad.php
[Fri Nov 21 15:56:21.233860 2025] [:error] [pid 25554:tid 25559] [client 136.144.42.78:55169] File does not exist: /usr/local/apache/htdocs/suspended-page/nation.php
[Fri Nov 21 15:56:21.662722 2025] [:error] [pid 25554:tid 25569] [client 136.144.42.78:55169] [client 136.144.42.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/codemirror/index.php"] [unique_id "aSAbJR-NtB-9AzFZrk5MJQAAAQs"]
[Fri Nov 21 15:56:22.605253 2025] [:error] [pid 25554:tid 25576] [client 45.132.227.53:56537] [client 45.132.227.53] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/wp_class_datlib.php"] [unique_id "aSAbJh-NtB-9AzFZrk5MLQAAARI"]
[Fri Nov 21 15:56:23.483283 2025] [:error] [pid 25429:tid 25455] [client 172.98.32.80:35019] [client 172.98.32.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/langs/about.php"] [unique_id "aSAbJz4rZbRSr7vu-NOgDQAAABY"]
[Fri Nov 21 15:56:24.906338 2025] [:error] [pid 25429:tid 25434] [client 45.132.227.52:43405] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-atomx.php
[Fri Nov 21 15:56:25.345517 2025] [:error] [pid 25429:tid 25445] [client 45.132.227.52:43405] File does not exist: /usr/local/apache/htdocs/suspended-page/admin-footer.php
[Fri Nov 21 15:56:26.243564 2025] [:error] [pid 25429:tid 25452] [client 45.132.227.52:43405] File does not exist: /usr/local/apache/htdocs/suspended-page/XxX.php
[Fri Nov 21 15:56:27.128726 2025] [:error] [pid 25429:tid 25456] [client 45.132.227.52:43405] [client 45.132.227.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Registry-private.php"] [unique_id "aSAbKz4rZbRSr7vu-NOgJAAAABc"]
[Fri Nov 21 15:56:28.022848 2025] [:error] [pid 25521:tid 25528] [client 172.98.32.77:56103] [client 172.98.32.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/script-modules-packages.min-meta.php"] [unique_id "aSAbLPhXnBMilDddn3XhTQAAAMU"]
[Fri Nov 21 15:56:29.000073 2025] [:error] [pid 25430:tid 25463] [client 45.132.227.60:53083] [client 45.132.227.60] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/bypass.php"] [unique_id "aSAbLKpnWJcWt_4foXk8_wAAAEM"]
[Fri Nov 21 15:56:31.798320 2025] [:error] [pid 25429:tid 25448] [client 45.132.227.52:56317] [client 45.132.227.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/adminfus.php"] [unique_id "aSAbLz4rZbRSr7vu-NOgQwAAAA8"]
[Fri Nov 21 15:56:33.204282 2025] [:error] [pid 25430:tid 25466] [client 172.98.32.100:49627] [client 172.98.32.100] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/blocks/group/wp-style.php"] [unique_id "aSAbMapnWJcWt_4foXk9KgAAAEY"]
[Fri Nov 21 15:56:35.124823 2025] [:error] [pid 46939:tid 46958] [client 172.98.32.77:46985] [client 172.98.32.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-wolf-widget.php"] [unique_id "aSAbM-0OmVoxD4VZ_ZlnHAAAAVA"]
[Fri Nov 21 15:56:42.035342 2025] [:error] [pid 25430:tid 25477] [client 172.98.32.81:44773] [client 172.98.32.81] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/index.php"] [unique_id "aSAbOqpnWJcWt_4foXk9hAAAAFE"]
[Fri Nov 21 15:56:44.487781 2025] [:error] [pid 46939:tid 46956] [client 172.98.32.100:44669] File does not exist: /usr/local/apache/htdocs/suspended-page/xex.php
[Fri Nov 21 15:56:45.348169 2025] [:error] [pid 46939:tid 46955] [client 172.98.32.100:44669] [client 172.98.32.100] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/about.php"] [unique_id "aSAbPe0OmVoxD4VZ_ZlnUQAAAU0"]
[Fri Nov 21 15:56:47.080363 2025] [:error] [pid 25431:tid 25499] [client 172.98.32.95:37569] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-head.php
[Fri Nov 21 15:56:48.382670 2025] [:error] [pid 25431:tid 25498] [client 172.98.32.95:37569] File does not exist: /usr/local/apache/htdocs/suspended-page/makeasmtp.php
[Fri Nov 21 15:56:48.817771 2025] [:error] [pid 25431:tid 25500] [client 172.98.32.95:37569] [client 172.98.32.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/wp-sup.php"] [unique_id "aSAbQMklhXxmoIExII0slwAAAI0"]
[Fri Nov 21 15:56:50.629063 2025] [:error] [pid 25554:tid 25573] [client 172.98.32.84:40705] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-t.api.php"] [unique_id "aSAbQh-NtB-9AzFZrk5NJwAAAQ8"]
[Fri Nov 21 15:56:53.302697 2025] [:error] [pid 25431:tid 25500] [client 172.98.32.100:26181] [client 172.98.32.100] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/dist/require-dynamic-blocks.php"] [unique_id "aSAbRcklhXxmoIExII0szAAAAI0"]
[Fri Nov 21 15:56:56.660192 2025] [:error] [pid 25431:tid 25504] [client 45.132.227.66:42643] [client 45.132.227.66] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-widget-rss-database.php"] [unique_id "aSAbSMklhXxmoIExII0s_gAAAJE"]
[Fri Nov 21 15:56:57.988274 2025] [:error] [pid 25431:tid 25505] [client 172.98.32.91:37323] File does not exist: /usr/local/apache/htdocs/suspended-page/click.php
[Fri Nov 21 15:56:58.419735 2025] [:error] [pid 25431:tid 25510] [client 172.98.32.91:37323] [client 172.98.32.91] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-wp-customize-manager-client.php"] [unique_id "aSAbSsklhXxmoIExII0tFgAAAJc"]
[Fri Nov 21 15:56:59.344386 2025] [:error] [pid 25554:tid 25574] [client 45.132.227.52:62867] [client 45.132.227.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/script-modules-packages.min-boolean.php"] [unique_id "aSAbSx-NtB-9AzFZrk5NUQAAARA"]
[Fri Nov 21 15:57:02.644366 2025] [:error] [pid 25521:tid 25528] [client 45.132.227.64:54729] [client 45.132.227.64] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/simi.php"] [unique_id "aSAbTvhXnBMilDddn3XiIwAAAMU"]
[Fri Nov 21 15:57:03.518604 2025] [:error] [pid 25431:tid 25489] [client 136.144.42.74:41231] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-admin.php
[Fri Nov 21 15:57:07.227141 2025] [:error] [pid 25431:tid 25510] [client 136.144.42.74:41231] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-editor.php
[Fri Nov 21 15:57:07.656191 2025] [:error] [pid 25431:tid 25489] [client 136.144.42.74:41231] [client 136.144.42.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine-session.php"] [unique_id "aSAbU8klhXxmoIExII0tbQAAAII"]
[Fri Nov 21 15:57:09.548016 2025] [:error] [pid 25554:tid 25569] [client 172.98.32.86:33649] File does not exist: /usr/local/apache/htdocs/suspended-page/adminfusm.php
[Fri Nov 21 15:57:10.433733 2025] [:error] [pid 25554:tid 25562] [client 172.98.32.86:33649] [client 172.98.32.86] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/wp-includes/assets/script-loader-packages.min.php"] [unique_id "aSAbVh-NtB-9AzFZrk5NrQAAAQQ"]
[Fri Nov 21 15:57:11.317269 2025] [:error] [pid 25431:tid 25505] [client 172.98.32.95:61349] [client 172.98.32.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/blocks/file/wp-style.php"] [unique_id "aSAbV8klhXxmoIExII0thAAAAJI"]
[Fri Nov 21 15:57:13.175287 2025] [:error] [pid 25430:tid 25467] [client 172.98.32.95:48441] [client 172.98.32.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/class-IXR-cilent.php"] [unique_id "aSAbWapnWJcWt_4foXk-jQAAAEc"]
[Fri Nov 21 15:57:15.413496 2025] [:error] [pid 25429:tid 25445] [client 45.132.227.57:27005] [client 45.132.227.57] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/install.php"] [unique_id "aSAbWz4rZbRSr7vu-NOhaAAAAAw"]
[Fri Nov 21 15:57:17.575702 2025] [:error] [pid 25431:tid 25501] [client 172.98.32.77:41547] [client 172.98.32.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/xleet.php"] [unique_id "aSAbXcklhXxmoIExII0tmQAAAI4"]
[Fri Nov 21 15:57:18.980488 2025] [:error] [pid 46939:tid 46945] [client 45.132.227.55:32027] File does not exist: /usr/local/apache/htdocs/suspended-page/f35_SpaceTn.php
[Fri Nov 21 15:57:21.199757 2025] [:error] [pid 46939:tid 46944] [client 45.132.227.55:32027] [client 45.132.227.55] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/category-double.php"] [unique_id "aSAbYe0OmVoxD4VZ_ZloggAAAUI"]
[Fri Nov 21 15:57:22.947945 2025] [:error] [pid 25429:tid 25451] [client 172.98.32.83:26153] [client 172.98.32.83] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/db.php"] [unique_id "aSAbYj4rZbRSr7vu-NOhrgAAABI"]
[Fri Nov 21 15:57:23.819185 2025] [:error] [pid 25429:tid 25448] [client 45.132.227.67:25653] [client 45.132.227.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/security.php"] [unique_id "aSAbYz4rZbRSr7vu-NOhuwAAAA8"]
[Fri Nov 21 15:57:25.308719 2025] [:error] [pid 46939:tid 46966] [client 45.132.227.66:52143] File does not exist: /usr/local/apache/htdocs/suspended-page/gm.php
[Fri Nov 21 15:57:25.736745 2025] [:error] [pid 46939:tid 46955] [client 45.132.227.66:52143] [client 45.132.227.66] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-wp-language-pack.php"] [unique_id "aSAbZe0OmVoxD4VZ_ZlosAAAAU0"]
[Fri Nov 21 15:57:27.050483 2025] [:error] [pid 25429:tid 25457] [client 45.132.227.57:36131] [client 45.132.227.57] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-walker-comment-client.php"] [unique_id "aSAbZz4rZbRSr7vu-NOh2gAAABg"]
[Fri Nov 21 15:57:30.114804 2025] [:error] [pid 46939:tid 46942] [client 172.98.32.96:45351] [client 172.98.32.96] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-wp-network-query-stat.php"] [unique_id "aSAbau0OmVoxD4VZ_Zlo6gAAAUA"]
[Fri Nov 21 15:57:31.532239 2025] [:error] [pid 25429:tid 25443] [client 45.132.227.54:61433] File does not exist: /usr/local/apache/htdocs/suspended-page/plugin-install.php
[Fri Nov 21 15:57:31.985772 2025] [:error] [pid 25429:tid 25444] [client 45.132.227.54:61433] [client 45.132.227.54] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-wp-session-tokens-https.php"] [unique_id "aSAbaz4rZbRSr7vu-NOiBAAAAAs"]
[Fri Nov 21 15:57:33.719467 2025] [:error] [pid 25554:tid 25574] [client 172.98.32.93:59009] [client 172.98.32.93] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/crystal/lrs_dage.php"] [unique_id "aSAbbR-NtB-9AzFZrk5OTQAAARA"]
[Fri Nov 21 15:57:35.083357 2025] [:error] [pid 25430:tid 25473] [client 45.132.227.67:64035] [client 45.132.227.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/as.php"] [unique_id "aSAbb6pnWJcWt_4foXk_JgAAAE0"]
[Fri Nov 21 15:57:36.368222 2025] [:error] [pid 25430:tid 25465] [client 172.98.32.99:60439] [client 172.98.32.99] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/wp-conflg.php"] [unique_id "aSAbcKpnWJcWt_4foXk_KgAAAEU"]
[Fri Nov 21 15:57:37.228768 2025] [:error] [pid 25429:tid 25449] [client 172.98.32.99:24069] [client 172.98.32.99] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/install.php"] [unique_id "aSAbcT4rZbRSr7vu-NOiMwAAABA"]
[Fri Nov 21 15:57:38.114252 2025] [:error] [pid 46939:tid 46949] [client 45.132.227.59:35865] [client 45.132.227.59] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/db.php"] [unique_id "aSAbcu0OmVoxD4VZ_ZlpMQAAAUc"]
[Fri Nov 21 15:57:41.667715 2025] [:error] [pid 25554:tid 25563] [client 172.98.32.97:31465] [client 172.98.32.97] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/thickbox/about.php"] [unique_id "aSAbdR-NtB-9AzFZrk5OeAAAAQU"]
[Fri Nov 21 15:57:43.942246 2025] [:error] [pid 25429:tid 25450] [client 172.98.32.81:46527] [client 172.98.32.81] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/rk2.php"] [unique_id "aSAbdz4rZbRSr7vu-NOicQAAABE"]
[Fri Nov 21 15:57:45.776414 2025] [:error] [pid 25431:tid 25508] [client 45.132.227.65:64593] File does not exist: /usr/local/apache/htdocs/suspended-page/b.php
[Fri Nov 21 15:57:46.233389 2025] [:error] [pid 25431:tid 25489] [client 45.132.227.65:64593] [client 45.132.227.65] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/past.php"] [unique_id "aSAbesklhXxmoIExII0ukAAAAII"]
[Fri Nov 21 15:57:48.462734 2025] [:error] [pid 25554:tid 25567] [client 45.132.227.62:46375] [client 45.132.227.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/edit-tags.php"] [unique_id "aSAbfB-NtB-9AzFZrk5OpAAAAQk"]
[Fri Nov 21 15:57:49.328560 2025] [:error] [pid 25554:tid 25576] [client 45.132.227.62:30893] File does not exist: /usr/local/apache/htdocs/suspended-page/wsax.php
[Fri Nov 21 15:57:52.007422 2025] [:error] [pid 25554:tid 25565] [client 45.132.227.62:30893] [client 45.132.227.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/dist/footer-default.php"] [unique_id "aSAbgB-NtB-9AzFZrk5O0wAAAQc"]
[Fri Nov 21 15:57:53.305849 2025] [:error] [pid 25429:tid 25439] [client 45.132.227.55:56233] [client 45.132.227.55] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-widget-meta-request.php"] [unique_id "aSAbgT4rZbRSr7vu-NOixQAAAAY"]
[Fri Nov 21 15:57:54.703893 2025] [:error] [pid 25521:tid 25533] [client 45.132.227.67:56027] [client 45.132.227.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/dist/edit-widgets/bypass.php"] [unique_id "aSAbgvhXnBMilDddn3XjcgAAAMo"]
[Fri Nov 21 15:57:56.482007 2025] [:error] [pid 25431:tid 25509] [client 172.98.32.98:53023] [client 172.98.32.98] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/l10n/wp-login.php"] [unique_id "aSAbhMklhXxmoIExII0u9wAAAJY"]
[Fri Nov 21 15:58:01.011932 2025] [:error] [pid 25554:tid 25580] [client 45.132.227.61:47893] [client 45.132.227.61] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/wp-ss.php"] [unique_id "aSAbiR-NtB-9AzFZrk5PJgAAARY"]
[Fri Nov 21 15:58:01.907104 2025] [:error] [pid 25554:tid 25567] [client 45.132.227.63:64901] [client 45.132.227.63] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/xsec1.php"] [unique_id "aSAbiR-NtB-9AzFZrk5PLwAAAQk"]
[Fri Nov 21 15:58:04.134659 2025] [:error] [pid 46939:tid 46961] [client 45.132.227.65:34519] [client 45.132.227.65] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/crystal/sad.php"] [unique_id "aSAbjO0OmVoxD4VZ_Zlp6QAAAVM"]
[Fri Nov 21 15:58:05.050505 2025] [:error] [pid 25554:tid 25558] [client 136.144.42.75:61897] [client 136.144.42.75] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/script-loader-packages.min.php"] [unique_id "aSAbjR-NtB-9AzFZrk5PQgAAAQA"]
[Fri Nov 21 15:58:06.819777 2025] [:error] [pid 46939:tid 46952] [client 172.98.32.76:35045] [client 172.98.32.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-phpmailer-beta.php"] [unique_id "aSAbju0OmVoxD4VZ_Zlp-gAAAUo"]
[Fri Nov 21 15:58:07.671756 2025] [:error] [pid 46939:tid 46946] [client 172.98.32.86:36905] [client 172.98.32.86] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ms-file.php"] [unique_id "aSAbj-0OmVoxD4VZ_ZlqAwAAAUQ"]
[Fri Nov 21 15:58:08.588396 2025] [:error] [pid 25431:tid 25496] [client 172.98.32.83:62689] [client 172.98.32.83] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 172.98.32.83, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/wp-login.php"] [unique_id "aSAbkMklhXxmoIExII0vaQAAAIk"]
[Fri Nov 21 15:58:08.593813 2025] [:error] [pid 25431:tid 25496] [client 172.98.32.83:62689] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/wp-login.php
[Fri Nov 21 15:58:09.045626 2025] [:error] [pid 25431:tid 25489] [client 172.98.32.83:62689] [client 172.98.32.83] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/av.php"] [unique_id "aSAbkcklhXxmoIExII0vcAAAAII"]
[Fri Nov 21 15:58:10.836349 2025] [:error] [pid 46939:tid 46956] [client 172.98.32.89:62977] File does not exist: /usr/local/apache/htdocs/suspended-page/bs1.php
[Fri Nov 21 15:58:11.295435 2025] [:error] [pid 46939:tid 46957] [client 172.98.32.89:62977] [client 172.98.32.89] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/autoload_classmap.php"] [unique_id "aSAbk-0OmVoxD4VZ_ZlqKwAAAU8"]
[Fri Nov 21 15:58:12.149737 2025] [:error] [pid 25554:tid 25574] [client 45.132.227.58:51689] [client 45.132.227.58] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/network.php"] [unique_id "aSAblB-NtB-9AzFZrk5PWQAAARA"]
[Fri Nov 21 15:58:13.029038 2025] [:error] [pid 46939:tid 46954] [client 136.144.42.79:26555] File does not exist: /usr/local/apache/htdocs/suspended-page/page.php
[Fri Nov 21 15:58:16.165836 2025] [:error] [pid 46939:tid 46961] [client 136.144.42.79:26555] [client 136.144.42.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/XML/content.php"] [unique_id "aSAbmO0OmVoxD4VZ_ZlqVwAAAVM"]
[Fri Nov 21 15:58:17.020755 2025] [:error] [pid 25521:tid 25529] [client 172.98.32.87:43377] [client 172.98.32.87] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/pomo/item.php"] [unique_id "aSAbmfhXnBMilDddn3Xj-QAAAMY"]
[Fri Nov 21 15:58:18.863000 2025] [:error] [pid 25431:tid 25499] [client 172.98.32.80:30655] [client 172.98.32.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/pomo/plugins.php"] [unique_id "aSAbmsklhXxmoIExII0vuwAAAIw"]
[Fri Nov 21 15:58:19.763403 2025] [:error] [pid 25430:tid 25480] [client 136.144.42.69:53169] [client 136.144.42.69] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/install.php"] [unique_id "aSAbm6pnWJcWt_4foXlAbQAAAFQ"]
[Fri Nov 21 15:58:20.715489 2025] [:error] [pid 25521:tid 25526] [client 45.132.227.66:60941] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/gecko-old.php
[Fri Nov 21 15:58:21.154667 2025] [:error] [pid 25521:tid 25528] [client 45.132.227.66:60941] [client 45.132.227.66] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 45.132.227.66, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/css/wp-login.php"] [unique_id "aSAbnfhXnBMilDddn3XkHwAAAMU"]
[Fri Nov 21 15:58:22.019959 2025] [:error] [pid 25521:tid 25523] [client 45.132.227.66:60941] [client 45.132.227.66] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-nav-widgets.php"] [unique_id "aSAbnvhXnBMilDddn3XkJQAAAMA"]
[Fri Nov 21 15:58:24.844205 2025] [:error] [pid 46939:tid 46945] [client 172.98.32.92:61953] [client 172.98.32.92] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/providers/doc.php"] [unique_id "aSAboO0OmVoxD4VZ_ZlqowAAAUM"]
[Fri Nov 21 15:58:25.719642 2025] [:error] [pid 25521:tid 25532] [client 45.132.227.55:40965] File does not exist: /usr/local/apache/htdocs/suspended-page/ws.php
[Fri Nov 21 15:58:26.198263 2025] [:error] [pid 25521:tid 25545] [client 45.132.227.55:40965] [client 45.132.227.55] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/rest-api/1.php"] [unique_id "aSAbovhXnBMilDddn3XkOwAAANY"]
[Fri Nov 21 15:58:27.050763 2025] [:error] [pid 25521:tid 25537] [client 172.98.32.92:65223] [client 172.98.32.92] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/fonts/class_api.php"] [unique_id "aSAbo_hXnBMilDddn3XkPgAAAM4"]
[Fri Nov 21 15:58:28.042870 2025] [:error] [pid 25431:tid 25490] [client 136.144.42.77:40941] File does not exist: /usr/local/apache/htdocs/suspended-page/shop.php
[Fri Nov 21 15:58:29.355837 2025] [:error] [pid 25431:tid 25507] [client 136.144.42.77:40941] [client 136.144.42.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/admin.php"] [unique_id "aSAbpcklhXxmoIExII0wAgAAAJQ"]
[Fri Nov 21 15:58:31.087545 2025] [:error] [pid 25430:tid 25476] [client 172.98.32.84:52663] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/about.php"] [unique_id "aSAbp6pnWJcWt_4foXlAoQAAAFA"]
[Fri Nov 21 15:58:31.989488 2025] [:error] [pid 25430:tid 25469] [client 45.132.227.64:53455] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-api.php
[Fri Nov 21 15:58:32.930441 2025] [:error] [pid 25430:tid 25470] [client 45.132.227.64:53455] File does not exist: /usr/local/apache/htdocs/suspended-page/css.php
[Fri Nov 21 15:58:33.799287 2025] [:error] [pid 25430:tid 25484] [client 45.132.227.64:53455] [client 45.132.227.64] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-wp-customize-manager-interpreter.php"] [unique_id "aSAbqapnWJcWt_4foXlAsQAAAFg"]
[Fri Nov 21 15:58:34.682611 2025] [:error] [pid 46939:tid 46964] [client 45.132.227.67:40747] [client 45.132.227.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/bypass.php"] [unique_id "aSAbqu0OmVoxD4VZ_ZlrGgAAAVY"]
[Fri Nov 21 15:58:35.978569 2025] [:error] [pid 25429:tid 25451] [client 172.98.32.97:28565] [client 172.98.32.97] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/count.php"] [unique_id "aSAbqz4rZbRSr7vu-NOkfAAAABI"]
[Fri Nov 21 15:58:36.868183 2025] [:error] [pid 25430:tid 25483] [client 172.98.32.93:50939] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-error_log.php
[Fri Nov 21 15:58:39.527104 2025] [:error] [pid 25430:tid 25484] [client 172.98.32.93:50939] [client 172.98.32.93] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/chosen.php"] [unique_id "aSAbr6pnWJcWt_4foXlA4gAAAFg"]
[Fri Nov 21 15:58:41.336350 2025] [:error] [pid 46939:tid 46944] [client 172.98.32.96:48607] [client 172.98.32.96] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.randolphaircraft.com.au|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.randolphaircraft.com.au"] [uri "/images/stories/themes.php"] [unique_id "aSAbse0OmVoxD4VZ_ZlrPQAAAUI"]
[Fri Nov 21 15:58:41.785228 2025] [:error] [pid 46939:tid 46945] [client 172.98.32.96:48607] [client 172.98.32.96] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/footer-embed-function.php"] [unique_id "aSAbse0OmVoxD4VZ_ZlrQwAAAUM"]
[Fri Nov 21 15:58:43.589628 2025] [:error] [pid 25554:tid 25580] [client 172.98.32.97:28843] [client 172.98.32.97] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/l10n/class-wp-translation-file-mo-event.php"] [unique_id "aSAbsx-NtB-9AzFZrk5QLgAAARY"]
[Fri Nov 21 15:58:44.452675 2025] [:error] [pid 46939:tid 46951] [client 172.98.32.96:22731] [client 172.98.32.96] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/vars-soap.php"] [unique_id "aSAbtO0OmVoxD4VZ_ZlrYQAAAUk"]
[Fri Nov 21 15:58:46.199890 2025] [:error] [pid 25554:tid 25574] [client 45.132.227.63:45785] File does not exist: /usr/local/apache/htdocs/suspended-page/files.php
[Fri Nov 21 15:58:47.992624 2025] [:error] [pid 25554:tid 25579] [client 45.132.227.63:45785] [client 45.132.227.63] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/id3/wp-work.php"] [unique_id "aSAbtx-NtB-9AzFZrk5QTwAAARU"]
[Fri Nov 21 15:58:49.934074 2025] [:error] [pid 25554:tid 25580] [client 172.98.32.78:32753] [client 172.98.32.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-wp-taxonomy.editor.php"] [unique_id "aSAbuR-NtB-9AzFZrk5QXQAAARY"]
[Fri Nov 21 15:58:51.271809 2025] [:error] [pid 25429:tid 25439] [client 45.132.227.52:21863] [client 45.132.227.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/wp-conflg.php"] [unique_id "aSAbuz4rZbRSr7vu-NOlWgAAAAY"]
[Fri Nov 21 15:58:52.167890 2025] [:error] [pid 25431:tid 25502] [client 136.144.42.75:40735] File does not exist: /usr/local/apache/htdocs/suspended-page/blog.php
[Fri Nov 21 15:58:54.536375 2025] [:error] [pid 25431:tid 25491] [client 136.144.42.75:40735] [client 136.144.42.75] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/interactivity-api/interactivity-api-xml.php"] [unique_id "aSAbvsklhXxmoIExII0xJwAAAIQ"]
[Fri Nov 21 15:58:55.906876 2025] [:error] [pid 25429:tid 25443] [client 45.132.227.59:57521] [client 45.132.227.59] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/colour.php"] [unique_id "aSAbvz4rZbRSr7vu-NOldgAAAAo"]
[Fri Nov 21 15:58:56.806604 2025] [:error] [pid 25429:tid 25454] [client 172.98.32.90:24887] File does not exist: /usr/local/apache/htdocs/suspended-page/elp.php
[Fri Nov 21 15:58:57.259075 2025] [:error] [pid 25429:tid 25449] [client 172.98.32.90:24887] [client 172.98.32.90] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/class-wp-customize-background-position-control-variable.php"] [unique_id "aSAbwT4rZbRSr7vu-NOlgwAAABA"]
[Fri Nov 21 15:58:58.127149 2025] [:error] [pid 25554:tid 25561] [client 172.98.32.85:23901] [client 172.98.32.85] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/include.php"] [unique_id "aSAbwh-NtB-9AzFZrk5QmAAAAQM"]
[Fri Nov 21 15:58:59.885527 2025] [:error] [pid 46939:tid 46952] [client 172.98.32.88:62691] [client 172.98.32.88] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/imgareaselect/wp-login.php"] [unique_id "aSAbw-0OmVoxD4VZ_ZlrywAAAUo"]
[Fri Nov 21 15:59:02.062626 2025] [:error] [pid 46939:tid 46966] [client 136.144.42.77:20307] File does not exist: /usr/local/apache/htdocs/suspended-page/entrepreneuse.php
[Fri Nov 21 15:59:02.556875 2025] [:error] [pid 46939:tid 46956] [client 136.144.42.77:20307] [client 136.144.42.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/l10n/class-wp-translations-interface.php"] [unique_id "aSAbxu0OmVoxD4VZ_Zlr9gAAAU4"]
[Fri Nov 21 15:59:03.477400 2025] [:error] [pid 25431:tid 25509] [client 172.98.32.97:52423] [client 172.98.32.97] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/about5.php"] [unique_id "aSAbx8klhXxmoIExII0xRgAAAJY"]
[Fri Nov 21 15:59:06.669644 2025] [:error] [pid 25554:tid 25563] [client 136.144.42.70:34765] [client 136.144.42.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/db.php"] [unique_id "aSAbyh-NtB-9AzFZrk5Q2wAAAQU"]
[Fri Nov 21 15:59:08.462256 2025] [:error] [pid 25429:tid 25436] [client 45.132.227.53:58143] [client 45.132.227.53] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/dist/bypass.php"] [unique_id "aSAbzD4rZbRSr7vu-NOl1wAAAAM"]
[Fri Nov 21 15:59:09.317605 2025] [:error] [pid 25554:tid 25574] [client 172.98.32.87:35439] File does not exist: /usr/local/apache/htdocs/suspended-page/testt.php
[Fri Nov 21 15:59:10.630196 2025] [:error] [pid 25554:tid 25571] [client 172.98.32.87:35439] [client 172.98.32.87] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/wp-conflg.php"] [unique_id "aSAbzh-NtB-9AzFZrk5Q6wAAAQ0"]
[Fri Nov 21 15:59:11.588593 2025] [:error] [pid 25431:tid 25508] [client 172.98.32.79:25457] [client 172.98.32.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/wp-includes/assets/script-loader-packages.php"] [unique_id "aSAbz8klhXxmoIExII0xewAAAJU"]
[Fri Nov 21 15:59:12.963155 2025] [:error] [pid 25554:tid 25570] [client 136.144.42.73:61133] [client 136.144.42.73] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/login.php"] [unique_id "aSAb0B-NtB-9AzFZrk5Q9wAAAQw"]
[Fri Nov 21 15:59:13.872905 2025] [:error] [pid 25430:tid 25467] [client 172.98.32.79:25631] File does not exist: /usr/local/apache/htdocs/suspended-page/network.php
[Fri Nov 21 15:59:15.872501 2025] [:error] [pid 25430:tid 25481] [client 172.98.32.79:25631] [client 172.98.32.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/chosen.php"] [unique_id "aSAb06pnWJcWt_4foXlBvwAAAFU"]
[Fri Nov 21 15:59:16.859171 2025] [:error] [pid 46939:tid 46945] [client 172.98.32.90:62109] File does not exist: /usr/local/apache/htdocs/suspended-page/wikindex.php
[Fri Nov 21 15:59:17.720340 2025] [:error] [pid 46939:tid 46947] [client 172.98.32.90:62109] [client 172.98.32.90] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Cache/index.php"] [unique_id "aSAb1e0OmVoxD4VZ_ZlsowAAAUU"]
[Fri Nov 21 15:59:18.575463 2025] [:error] [pid 46939:tid 46942] [client 172.98.32.78:49905] [client 172.98.32.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/dist/about.php"] [unique_id "aSAb1u0OmVoxD4VZ_ZlsrQAAAUA"]
[Fri Nov 21 15:59:21.387033 2025] [:error] [pid 46939:tid 46958] [client 172.98.32.99:26983] [client 172.98.32.99] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/about.php"] [unique_id "aSAb2e0OmVoxD4VZ_ZlszAAAAVA"]
[Fri Nov 21 15:59:22.247222 2025] [:error] [pid 25554:tid 25582] [client 172.98.32.95:44857] [client 172.98.32.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/simi.php"] [unique_id "aSAb2h-NtB-9AzFZrk5RRAAAARg"]
[Fri Nov 21 15:59:24.161151 2025] [:error] [pid 25521:tid 25540] [client 172.98.32.84:46775] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/Text/index.php"] [unique_id "aSAb3PhXnBMilDddn3XlswAAANE"]
[Fri Nov 21 15:59:25.457351 2025] [:error] [pid 25430:tid 25477] [client 172.98.32.82:44665] [client 172.98.32.82] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/abcd.php"] [unique_id "aSAb3apnWJcWt_4foXlB6gAAAFE"]
[Fri Nov 21 15:59:26.393690 2025] [:error] [pid 25554:tid 25563] [client 45.132.227.56:27441] [client 45.132.227.56] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/rk2.php"] [unique_id "aSAb3h-NtB-9AzFZrk5RZQAAAQU"]
[Fri Nov 21 15:59:27.307475 2025] [:error] [pid 46939:tid 46958] [client 136.144.42.75:57477] [client 136.144.42.75] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-widget-search-interpreter.php"] [unique_id "aSAb3-0OmVoxD4VZ_ZltCgAAAVA"]
[Fri Nov 21 15:59:29.475423 2025] [:error] [pid 25554:tid 25569] [client 136.144.42.70:28737] [client 136.144.42.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-template-utils-other.php"] [unique_id "aSAb4R-NtB-9AzFZrk5RiwAAAQs"]
[Fri Nov 21 15:59:31.364034 2025] [:error] [pid 25431:tid 25496] [client 172.98.32.90:43699] [client 172.98.32.90] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/lib/widget-group.php"] [unique_id "aSAb48klhXxmoIExII0x3wAAAIk"]
[Fri Nov 21 15:59:32.732647 2025] [:error] [pid 25431:tid 25498] [client 136.144.42.78:31129] [client 136.144.42.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/jcrop/about.php"] [unique_id "aSAb5MklhXxmoIExII0x5wAAAIs"]
[Fri Nov 21 15:59:34.106133 2025] [:error] [pid 46939:tid 46951] [client 136.144.42.75:60741] [client 136.144.42.75] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/chosen.php"] [unique_id "aSAb5u0OmVoxD4VZ_ZltUwAAAUk"]
[Fri Nov 21 15:59:35.888388 2025] [:error] [pid 25431:tid 25492] [client 45.132.227.57:32727] File does not exist: /usr/local/apache/htdocs/suspended-page/media-new.php
[Fri Nov 21 15:59:37.706742 2025] [:error] [pid 25431:tid 25511] [client 45.132.227.57:32727] [client 45.132.227.57] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/plugin.php"] [unique_id "aSAb6cklhXxmoIExII0x-QAAAJg"]
[Fri Nov 21 15:59:38.575091 2025] [:error] [pid 25431:tid 25506] [client 172.98.32.91:34045] [client 172.98.32.91] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-wp-scripts-query.php"] [unique_id "aSAb6sklhXxmoIExII0x_gAAAJM"]
[Fri Nov 21 15:59:39.942328 2025] [:error] [pid 25431:tid 25494] [client 136.144.42.70:43995] File does not exist: /usr/local/apache/htdocs/suspended-page/pages.php
[Fri Nov 21 15:59:40.372815 2025] [:error] [pid 25431:tid 25500] [client 136.144.42.70:43995] [client 136.144.42.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/module.audio-license.php"] [unique_id "aSAb7MklhXxmoIExII0yCwAAAI0"]
[Fri Nov 21 15:59:43.084894 2025] [:error] [pid 25429:tid 25434] [client 172.98.32.93:22975] [client 172.98.32.93] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-wp-error-module.php"] [unique_id "aSAb7z4rZbRSr7vu-NOmdQAAAAE"]
[Fri Nov 21 15:59:44.439247 2025] [:error] [pid 25431:tid 25507] [client 172.98.32.80:47481] File does not exist: /usr/local/apache/htdocs/suspended-page/adminfus.php
[Fri Nov 21 15:59:44.865134 2025] [:error] [pid 25431:tid 25491] [client 172.98.32.80:47481] [client 172.98.32.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/litespeed.php"] [unique_id "aSAb8MklhXxmoIExII0yIwAAAIQ"]
[Fri Nov 21 15:59:46.674807 2025] [:error] [pid 25430:tid 25469] [client 45.132.227.68:42557] [client 45.132.227.68] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/dist/alam.php"] [unique_id "aSAb8qpnWJcWt_4foXlCSgAAAEk"]
[Fri Nov 21 15:59:47.605753 2025] [:error] [pid 25431:tid 25491] [client 45.132.227.67:52945] File does not exist: /usr/local/apache/htdocs/suspended-page/cong.php
[Fri Nov 21 15:59:48.060706 2025] [:error] [pid 25431:tid 25508] [client 45.132.227.67:52945] [client 45.132.227.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-bindings/imagess.php"] [unique_id "aSAb9MklhXxmoIExII0yNwAAAJU"]
[Fri Nov 21 15:59:49.434058 2025] [:error] [pid 46939:tid 46965] [client 45.132.227.53:22711] [client 45.132.227.53] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/default-filters-edit.php"] [unique_id "aSAb9e0OmVoxD4VZ_Zlt8AAAAVc"]
[Fri Nov 21 15:59:51.758901 2025] [:error] [pid 46939:tid 46957] [client 45.132.227.66:65295] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-configs.php
[Fri Nov 21 15:59:52.189688 2025] [:error] [pid 46939:tid 46966] [client 45.132.227.66:65295] [client 45.132.227.66] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/Auth/index.php"] [unique_id "aSAb-O0OmVoxD4VZ_ZluDQAAAVg"]
[Fri Nov 21 15:59:54.372682 2025] [:error] [pid 25554:tid 25578] [client 45.132.227.55:46997] [client 45.132.227.55] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/theme.php"] [unique_id "aSAb-h-NtB-9AzFZrk5SRQAAARQ"]
[Fri Nov 21 15:59:55.244892 2025] [:error] [pid 25521:tid 25523] [client 172.98.32.97:59609] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/mah.php
[Fri Nov 21 15:59:55.672163 2025] [:error] [pid 25521:tid 25547] [client 172.98.32.97:59609] [client 172.98.32.97] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/shell.php"] [unique_id "aSAb-_hXnBMilDddn3XmqwAAANg"]
[Fri Nov 21 15:59:56.554388 2025] [:error] [pid 25521:tid 25546] [client 45.132.227.59:30459] [client 45.132.227.59] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/class-wp-customize-selective-refresh-library.php"] [unique_id "aSAb_PhXnBMilDddn3XmrwAAANc"]
[Fri Nov 21 15:59:57.415237 2025] [:error] [pid 25429:tid 25453] [client 172.98.32.78:43211] File does not exist: /usr/local/apache/htdocs/suspended-page/ms-users.php
[Fri Nov 21 15:59:58.324393 2025] [:error] [pid 25429:tid 25441] [client 172.98.32.78:43211] [client 172.98.32.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/library/wp-login.php"] [unique_id "aSAb_j4rZbRSr7vu-NOm1AAAAAg"]
[Fri Nov 21 15:59:59.310910 2025] [:error] [pid 25431:tid 25499] [client 172.98.32.78:23209] [client 172.98.32.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/interactivity-api/about.php"] [unique_id "aSAb_8klhXxmoIExII0ykwAAAIw"]
[Fri Nov 21 16:00:03.085476 2025] [:error] [pid 25431:tid 25497] [client 172.98.32.99:22081] [client 172.98.32.99] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/wp-2019.php"] [unique_id "aSAcA8klhXxmoIExII0ysAAAAIo"]
[Fri Nov 21 16:00:03.986282 2025] [:error] [pid 46939:tid 46954] [client 136.144.42.80:26857] [client 136.144.42.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/info.php"] [unique_id "aSAcA-0OmVoxD4VZ_ZlubAAAAUw"]
[Fri Nov 21 16:00:05.313358 2025] [:error] [pid 25554:tid 25580] [client 45.132.227.66:39039] [client 45.132.227.66] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/log.php"] [unique_id "aSAcBR-NtB-9AzFZrk5SeQAAARY"]
[Fri Nov 21 16:00:06.178097 2025] [:error] [pid 25430:tid 25483] [client 172.98.32.84:22769] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/script-loader-react-refresh-runtime-num.php"] [unique_id "aSAcBqpnWJcWt_4foXlCuAAAAFc"]
[Fri Nov 21 16:00:07.077668 2025] [:error] [pid 25430:tid 25469] [client 172.98.32.84:58561] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/script-loader-react-refresh-entry.min-object.php"] [unique_id "aSAcB6pnWJcWt_4foXlCxAAAAEk"]
[Fri Nov 21 16:00:07.956234 2025] [:error] [pid 25431:tid 25494] [client 172.98.32.82:24787] [client 172.98.32.82] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/aw.php"] [unique_id "aSAcB8klhXxmoIExII0y1AAAAIc"]
[Fri Nov 21 16:00:10.587241 2025] [:error] [pid 25554:tid 25561] [client 172.98.32.84:50025] [client 172.98.32.84] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/db.php"] [unique_id "aSAcCh-NtB-9AzFZrk5SmAAAAQM"]
[Fri Nov 21 16:00:11.480653 2025] [:error] [pid 46939:tid 46946] [client 136.144.42.78:56249] [client 136.144.42.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/install.php"] [unique_id "aSAcC-0OmVoxD4VZ_Zlu2wAAAUQ"]
[Fri Nov 21 16:00:12.774814 2025] [:error] [pid 25521:tid 25539] [client 172.98.32.92:26657] File does not exist: /usr/local/apache/htdocs/suspended-page/top.php
[Fri Nov 21 16:00:13.230144 2025] [:error] [pid 25521:tid 25526] [client 172.98.32.92:26657] [client 172.98.32.92] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/dist/install.php"] [unique_id "aSAcDfhXnBMilDddn3XnMgAAAMM"]
[Fri Nov 21 16:00:14.084225 2025] [:error] [pid 46939:tid 46959] [client 172.98.32.96:35693] [client 172.98.32.96] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/dedi1.php"] [unique_id "aSAcDu0OmVoxD4VZ_Zlu9wAAAVE"]
[Fri Nov 21 16:00:15.952821 2025] [:error] [pid 25521:tid 25544] [client 172.98.32.93:35067] [client 172.98.32.93] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/template-less.php"] [unique_id "aSAcD_hXnBMilDddn3XnQQAAANU"]
[Fri Nov 21 16:00:16.915931 2025] [:error] [pid 25431:tid 25489] [client 136.144.42.73:33637] [client 136.144.42.73] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/pomo/alfa-rex.php"] [unique_id "aSAcEMklhXxmoIExII0zAwAAAII"]
[Fri Nov 21 16:00:21.529428 2025] [:error] [pid 46939:tid 46961] [client 45.132.227.52:31881] [client 45.132.227.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/min.php"] [unique_id "aSAcFe0OmVoxD4VZ_ZlvYQAAAVM"]
[Fri Nov 21 16:00:22.429623 2025] [:error] [pid 46939:tid 46961] [client 172.98.32.79:40229] [client 172.98.32.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/wp-conflg.php"] [unique_id "aSAcFu0OmVoxD4VZ_ZlvbgAAAVM"]
[Fri Nov 21 16:00:24.186842 2025] [:error] [pid 25430:tid 25477] [client 136.144.42.80:34355] [client 136.144.42.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/file.php"] [unique_id "aSAcGKpnWJcWt_4foXlDKAAAAFE"]
[Fri Nov 21 16:00:25.526360 2025] [:error] [pid 25431:tid 25496] [client 172.98.32.99:43059] [client 172.98.32.99] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-patterns/about.php"] [unique_id "aSAcGcklhXxmoIExII0zPwAAAIk"]
[Fri Nov 21 16:00:26.975822 2025] [:error] [pid 25554:tid 25563] [client 172.98.32.77:55831] [client 172.98.32.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/load.php"] [unique_id "aSAcGh-NtB-9AzFZrk5S2gAAAQU"]
[Fri Nov 21 16:00:27.870227 2025] [:error] [pid 25430:tid 25479] [client 45.132.227.52:35845] [client 45.132.227.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/chosen.php"] [unique_id "aSAcG6pnWJcWt_4foXlDQwAAAFM"]
[Fri Nov 21 16:00:29.762048 2025] [:error] [pid 25431:tid 25502] [client 45.132.227.54:28851] [client 45.132.227.54] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-wp-theme-float.php"] [unique_id "aSAcHcklhXxmoIExII0zXQAAAI8"]
[Fri Nov 21 16:00:32.039886 2025] [:error] [pid 25554:tid 25559] [client 45.132.227.60:61195] [client 45.132.227.60] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/wp-style.php"] [unique_id "aSAcIB-NtB-9AzFZrk5S-QAAAQE"]
[Fri Nov 21 16:00:34.542038 2025] [:error] [pid 25554:tid 25564] [client 172.98.32.79:42161] File does not exist: /usr/local/apache/htdocs/suspended-page/setup-config.php
[Fri Nov 21 16:00:34.971244 2025] [:error] [pid 25554:tid 25575] [client 172.98.32.79:42161] [client 172.98.32.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/autoload_classmap.php"] [unique_id "aSAcIh-NtB-9AzFZrk5TAwAAARE"]
[Fri Nov 21 16:00:36.706129 2025] [:error] [pid 25554:tid 25568] [client 136.144.42.70:49753] File does not exist: /usr/local/apache/htdocs/suspended-page/type.php
[Fri Nov 21 16:00:37.133708 2025] [:error] [pid 25554:tid 25571] [client 136.144.42.70:49753] [client 136.144.42.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-bindings/admin.php"] [unique_id "aSAcJR-NtB-9AzFZrk5TEQAAAQ0"]
[Fri Nov 21 16:00:38.046511 2025] [:error] [pid 25430:tid 25466] [client 172.98.32.77:48019] [client 172.98.32.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/autoload_classmap.php"] [unique_id "aSAcJqpnWJcWt_4foXlDowAAAEY"]
[Fri Nov 21 16:00:39.408660 2025] [:error] [pid 25521:tid 25543] [client 172.98.32.100:62499] [client 172.98.32.100] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/db.php"] [unique_id "aSAcJ_hXnBMilDddn3XnpAAAANQ"]
[Fri Nov 21 16:00:42.519031 2025] [:error] [pid 46939:tid 46963] [client 172.98.32.100:44067] File does not exist: /usr/local/apache/htdocs/suspended-page/goat.php
[Fri Nov 21 16:00:44.313937 2025] [:error] [pid 46939:tid 46958] [client 172.98.32.100:44067] [client 172.98.32.100] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/system.php"] [unique_id "aSAcLO0OmVoxD4VZ_ZlwsQAAAVA"]
[Fri Nov 21 16:00:45.631703 2025] [:error] [pid 25431:tid 25508] [client 45.132.227.66:20013] [client 45.132.227.66] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-bindings/about.php"] [unique_id "aSAcLcklhXxmoIExII0zowAAAJU"]
[Fri Nov 21 16:00:47.401268 2025] [:error] [pid 25521:tid 25534] [client 172.98.32.95:55573] [client 172.98.32.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/class-wp-customize-upload-control-cookie.php"] [unique_id "aSAcL_hXnBMilDddn3XnxAAAAMs"]
[Fri Nov 21 16:00:48.284674 2025] [:error] [pid 25429:tid 25434] [client 136.144.42.69:35487] [client 136.144.42.69] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/simi.php"] [unique_id "aSAcMD4rZbRSr7vu-NOoPQAAAAE"]
[Fri Nov 21 16:00:49.153697 2025] [:error] [pid 25554:tid 25574] [client 172.98.32.83:52445] [client 172.98.32.83] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class-wp-taxonomy-sample.php"] [unique_id "aSAcMR-NtB-9AzFZrk5TWgAAARA"]
[Fri Nov 21 16:10:58.558123 2025] [:error] [pid 25431:tid 25508] [client 213.21.239.4:35442] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.svn/wc.db"] [unique_id "aSAeksklhXxmoIExII086QAAAJU"]
[Fri Nov 21 18:24:40.824868 2025] [:error] [pid 25431:tid 25488] [client 43.157.188.74:48018] [client 43.157.188.74] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aSA96MklhXxmoIExII1sigAAAIE"]
[Fri Nov 21 18:34:51.413907 2025] [:error] [pid 46939:tid 46962] [client 145.239.10.137:44239] File does not exist: /usr/local/apache/htdocs/suspended-page/natural.php, referer: http://randolphaircraft.com.au/natural.php
[Fri Nov 21 18:45:32.383273 2025] [:error] [pid 25431:tid 25493] [client 104.28.240.83:18333] [client 104.28.240.83] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 104.28.240.83, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aSBCzMklhXxmoIExII1y7QAAAIY"]
[Fri Nov 21 18:45:32.385847 2025] [:error] [pid 25431:tid 25493] [client 104.28.240.83:18333] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php
[Fri Nov 21 19:07:36.891721 2025] [:error] [pid 25521:tid 25527] [client 101.91.148.219:33324] [client 101.91.148.219] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aSBH-PhXnBMilDddn3UlqQAAAMQ"]
[Fri Nov 21 21:16:10.073127 2025] [:error] [pid 25521:tid 25531] [client 103.249.38.149:58912] [client 103.249.38.149] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 103.249.38.149, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aSBmGvhXnBMilDddn3VZswAAAMg"]
[Fri Nov 21 21:16:10.076780 2025] [:error] [pid 25521:tid 25531] [client 103.249.38.149:58912] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Sat Nov 22 01:46:11.988704 2025] [:error] [pid 9180:tid 9187] [client 101.91.148.219:49046] [client 101.91.148.219] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aSClY7rk9msixUFV2i-evAAAAEU"]
[Sat Nov 22 02:13:28.967039 2025] [:error] [pid 49643:tid 49919] [client 43.153.119.119:55684] [client 43.153.119.119] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aSCryJwUojIRHhF_fj-eOgAAAMA"]
[Sat Nov 22 03:52:57.613590 2025] [:error] [pid 53478:tid 53520] [client 103.167.150.158:59873] [client 103.167.150.158] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/media/system/js/core.js"] [unique_id "aSDDGQhUYdXBbQswAdTU5gAAAEs"]
[Sat Nov 22 04:23:50.022218 2025] [:error] [pid 53477:tid 53500] [client 45.55.158.254:39772] [client 45.55.158.254] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSDKVn7Lu30Ku9O40aKs1gAAABM"]
[Sat Nov 22 06:56:47.493022 2025] [:error] [pid 53566:tid 53587] [client 212.116.231.26:51564] [client 212.116.231.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aSDuL8bSHDBkRbwMbd5nlgAAANM"]
[Sat Nov 22 06:56:48.303277 2025] [:error] [pid 53566:tid 53572] [client 212.116.231.26:52022] [client 212.116.231.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aSDuMMbSHDBkRbwMbd5nogAAAMQ"]
[Sat Nov 22 06:56:49.113429 2025] [:error] [pid 53477:tid 53484] [client 212.116.231.26:52452] [client 212.116.231.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aSDuMX7Lu30Ku9O40aIHDgAAAAM"]
[Sat Nov 22 06:56:49.928786 2025] [:error] [pid 9547:tid 9566] [client 212.116.231.26:45782] [client 212.116.231.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aSDuMdClOR5qk7DoMeGl5AAAAU0"]
[Sat Nov 22 06:56:50.745860 2025] [:error] [pid 53478:tid 53509] [client 212.116.231.26:46304] [client 212.116.231.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aSDuMghUYdXBbQswAdRAaAAAAEA"]
[Sat Nov 22 06:56:52.000623 2025] [:error] [pid 53478:tid 53519] [client 212.116.231.26:46792] [client 212.116.231.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/dist/"] [unique_id "aSDuMwhUYdXBbQswAdRAeAAAAEo"]
[Sat Nov 22 06:56:52.813841 2025] [:error] [pid 9547:tid 9561] [client 212.116.231.26:47440] [client 212.116.231.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/dist/"] [unique_id "aSDuNNClOR5qk7DoMeGmIAAAAUg"]
[Sat Nov 22 06:56:53.646876 2025] [:error] [pid 53477:tid 53494] [client 212.116.231.26:47920] [client 212.116.231.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/dist/"] [unique_id "aSDuNX7Lu30Ku9O40aIHQQAAAA0"]
[Sat Nov 22 06:56:54.473571 2025] [:error] [pid 53477:tid 53500] [client 212.116.231.26:48312] [client 212.116.231.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/dist/"] [unique_id "aSDuNn7Lu30Ku9O40aIHVAAAABM"]
[Sat Nov 22 06:56:55.308564 2025] [:error] [pid 53477:tid 53482] [client 212.116.231.26:48676] [client 212.116.231.26] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/dist/"] [unique_id "aSDuN37Lu30Ku9O40aIHXAAAAAE"]
[Sat Nov 22 08:24:50.475695 2025] [:error] [pid 53479:tid 53542] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/manager.php
[Sat Nov 22 08:24:50.600259 2025] [:error] [pid 53479:tid 53546] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/bless.php
[Sat Nov 22 08:24:50.751337 2025] [:error] [pid 53479:tid 53550] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/O-Simple.php
[Sat Nov 22 08:24:50.870590 2025] [:error] [pid 53479:tid 53555] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/lock360.php
[Sat Nov 22 08:24:51.019125 2025] [:error] [pid 53479:tid 53551] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/zwso.php
[Sat Nov 22 08:24:51.123616 2025] [:error] [pid 53479:tid 53538] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Sat Nov 22 08:24:51.259398 2025] [:error] [pid 53479:tid 53541] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Sat Nov 22 08:24:51.442228 2025] [:error] [pid 53479:tid 53547] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php
[Sat Nov 22 08:24:51.773635 2025] [:error] [pid 53479:tid 53548] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/mah.php
[Sat Nov 22 08:24:52.006433 2025] [:error] [pid 53479:tid 53536] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/core.php
[Sat Nov 22 08:24:52.149521 2025] [:error] [pid 53479:tid 53549] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/robots.php
[Sat Nov 22 08:24:52.278333 2025] [:error] [pid 53479:tid 53545] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/inputs.php
[Sat Nov 22 08:24:52.457643 2025] [:error] [pid 53479:tid 53560] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/mini.php
[Sat Nov 22 08:24:52.676951 2025] [:error] [pid 53479:tid 53543] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/goods.php
[Sat Nov 22 08:24:52.822056 2025] [:error] [pid 53479:tid 53558] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/file5.php
[Sat Nov 22 08:24:52.936689 2025] [:error] [pid 53479:tid 53554] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/ahax.php
[Sat Nov 22 08:24:53.091243 2025] [:error] [pid 53479:tid 53556] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/f35.php
[Sat Nov 22 08:24:53.240646 2025] [:error] [pid 53479:tid 53559] [client 194.5.82.116:26497] File does not exist: /usr/local/apache/htdocs/suspended-page/simple.php
[Sat Nov 22 08:24:56.460923 2025] [:error] [pid 53479:tid 53545] [client 194.5.82.116:26497] [client 194.5.82.116] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/pwnd/pwnd.php"] [unique_id "aSEC2G6cicFF3Aas-oS6rQAAAIk"]
[Sat Nov 22 14:14:17.760165 2025] [:error] [pid 53566:tid 53591] [client 182.42.105.85:53526] [client 182.42.105.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aSFUucbSHDBkRbwMbd7pcgAAANc"]
[Sat Nov 22 16:15:30.916413 2025] [:error] [pid 53479:tid 53550] [client 20.234.11.210:21212] [client 20.234.11.210] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "aSFxIm6cicFF3Aas-oRbpgAAAI4"]
[Sat Nov 22 16:15:33.327268 2025] [:error] [pid 53566:tid 53586] [client 20.234.11.210:21200] [client 20.234.11.210] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "aSFxJcbSHDBkRbwMbd4FTQAAANI"]
[Sat Nov 22 16:15:34.432383 2025] [:error] [pid 25856:tid 25860] [client 20.234.11.210:59212] [client 20.234.11.210] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "aSFxJhsTP0wy94zKUvGOpQAAAQI"]
[Sat Nov 22 16:15:37.371116 2025] [:error] [pid 53477:tid 53488] [client 20.234.11.210:21209] [client 20.234.11.210] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "aSFxKX7Lu30Ku9O40aKQ-QAAAAc"]
[Sat Nov 22 18:59:33.898708 2025] [:error] [pid 53479:tid 53547] [client 177.190.179.136:16744] [client 177.190.179.136] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 177.190.179.136, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aSGXlW6cicFF3Aas-oSVwQAAAIs"]
[Sat Nov 22 18:59:33.903247 2025] [:error] [pid 53479:tid 53547] [client 177.190.179.136:16744] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Sat Nov 22 22:46:12.010609 2025] [:error] [pid 53566:tid 53588] [client 159.203.89.146:45682] [client 159.203.89.146] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSHMtMbSHDBkRbwMbd5yaQAAANQ"]
[Sun Nov 23 01:31:17.235898 2025] [:error] [pid 8816:tid 8891] [client 159.203.89.146:45402] [client 159.203.89.146] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSHzZZb4RIAN-_BXnHldZgAAAIc"]
[Sun Nov 23 02:53:52.778593 2025] [:error] [pid 8816:tid 8900] [client 193.37.33.246:27901] [client 193.37.33.246] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 193.37.33.246, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aSIGwJb4RIAN-_BXnHmMhQAAAI8"]
[Sun Nov 23 02:53:52.782667 2025] [:error] [pid 8816:tid 8900] [client 193.37.33.246:27901] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php
[Sun Nov 23 03:26:38.162268 2025] [:error] [pid 39719:tid 39796] [client 182.44.67.97:33050] [client 182.44.67.97] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aSIObhmP4k0tY5Yex-X0LwAAARQ"]
[Sun Nov 23 05:42:58.250247 2025] [:error] [pid 38824:tid 38839] [client 216.126.225.91:55828] [client 216.126.225.91] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSIuYk8WZjXLvbHTHPfKvAAAAMw"]
[Sun Nov 23 06:43:23.256951 2025] [:error] [pid 38739:tid 38792] [client 172.161.94.9:14168] File does not exist: /usr/local/apache/htdocs/suspended-page/m.php
[Sun Nov 23 06:43:23.496387 2025] [:error] [pid 38739:tid 38774] [client 172.161.94.9:14168] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php
[Sun Nov 23 06:43:23.749420 2025] [:error] [pid 38739:tid 38784] [client 172.161.94.9:14168] File does not exist: /usr/local/apache/htdocs/suspended-page/marijuana.php
[Sun Nov 23 06:43:24.242448 2025] [:error] [pid 38739:tid 38769] [client 172.161.94.9:14168] File does not exist: /usr/local/apache/htdocs/suspended-page/readme.php
[Sun Nov 23 06:43:24.486077 2025] [:error] [pid 38739:tid 38778] [client 172.161.94.9:14168] File does not exist: /usr/local/apache/htdocs/suspended-page/gmo.php
[Sun Nov 23 06:43:24.741151 2025] [:error] [pid 38739:tid 38787] [client 172.161.94.9:14168] File does not exist: /usr/local/apache/htdocs/suspended-page/autoload_classmap.php
[Sun Nov 23 06:43:25.118636 2025] [:error] [pid 38739:tid 38779] [client 172.161.94.9:14168] [client 172.161.94.9] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/html-api/wp-conflg.php"] [unique_id "aSI8jQdvEgJm2n2cDmofHQAAAEo"]
[Sun Nov 23 06:43:26.231135 2025] [:error] [pid 44652:tid 44708] [client 172.161.94.9:14278] File does not exist: /usr/local/apache/htdocs/suspended-page/nc4.php
[Sun Nov 23 06:43:26.714092 2025] [:error] [pid 44652:tid 44728] [client 172.161.94.9:14278] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/g.php"] [unique_id "aSI8jtiQFwsyXQDhwyDeRwAAARY"]
[Sun Nov 23 06:43:28.000176 2025] [:error] [pid 38824:tid 38850] [client 172.161.94.9:14225] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/g.php"] [unique_id "aSI8j08WZjXLvbHTHPfdXwAAANc"]
[Sun Nov 23 06:43:29.402251 2025] [:error] [pid 38824:tid 38835] [client 172.161.94.9:14273] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/g.php"] [unique_id "aSI8kU8WZjXLvbHTHPfdYQAAAMg"]
[Sun Nov 23 06:43:31.078822 2025] [:error] [pid 38739:tid 38786] [client 172.161.94.9:49832] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/g.php"] [unique_id "aSI8kwdvEgJm2n2cDmofLwAAAFE"]
[Sun Nov 23 06:43:33.180354 2025] [:error] [pid 38739:tid 38769] [client 172.161.94.9:49918] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/13.php"] [unique_id "aSI8lQdvEgJm2n2cDmofNwAAAEA"]
[Sun Nov 23 06:43:35.586318 2025] [:error] [pid 38739:tid 38792] [client 172.161.94.9:14104] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/13.php"] [unique_id "aSI8lwdvEgJm2n2cDmofQwAAAFc"]
[Sun Nov 23 06:43:37.646654 2025] [:error] [pid 38739:tid 38772] [client 172.161.94.9:49876] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/13.php"] [unique_id "aSI8mQdvEgJm2n2cDmofTwAAAEM"]
[Sun Nov 23 06:43:39.060050 2025] [:error] [pid 44652:tid 44713] [client 172.161.94.9:49870] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/13.php"] [unique_id "aSI8m9iQFwsyXQDhwyDeZgAAAQc"]
[Sun Nov 23 06:43:42.387478 2025] [:error] [pid 38740:tid 38806] [client 172.161.94.9:14094] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/maint/about.php"] [unique_id "aSI8ng13QPZSi6O8umWuzgAAAIo"]
[Sun Nov 23 06:43:45.688597 2025] [:error] [pid 38739:tid 38773] [client 172.161.94.9:14097] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/maint/about.php"] [unique_id "aSI8oQdvEgJm2n2cDmofbgAAAEQ"]
[Sun Nov 23 06:43:47.259819 2025] [:error] [pid 38739:tid 38782] [client 172.161.94.9:14115] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/maint/about.php"] [unique_id "aSI8owdvEgJm2n2cDmofdgAAAE0"]
[Sun Nov 23 06:43:51.669062 2025] [:error] [pid 38824:tid 38846] [client 172.161.94.9:14087] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/maint/about.php"] [unique_id "aSI8p08WZjXLvbHTHPfdgAAAANM"]
[Sun Nov 23 06:43:54.706163 2025] [:error] [pid 38738:tid 38752] [client 172.161.94.9:14122] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/adminer.php"] [unique_id "aSI8qgytc6TL9XavPmPjegAAAAo"]
[Sun Nov 23 06:43:56.591138 2025] [:error] [pid 38739:tid 38786] [client 172.161.94.9:14143] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/adminer.php"] [unique_id "aSI8rAdvEgJm2n2cDmofpAAAAFE"]
[Sun Nov 23 06:43:58.874854 2025] [:error] [pid 38740:tid 38817] [client 172.161.94.9:14126] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/adminer.php"] [unique_id "aSI8rg13QPZSi6O8umWu5AAAAJU"]
[Sun Nov 23 06:44:01.093175 2025] [:error] [pid 38824:tid 38842] [client 172.161.94.9:50208] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/adminer.php"] [unique_id "aSI8sU8WZjXLvbHTHPfdiQAAAM8"]
[Sun Nov 23 06:44:03.701036 2025] [:error] [pid 38738:tid 38749] [client 172.161.94.9:50296] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/images/wp-ksv1i.php"] [unique_id "aSI8swytc6TL9XavPmPjpAAAAAc"]
[Sun Nov 23 06:44:07.198097 2025] [:error] [pid 38739:tid 38769] [client 172.161.94.9:50286] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/images/wp-ksv1i.php"] [unique_id "aSI8twdvEgJm2n2cDmogBgAAAEA"]
[Sun Nov 23 06:44:10.975311 2025] [:error] [pid 44652:tid 44714] [client 172.161.94.9:50192] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/images/wp-ksv1i.php"] [unique_id "aSI8utiQFwsyXQDhwyDeiAAAAQg"]
[Sun Nov 23 06:44:13.381427 2025] [:error] [pid 38739:tid 38775] [client 172.161.94.9:50257] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/images/wp-ksv1i.php"] [unique_id "aSI8vQdvEgJm2n2cDmogEQAAAEY"]
[Sun Nov 23 06:44:14.981942 2025] [:error] [pid 44652:tid 44726] [client 172.161.94.9:50278] [client 172.161.94.9] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/crop/zmFM.php"] [unique_id "aSI8vtiQFwsyXQDhwyDeigAAARQ"]
[Sun Nov 23 06:44:17.061814 2025] [:error] [pid 44652:tid 44718] [client 172.161.94.9:50195] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/admin.php"] [unique_id "aSI8wdiQFwsyXQDhwyDejAAAAQw"]
[Sun Nov 23 06:44:19.432678 2025] [:error] [pid 44652:tid 44709] [client 172.161.94.9:50302] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/admin.php"] [unique_id "aSI8w9iQFwsyXQDhwyDejQAAAQM"]
[Sun Nov 23 06:44:21.059470 2025] [:error] [pid 44652:tid 44706] [client 172.161.94.9:50205] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/admin.php"] [unique_id "aSI8xdiQFwsyXQDhwyDekAAAAQA"]
[Sun Nov 23 06:44:24.707918 2025] [:error] [pid 44652:tid 44729] [client 172.161.94.9:50291] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/admin.php"] [unique_id "aSI8yNiQFwsyXQDhwyDelAAAARc"]
[Sun Nov 23 06:44:28.251840 2025] [:error] [pid 38740:tid 38800] [client 172.161.94.9:14085] [client 172.161.94.9] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/0.php"] [unique_id "aSI8zA13QPZSi6O8umWvMwAAAIQ"]
[Sun Nov 23 06:44:29.886307 2025] [:error] [pid 44652:tid 44725] [client 172.161.94.9:50273] [client 172.161.94.9] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/style-engine/about.php"] [unique_id "aSI8zdiQFwsyXQDhwyDepgAAARM"]
[Sun Nov 23 06:44:33.413301 2025] [:error] [pid 38740:tid 38811] [client 172.161.94.9:50515] File does not exist: /usr/local/apache/htdocs/suspended-page/404.php
[Sun Nov 23 06:44:33.652249 2025] [:error] [pid 38740:tid 38803] [client 172.161.94.9:50515] File does not exist: /usr/local/apache/htdocs/suspended-page/i1.php
[Sun Nov 23 06:44:33.891819 2025] [:error] [pid 38740:tid 38799] [client 172.161.94.9:50515] File does not exist: /usr/local/apache/htdocs/suspended-page/link.php
[Sun Nov 23 06:44:35.656470 2025] [:error] [pid 38740:tid 38800] [client 172.161.94.9:50515] File does not exist: /usr/local/apache/htdocs/suspended-page/xx.php
[Sun Nov 23 06:44:36.630181 2025] [:error] [pid 38740:tid 38801] [client 172.161.94.9:50515] File does not exist: /usr/local/apache/htdocs/suspended-page/mail.php
[Sun Nov 23 06:44:37.130259 2025] [:error] [pid 38740:tid 38798] [client 172.161.94.9:50515] File does not exist: /usr/local/apache/htdocs/suspended-page/17.php
[Sun Nov 23 06:44:37.370834 2025] [:error] [pid 38740:tid 38806] [client 172.161.94.9:50515] File does not exist: /usr/local/apache/htdocs/suspended-page/0.php
[Sun Nov 23 06:44:37.607285 2025] [:error] [pid 38740:tid 38813] [client 172.161.94.9:50515] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/maint/Mailer.php"] [unique_id "aSI81Q13QPZSi6O8umWvRgAAAJE"]
[Sun Nov 23 06:44:39.439138 2025] [:error] [pid 38738:tid 38757] [client 172.161.94.9:50607] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/maint/Mailer.php"] [unique_id "aSI81wytc6TL9XavPmPj0wAAAA8"]
[Sun Nov 23 06:44:42.119382 2025] [:error] [pid 38739:tid 38787] [client 172.161.94.9:50562] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/maint/Mailer.php"] [unique_id "aSI82gdvEgJm2n2cDmogWQAAAFI"]
[Sun Nov 23 06:44:44.934442 2025] [:error] [pid 38740:tid 38801] [client 172.161.94.9:50611] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/maint/Mailer.php"] [unique_id "aSI83A13QPZSi6O8umWvUgAAAIU"]
[Sun Nov 23 06:44:56.111403 2025] [:error] [pid 44652:tid 44714] [client 172.161.94.9:50529] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-configs.php"] [unique_id "aSI86NiQFwsyXQDhwyDe0wAAAQg"]
[Sun Nov 23 06:44:56.778985 2025] [:error] [pid 38824:tid 38849] [client 172.161.94.9:50587] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-configs.php"] [unique_id "aSI86E8WZjXLvbHTHPfd3gAAANY"]
[Sun Nov 23 06:44:57.626290 2025] [:error] [pid 44652:tid 44710] [client 172.161.94.9:50545] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-configs.php"] [unique_id "aSI86diQFwsyXQDhwyDe1AAAAQQ"]
[Sun Nov 23 06:44:59.903089 2025] [:error] [pid 38738:tid 38748] [client 172.161.94.9:50503] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-configs.php"] [unique_id "aSI86wytc6TL9XavPmPj-QAAAAY"]
[Sun Nov 23 06:45:02.745991 2025] [:error] [pid 38740:tid 38799] [client 172.161.94.9:50954] [client 172.161.94.9] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/codemirror/index.php"] [unique_id "aSI87g13QPZSi6O8umWvdgAAAIM"]
[Sun Nov 23 06:45:06.288342 2025] [:error] [pid 44652:tid 44710] [client 172.161.94.9:50914] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/click.php"] [unique_id "aSI88tiQFwsyXQDhwyDe4wAAAQQ"]
[Sun Nov 23 06:45:09.469499 2025] [:error] [pid 38739:tid 38783] [client 172.161.94.9:50963] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/click.php"] [unique_id "aSI89QdvEgJm2n2cDmogjwAAAE4"]
[Sun Nov 23 06:45:10.582422 2025] [:error] [pid 38740:tid 38820] [client 172.161.94.9:50910] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/click.php"] [unique_id "aSI89g13QPZSi6O8umWvjwAAAJg"]
[Sun Nov 23 06:45:12.882785 2025] [:error] [pid 38738:tid 38766] [client 172.161.94.9:50989] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/install.php"] [unique_id "aSI8-Aytc6TL9XavPmPkNwAAABg"]
[Sun Nov 23 06:45:15.535613 2025] [:error] [pid 44652:tid 44719] [client 172.161.94.9:50979] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/install.php"] [unique_id "aSI8-9iQFwsyXQDhwyDfgwAAAQ0"]
[Sun Nov 23 06:45:16.913849 2025] [:error] [pid 38739:tid 38776] [client 172.161.94.9:50898] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/install.php"] [unique_id "aSI8_AdvEgJm2n2cDmohFgAAAEc"]
[Sun Nov 23 06:45:21.014813 2025] [:error] [pid 38739:tid 38770] [client 172.161.94.9:50951] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/install.php"] [unique_id "aSI9AQdvEgJm2n2cDmohJAAAAEE"]
[Sun Nov 23 06:45:25.646722 2025] [:error] [pid 38738:tid 38760] [client 172.161.94.9:50942] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/10.php"] [unique_id "aSI9BQytc6TL9XavPmPksgAAABI"]
[Sun Nov 23 06:45:28.011920 2025] [:error] [pid 38824:tid 38851] [client 172.161.94.9:50926] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/10.php"] [unique_id "aSI9CE8WZjXLvbHTHPfengAAANg"]
[Sun Nov 23 06:45:31.734096 2025] [:error] [pid 38738:tid 38744] [client 172.161.94.9:50949] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/10.php"] [unique_id "aSI9Cwytc6TL9XavPmPktwAAAAI"]
[Sun Nov 23 06:45:34.657110 2025] [:error] [pid 38739:tid 38788] [client 172.161.94.9:51497] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/10.php"] [unique_id "aSI9DgdvEgJm2n2cDmohMgAAAFM"]
[Sun Nov 23 06:45:43.771421 2025] [:error] [pid 44652:tid 44716] [client 172.161.94.9:51408] File does not exist: /usr/local/apache/htdocs/suspended-page/goat1.php
[Sun Nov 23 06:45:44.023505 2025] [:error] [pid 44652:tid 44719] [client 172.161.94.9:51408] File does not exist: /usr/local/apache/htdocs/suspended-page/yu.php
[Sun Nov 23 06:45:44.820001 2025] [:error] [pid 44652:tid 44728] [client 172.161.94.9:51408] File does not exist: /usr/local/apache/htdocs/suspended-page/124.php
[Sun Nov 23 06:45:45.307772 2025] [:error] [pid 44652:tid 44710] [client 172.161.94.9:51408] File does not exist: /usr/local/apache/htdocs/suspended-page/q.php
[Sun Nov 23 06:45:45.550715 2025] [:error] [pid 44652:tid 44711] [client 172.161.94.9:51408] File does not exist: /usr/local/apache/htdocs/suspended-page/123.php
[Sun Nov 23 06:45:46.754871 2025] [:error] [pid 44652:tid 44722] [client 172.161.94.9:51408] File does not exist: /usr/local/apache/htdocs/suspended-page/aa.php
[Sun Nov 23 06:45:47.498738 2025] [:error] [pid 44652:tid 44723] [client 172.161.94.9:51408] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/3.php"] [unique_id "aSI9G9iQFwsyXQDhwyDf2wAAARE"]
[Sun Nov 23 06:45:51.404227 2025] [:error] [pid 38739:tid 38789] [client 172.161.94.9:51488] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/3.php"] [unique_id "aSI9HwdvEgJm2n2cDmohWQAAAFQ"]
[Sun Nov 23 06:45:53.893005 2025] [:error] [pid 38824:tid 38830] [client 172.161.94.9:51440] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/3.php"] [unique_id "aSI9IU8WZjXLvbHTHPfevAAAAMM"]
[Sun Nov 23 06:45:56.355333 2025] [:error] [pid 38740:tid 38809] [client 172.161.94.9:51496] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/3.php"] [unique_id "aSI9JA13QPZSi6O8umWwIwAAAI0"]
[Sun Nov 23 06:45:57.832227 2025] [:error] [pid 38739:tid 38770] [client 172.161.94.9:51457] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin/uploads/images/autoload_classmap.php"] [unique_id "aSI9JQdvEgJm2n2cDmohegAAAEE"]
[Sun Nov 23 06:45:59.849693 2025] [:error] [pid 38740:tid 38805] [client 172.161.94.9:51410] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin/uploads/images/autoload_classmap.php"] [unique_id "aSI9Jw13QPZSi6O8umWwJQAAAIk"]
[Sun Nov 23 06:46:02.236667 2025] [:error] [pid 38740:tid 38814] [client 172.161.94.9:52262] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin/uploads/images/autoload_classmap.php"] [unique_id "aSI9Kg13QPZSi6O8umWwLgAAAJI"]
[Sun Nov 23 06:46:06.022710 2025] [:error] [pid 44652:tid 44715] [client 172.161.94.9:52165] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin/uploads/images/autoload_classmap.php"] [unique_id "aSI9LtiQFwsyXQDhwyDf6QAAAQk"]
[Sun Nov 23 06:46:08.132010 2025] [:error] [pid 44652:tid 44706] [client 172.161.94.9:51458] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/sk.php"] [unique_id "aSI9MNiQFwsyXQDhwyDf7AAAAQA"]
[Sun Nov 23 06:46:11.229449 2025] [:error] [pid 38739:tid 38790] [client 172.161.94.9:52218] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/sk.php"] [unique_id "aSI9MwdvEgJm2n2cDmohkQAAAFU"]
[Sun Nov 23 06:46:12.830614 2025] [:error] [pid 38739:tid 38793] [client 172.161.94.9:52209] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/sk.php"] [unique_id "aSI9NAdvEgJm2n2cDmohlQAAAFg"]
[Sun Nov 23 06:46:17.904052 2025] [:error] [pid 38738:tid 38758] [client 172.161.94.9:52179] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/sk.php"] [unique_id "aSI9OQytc6TL9XavPmPk9wAAABA"]
[Sun Nov 23 06:46:22.498639 2025] [:error] [pid 38738:tid 38748] [client 172.161.94.9:52265] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-crom.php"] [unique_id "aSI9Pgytc6TL9XavPmPk-wAAAAY"]
[Sun Nov 23 06:46:30.206769 2025] [:error] [pid 38740:tid 38813] [client 172.161.94.9:52204] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-crom.php"] [unique_id "aSI9Rg13QPZSi6O8umWwSAAAAJE"]
[Sun Nov 23 06:46:33.983409 2025] [:error] [pid 38824:tid 38845] [client 172.161.94.9:52236] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-crom.php"] [unique_id "aSI9SU8WZjXLvbHTHPfe8wAAANI"]
[Sun Nov 23 06:46:38.473603 2025] [:error] [pid 38824:tid 38832] [client 172.161.94.9:52557] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/max.php"] [unique_id "aSI9Tk8WZjXLvbHTHPfe-wAAAMU"]
[Sun Nov 23 06:46:41.436478 2025] [:error] [pid 38824:tid 38844] [client 172.161.94.9:52556] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/max.php"] [unique_id "aSI9UU8WZjXLvbHTHPffAQAAANE"]
[Sun Nov 23 06:46:43.642363 2025] [:error] [pid 38739:tid 38771] [client 172.161.94.9:52547] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/max.php"] [unique_id "aSI9UwdvEgJm2n2cDmoh1AAAAEI"]
[Sun Nov 23 06:46:45.864612 2025] [:error] [pid 38739:tid 38792] [client 172.161.94.9:52638] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/max.php"] [unique_id "aSI9VQdvEgJm2n2cDmoh2QAAAFc"]
[Sun Nov 23 06:46:47.993617 2025] [:error] [pid 38738:tid 38754] [client 172.161.94.9:52649] File does not exist: /usr/local/apache/htdocs/suspended-page/1100.php
[Sun Nov 23 06:46:48.826605 2025] [:error] [pid 38738:tid 38756] [client 172.161.94.9:52649] File does not exist: /usr/local/apache/htdocs/suspended-page/lock360.php
[Sun Nov 23 06:46:49.075174 2025] [:error] [pid 38738:tid 38759] [client 172.161.94.9:52649] File does not exist: /usr/local/apache/htdocs/suspended-page/up.php
[Sun Nov 23 06:46:49.315948 2025] [:error] [pid 38738:tid 38763] [client 172.161.94.9:52649] File does not exist: /usr/local/apache/htdocs/suspended-page/sim.php
[Sun Nov 23 06:46:49.725649 2025] [:error] [pid 38738:tid 38753] [client 172.161.94.9:52649] File does not exist: /usr/local/apache/htdocs/suspended-page/ioxi-o.php
[Sun Nov 23 06:46:49.997507 2025] [:error] [pid 38738:tid 38750] [client 172.161.94.9:52649] File does not exist: /usr/local/apache/htdocs/suspended-page/oo.php
[Sun Nov 23 06:46:50.251668 2025] [:error] [pid 38738:tid 38764] [client 172.161.94.9:52649] File does not exist: /usr/local/apache/htdocs/suspended-page/alfanew.php
[Sun Nov 23 06:46:50.488829 2025] [:error] [pid 38738:tid 38766] [client 172.161.94.9:52649] [client 172.161.94.9] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/codemirror/about.php"] [unique_id "aSI9Wgytc6TL9XavPmPlIQAAABg"]
[Sun Nov 23 06:46:52.567522 2025] [:error] [pid 38738:tid 38765] [client 172.161.94.9:52604] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ll.php"] [unique_id "aSI9XAytc6TL9XavPmPlJAAAABc"]
[Sun Nov 23 06:46:54.252383 2025] [:error] [pid 44652:tid 44708] [client 172.161.94.9:52664] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ll.php"] [unique_id "aSI9XtiQFwsyXQDhwyDgewAAAQI"]
[Sun Nov 23 06:46:55.754656 2025] [:error] [pid 38739:tid 38769] [client 172.161.94.9:52559] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ll.php"] [unique_id "aSI9XwdvEgJm2n2cDmoh7QAAAEA"]
[Sun Nov 23 06:46:57.965772 2025] [:error] [pid 44652:tid 44713] [client 172.161.94.9:52258] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ll.php"] [unique_id "aSI9YdiQFwsyXQDhwyDggQAAAQc"]
[Sun Nov 23 06:47:00.884197 2025] [:error] [pid 38824:tid 38832] [client 172.161.94.9:52637] [client 172.161.94.9] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/wp-class.php"] [unique_id "aSI9ZE8WZjXLvbHTHPffJgAAAMU"]
[Sun Nov 23 06:47:03.301461 2025] [:error] [pid 38738:tid 38759] [client 172.161.94.9:53241] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ee.php"] [unique_id "aSI9Zwytc6TL9XavPmPlMwAAABE"]
[Sun Nov 23 06:47:06.170793 2025] [:error] [pid 38824:tid 38833] [client 172.161.94.9:53192] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ee.php"] [unique_id "aSI9ak8WZjXLvbHTHPffOAAAAMY"]
[Sun Nov 23 06:47:12.239491 2025] [:error] [pid 38740:tid 38796] [client 172.161.94.9:53244] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ee.php"] [unique_id "aSI9cA13QPZSi6O8umWwawAAAIA"]
[Sun Nov 23 06:47:17.195166 2025] [:error] [pid 38738:tid 38759] [client 172.161.94.9:52630] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSI9dQytc6TL9XavPmPlPwAAABE"]
[Sun Nov 23 06:47:21.964797 2025] [:error] [pid 38739:tid 38790] [client 172.161.94.9:52556] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSI9eQdvEgJm2n2cDmoiEQAAAFU"]
[Sun Nov 23 06:47:24.035626 2025] [:error] [pid 38739:tid 38778] [client 172.161.94.9:53272] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSI9fAdvEgJm2n2cDmoiFQAAAEk"]
[Sun Nov 23 06:47:29.127970 2025] [:error] [pid 38739:tid 38789] [client 172.161.94.9:52616] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSI9gQdvEgJm2n2cDmoiGwAAAFQ"]
[Sun Nov 23 06:47:30.121656 2025] [:error] [pid 38739:tid 38782] [client 172.161.94.9:53207] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wi.php"] [unique_id "aSI9ggdvEgJm2n2cDmoiIAAAAE0"]
[Sun Nov 23 06:47:32.980630 2025] [:error] [pid 38738:tid 38755] [client 172.161.94.9:53234] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wi.php"] [unique_id "aSI9hAytc6TL9XavPmPlXQAAAA0"]
[Sun Nov 23 06:47:35.155266 2025] [:error] [pid 38824:tid 38844] [client 172.161.94.9:53929] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wi.php"] [unique_id "aSI9h08WZjXLvbHTHPffpQAAANE"]
[Sun Nov 23 06:47:39.963305 2025] [:error] [pid 38740:tid 38802] [client 172.161.94.9:53917] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wi.php"] [unique_id "aSI9iw13QPZSi6O8umWwnAAAAIY"]
[Sun Nov 23 06:47:42.034869 2025] [:error] [pid 38824:tid 38849] [client 172.161.94.9:53897] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/mms.php"] [unique_id "aSI9jk8WZjXLvbHTHPffsQAAANY"]
[Sun Nov 23 06:47:45.073634 2025] [:error] [pid 44652:tid 44727] [client 172.161.94.9:53840] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/mms.php"] [unique_id "aSI9kdiQFwsyXQDhwyDgygAAARU"]
[Sun Nov 23 06:47:48.543181 2025] [:error] [pid 38824:tid 38850] [client 172.161.94.9:53883] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/mms.php"] [unique_id "aSI9lE8WZjXLvbHTHPfftwAAANc"]
[Sun Nov 23 06:47:49.766164 2025] [:error] [pid 38740:tid 38801] [client 172.161.94.9:53843] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/mms.php"] [unique_id "aSI9lQ13QPZSi6O8umWwqAAAAIU"]
[Sun Nov 23 06:47:51.860919 2025] [:error] [pid 38738:tid 38747] [client 172.161.94.9:53903] [client 172.161.94.9] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/about.php"] [unique_id "aSI9lwytc6TL9XavPmPlcQAAAAU"]
[Sun Nov 23 06:47:55.275411 2025] [:error] [pid 38739:tid 38769] [client 172.161.94.9:53882] File does not exist: /usr/local/apache/htdocs/suspended-page/v4.php
[Sun Nov 23 06:47:55.513907 2025] [:error] [pid 38739:tid 38788] [client 172.161.94.9:53882] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-mn.php
[Sun Nov 23 06:47:55.756232 2025] [:error] [pid 38739:tid 38781] [client 172.161.94.9:53882] File does not exist: /usr/local/apache/htdocs/suspended-page/222.php
[Sun Nov 23 06:47:56.244267 2025] [:error] [pid 38739:tid 38790] [client 172.161.94.9:53882] File does not exist: /usr/local/apache/htdocs/suspended-page/lock360.php
[Sun Nov 23 06:47:56.522430 2025] [:error] [pid 38739:tid 38789] [client 172.161.94.9:53882] [client 172.161.94.9] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/autoload_classmap.php"] [unique_id "aSI9nAdvEgJm2n2cDmoiXwAAAFQ"]
[Sun Nov 23 06:47:58.844811 2025] [:error] [pid 38738:tid 38763] [client 172.161.94.9:53914] File does not exist: /usr/local/apache/htdocs/suspended-page/po.php
[Sun Nov 23 06:47:59.097336 2025] [:error] [pid 38738:tid 38746] [client 172.161.94.9:53914] File does not exist: /usr/local/apache/htdocs/suspended-page/zews.php
[Sun Nov 23 06:47:59.605358 2025] [:error] [pid 38738:tid 38760] [client 172.161.94.9:53914] File does not exist: /usr/local/apache/htdocs/suspended-page/usage-file.php
[Sun Nov 23 06:48:03.606518 2025] [:error] [pid 38738:tid 38764] [client 172.161.94.9:53914] [client 172.161.94.9] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/assets/js/wp-config.php"] [unique_id "aSI9owytc6TL9XavPmPlhQAAABY"]
[Sun Nov 23 06:48:14.599025 2025] [:error] [pid 38738:tid 38744] [client 172.161.94.9:54548] File does not exist: /usr/local/apache/htdocs/suspended-page/Js.php
[Sun Nov 23 06:48:14.901993 2025] [:error] [pid 38738:tid 38744] [client 172.161.94.9:54548] File does not exist: /usr/local/apache/htdocs/suspended-page/menu.php
[Sun Nov 23 06:48:15.153245 2025] [:error] [pid 38738:tid 38746] [client 172.161.94.9:54548] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bs1.php"] [unique_id "aSI9rwytc6TL9XavPmPllwAAAAQ"]
[Sun Nov 23 06:48:20.239990 2025] [:error] [pid 44652:tid 44712] [client 172.161.94.9:54479] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bs1.php"] [unique_id "aSI9tNiQFwsyXQDhwyDhLwAAAQY"]
[Sun Nov 23 06:48:33.998767 2025] [:error] [pid 38824:tid 38830] [client 172.161.94.9:53888] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/build.php"] [unique_id "aSI9wU8WZjXLvbHTHPfgFgAAAMM"]
[Sun Nov 23 06:48:36.843139 2025] [:error] [pid 38824:tid 38844] [client 172.161.94.9:55226] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/build.php"] [unique_id "aSI9xE8WZjXLvbHTHPfgGQAAANE"]
[Sun Nov 23 06:48:38.115356 2025] [:error] [pid 38740:tid 38799] [client 172.161.94.9:55169] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/build.php"] [unique_id "aSI9xg13QPZSi6O8umWw-AAAAIM"]
[Sun Nov 23 06:48:39.272028 2025] [:error] [pid 38738:tid 38751] [client 172.161.94.9:55207] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/build.php"] [unique_id "aSI9xwytc6TL9XavPmPl9wAAAAk"]
[Sun Nov 23 06:48:40.740038 2025] [:error] [pid 38738:tid 38766] [client 172.161.94.9:55189] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ab.php"] [unique_id "aSI9yAytc6TL9XavPmPl_AAAABg"]
[Sun Nov 23 06:48:43.250902 2025] [:error] [pid 38740:tid 38810] [client 172.161.94.9:54566] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ab.php"] [unique_id "aSI9yw13QPZSi6O8umWw_gAAAI4"]
[Sun Nov 23 06:48:45.151835 2025] [:error] [pid 44652:tid 44711] [client 172.161.94.9:54541] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ab.php"] [unique_id "aSI9zdiQFwsyXQDhwyDhTQAAAQU"]
[Sun Nov 23 06:48:47.554658 2025] [:error] [pid 38740:tid 38812] [client 172.161.94.9:55177] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ab.php"] [unique_id "aSI9zw13QPZSi6O8umWxBQAAAJA"]
[Sun Nov 23 06:48:50.130096 2025] [:error] [pid 38738:tid 38754] [client 172.161.94.9:55113] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ahax.php"] [unique_id "aSI90gytc6TL9XavPmPmEgAAAAw"]
[Sun Nov 23 06:48:54.799350 2025] [:error] [pid 38740:tid 38806] [client 172.161.94.9:55142] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ahax.php"] [unique_id "aSI91g13QPZSi6O8umWxGAAAAIo"]
[Sun Nov 23 06:48:57.244153 2025] [:error] [pid 38740:tid 38797] [client 172.161.94.9:55126] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ahax.php"] [unique_id "aSI92Q13QPZSi6O8umWxGwAAAIE"]
[Sun Nov 23 06:48:59.856665 2025] [:error] [pid 38740:tid 38812] [client 172.161.94.9:55198] [client 172.161.94.9] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ahax.php"] [unique_id "aSI92w13QPZSi6O8umWxHwAAAJA"]
[Sun Nov 23 07:27:07.300754 2025] [:error] [pid 44652:tid 44712] [client 167.71.203.246:57499] File does not exist: /usr/local/apache/htdocs/suspended-page/style.php
[Sun Nov 23 16:40:21.293696 2025] [:error] [pid 38824:tid 38830] [client 176.65.132.18:53640] [client 176.65.132.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSLIdU8WZjXLvbHTHPeoBQAAAMM"]
[Sun Nov 23 16:44:55.305322 2025] [:error] [pid 38824:tid 38840] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/manager.php
[Sun Nov 23 16:44:55.519285 2025] [:error] [pid 38824:tid 38837] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/bless.php
[Sun Nov 23 16:44:55.619568 2025] [:error] [pid 38824:tid 38844] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/O-Simple.php
[Sun Nov 23 16:44:55.802274 2025] [:error] [pid 38824:tid 38843] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/lock360.php
[Sun Nov 23 16:44:55.944287 2025] [:error] [pid 38824:tid 38846] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/zwso.php
[Sun Nov 23 16:44:56.068084 2025] [:error] [pid 38824:tid 38840] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Sun Nov 23 16:44:56.226280 2025] [:error] [pid 38824:tid 38841] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Sun Nov 23 16:44:56.342733 2025] [:error] [pid 38824:tid 38838] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php
[Sun Nov 23 16:44:56.710026 2025] [:error] [pid 38824:tid 38851] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/mah.php
[Sun Nov 23 16:44:56.973600 2025] [:error] [pid 38824:tid 38840] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/core.php
[Sun Nov 23 16:44:57.160644 2025] [:error] [pid 38824:tid 38841] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/robots.php
[Sun Nov 23 16:44:57.261413 2025] [:error] [pid 38824:tid 38830] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/inputs.php
[Sun Nov 23 16:44:57.378225 2025] [:error] [pid 38824:tid 38848] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/mini.php
[Sun Nov 23 16:44:57.518802 2025] [:error] [pid 38824:tid 38842] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/goods.php
[Sun Nov 23 16:44:57.748842 2025] [:error] [pid 38824:tid 38832] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/file5.php
[Sun Nov 23 16:44:57.878129 2025] [:error] [pid 38824:tid 38838] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/ahax.php
[Sun Nov 23 16:44:58.345661 2025] [:error] [pid 38824:tid 38831] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/f35.php
[Sun Nov 23 16:44:58.499205 2025] [:error] [pid 38824:tid 38832] [client 140.99.1.44:21431] File does not exist: /usr/local/apache/htdocs/suspended-page/simple.php
[Sun Nov 23 16:45:00.428586 2025] [:error] [pid 38824:tid 38840] [client 140.99.1.44:21431] [client 140.99.1.44] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-content/plugins/pwnd/pwnd.php"] [unique_id "aSLJjE8WZjXLvbHTHPe9tAAAAM0"]
[Sun Nov 23 16:45:01.241973 2025] [:error] [pid 38738:tid 38758] [client 140.99.1.52:20121] [client 140.99.1.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/worksec.php"] [unique_id "aSLJjQytc6TL9XavPmMFxQAAABA"]
[Sun Nov 23 16:45:02.065851 2025] [:error] [pid 38738:tid 38751] [client 140.99.1.50:57761] File does not exist: /usr/local/apache/htdocs/suspended-page/classwithtostring.php
[Sun Nov 23 16:45:02.513279 2025] [:error] [pid 38738:tid 38762] [client 140.99.1.50:57761] [client 140.99.1.50] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/tinyfilemanager.php"] [unique_id "aSLJjgytc6TL9XavPmMF8wAAABQ"]
[Sun Nov 23 16:45:03.309780 2025] [:error] [pid 38740:tid 38807] [client 140.99.1.74:45887] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Sun Nov 23 16:45:03.458843 2025] [:error] [pid 38740:tid 38815] [client 140.99.1.74:45887] [client 140.99.1.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/index.php"] [unique_id "aSLJjw13QPZSi6O8umWjHgAAAJM"]
[Sun Nov 23 16:47:11.238943 2025] [:error] [pid 14602:tid 14641] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/manager.php
[Sun Nov 23 16:47:11.371966 2025] [:error] [pid 14602:tid 14623] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/bless.php
[Sun Nov 23 16:47:11.485135 2025] [:error] [pid 14602:tid 14637] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/O-Simple.php
[Sun Nov 23 16:47:11.671474 2025] [:error] [pid 14602:tid 14640] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/lock360.php
[Sun Nov 23 16:47:11.861970 2025] [:error] [pid 14602:tid 14642] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/zwso.php
[Sun Nov 23 16:47:12.003035 2025] [:error] [pid 14602:tid 14628] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Sun Nov 23 16:47:12.115239 2025] [:error] [pid 14602:tid 14634] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Sun Nov 23 16:47:12.284638 2025] [:error] [pid 14602:tid 14632] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php
[Sun Nov 23 16:47:12.552114 2025] [:error] [pid 14602:tid 14638] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/mah.php
[Sun Nov 23 16:47:12.785093 2025] [:error] [pid 14602:tid 14642] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/core.php
[Sun Nov 23 16:47:12.884673 2025] [:error] [pid 14602:tid 14622] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/robots.php
[Sun Nov 23 16:47:13.045532 2025] [:error] [pid 14602:tid 14638] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/inputs.php
[Sun Nov 23 16:47:13.249110 2025] [:error] [pid 14602:tid 14637] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/mini.php
[Sun Nov 23 16:47:13.405699 2025] [:error] [pid 14602:tid 14626] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/goods.php
[Sun Nov 23 16:47:13.502387 2025] [:error] [pid 14602:tid 14642] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/file5.php
[Sun Nov 23 16:47:13.599949 2025] [:error] [pid 14602:tid 14639] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/ahax.php
[Sun Nov 23 16:47:13.731920 2025] [:error] [pid 14602:tid 14635] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/f35.php
[Sun Nov 23 16:47:13.911463 2025] [:error] [pid 14602:tid 14626] [client 140.99.1.48:28589] File does not exist: /usr/local/apache/htdocs/suspended-page/simple.php
[Sun Nov 23 16:47:24.355040 2025] [:error] [pid 14602:tid 14629] [client 140.99.1.48:28589] [client 140.99.1.48] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/pwnd/pwnd.php"] [unique_id "aSLKHB-I77jdD81pU-mrowAAAUg"]
[Sun Nov 23 16:47:24.985169 2025] [:error] [pid 38738:tid 38757] [client 140.99.1.24:26549] [client 140.99.1.24] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/style-engine/worksec.php"] [unique_id "aSLKHAytc6TL9XavPmMQ0gAAAA8"]
[Sun Nov 23 16:47:25.746133 2025] [:error] [pid 38824:tid 38831] [client 140.99.1.16:44279] File does not exist: /usr/local/apache/htdocs/suspended-page/classwithtostring.php
[Sun Nov 23 16:47:26.208917 2025] [:error] [pid 38824:tid 38847] [client 140.99.1.16:44279] [client 140.99.1.16] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/tinyfilemanager.php"] [unique_id "aSLKHk8WZjXLvbHTHPfHiAAAANQ"]
[Sun Nov 23 16:47:26.675970 2025] [:error] [pid 14602:tid 14626] [client 140.99.1.74:47831] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Sun Nov 23 16:47:26.824140 2025] [:error] [pid 14602:tid 14626] [client 140.99.1.74:47831] [client 140.99.1.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/index.php"] [unique_id "aSLKHh-I77jdD81pU-msDgAAAUU"]
[Sun Nov 23 16:47:27.193586 2025] [:error] [pid 38738:tid 38742] [client 140.99.1.33:50629] File does not exist: /usr/local/apache/htdocs/suspended-page/buy.php
[Sun Nov 23 16:47:28.102531 2025] [:error] [pid 38738:tid 38747] [client 140.99.1.33:50629] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/dyqvcfqv.php"] [unique_id "aSLKIAytc6TL9XavPmMRLgAAAAU"]
[Sun Nov 23 16:47:28.573740 2025] [:error] [pid 38738:tid 38747] [client 140.99.1.48:58359] [client 140.99.1.48] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/about.php"] [unique_id "aSLKIAytc6TL9XavPmMRNwAAAAU"]
[Sun Nov 23 16:47:28.912498 2025] [:error] [pid 38738:tid 38766] [client 140.99.1.65:59929] [client 140.99.1.65] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/crop/admin.php"] [unique_id "aSLKIAytc6TL9XavPmMRPgAAABg"]
[Sun Nov 23 16:47:29.215877 2025] [:error] [pid 38740:tid 38799] [client 140.99.1.68:42187] [client 140.99.1.68] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/wp-conflg.php"] [unique_id "aSLKIQ13QPZSi6O8umWtmwAAAIM"]
[Sun Nov 23 16:47:29.466169 2025] [:error] [pid 16066:tid 16089] [client 140.99.1.18:49657] [client 140.99.1.18] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/admin.php"] [unique_id "aSLKIfq-c47Q5mW5E9GAFwAAAZQ"]
[Sun Nov 23 16:47:29.772189 2025] [:error] [pid 38739:tid 38769] [client 140.99.1.48:35377] [client 140.99.1.48] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/wp-login.php"] [unique_id "aSLKIQdvEgJm2n2cDmo_RwAAAEA"]
[Sun Nov 23 16:47:30.344388 2025] [:error] [pid 38740:tid 38807] [client 140.99.1.78:42963] [client 140.99.1.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/options.php"] [unique_id "aSLKIg13QPZSi6O8umWtuQAAAIs"]
[Sun Nov 23 16:47:30.542369 2025] [:error] [pid 38824:tid 38843] [client 140.99.1.67:46655] File does not exist: /usr/local/apache/htdocs/suspended-page/inc.php
[Sun Nov 23 16:47:30.826687 2025] [:error] [pid 38824:tid 38838] [client 140.99.1.67:46655] [client 140.99.1.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/filemanager.php"] [unique_id "aSLKIk8WZjXLvbHTHPfH8AAAAMs"]
[Sun Nov 23 16:47:31.393392 2025] [:error] [pid 16066:tid 16076] [client 140.99.1.67:53741] [client 140.99.1.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/admin.php"] [unique_id "aSLKI_q-c47Q5mW5E9GAQgAAAYc"]
[Sun Nov 23 16:47:31.772916 2025] [:error] [pid 17534:tid 17548] [client 140.99.1.46:48433] [client 140.99.1.46] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/jquery/jquery.php"] [unique_id "aSLKI3PX9nXBrhgM8sw25QAAAcw"]
[Sun Nov 23 16:47:31.977836 2025] [:error] [pid 38740:tid 38816] [client 140.99.1.33:50109] File does not exist: /usr/local/apache/htdocs/suspended-page/function.php
[Sun Nov 23 16:47:32.217304 2025] [:error] [pid 38740:tid 38797] [client 140.99.1.33:50109] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/block-supports/autoload_classmap.php"] [unique_id "aSLKJA13QPZSi6O8umWt2gAAAIE"]
[Sun Nov 23 16:47:32.530409 2025] [:error] [pid 38739:tid 38792] [client 140.99.1.47:31777] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-signup.php
[Sun Nov 23 16:47:32.846979 2025] [:error] [pid 38739:tid 38793] [client 140.99.1.47:31777] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-blog.php
[Sun Nov 23 16:47:33.221961 2025] [:error] [pid 38739:tid 38788] [client 140.99.1.47:31777] [client 140.99.1.47] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/table/int/tmpl/index.php"] [unique_id "aSLKJQdvEgJm2n2cDmo_cQAAAFM"]
[Sun Nov 23 16:47:33.440272 2025] [:error] [pid 17534:tid 17554] [client 140.99.1.44:62457] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-l0gin.php
[Sun Nov 23 16:47:33.538733 2025] [:error] [pid 17534:tid 17536] [client 140.99.1.44:62457] [client 140.99.1.44] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/jquery/suggest.php"] [unique_id "aSLKJXPX9nXBrhgM8sw3HQAAAcA"]
[Sun Nov 23 16:47:33.907397 2025] [:error] [pid 38738:tid 38754] [client 140.99.1.46:53423] File does not exist: /usr/local/apache/htdocs/suspended-page/new.php
[Sun Nov 23 16:47:34.323463 2025] [:error] [pid 38738:tid 38757] [client 140.99.1.46:53423] [client 140.99.1.46] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/defaults.php"] [unique_id "aSLKJgytc6TL9XavPmMRkgAAAA8"]
[Sun Nov 23 16:47:34.705713 2025] [:error] [pid 17534:tid 17560] [client 140.99.1.77:33055] [client 140.99.1.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/index.php"] [unique_id "aSLKJnPX9nXBrhgM8sw3MAAAAdg"]
[Sun Nov 23 16:47:35.107046 2025] [:error] [pid 44652:tid 44726] [client 140.99.1.42:65535] File does not exist: /usr/local/apache/htdocs/suspended-page/natural.php
[Sun Nov 23 16:47:35.248887 2025] [:error] [pid 44652:tid 44726] [client 140.99.1.42:65535] File does not exist: /usr/local/apache/htdocs/suspended-page/item.php
[Sun Nov 23 16:47:35.464233 2025] [:error] [pid 44652:tid 44714] [client 140.99.1.42:65535] [client 140.99.1.42] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/index.php"] [unique_id "aSLKJ9iQFwsyXQDhwyDDZgAAAQg"]
[Sun Nov 23 16:47:35.778849 2025] [:error] [pid 44652:tid 44724] [client 140.99.1.65:29517] [client 140.99.1.65] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/about.php"] [unique_id "aSLKJ9iQFwsyXQDhwyDDcwAAARI"]
[Sun Nov 23 16:47:36.194012 2025] [:error] [pid 14602:tid 14629] [client 140.99.1.70:40543] [client 140.99.1.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/index.php"] [unique_id "aSLKKB-I77jdD81pU-mt0gAAAUg"]
[Sun Nov 23 16:47:36.481858 2025] [:error] [pid 38824:tid 38830] [client 140.99.1.3:33061] [client 140.99.1.3] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/about.php/wp-content/x/index.php"] [unique_id "aSLKKE8WZjXLvbHTHPfIHgAAAMM"]
[Sun Nov 23 16:47:36.714305 2025] [:error] [pid 38740:tid 38810] [client 140.99.1.14:38705] [client 140.99.1.14] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/about.php"] [unique_id "aSLKKA13QPZSi6O8umWuJwAAAI4"]
[Sun Nov 23 16:47:37.262703 2025] [:error] [pid 38739:tid 38791] [client 140.99.1.47:35425] File does not exist: /usr/local/apache/htdocs/suspended-page/default.php
[Sun Nov 23 16:47:37.451433 2025] [:error] [pid 38739:tid 38792] [client 140.99.1.47:35425] [client 140.99.1.47] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/info.php"] [unique_id "aSLKKQdvEgJm2n2cDmo_oQAAAFc"]
[Sun Nov 23 16:47:37.662301 2025] [:error] [pid 17534:tid 17549] [client 140.99.1.38:50599] [client 140.99.1.38] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class.api.php"] [unique_id "aSLKKXPX9nXBrhgM8sw3aQAAAc0"]
[Sun Nov 23 16:47:38.010765 2025] [:error] [pid 44652:tid 44708] [client 140.99.1.43:37539] [client 140.99.1.43] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/fonts/index.php"] [unique_id "aSLKKtiQFwsyXQDhwyDDpQAAAQI"]
[Sun Nov 23 16:47:38.471151 2025] [:error] [pid 44652:tid 44723] [client 140.99.1.20:57229] File does not exist: /usr/local/apache/htdocs/suspended-page/dropdown.php
[Sun Nov 23 16:47:38.786737 2025] [:error] [pid 44652:tid 44713] [client 140.99.1.20:57229] File does not exist: /usr/local/apache/htdocs/suspended-page/db.php
[Sun Nov 23 16:47:39.266905 2025] [:error] [pid 44652:tid 44723] [client 140.99.1.20:57229] [client 140.99.1.20] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/admin.php"] [unique_id "aSLKK9iQFwsyXQDhwyDDxAAAARE"]
[Sun Nov 23 16:47:39.876380 2025] [:error] [pid 17534:tid 17555] [client 140.99.1.37:39761] [client 140.99.1.37] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 140.99.1.37, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/js/wp-login.php"] [unique_id "aSLKK3PX9nXBrhgM8sw3nwAAAdM"]
[Sun Nov 23 16:47:39.975090 2025] [:error] [pid 17534:tid 17550] [client 140.99.1.37:39761] File does not exist: /usr/local/apache/htdocs/suspended-page/install.php
[Sun Nov 23 16:47:40.732061 2025] [:error] [pid 17534:tid 17560] [client 140.99.1.37:39761] File does not exist: /usr/local/apache/htdocs/suspended-page/bypass.php
[Sun Nov 23 16:47:40.877758 2025] [:error] [pid 17534:tid 17556] [client 140.99.1.37:39761] File does not exist: /usr/local/apache/htdocs/suspended-page/class.php
[Sun Nov 23 16:47:41.420800 2025] [:error] [pid 17534:tid 17543] [client 140.99.1.37:39761] [client 140.99.1.37] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rest-api/about.php"] [unique_id "aSLKLXPX9nXBrhgM8sw38QAAAcc"]
[Sun Nov 23 16:47:41.796351 2025] [:error] [pid 44652:tid 44707] [client 140.99.1.32:57493] File does not exist: /usr/local/apache/htdocs/suspended-page/init.php
[Sun Nov 23 16:47:41.954081 2025] [:error] [pid 44652:tid 44723] [client 140.99.1.32:57493] [client 140.99.1.32] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 140.99.1.32, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/user/wp-login.php"] [unique_id "aSLKLdiQFwsyXQDhwyDEEQAAARE"]
[Sun Nov 23 16:47:42.286875 2025] [:error] [pid 44652:tid 44721] [client 140.99.1.32:57493] [client 140.99.1.32] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/item.php"] [unique_id "aSLKLtiQFwsyXQDhwyDEHgAAAQ8"]
[Sun Nov 23 16:47:43.168194 2025] [:error] [pid 38824:tid 38834] [client 140.99.1.28:41439] File does not exist: /usr/local/apache/htdocs/suspended-page/adminfuns.php
[Sun Nov 23 16:47:43.501987 2025] [:error] [pid 38824:tid 38851] [client 140.99.1.28:41439] File does not exist: /usr/local/apache/htdocs/suspended-page/wp_wlx.php
[Sun Nov 23 16:47:43.821463 2025] [:error] [pid 38824:tid 38839] [client 140.99.1.28:41439] [client 140.99.1.28] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/husky301.php"] [unique_id "aSLKL08WZjXLvbHTHPfIlAAAAMw"]
[Sun Nov 23 16:47:44.214650 2025] [:error] [pid 14602:tid 14636] [client 140.99.1.14:38279] File does not exist: /usr/local/apache/htdocs/suspended-page/wp.php
[Sun Nov 23 16:47:54.154383 2025] [:error] [pid 14602:tid 14643] [client 140.99.1.14:38279] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-header.php
[Sun Nov 23 16:47:54.385314 2025] [:error] [pid 14602:tid 14639] [client 140.99.1.14:38279] File does not exist: /usr/local/apache/htdocs/suspended-page/Marvins.php
[Sun Nov 23 16:47:54.623865 2025] [:error] [pid 14602:tid 14628] [client 140.99.1.14:38279] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-class.php
[Sun Nov 23 16:47:54.754508 2025] [:error] [pid 14602:tid 14639] [client 140.99.1.14:38279] [client 140.99.1.14] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/index.php"] [unique_id "aSLKOh-I77jdD81pU-mv1QAAAVI"]
[Sun Nov 23 16:47:54.991569 2025] [:error] [pid 17534:tid 17547] [client 140.99.1.10:54495] File does not exist: /usr/local/apache/htdocs/suspended-page/xx.php
[Sun Nov 23 16:47:55.179346 2025] [:error] [pid 17534:tid 17549] [client 140.99.1.10:54495] File does not exist: /usr/local/apache/htdocs/suspended-page/autoload_classmap.php
[Sun Nov 23 16:47:55.335905 2025] [:error] [pid 17534:tid 17550] [client 140.99.1.10:54495] [client 140.99.1.10] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/classwithtostring.php"] [unique_id "aSLKO3PX9nXBrhgM8sw6BAAAAc4"]
[Sun Nov 23 16:47:55.668492 2025] [:error] [pid 38740:tid 38806] [client 140.99.1.38:23329] File does not exist: /usr/local/apache/htdocs/suspended-page/content.php
[Sun Nov 23 16:47:55.871843 2025] [:error] [pid 38740:tid 38815] [client 140.99.1.38:23329] [client 140.99.1.38] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 140.99.1.38, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/wp-login.php"] [unique_id "aSLKOw13QPZSi6O8umWvmQAAAJM"]
[Sun Nov 23 16:47:55.987837 2025] [:error] [pid 38740:tid 38818] [client 140.99.1.38:23329] [client 140.99.1.38] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rest-api/endpoints/index.php"] [unique_id "aSLKOw13QPZSi6O8umWvnAAAAJY"]
[Sun Nov 23 16:47:57.660595 2025] [:error] [pid 44652:tid 44721] [client 140.99.1.28:50217] File does not exist: /usr/local/apache/htdocs/suspended-page/web.php
[Sun Nov 23 16:47:58.518474 2025] [:error] [pid 44652:tid 44730] [client 140.99.1.28:50217] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-trackback.php
[Sun Nov 23 16:47:58.668503 2025] [:error] [pid 44652:tid 44719] [client 140.99.1.28:50217] [client 140.99.1.28] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/style-engine/bypass.php"] [unique_id "aSLKPtiQFwsyXQDhwyDGIgAAAQ0"]
[Sun Nov 23 16:47:58.874608 2025] [:error] [pid 38740:tid 38801] [client 140.99.1.11:40313] File does not exist: /usr/local/apache/htdocs/suspended-page/radio.php
[Sun Nov 23 16:47:59.228860 2025] [:error] [pid 38740:tid 38809] [client 140.99.1.11:40313] [client 140.99.1.11] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 140.99.1.11, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/colors/midnight/wp-login.php"] [unique_id "aSLKPw13QPZSi6O8umWv5QAAAI0"]
[Sun Nov 23 16:47:59.387840 2025] [:error] [pid 38740:tid 38820] [client 140.99.1.11:40313] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-conflg.php
[Sun Nov 23 16:47:59.541449 2025] [:error] [pid 38740:tid 38803] [client 140.99.1.11:40313] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-setup.php
[Sun Nov 23 16:47:59.694662 2025] [:error] [pid 38740:tid 38808] [client 140.99.1.11:40313] File does not exist: /usr/local/apache/htdocs/suspended-page/ms-themes.php
[Sun Nov 23 16:47:59.818442 2025] [:error] [pid 38740:tid 38818] [client 140.99.1.11:40313] [client 140.99.1.11] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/about.php"] [unique_id "aSLKPw13QPZSi6O8umWv9wAAAJY"]
[Sun Nov 23 16:48:00.095050 2025] [:error] [pid 38738:tid 38746] [client 140.99.1.65:54765] File does not exist: /usr/local/apache/htdocs/suspended-page/style.php
[Sun Nov 23 16:48:00.293111 2025] [:error] [pid 38738:tid 38758] [client 140.99.1.65:54765] [client 140.99.1.65] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/infi.php"] [unique_id "aSLKQAytc6TL9XavPmMTCQAAABA"]
[Sun Nov 23 16:48:00.809517 2025] [:error] [pid 38738:tid 38766] [client 140.99.1.14:35125] File does not exist: /usr/local/apache/htdocs/suspended-page/x.php
[Sun Nov 23 16:48:00.925897 2025] [:error] [pid 38738:tid 38742] [client 140.99.1.14:35125] [client 140.99.1.14] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/index.php"] [unique_id "aSLKQAytc6TL9XavPmMTDQAAAAA"]
[Sun Nov 23 16:48:01.422197 2025] [:error] [pid 38740:tid 38808] [client 140.99.1.70:24589] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-user.php
[Sun Nov 23 16:48:01.532805 2025] [:error] [pid 38740:tid 38802] [client 140.99.1.70:24589] [client 140.99.1.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/pomo/about.php"] [unique_id "aSLKQQ13QPZSi6O8umWwHAAAAIY"]
[Sun Nov 23 16:48:07.151093 2025] [:error] [pid 16066:tid 16091] [client 140.99.1.37:39363] [client 140.99.1.37] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/pomo/index.php"] [unique_id "aSLKR_q-c47Q5mW5E9GC1QAAAZY"]
[Sun Nov 23 16:48:07.356467 2025] [:error] [pid 38738:tid 38757] [client 140.99.1.38:23837] File does not exist: /usr/local/apache/htdocs/suspended-page/config.php
[Sun Nov 23 16:48:07.472240 2025] [:error] [pid 38738:tid 38751] [client 140.99.1.38:23837] File does not exist: /usr/local/apache/htdocs/suspended-page/special.php
[Sun Nov 23 16:48:08.019068 2025] [:error] [pid 38738:tid 38757] [client 140.99.1.38:23837] [client 140.99.1.38] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/block-patterns/autoload_classmap.php"] [unique_id "aSLKSAytc6TL9XavPmMTiAAAAA8"]
[Sun Nov 23 16:48:08.322978 2025] [:error] [pid 38824:tid 38850] [client 140.99.1.62:23675] [client 140.99.1.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/about.php"] [unique_id "aSLKSE8WZjXLvbHTHPfJtgAAANc"]
[Sun Nov 23 16:48:08.971588 2025] [:error] [pid 16066:tid 16074] [client 140.99.1.26:29525] [client 140.99.1.26] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/edit.php"] [unique_id "aSLKSPq-c47Q5mW5E9GC-AAAAYU"]
[Sun Nov 23 16:48:09.254905 2025] [:error] [pid 44652:tid 44715] [client 140.99.1.7:29531] File does not exist: /usr/local/apache/htdocs/suspended-page/webdb.php
[Sun Nov 23 16:48:09.681564 2025] [:error] [pid 44652:tid 44724] [client 140.99.1.7:29531] File does not exist: /usr/local/apache/htdocs/suspended-page/file2.php
[Sun Nov 23 16:48:09.828218 2025] [:error] [pid 44652:tid 44721] [client 140.99.1.7:29531] [client 140.99.1.7] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/wp-work.php"] [unique_id "aSLKSdiQFwsyXQDhwyDG9gAAAQ8"]
[Sun Nov 23 16:48:10.038760 2025] [:error] [pid 14602:tid 14642] [client 140.99.1.31:33979] File does not exist: /usr/local/apache/htdocs/suspended-page/alfa.php
[Sun Nov 23 16:48:10.249087 2025] [:error] [pid 14602:tid 14633] [client 140.99.1.31:33979] [client 140.99.1.31] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/click.php"] [unique_id "aSLKSh-I77jdD81pU-mxqgAAAUw"]
[Sun Nov 23 16:48:10.920654 2025] [:error] [pid 38738:tid 38752] [client 140.99.1.13:32343] [client 140.99.1.13] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/random_compat/chosen.php"] [unique_id "aSLKSgytc6TL9XavPmMTuQAAAAo"]
[Sun Nov 23 16:48:11.242908 2025] [:error] [pid 38739:tid 38782] [client 140.99.1.27:51225] File does not exist: /usr/local/apache/htdocs/suspended-page/edit.php
[Sun Nov 23 16:48:11.660395 2025] [:error] [pid 38739:tid 38782] [client 140.99.1.27:51225] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-links-opml.php
[Sun Nov 23 16:48:11.890327 2025] [:error] [pid 38739:tid 38775] [client 140.99.1.27:51225] File does not exist: /usr/local/apache/htdocs/suspended-page/atomlib.php
[Sun Nov 23 16:48:11.983528 2025] [:error] [pid 38739:tid 38776] [client 140.99.1.27:51225] [client 140.99.1.27] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/jquery/bypass.php"] [unique_id "aSLKSwdvEgJm2n2cDmpBewAAAEc"]
[Sun Nov 23 16:48:12.180793 2025] [:error] [pid 16066:tid 16072] [client 140.99.1.52:61501] [client 140.99.1.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/xl2023.php"] [unique_id "aSLKTPq-c47Q5mW5E9GDIwAAAYM"]
[Sun Nov 23 16:48:12.491128 2025] [:error] [pid 16066:tid 16075] [client 140.99.1.74:30393] [client 140.99.1.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/admin.php"] [unique_id "aSLKTPq-c47Q5mW5E9GDKwAAAYY"]
[Sun Nov 23 16:48:12.681762 2025] [:error] [pid 14602:tid 14631] [client 140.99.1.43:44501] [client 140.99.1.43] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/media/dog.php"] [unique_id "aSLKTB-I77jdD81pU-mx2gAAAUo"]
[Sun Nov 23 16:48:12.903884 2025] [:error] [pid 38738:tid 38742] [client 140.99.1.38:25841] File does not exist: /usr/local/apache/htdocs/suspended-page/xp.php
[Sun Nov 23 16:48:13.059935 2025] [:error] [pid 38738:tid 38765] [client 140.99.1.38:25841] [client 140.99.1.38] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/applicationd.php"] [unique_id "aSLKTQytc6TL9XavPmMT0wAAABc"]
[Sun Nov 23 16:48:13.246116 2025] [:error] [pid 38740:tid 38816] [client 140.99.1.24:27009] [client 140.99.1.24] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/index.php"] [unique_id "aSLKTQ13QPZSi6O8umWwzwAAAJQ"]
[Sun Nov 23 16:48:13.446287 2025] [:error] [pid 38740:tid 38818] [client 140.99.1.3:49337] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-links.php
[Sun Nov 23 16:48:13.845812 2025] [:error] [pid 38740:tid 38803] [client 140.99.1.3:49337] [client 140.99.1.3] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/index.php"] [unique_id "aSLKTQ13QPZSi6O8umWw1wAAAIc"]
[Sun Nov 23 16:48:14.091860 2025] [:error] [pid 38738:tid 38757] [client 140.99.1.2:20715] [client 140.99.1.2] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/index.php"] [unique_id "aSLKTgytc6TL9XavPmMT4gAAAA8"]
[Sun Nov 23 16:48:14.276864 2025] [:error] [pid 38738:tid 38756] [client 140.99.1.46:61141] [client 140.99.1.46] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/pomo/admin.php"] [unique_id "aSLKTgytc6TL9XavPmMT5wAAAA4"]
[Sun Nov 23 16:48:14.482975 2025] [:error] [pid 38739:tid 38780] [client 140.99.1.37:50669] [client 140.99.1.37] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/security.php"] [unique_id "aSLKTgdvEgJm2n2cDmpBpQAAAEs"]
[Sun Nov 23 16:48:14.785604 2025] [:error] [pid 38738:tid 38750] [client 140.99.1.76:25601] [client 140.99.1.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/autoload_classmap.php"] [unique_id "aSLKTgytc6TL9XavPmMT9AAAAAg"]
[Sun Nov 23 16:48:15.231081 2025] [:error] [pid 14602:tid 14644] [client 140.99.1.18:39781] [client 140.99.1.18] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/fonts/about.php"] [unique_id "aSLKTx-I77jdD81pU-myFAAAAVc"]
[Sun Nov 23 16:48:15.422611 2025] [:error] [pid 38738:tid 38755] [client 140.99.1.28:25531] File does not exist: /usr/local/apache/htdocs/suspended-page/moon.php
[Sun Nov 23 16:48:15.818071 2025] [:error] [pid 38738:tid 38748] [client 140.99.1.28:25531] File does not exist: /usr/local/apache/htdocs/suspended-page/webadmin.php
[Sun Nov 23 16:48:16.688668 2025] [:error] [pid 38738:tid 38748] [client 140.99.1.28:25531] [client 140.99.1.28] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/about.php"] [unique_id "aSLKUAytc6TL9XavPmMUKQAAAAY"]
[Sun Nov 23 16:48:17.189658 2025] [:error] [pid 16066:tid 16071] [client 140.99.1.76:59409] File does not exist: /usr/local/apache/htdocs/suspended-page/xl2023.php
[Sun Nov 23 16:48:17.299639 2025] [:error] [pid 16066:tid 16074] [client 140.99.1.76:59409] File does not exist: /usr/local/apache/htdocs/suspended-page/go.php
[Sun Nov 23 16:48:18.016503 2025] [:error] [pid 16066:tid 16089] [client 140.99.1.76:59409] [client 140.99.1.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/file.php"] [unique_id "aSLKUvq-c47Q5mW5E9GDtAAAAZQ"]
[Sun Nov 23 16:48:18.563507 2025] [:error] [pid 38739:tid 38784] [client 140.99.1.18:43875] [client 140.99.1.18] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/dedi1.php"] [unique_id "aSLKUgdvEgJm2n2cDmpB1AAAAE8"]
[Sun Nov 23 16:48:18.795897 2025] [:error] [pid 44652:tid 44728] [client 140.99.1.26:63465] [client 140.99.1.26] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/pomo/autoload_classmap.php"] [unique_id "aSLKUtiQFwsyXQDhwyDHtgAAARY"]
[Sun Nov 23 16:48:19.583033 2025] [:error] [pid 38738:tid 38759] [client 140.99.1.5:27249] [client 140.99.1.5] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/wp-login.php"] [unique_id "aSLKUwytc6TL9XavPmMUbgAAABE"]
[Sun Nov 23 16:48:20.142879 2025] [:error] [pid 16066:tid 16080] [client 140.99.1.68:26683] File does not exist: /usr/local/apache/htdocs/suspended-page/hehehehe.php
[Sun Nov 23 16:48:20.242617 2025] [:error] [pid 16066:tid 16069] [client 140.99.1.68:26683] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/install.php
[Sun Nov 23 16:48:20.341260 2025] [:error] [pid 16066:tid 16084] [client 140.99.1.68:26683] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/plugins.php
[Sun Nov 23 16:48:20.441810 2025] [:error] [pid 16066:tid 16088] [client 140.99.1.68:26683] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/license.php
[Sun Nov 23 16:48:21.005406 2025] [:error] [pid 16066:tid 16089] [client 140.99.1.68:26683] [client 140.99.1.68] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/about.php"] [unique_id "aSLKVfq-c47Q5mW5E9GD7QAAAZQ"]
[Sun Nov 23 16:48:21.197843 2025] [:error] [pid 16066:tid 16093] [client 140.99.1.31:64915] [client 140.99.1.31] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/edit-widgets/index.php"] [unique_id "aSLKVfq-c47Q5mW5E9GD8AAAAZg"]
[Sun Nov 23 16:48:21.509616 2025] [:error] [pid 38739:tid 38777] [client 140.99.1.26:33749] [client 140.99.1.26] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/edit-widgets/about.php"] [unique_id "aSLKVQdvEgJm2n2cDmpB7QAAAEg"]
[Sun Nov 23 16:48:21.724527 2025] [:error] [pid 17534:tid 17548] [client 140.99.1.53:23017] [client 140.99.1.53] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/src/Exception/Http/about.php"] [unique_id "aSLKVXPX9nXBrhgM8sw94QAAAcw"]
[Sun Nov 23 16:48:21.936592 2025] [:error] [pid 38738:tid 38753] [client 140.99.1.77:42447] [client 140.99.1.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Renderer/index.php"] [unique_id "aSLKVQytc6TL9XavPmMUrAAAAAs"]
[Sun Nov 23 16:48:22.146231 2025] [:error] [pid 38739:tid 38786] [client 140.99.1.20:27513] [client 140.99.1.20] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/index.php"] [unique_id "aSLKVgdvEgJm2n2cDmpB-QAAAFE"]
[Sun Nov 23 16:48:24.999190 2025] [:error] [pid 14602:tid 14627] [client 140.99.1.20:33401] [client 140.99.1.20] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/media/index.php"] [unique_id "aSLKWB-I77jdD81pU-my5QAAAUY"]
[Sun Nov 23 16:48:25.232615 2025] [:error] [pid 14602:tid 14628] [client 140.99.1.20:47767] [client 140.99.1.20] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/skins/lightgray/img/index.php"] [unique_id "aSLKWR-I77jdD81pU-my6wAAAUc"]
[Sun Nov 23 16:48:25.496568 2025] [:error] [pid 14602:tid 14629] [client 140.99.1.16:64959] [client 140.99.1.16] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/skins/lightgray/img/about.php"] [unique_id "aSLKWR-I77jdD81pU-my8wAAAUg"]
[Sun Nov 23 16:48:25.708696 2025] [:error] [pid 38824:tid 38839] [client 140.99.1.68:22849] [client 140.99.1.68] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/skins/lightgray/img/wp-login.php"] [unique_id "aSLKWU8WZjXLvbHTHPfKkgAAAMw"]
[Sun Nov 23 16:48:26.141782 2025] [:error] [pid 14602:tid 14632] [client 140.99.1.17:46151] [client 140.99.1.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/fonts/themes.php"] [unique_id "aSLKWh-I77jdD81pU-mzBwAAAUs"]
[Sun Nov 23 16:48:26.496838 2025] [:error] [pid 17534:tid 17544] [client 140.99.1.46:55987] [client 140.99.1.46] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/index.php"] [unique_id "aSLKWnPX9nXBrhgM8sw-WwAAAcg"]
[Sun Nov 23 16:48:26.774059 2025] [:error] [pid 38740:tid 38803] [client 140.99.1.10:46505] File does not exist: /usr/local/apache/htdocs/suspended-page/byp.php
[Sun Nov 23 16:48:27.106225 2025] [:error] [pid 38740:tid 38804] [client 140.99.1.10:46505] [client 140.99.1.10] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/media/wp-login.php"] [unique_id "aSLKWw13QPZSi6O8umWxcAAAAIg"]
[Sun Nov 23 16:48:27.604662 2025] [:error] [pid 14602:tid 14629] [client 140.99.1.74:62607] [client 140.99.1.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/about.php"] [unique_id "aSLKWx-I77jdD81pU-mzKQAAAUg"]
[Sun Nov 23 16:48:28.080336 2025] [:error] [pid 38824:tid 38845] [client 140.99.1.13:23499] [client 140.99.1.13] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/class.api.php"] [unique_id "aSLKXE8WZjXLvbHTHPfKwAAAANI"]
[Sun Nov 23 16:48:28.330198 2025] [:error] [pid 38824:tid 38830] [client 140.99.1.10:61479] File does not exist: /usr/local/apache/htdocs/suspended-page/class.api.php
[Sun Nov 23 16:48:28.422278 2025] [:error] [pid 38824:tid 38848] [client 140.99.1.10:61479] [client 140.99.1.10] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/wp-login.php"] [unique_id "aSLKXE8WZjXLvbHTHPfKxQAAANU"]
[Sun Nov 23 16:48:28.760832 2025] [:error] [pid 38740:tid 38808] [client 140.99.1.62:58665] File does not exist: /usr/local/apache/htdocs/suspended-page/system_log.php
[Sun Nov 23 16:48:29.004170 2025] [:error] [pid 38740:tid 38808] [client 140.99.1.62:58665] File does not exist: /usr/local/apache/htdocs/suspended-page/.alf.php
[Sun Nov 23 16:48:29.099350 2025] [:error] [pid 38740:tid 38810] [client 140.99.1.62:58665] File does not exist: /usr/local/apache/htdocs/suspended-page/wso.php
[Sun Nov 23 16:48:29.193635 2025] [:error] [pid 38740:tid 38802] [client 140.99.1.62:58665] [client 140.99.1.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/about.php"] [unique_id "aSLKXQ13QPZSi6O8umWxhgAAAIY"]
[Sun Nov 23 16:48:29.469060 2025] [:error] [pid 16066:tid 16089] [client 140.99.1.42:58821] File does not exist: /usr/local/apache/htdocs/suspended-page/flower.php
[Sun Nov 23 16:48:29.571731 2025] [:error] [pid 16066:tid 16071] [client 140.99.1.42:58821] [client 140.99.1.42] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/wp-class.php"] [unique_id "aSLKXfq-c47Q5mW5E9GEVgAAAYI"]
[Sun Nov 23 16:48:30.260429 2025] [:error] [pid 17534:tid 17551] [client 140.99.1.46:20973] File does not exist: /usr/local/apache/htdocs/suspended-page/ioxi-o.php
[Sun Nov 23 16:48:30.365849 2025] [:error] [pid 17534:tid 17549] [client 140.99.1.46:20973] File does not exist: /usr/local/apache/htdocs/suspended-page/info.php
[Sun Nov 23 16:48:30.483015 2025] [:error] [pid 17534:tid 17536] [client 140.99.1.46:20973] File does not exist: /usr/local/apache/htdocs/suspended-page/setup.php
[Sun Nov 23 16:48:31.115211 2025] [:error] [pid 17534:tid 17547] [client 140.99.1.46:20973] File does not exist: /usr/local/apache/htdocs/suspended-page/as.php
[Sun Nov 23 16:48:31.218800 2025] [:error] [pid 17534:tid 17558] [client 140.99.1.46:20973] File does not exist: /usr/local/apache/htdocs/suspended-page/cc.php
[Sun Nov 23 16:48:31.591093 2025] [:error] [pid 17534:tid 17549] [client 140.99.1.46:20973] File does not exist: /usr/local/apache/htdocs/suspended-page/ab.php
[Sun Nov 23 16:48:31.920878 2025] [:error] [pid 17534:tid 17544] [client 140.99.1.46:20973] File does not exist: /usr/local/apache/htdocs/suspended-page/doc.php
[Sun Nov 23 16:48:32.018252 2025] [:error] [pid 17534:tid 17556] [client 140.99.1.46:20973] [client 140.99.1.46] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/html-api/chosen.php"] [unique_id "aSLKYHPX9nXBrhgM8sw-4AAAAdQ"]
[Sun Nov 23 16:48:33.240562 2025] [:error] [pid 38738:tid 38753] [client 140.99.1.13:28801] [client 140.99.1.13] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/style-engine/autoload_classmap.php"] [unique_id "aSLKYQytc6TL9XavPmMVpAAAAAs"]
[Sun Nov 23 16:48:33.438434 2025] [:error] [pid 17534:tid 17556] [client 140.99.1.44:55527] [client 140.99.1.44] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 140.99.1.44, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aSLKYXPX9nXBrhgM8sw-8AAAAdQ"]
[Sun Nov 23 16:48:33.447774 2025] [:error] [pid 17534:tid 17556] [client 140.99.1.44:55527] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php
[Sun Nov 23 16:48:33.547315 2025] [:error] [pid 17534:tid 17539] [client 140.99.1.44:55527] File does not exist: /usr/local/apache/htdocs/suspended-page/mar.php
[Sun Nov 23 16:48:33.711661 2025] [:error] [pid 17534:tid 17538] [client 140.99.1.44:55527] [client 140.99.1.44] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/providers/index.php"] [unique_id "aSLKYXPX9nXBrhgM8sw-9QAAAcI"]
[Sun Nov 23 16:48:34.071319 2025] [:error] [pid 17534:tid 17559] [client 140.99.1.44:58813] File does not exist: /usr/local/apache/htdocs/suspended-page/1.php
[Sun Nov 23 16:48:34.166830 2025] [:error] [pid 17534:tid 17540] [client 140.99.1.44:58813] [client 140.99.1.44] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/index.php"] [unique_id "aSLKYnPX9nXBrhgM8sw-_QAAAcQ"]
[Sun Nov 23 16:48:34.370485 2025] [:error] [pid 17534:tid 17543] [client 140.99.1.9:20575] [client 140.99.1.9] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/style-engine/index.php"] [unique_id "aSLKYnPX9nXBrhgM8sw-_wAAAcc"]
[Sun Nov 23 16:48:34.977491 2025] [:error] [pid 38738:tid 38748] [client 140.99.1.7:26553] [client 140.99.1.7] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/about.php"] [unique_id "aSLKYgytc6TL9XavPmMVxgAAAAY"]
[Sun Nov 23 16:48:35.181679 2025] [:error] [pid 38740:tid 38799] [client 140.99.1.74:22779] [client 140.99.1.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/fm.php"] [unique_id "aSLKYw13QPZSi6O8umWxvwAAAIM"]
[Sun Nov 23 16:48:35.726965 2025] [:error] [pid 17534:tid 17545] [client 140.99.1.48:62329] File does not exist: /usr/local/apache/htdocs/suspended-page/ini.php
[Sun Nov 23 16:48:35.980887 2025] [:error] [pid 17534:tid 17536] [client 140.99.1.48:62329] [client 140.99.1.48] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/calendar/index.php"] [unique_id "aSLKY3PX9nXBrhgM8sw_GQAAAcA"]
[Sun Nov 23 16:48:36.833433 2025] [:error] [pid 14602:tid 14637] [client 140.99.1.13:23983] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/atomlib.php
[Sun Nov 23 16:48:37.129788 2025] [:error] [pid 14602:tid 14640] [client 140.99.1.13:23983] [client 140.99.1.13] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/function.php"] [unique_id "aSLKZR-I77jdD81pU-mz3gAAAVM"]
[Sun Nov 23 16:48:37.365659 2025] [:error] [pid 16066:tid 16087] [client 140.99.1.27:51821] [client 140.99.1.27] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/plugins.php"] [unique_id "aSLKZfq-c47Q5mW5E9GE_AAAAZI"]
[Sun Nov 23 16:48:37.660595 2025] [:error] [pid 38738:tid 38757] [client 140.99.1.46:46057] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-content.php
[Sun Nov 23 16:48:37.772884 2025] [:error] [pid 38738:tid 38745] [client 140.99.1.46:46057] [client 140.99.1.46] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/chosen.php"] [unique_id "aSLKZQytc6TL9XavPmMV9AAAAAM"]
[Sun Nov 23 16:48:38.057127 2025] [:error] [pid 17534:tid 17549] [client 140.99.1.10:53793] [client 140.99.1.10] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Renderer/about.php"] [unique_id "aSLKZnPX9nXBrhgM8sw_KwAAAc0"]
[Sun Nov 23 16:48:38.645629 2025] [:error] [pid 17534:tid 17536] [client 140.99.1.48:37499] File does not exist: /usr/local/apache/htdocs/suspended-page/customize.php
[Sun Nov 23 16:48:38.757690 2025] [:error] [pid 17534:tid 17552] [client 140.99.1.48:37499] File does not exist: /usr/local/apache/htdocs/suspended-page/license.php
[Sun Nov 23 16:48:38.959640 2025] [:error] [pid 17534:tid 17556] [client 140.99.1.48:37499] File does not exist: /usr/local/apache/htdocs/suspended-page/lock.php
[Sun Nov 23 16:48:39.180759 2025] [:error] [pid 17534:tid 17555] [client 140.99.1.48:37499] [client 140.99.1.48] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/atomlib.php"] [unique_id "aSLKZ3PX9nXBrhgM8sw_QQAAAdM"]
[Sun Nov 23 16:48:39.494168 2025] [:error] [pid 38740:tid 38809] [client 140.99.1.44:27705] [client 140.99.1.44] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rest-api/index.php"] [unique_id "aSLKZw13QPZSi6O8umWx7gAAAI0"]
[Sun Nov 23 16:48:40.177688 2025] [:error] [pid 17534:tid 17543] [client 140.99.1.17:48501] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-good.php
[Sun Nov 23 16:48:40.320660 2025] [:error] [pid 17534:tid 17547] [client 140.99.1.17:48501] [client 140.99.1.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/index.php"] [unique_id "aSLKaHPX9nXBrhgM8sw_UQAAAcs"]
[Sun Nov 23 16:48:40.516733 2025] [:error] [pid 16066:tid 16093] [client 140.99.1.76:21441] [client 140.99.1.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/style-engine/wp-conflg.php"] [unique_id "aSLKaPq-c47Q5mW5E9GFKQAAAZg"]
[Sun Nov 23 16:48:40.771718 2025] [:error] [pid 16066:tid 16084] [client 140.99.1.67:40003] [client 140.99.1.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/autoload_classmap.php"] [unique_id "aSLKaPq-c47Q5mW5E9GFMgAAAY8"]
[Sun Nov 23 16:48:41.567354 2025] [:error] [pid 14602:tid 14634] [client 140.99.1.78:35815] File does not exist: /usr/local/apache/htdocs/suspended-page/ff2.php
[Sun Nov 23 16:48:41.777029 2025] [:error] [pid 14602:tid 14623] [client 140.99.1.78:35815] [client 140.99.1.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Exception-wp.php"] [unique_id "aSLKaR-I77jdD81pU-m0EwAAAUI"]
[Sun Nov 23 16:48:42.102281 2025] [:error] [pid 44652:tid 44713] [client 140.99.1.72:44003] [client 140.99.1.72] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rest-api/autoload_classmap.php"] [unique_id "aSLKatiQFwsyXQDhwyDJBgAAAQc"]
[Sun Nov 23 16:48:42.300369 2025] [:error] [pid 17534:tid 17554] [client 140.99.1.26:34111] File does not exist: /usr/local/apache/htdocs/suspended-page/jp.php
[Sun Nov 23 16:48:42.491948 2025] [:error] [pid 17534:tid 17554] [client 140.99.1.26:34111] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-atom.php
[Sun Nov 23 16:48:42.764518 2025] [:error] [pid 17534:tid 17557] [client 140.99.1.26:34111] File does not exist: /usr/local/apache/htdocs/suspended-page/up.php
[Sun Nov 23 16:48:43.221161 2025] [:error] [pid 17534:tid 17540] [client 140.99.1.26:34111] [client 140.99.1.26] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 140.99.1.26, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/js/wp-login.php"] [unique_id "aSLKa3PX9nXBrhgM8sw_cgAAAcQ"]
[Sun Nov 23 16:48:43.530212 2025] [:error] [pid 17534:tid 17547] [client 140.99.1.26:34111] File does not exist: /usr/local/apache/htdocs/suspended-page/worm.PhP
[Sun Nov 23 16:48:43.995441 2025] [:error] [pid 17534:tid 17541] [client 140.99.1.26:34111] File does not exist: /usr/local/apache/htdocs/suspended-page/ext.php
[Sun Nov 23 16:48:44.093183 2025] [:error] [pid 17534:tid 17553] [client 140.99.1.26:34111] File does not exist: /usr/local/apache/htdocs/suspended-page/delpaths.php
[Sun Nov 23 16:48:44.320120 2025] [:error] [pid 17534:tid 17540] [client 140.99.1.26:34111] [client 140.99.1.26] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/bk/index.php"] [unique_id "aSLKbHPX9nXBrhgM8sw_ggAAAcQ"]
[Sun Nov 23 16:48:44.580628 2025] [:error] [pid 38740:tid 38814] [client 140.99.1.65:41787] [client 140.99.1.65] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 140.99.1.65, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/wp-login.php"] [unique_id "aSLKbA13QPZSi6O8umWyNQAAAJI"]
[Sun Nov 23 16:48:45.043816 2025] [:error] [pid 38740:tid 38815] [client 140.99.1.65:41787] File does not exist: /usr/local/apache/htdocs/suspended-page/gifclass.php
[Sun Nov 23 16:48:45.173443 2025] [:error] [pid 38740:tid 38801] [client 140.99.1.65:41787] File does not exist: /usr/local/apache/htdocs/suspended-page/plugin.php
[Sun Nov 23 16:48:45.480626 2025] [:error] [pid 38740:tid 38816] [client 140.99.1.65:41787] File does not exist: /usr/local/apache/htdocs/suspended-page/update-core.php
[Sun Nov 23 16:48:45.722705 2025] [:error] [pid 38740:tid 38806] [client 140.99.1.65:41787] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-mail.php
[Sun Nov 23 16:48:46.046925 2025] [:error] [pid 38740:tid 38811] [client 140.99.1.65:41787] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/content.php
[Sun Nov 23 16:48:46.983379 2025] [:error] [pid 38740:tid 38803] [client 140.99.1.65:41787] File does not exist: /usr/local/apache/htdocs/suspended-page/aa.php
[Sun Nov 23 16:48:47.082439 2025] [:error] [pid 38740:tid 38811] [client 140.99.1.65:41787] File does not exist: /usr/local/apache/htdocs/suspended-page/index2.php
[Sun Nov 23 16:48:47.730181 2025] [:error] [pid 38740:tid 38804] [client 140.99.1.65:41787] File does not exist: /usr/local/apache/htdocs/suspended-page/shell.php
[Sun Nov 23 16:48:47.988747 2025] [:error] [pid 38740:tid 38820] [client 140.99.1.65:41787] [client 140.99.1.65] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/about.php"] [unique_id "aSLKbw13QPZSi6O8umWyfAAAAJg"]
[Sun Nov 23 16:48:48.396863 2025] [:error] [pid 38739:tid 38789] [client 140.99.1.75:39747] File does not exist: /usr/local/apache/htdocs/suspended-page/hehe.php
[Sun Nov 23 16:48:48.608922 2025] [:error] [pid 38739:tid 38773] [client 140.99.1.75:39747] [client 140.99.1.75] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/fonts/autoload_classmap.php"] [unique_id "aSLKcAdvEgJm2n2cDmpDWAAAAEQ"]
[Sun Nov 23 16:48:48.905176 2025] [:error] [pid 38738:tid 38763] [client 140.99.1.28:58403] File does not exist: /usr/local/apache/htdocs/suspended-page/dir.php
[Sun Nov 23 16:48:49.006734 2025] [:error] [pid 38738:tid 38748] [client 140.99.1.28:58403] [client 140.99.1.28] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/atomlib.php"] [unique_id "aSLKcQytc6TL9XavPmMWrQAAAAY"]
[Sun Nov 23 16:48:49.402121 2025] [:error] [pid 14602:tid 14637] [client 140.99.1.11:47679] File does not exist: /usr/local/apache/htdocs/suspended-page/nf_tracking.php
[Sun Nov 23 16:48:49.678095 2025] [:error] [pid 14602:tid 14625] [client 140.99.1.11:47679] File does not exist: /usr/local/apache/htdocs/suspended-page/filefuns.php
[Sun Nov 23 16:48:49.886618 2025] [:error] [pid 14602:tid 14627] [client 140.99.1.11:47679] File does not exist: /usr/local/apache/htdocs/suspended-page/l.php
[Sun Nov 23 16:48:49.995799 2025] [:error] [pid 14602:tid 14625] [client 140.99.1.11:47679] File does not exist: /usr/local/apache/htdocs/suspended-page/repeater.php
[Sun Nov 23 16:48:50.218848 2025] [:error] [pid 14602:tid 14640] [client 140.99.1.11:47679] [client 140.99.1.11] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/autoload_classmap.php"] [unique_id "aSLKch-I77jdD81pU-m0lwAAAVM"]
[Sun Nov 23 16:48:50.527249 2025] [:error] [pid 38740:tid 38802] [client 140.99.1.33:64475] File does not exist: /usr/local/apache/htdocs/suspended-page/contacts.php
[Sun Nov 23 16:48:50.631498 2025] [:error] [pid 38740:tid 38805] [client 140.99.1.33:64475] File does not exist: /usr/local/apache/htdocs/suspended-page/wsa.php
[Sun Nov 23 16:48:50.731599 2025] [:error] [pid 38740:tid 38804] [client 140.99.1.33:64475] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/about.php"] [unique_id "aSLKcg13QPZSi6O8umWysgAAAIg"]
[Sun Nov 23 16:48:51.103644 2025] [:error] [pid 38738:tid 38753] [client 140.99.1.70:44153] [client 140.99.1.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/index.php"] [unique_id "aSLKcwytc6TL9XavPmMWvAAAAAs"]
[Sun Nov 23 16:48:51.550788 2025] [:error] [pid 16066:tid 16080] [client 140.99.1.63:56683] File does not exist: /usr/local/apache/htdocs/suspended-page/lv.php
[Sun Nov 23 16:48:51.848004 2025] [:error] [pid 16066:tid 16093] [client 140.99.1.63:56683] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/file.php
[Sun Nov 23 16:48:51.942489 2025] [:error] [pid 16066:tid 16090] [client 140.99.1.63:56683] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php
[Sun Nov 23 16:48:52.080646 2025] [:error] [pid 16066:tid 16092] [client 140.99.1.63:56683] [client 140.99.1.63] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/autoload_classmap.php"] [unique_id "aSLKdPq-c47Q5mW5E9GF9QAAAZc"]
[Sun Nov 23 16:48:52.295450 2025] [:error] [pid 38738:tid 38751] [client 140.99.1.52:27489] [client 140.99.1.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/wp-conflg.php"] [unique_id "aSLKdAytc6TL9XavPmMWxwAAAAk"]
[Sun Nov 23 16:48:53.211382 2025] [:error] [pid 17534:tid 17538] [client 140.99.1.5:27845] File does not exist: /usr/local/apache/htdocs/suspended-page/tox.php
[Sun Nov 23 16:48:53.434823 2025] [:error] [pid 17534:tid 17557] [client 140.99.1.5:27845] [client 140.99.1.5] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/dist/default.php"] [unique_id "aSLKdXPX9nXBrhgM8sw_3QAAAdU"]
[Sun Nov 23 16:48:53.742250 2025] [:error] [pid 38738:tid 38755] [client 140.99.1.78:43331] [client 140.99.1.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/tiny.php"] [unique_id "aSLKdQytc6TL9XavPmMW4AAAAA0"]
[Sun Nov 23 16:48:54.076269 2025] [:error] [pid 17534:tid 17560] [client 140.99.1.39:35807] File does not exist: /usr/local/apache/htdocs/suspended-page/themes.php
[Sun Nov 23 16:48:54.211260 2025] [:error] [pid 17534:tid 17549] [client 140.99.1.39:35807] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-themes.php
[Sun Nov 23 16:48:54.314615 2025] [:error] [pid 17534:tid 17540] [client 140.99.1.39:35807] [client 140.99.1.39] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/src/index.php"] [unique_id "aSLKdnPX9nXBrhgM8sw_5wAAAcQ"]
[Sun Nov 23 16:48:54.601918 2025] [:error] [pid 44652:tid 44729] [client 140.99.1.52:53035] File does not exist: /usr/local/apache/htdocs/suspended-page/mariju.php
[Sun Nov 23 16:48:54.775004 2025] [:error] [pid 44652:tid 44710] [client 140.99.1.52:53035] File does not exist: /usr/local/apache/htdocs/suspended-page/waf_defender.php
[Sun Nov 23 16:48:55.033988 2025] [:error] [pid 44652:tid 44707] [client 140.99.1.52:53035] File does not exist: /usr/local/apache/htdocs/suspended-page/av.php
[Sun Nov 23 16:48:55.351395 2025] [:error] [pid 44652:tid 44716] [client 140.99.1.52:53035] [client 140.99.1.52] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Parse/about.php"] [unique_id "aSLKd9iQFwsyXQDhwyDJvQAAAQo"]
[Sun Nov 23 16:48:55.582188 2025] [:error] [pid 17534:tid 17541] [client 140.99.1.33:45389] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php
[Sun Nov 23 16:48:55.884110 2025] [:error] [pid 17534:tid 17538] [client 140.99.1.33:45389] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/wp-conflg.php"] [unique_id "aSLKd3PX9nXBrhgM8sw_-wAAAcI"]
[Sun Nov 23 16:48:56.307164 2025] [:error] [pid 38738:tid 38766] [client 140.99.1.32:58793] File does not exist: /usr/local/apache/htdocs/suspended-page/theme.php
[Sun Nov 23 16:48:56.646427 2025] [:error] [pid 38738:tid 38744] [client 140.99.1.32:58793] File does not exist: /usr/local/apache/htdocs/suspended-page/Simple.php
[Sun Nov 23 16:48:56.761745 2025] [:error] [pid 38738:tid 38751] [client 140.99.1.32:58793] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php
[Sun Nov 23 16:48:57.006236 2025] [:error] [pid 38738:tid 38759] [client 140.99.1.32:58793] [client 140.99.1.32] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 140.99.1.32, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/colors/ocean/wp-login.php"] [unique_id "aSLKeQytc6TL9XavPmMXIAAAABE"]
[Sun Nov 23 16:48:57.691469 2025] [:error] [pid 38738:tid 38751] [client 140.99.1.32:58793] [client 140.99.1.32] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Cache/upfile.php"] [unique_id "aSLKeQytc6TL9XavPmMXKQAAAAk"]
[Sun Nov 23 16:48:57.877143 2025] [:error] [pid 17534:tid 17556] [client 140.99.1.72:21271] File does not exist: /usr/local/apache/htdocs/suspended-page/small.php
[Sun Nov 23 16:48:58.011676 2025] [:error] [pid 17534:tid 17541] [client 140.99.1.72:21271] [client 140.99.1.72] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/plugins/fullscreen/about.php"] [unique_id "aSLKenPX9nXBrhgM8sxADwAAAcU"]
[Sun Nov 23 16:48:58.255755 2025] [:error] [pid 17534:tid 17538] [client 140.99.1.44:55781] File does not exist: /usr/local/apache/htdocs/suspended-page/NewFile.php
[Sun Nov 23 16:48:58.633310 2025] [:error] [pid 17534:tid 17558] [client 140.99.1.44:55781] File does not exist: /usr/local/apache/htdocs/suspended-page/error.php
[Sun Nov 23 16:48:58.907766 2025] [:error] [pid 17534:tid 17559] [client 140.99.1.44:55781] [client 140.99.1.44] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-widget-search-function.php"] [unique_id "aSLKenPX9nXBrhgM8sxAJwAAAdc"]
[Sun Nov 23 16:49:02.095021 2025] [:error] [pid 38739:tid 38791] [client 140.99.1.69:42231] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-files.php
[Sun Nov 23 16:49:02.236162 2025] [:error] [pid 38739:tid 38779] [client 140.99.1.69:42231] File does not exist: /usr/local/apache/htdocs/suspended-page/functions.php
[Sun Nov 23 16:49:02.452899 2025] [:error] [pid 38739:tid 38789] [client 140.99.1.69:42231] [client 140.99.1.69] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Canonical.php"] [unique_id "aSLKfgdvEgJm2n2cDmpD3AAAAFQ"]
[Sun Nov 23 16:49:02.817696 2025] [:error] [pid 17534:tid 17536] [client 140.99.1.13:62057] [client 140.99.1.13] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/autoload_classmap.php"] [unique_id "aSLKfnPX9nXBrhgM8sxAXwAAAcA"]
[Sun Nov 23 16:49:03.055278 2025] [:error] [pid 38824:tid 38833] [client 140.99.1.5:34929] File does not exist: /usr/local/apache/htdocs/suspended-page/aks.php
[Sun Nov 23 16:49:03.288804 2025] [:error] [pid 38824:tid 38833] [client 140.99.1.5:34929] File does not exist: /usr/local/apache/htdocs/suspended-page/litespeed.php
[Sun Nov 23 16:49:03.509483 2025] [:error] [pid 38824:tid 38848] [client 140.99.1.5:34929] [client 140.99.1.5] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-feed-index.php"] [unique_id "aSLKf08WZjXLvbHTHPfM2wAAANU"]
[Sun Nov 23 16:49:03.725958 2025] [:error] [pid 17534:tid 17558] [client 140.99.1.68:44971] File does not exist: /usr/local/apache/htdocs/suspended-page/wpn.php
[Sun Nov 23 16:49:03.936755 2025] [:error] [pid 17534:tid 17557] [client 140.99.1.68:44971] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/iR7SzrsOUEP.php
[Sun Nov 23 16:49:04.035724 2025] [:error] [pid 17534:tid 17550] [client 140.99.1.68:44971] [client 140.99.1.68] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/class-wp-customize-nav-menu-section-boolean.php"] [unique_id "aSLKgHPX9nXBrhgM8sxAgwAAAc4"]
[Sun Nov 23 16:49:04.323004 2025] [:error] [pid 44652:tid 44712] [client 140.99.1.31:59295] [client 140.99.1.31] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/db.php"] [unique_id "aSLKgNiQFwsyXQDhwyDKFwAAAQY"]
[Sun Nov 23 16:49:04.531424 2025] [:error] [pid 38739:tid 38777] [client 140.99.1.16:53533] [client 140.99.1.16] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-wp-dependency-float.php"] [unique_id "aSLKgAdvEgJm2n2cDmpD8gAAAEg"]
[Sun Nov 23 16:49:05.792693 2025] [:error] [pid 44652:tid 44729] [client 140.99.1.14:37381] [client 140.99.1.14] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/index.php"] [unique_id "aSLKgdiQFwsyXQDhwyDKJAAAARc"]
[Sun Nov 23 16:49:06.001331 2025] [:error] [pid 14602:tid 14628] [client 140.99.1.26:54903] [client 140.99.1.26] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/purna.php"] [unique_id "aSLKgh-I77jdD81pU-m1twAAAUc"]
[Sun Nov 23 16:49:09.328681 2025] [:error] [pid 17534:tid 17554] [client 140.99.1.33:26355] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/interactivity-api/interactivity-api-class.php"] [unique_id "aSLKhXPX9nXBrhgM8sxA3QAAAdI"]
[Sun Nov 23 16:49:09.553760 2025] [:error] [pid 16066:tid 16092] [client 140.99.1.26:22621] [client 140.99.1.26] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/l10n/class-wp-widddget-pages.php"] [unique_id "aSLKhfq-c47Q5mW5E9GHTgAAAZc"]
[Sun Nov 23 16:49:10.040672 2025] [:error] [pid 16066:tid 16071] [client 140.99.1.11:30857] [client 140.99.1.11] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/class-wp-customize-nav-menu-auto-add-control-repository.php"] [unique_id "aSLKhvq-c47Q5mW5E9GHVAAAAYI"]
[Sun Nov 23 16:49:10.247068 2025] [:error] [pid 38739:tid 38769] [client 140.99.1.67:55847] [client 140.99.1.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/script-loader-react-refresh-runtime.min-soap.php"] [unique_id "aSLKhgdvEgJm2n2cDmpEIgAAAEA"]
[Sun Nov 23 16:49:10.429633 2025] [:error] [pid 17534:tid 17546] [client 140.99.1.33:62747] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/module.audio-video.riff-set.php"] [unique_id "aSLKhnPX9nXBrhgM8sxA7QAAAco"]
[Sun Nov 23 16:49:10.748642 2025] [:error] [pid 14602:tid 14637] [client 140.99.1.70:57645] [client 140.99.1.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/utils/license.php"] [unique_id "aSLKhh-I77jdD81pU-m2IwAAAVA"]
[Sun Nov 23 16:49:11.204623 2025] [:error] [pid 38739:tid 38786] [client 140.99.1.27:61855] [client 140.99.1.27] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/options.php"] [unique_id "aSLKhwdvEgJm2n2cDmpELQAAAFE"]
[Sun Nov 23 16:49:11.426255 2025] [:error] [pid 14602:tid 14634] [client 140.99.1.50:63359] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/wp-load.php
[Sun Nov 23 16:49:11.916825 2025] [:error] [pid 14602:tid 14643] [client 140.99.1.50:63359] [client 140.99.1.50] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 140.99.1.50, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/bltm/wp-login.php"] [unique_id "aSLKhx-I77jdD81pU-m2UgAAAVY"]
[Sun Nov 23 16:49:12.737371 2025] [:error] [pid 14602:tid 14621] [client 140.99.1.50:63359] [client 140.99.1.50] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/feed-rsss.php"] [unique_id "aSLKiB-I77jdD81pU-m2aQAAAUA"]
[Sun Nov 23 16:49:12.938592 2025] [:error] [pid 38824:tid 38832] [client 140.99.1.28:45055] [client 140.99.1.28] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/goto.php"] [unique_id "aSLKiE8WZjXLvbHTHPfNSwAAAMU"]
[Sun Nov 23 16:49:13.473512 2025] [:error] [pid 38824:tid 38835] [client 140.99.1.27:60645] File does not exist: /usr/local/apache/htdocs/suspended-page/Sanskrit.php
[Sun Nov 23 16:49:13.575700 2025] [:error] [pid 38824:tid 38850] [client 140.99.1.27:60645] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-fmfile.php
[Sun Nov 23 16:49:14.342928 2025] [:error] [pid 38824:tid 38841] [client 140.99.1.27:60645] File does not exist: /usr/local/apache/htdocs/suspended-page/memberfuns.php
[Sun Nov 23 16:49:14.442065 2025] [:error] [pid 38824:tid 38849] [client 140.99.1.27:60645] File does not exist: /usr/local/apache/htdocs/suspended-page/infos.php
[Sun Nov 23 16:49:14.847403 2025] [:error] [pid 38824:tid 38833] [client 140.99.1.27:60645] File does not exist: /usr/local/apache/htdocs/suspended-page/options-writing.php
[Sun Nov 23 16:49:15.075685 2025] [:error] [pid 38824:tid 38831] [client 140.99.1.27:60645] File does not exist: /usr/local/apache/htdocs/suspended-page/options-reading.php
[Sun Nov 23 16:49:15.186997 2025] [:error] [pid 38824:tid 38844] [client 140.99.1.27:60645] File does not exist: /usr/local/apache/htdocs/suspended-page/wsad.php
[Sun Nov 23 16:49:15.291174 2025] [:error] [pid 38824:tid 38850] [client 140.99.1.27:60645] File does not exist: /usr/local/apache/htdocs/suspended-page/nation.php
[Sun Nov 23 16:49:15.383518 2025] [:error] [pid 38824:tid 38837] [client 140.99.1.27:60645] [client 140.99.1.27] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/codemirror/index.php"] [unique_id "aSLKi08WZjXLvbHTHPfNgwAAAMo"]
[Sun Nov 23 16:49:15.782621 2025] [:error] [pid 38738:tid 38760] [client 140.99.1.31:42209] [client 140.99.1.31] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/wp_class_datlib.php"] [unique_id "aSLKiwytc6TL9XavPmMYJAAAABI"]
[Sun Nov 23 16:49:16.027437 2025] [:error] [pid 44652:tid 44708] [client 140.99.1.49:59383] [client 140.99.1.49] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/langs/about.php"] [unique_id "aSLKjNiQFwsyXQDhwyDKvQAAAQI"]
[Sun Nov 23 16:49:16.385738 2025] [:error] [pid 38740:tid 38807] [client 140.99.1.20:50361] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-atomx.php
[Sun Nov 23 16:49:16.504913 2025] [:error] [pid 38740:tid 38805] [client 140.99.1.20:50361] File does not exist: /usr/local/apache/htdocs/suspended-page/admin-footer.php
[Sun Nov 23 16:49:16.767001 2025] [:error] [pid 38740:tid 38798] [client 140.99.1.20:50361] File does not exist: /usr/local/apache/htdocs/suspended-page/XxX.php
[Sun Nov 23 16:49:16.977639 2025] [:error] [pid 38740:tid 38808] [client 140.99.1.20:50361] [client 140.99.1.20] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Registry-private.php"] [unique_id "aSLKjA13QPZSi6O8umWz4QAAAIw"]
[Sun Nov 23 16:49:17.203803 2025] [:error] [pid 38740:tid 38819] [client 140.99.1.76:40367] [client 140.99.1.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/script-modules-packages.min-meta.php"] [unique_id "aSLKjQ13QPZSi6O8umWz4gAAAJc"]
[Sun Nov 23 16:49:17.386718 2025] [:error] [pid 38739:tid 38770] [client 140.99.1.71:33719] [client 140.99.1.71] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/bypass.php"] [unique_id "aSLKjQdvEgJm2n2cDmpEYQAAAEE"]
[Sun Nov 23 16:49:19.181830 2025] [:error] [pid 38824:tid 38850] [client 140.99.1.2:34457] [client 140.99.1.2] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/style-engine/adminfus.php"] [unique_id "aSLKj08WZjXLvbHTHPfNrwAAANc"]
[Sun Nov 23 16:49:19.477642 2025] [:error] [pid 17534:tid 17536] [client 140.99.1.27:58717] [client 140.99.1.27] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/group/wp-style.php"] [unique_id "aSLKj3PX9nXBrhgM8sxBdAAAAcA"]
[Sun Nov 23 16:49:19.933010 2025] [:error] [pid 14602:tid 14627] [client 140.99.1.2:32939] [client 140.99.1.2] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-wolf-widget.php"] [unique_id "aSLKjx-I77jdD81pU-m2qwAAAUY"]
[Sun Nov 23 16:49:23.836018 2025] [:error] [pid 14602:tid 14637] [client 140.99.1.69:21103] [client 140.99.1.69] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/index.php"] [unique_id "aSLKkx-I77jdD81pU-m24gAAAVA"]
[Sun Nov 23 16:49:24.026280 2025] [:error] [pid 14602:tid 14632] [client 140.99.1.62:64197] File does not exist: /usr/local/apache/htdocs/suspended-page/xex.php
[Sun Nov 23 16:49:24.230919 2025] [:error] [pid 14602:tid 14637] [client 140.99.1.62:64197] [client 140.99.1.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/about.php"] [unique_id "aSLKlB-I77jdD81pU-m28gAAAVA"]
[Sun Nov 23 16:49:24.664133 2025] [:error] [pid 14602:tid 14641] [client 140.99.1.48:32447] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-head.php
[Sun Nov 23 16:49:25.049714 2025] [:error] [pid 14602:tid 14642] [client 140.99.1.48:32447] File does not exist: /usr/local/apache/htdocs/suspended-page/makeasmtp.php
[Sun Nov 23 16:49:25.147457 2025] [:error] [pid 14602:tid 14643] [client 140.99.1.48:32447] [client 140.99.1.48] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/wp-sup.php"] [unique_id "aSLKlR-I77jdD81pU-m3BQAAAVY"]
[Sun Nov 23 16:49:25.581669 2025] [:error] [pid 38738:tid 38759] [client 140.99.1.49:63659] [client 140.99.1.49] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-t.api.php"] [unique_id "aSLKlQytc6TL9XavPmMYuAAAABE"]
[Sun Nov 23 16:49:26.321168 2025] [:error] [pid 14602:tid 14640] [client 140.99.1.74:58489] [client 140.99.1.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/require-dynamic-blocks.php"] [unique_id "aSLKlh-I77jdD81pU-m3HQAAAVM"]
[Sun Nov 23 16:49:27.158321 2025] [:error] [pid 38738:tid 38758] [client 140.99.1.71:40575] [client 140.99.1.71] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-widget-rss-database.php"] [unique_id "aSLKlwytc6TL9XavPmMYxQAAABA"]
[Sun Nov 23 16:49:27.501265 2025] [:error] [pid 38738:tid 38761] [client 140.99.1.53:56715] File does not exist: /usr/local/apache/htdocs/suspended-page/click.php
[Sun Nov 23 16:49:27.710385 2025] [:error] [pid 38738:tid 38760] [client 140.99.1.53:56715] [client 140.99.1.53] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-wp-customize-manager-client.php"] [unique_id "aSLKlwytc6TL9XavPmMY0wAAABI"]
[Sun Nov 23 16:49:28.168791 2025] [:error] [pid 38824:tid 38845] [client 140.99.1.72:46193] [client 140.99.1.72] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/script-modules-packages.min-boolean.php"] [unique_id "aSLKmE8WZjXLvbHTHPfOFQAAANI"]
[Sun Nov 23 16:49:28.959323 2025] [:error] [pid 16066:tid 16071] [client 140.99.1.31:57175] [client 140.99.1.31] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/simi.php"] [unique_id "aSLKmPq-c47Q5mW5E9GIUAAAAYI"]
[Sun Nov 23 16:49:29.156506 2025] [:error] [pid 38824:tid 38829] [client 140.99.1.33:43219] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-admin.php
[Sun Nov 23 16:49:29.733294 2025] [:error] [pid 38824:tid 38829] [client 140.99.1.33:43219] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-editor.php
[Sun Nov 23 16:49:29.832282 2025] [:error] [pid 38824:tid 38842] [client 140.99.1.33:43219] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/style-engine-session.php"] [unique_id "aSLKmU8WZjXLvbHTHPfOQwAAAM8"]
[Sun Nov 23 16:49:30.471816 2025] [:error] [pid 17534:tid 17559] [client 140.99.1.3:31047] File does not exist: /usr/local/apache/htdocs/suspended-page/adminfusm.php
[Sun Nov 23 16:49:30.758393 2025] [:error] [pid 17534:tid 17551] [client 140.99.1.3:31047] [client 140.99.1.3] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/wp-includes/assets/script-loader-packages.min.php"] [unique_id "aSLKmnPX9nXBrhgM8sxCCAAAAc8"]
[Sun Nov 23 16:49:30.964212 2025] [:error] [pid 38740:tid 38804] [client 140.99.1.69:44669] [client 140.99.1.69] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/blocks/file/wp-style.php"] [unique_id "aSLKmg13QPZSi6O8umW0hgAAAIg"]
[Sun Nov 23 16:49:31.446206 2025] [:error] [pid 16066:tid 16074] [client 140.99.1.14:41829] [client 140.99.1.14] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/class-IXR-cilent.php"] [unique_id "aSLKm_q-c47Q5mW5E9GIXwAAAYU"]
[Sun Nov 23 16:49:32.032687 2025] [:error] [pid 16066:tid 16092] [client 140.99.1.50:41743] [client 140.99.1.50] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/install.php"] [unique_id "aSLKnPq-c47Q5mW5E9GIZAAAAZc"]
[Sun Nov 23 16:49:32.255810 2025] [:error] [pid 14602:tid 14645] [client 140.99.1.62:49617] [client 140.99.1.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/xleet.php"] [unique_id "aSLKnB-I77jdD81pU-m3XQAAAVg"]
[Sun Nov 23 16:49:32.594358 2025] [:error] [pid 16066:tid 16090] [client 140.99.1.63:63371] File does not exist: /usr/local/apache/htdocs/suspended-page/f35_SpaceTn.php
[Sun Nov 23 16:49:33.158635 2025] [:error] [pid 16066:tid 16076] [client 140.99.1.63:63371] [client 140.99.1.63] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/category-double.php"] [unique_id "aSLKnfq-c47Q5mW5E9GIbgAAAYc"]
[Sun Nov 23 16:49:34.328943 2025] [:error] [pid 44652:tid 44726] [client 140.99.1.44:23445] [client 140.99.1.44] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/db.php"] [unique_id "aSLKntiQFwsyXQDhwyDLyAAAARQ"]
[Sun Nov 23 16:49:34.517569 2025] [:error] [pid 17534:tid 17547] [client 140.99.1.62:47255] [client 140.99.1.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/security.php"] [unique_id "aSLKnnPX9nXBrhgM8sxCPwAAAcs"]
[Sun Nov 23 16:49:34.957707 2025] [:error] [pid 17534:tid 17536] [client 140.99.1.17:64603] File does not exist: /usr/local/apache/htdocs/suspended-page/gm.php
[Sun Nov 23 16:49:35.050430 2025] [:error] [pid 17534:tid 17552] [client 140.99.1.17:64603] [client 140.99.1.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-wp-language-pack.php"] [unique_id "aSLKn3PX9nXBrhgM8sxCTgAAAdA"]
[Sun Nov 23 16:49:35.396608 2025] [:error] [pid 44652:tid 44726] [client 140.99.1.17:33965] [client 140.99.1.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-walker-comment-client.php"] [unique_id "aSLKn9iQFwsyXQDhwyDL2gAAARQ"]
[Sun Nov 23 16:49:36.334061 2025] [:error] [pid 17534:tid 17540] [client 140.99.1.73:60671] [client 140.99.1.73] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-wp-network-query-stat.php"] [unique_id "aSLKoHPX9nXBrhgM8sxCYgAAAcQ"]
[Sun Nov 23 16:49:37.053505 2025] [:error] [pid 16066:tid 16077] [client 140.99.1.10:21785] File does not exist: /usr/local/apache/htdocs/suspended-page/plugin-install.php
[Sun Nov 23 16:49:37.162809 2025] [:error] [pid 16066:tid 16080] [client 140.99.1.10:21785] [client 140.99.1.10] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-wp-session-tokens-https.php"] [unique_id "aSLKofq-c47Q5mW5E9GIiAAAAYs"]
[Sun Nov 23 16:49:37.613353 2025] [:error] [pid 38738:tid 38759] [client 140.99.1.38:62125] [client 140.99.1.38] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/crystal/lrs_dage.php"] [unique_id "aSLKoQytc6TL9XavPmMZIwAAABE"]
[Sun Nov 23 16:49:37.950900 2025] [:error] [pid 38740:tid 38817] [client 140.99.1.33:23939] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/as.php"] [unique_id "aSLKoQ13QPZSi6O8umW07gAAAJU"]
[Sun Nov 23 16:49:39.350466 2025] [:error] [pid 38739:tid 38774] [client 140.99.1.11:39781] [client 140.99.1.11] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/wp-conflg.php"] [unique_id "aSLKowdvEgJm2n2cDmpFGAAAAEU"]
[Sun Nov 23 16:49:40.627037 2025] [:error] [pid 14602:tid 14625] [client 140.99.1.69:59195] [client 140.99.1.69] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/install.php"] [unique_id "aSLKpB-I77jdD81pU-m3zwAAAUQ"]
[Sun Nov 23 16:49:40.886187 2025] [:error] [pid 38740:tid 38811] [client 140.99.1.33:31127] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/db.php"] [unique_id "aSLKpA13QPZSi6O8umW1EgAAAI8"]
[Sun Nov 23 16:49:41.886714 2025] [:error] [pid 38739:tid 38792] [client 140.99.1.39:31895] [client 140.99.1.39] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/thickbox/about.php"] [unique_id "aSLKpQdvEgJm2n2cDmpFRQAAAFc"]
[Sun Nov 23 16:49:42.455850 2025] [:error] [pid 44652:tid 44712] [client 140.99.1.10:29767] [client 140.99.1.10] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rk2.php"] [unique_id "aSLKptiQFwsyXQDhwyDMLAAAAQY"]
[Sun Nov 23 16:49:42.961314 2025] [:error] [pid 17534:tid 17553] [client 140.99.1.24:46059] File does not exist: /usr/local/apache/htdocs/suspended-page/b.php
[Sun Nov 23 16:49:43.078905 2025] [:error] [pid 17534:tid 17544] [client 140.99.1.24:46059] [client 140.99.1.24] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/past.php"] [unique_id "aSLKp3PX9nXBrhgM8sxCnQAAAcg"]
[Sun Nov 23 16:49:43.652647 2025] [:error] [pid 38739:tid 38772] [client 140.99.1.10:41771] [client 140.99.1.10] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/edit-tags.php"] [unique_id "aSLKpwdvEgJm2n2cDmpFWgAAAEM"]
[Sun Nov 23 16:49:43.875709 2025] [:error] [pid 16066:tid 16075] [client 140.99.1.17:51771] File does not exist: /usr/local/apache/htdocs/suspended-page/wsax.php
[Sun Nov 23 16:49:44.638609 2025] [:error] [pid 16066:tid 16080] [client 140.99.1.17:51771] [client 140.99.1.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/footer-default.php"] [unique_id "aSLKqPq-c47Q5mW5E9GI6gAAAYs"]
[Sun Nov 23 16:49:44.941425 2025] [:error] [pid 14602:tid 14630] [client 140.99.1.14:28717] [client 140.99.1.14] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-widget-meta-request.php"] [unique_id "aSLKqB-I77jdD81pU-m4GwAAAUk"]
[Sun Nov 23 16:49:45.281722 2025] [:error] [pid 44652:tid 44712] [client 140.99.1.14:35253] [client 140.99.1.14] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/edit-widgets/bypass.php"] [unique_id "aSLKqdiQFwsyXQDhwyDMXAAAAQY"]
[Sun Nov 23 16:49:45.764893 2025] [:error] [pid 38824:tid 38839] [client 140.99.1.39:54279] [client 140.99.1.39] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/l10n/wp-login.php"] [unique_id "aSLKqU8WZjXLvbHTHPfPTgAAAMw"]
[Sun Nov 23 16:49:47.107971 2025] [:error] [pid 16066:tid 16088] [client 140.99.1.46:58805] [client 140.99.1.46] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/wp-ss.php"] [unique_id "aSLKq_q-c47Q5mW5E9GJAgAAAZM"]
[Sun Nov 23 16:49:47.312403 2025] [:error] [pid 38739:tid 38787] [client 140.99.1.47:33509] [client 140.99.1.47] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/xsec1.php"] [unique_id "aSLKqwdvEgJm2n2cDmpFlwAAAFI"]
[Sun Nov 23 16:49:47.916305 2025] [:error] [pid 38739:tid 38791] [client 140.99.1.8:34153] [client 140.99.1.8] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/crystal/sad.php"] [unique_id "aSLKqwdvEgJm2n2cDmpFowAAAFY"]
[Sun Nov 23 16:49:48.165341 2025] [:error] [pid 38739:tid 38779] [client 140.99.1.16:29245] [client 140.99.1.16] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/script-loader-packages.min.php"] [unique_id "aSLKrAdvEgJm2n2cDmpFpwAAAEo"]
[Sun Nov 23 16:49:48.650707 2025] [:error] [pid 38824:tid 38849] [client 140.99.1.46:65513] [client 140.99.1.46] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-phpmailer-beta.php"] [unique_id "aSLKrE8WZjXLvbHTHPfPZQAAANY"]
[Sun Nov 23 16:49:48.971509 2025] [:error] [pid 44652:tid 44715] [client 140.99.1.46:38003] [client 140.99.1.46] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ms-file.php"] [unique_id "aSLKrNiQFwsyXQDhwyDMlgAAAQk"]
[Sun Nov 23 16:49:49.154430 2025] [:error] [pid 16066:tid 16079] [client 140.99.1.33:31057] [client 140.99.1.33] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 140.99.1.33, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/wp-login.php"] [unique_id "aSLKrfq-c47Q5mW5E9GJDQAAAYo"]
[Sun Nov 23 16:49:49.156915 2025] [:error] [pid 16066:tid 16079] [client 140.99.1.33:31057] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/wp-login.php
[Sun Nov 23 16:49:49.269943 2025] [:error] [pid 16066:tid 16091] [client 140.99.1.33:31057] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/av.php"] [unique_id "aSLKrfq-c47Q5mW5E9GJDwAAAZY"]
[Sun Nov 23 16:49:49.700344 2025] [:error] [pid 14602:tid 14644] [client 140.99.1.10:43149] File does not exist: /usr/local/apache/htdocs/suspended-page/bs1.php
[Sun Nov 23 16:49:49.898242 2025] [:error] [pid 14602:tid 14634] [client 140.99.1.10:43149] [client 140.99.1.10] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/autoload_classmap.php"] [unique_id "aSLKrR-I77jdD81pU-m4UAAAAU0"]
[Sun Nov 23 16:49:50.201283 2025] [:error] [pid 38740:tid 38805] [client 140.99.1.43:44357] [client 140.99.1.43] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/network.php"] [unique_id "aSLKrg13QPZSi6O8umW1ZgAAAIk"]
[Sun Nov 23 16:49:50.392695 2025] [:error] [pid 16066:tid 16093] [client 140.99.1.27:26185] File does not exist: /usr/local/apache/htdocs/suspended-page/page.php
[Sun Nov 23 16:49:51.500257 2025] [:error] [pid 16066:tid 16085] [client 140.99.1.27:26185] [client 140.99.1.27] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/XML/content.php"] [unique_id "aSLKr_q-c47Q5mW5E9GJJgAAAZA"]
[Sun Nov 23 16:49:51.710203 2025] [:error] [pid 44652:tid 44719] [client 140.99.1.42:46103] [client 140.99.1.42] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/pomo/item.php"] [unique_id "aSLKr9iQFwsyXQDhwyDMtwAAAQ0"]
[Sun Nov 23 16:49:52.229608 2025] [:error] [pid 14602:tid 14633] [client 140.99.1.32:49445] [client 140.99.1.32] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/pomo/plugins.php"] [unique_id "aSLKsB-I77jdD81pU-m4YQAAAUw"]
[Sun Nov 23 16:49:52.626813 2025] [:error] [pid 38739:tid 38788] [client 140.99.1.31:28435] [client 140.99.1.31] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/install.php"] [unique_id "aSLKsAdvEgJm2n2cDmpF2wAAAFM"]
[Sun Nov 23 16:49:52.890344 2025] [:error] [pid 44652:tid 44707] [client 140.99.1.17:56569] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/gecko-old.php
[Sun Nov 23 16:49:53.009049 2025] [:error] [pid 44652:tid 44728] [client 140.99.1.17:56569] [client 140.99.1.17] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 140.99.1.17, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/css/wp-login.php"] [unique_id "aSLKsdiQFwsyXQDhwyDMygAAARY"]
[Sun Nov 23 16:49:53.229597 2025] [:error] [pid 44652:tid 44710] [client 140.99.1.17:56569] [client 140.99.1.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-nav-widgets.php"] [unique_id "aSLKsdiQFwsyXQDhwyDMzAAAAQQ"]
[Sun Nov 23 16:49:54.240692 2025] [:error] [pid 16066:tid 16073] [client 140.99.1.33:32207] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/providers/doc.php"] [unique_id "aSLKsvq-c47Q5mW5E9GJRAAAAYQ"]
[Sun Nov 23 16:49:54.472264 2025] [:error] [pid 38740:tid 38818] [client 140.99.1.68:22183] File does not exist: /usr/local/apache/htdocs/suspended-page/ws.php
[Sun Nov 23 16:49:54.581569 2025] [:error] [pid 38740:tid 38819] [client 140.99.1.68:22183] [client 140.99.1.68] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/rest-api/1.php"] [unique_id "aSLKsg13QPZSi6O8umW1pgAAAJc"]
[Sun Nov 23 16:49:54.795833 2025] [:error] [pid 38738:tid 38742] [client 140.99.1.38:28409] [client 140.99.1.38] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/fonts/class_api.php"] [unique_id "aSLKsgytc6TL9XavPmMaEAAAAAA"]
[Sun Nov 23 16:49:55.126880 2025] [:error] [pid 17534:tid 17543] [client 140.99.1.7:34569] File does not exist: /usr/local/apache/htdocs/suspended-page/shop.php
[Sun Nov 23 16:49:55.526016 2025] [:error] [pid 17534:tid 17536] [client 140.99.1.7:34569] [client 140.99.1.7] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/admin.php"] [unique_id "aSLKs3PX9nXBrhgM8sxDbgAAAcA"]
[Sun Nov 23 16:49:55.943098 2025] [:error] [pid 16066:tid 16080] [client 140.99.1.62:26621] [client 140.99.1.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/about.php"] [unique_id "aSLKs_q-c47Q5mW5E9GJWgAAAYs"]
[Sun Nov 23 16:49:56.157563 2025] [:error] [pid 44652:tid 44726] [client 140.99.1.14:34805] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-api.php
[Sun Nov 23 16:49:56.492479 2025] [:error] [pid 44652:tid 44715] [client 140.99.1.14:34805] File does not exist: /usr/local/apache/htdocs/suspended-page/css.php
[Sun Nov 23 16:49:56.749838 2025] [:error] [pid 44652:tid 44720] [client 140.99.1.14:34805] [client 140.99.1.14] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-wp-customize-manager-interpreter.php"] [unique_id "aSLKtNiQFwsyXQDhwyDM9AAAAQ4"]
[Sun Nov 23 16:49:57.048377 2025] [:error] [pid 17534:tid 17548] [client 140.99.1.46:28051] [client 140.99.1.46] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/bypass.php"] [unique_id "aSLKtXPX9nXBrhgM8sxDhgAAAcw"]
[Sun Nov 23 16:49:57.597786 2025] [:error] [pid 38738:tid 38765] [client 140.99.1.63:60379] [client 140.99.1.63] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/count.php"] [unique_id "aSLKtQytc6TL9XavPmMaIQAAABc"]
[Sun Nov 23 16:49:57.825037 2025] [:error] [pid 38824:tid 38842] [client 140.99.1.46:58311] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-error_log.php
[Sun Nov 23 16:49:58.518222 2025] [:error] [pid 38824:tid 38829] [client 140.99.1.46:58311] [client 140.99.1.46] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/chosen.php"] [unique_id "aSLKtk8WZjXLvbHTHPfPrAAAAMI"]
[Sun Nov 23 16:49:59.019269 2025] [:error] [pid 14602:tid 14630] [client 140.99.1.73:59635] [client 140.99.1.73] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||randolphaircraft.com.au|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "randolphaircraft.com.au"] [uri "/images/stories/themes.php"] [unique_id "aSLKtx-I77jdD81pU-m4pwAAAUk"]
[Sun Nov 23 16:49:59.112750 2025] [:error] [pid 14602:tid 14633] [client 140.99.1.73:59635] [client 140.99.1.73] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/footer-embed-function.php"] [unique_id "aSLKtx-I77jdD81pU-m4qAAAAUw"]
[Sun Nov 23 16:50:00.750229 2025] [:error] [pid 38824:tid 38828] [client 140.99.1.37:31751] [client 140.99.1.37] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/l10n/class-wp-translation-file-mo-event.php"] [unique_id "aSLKuE8WZjXLvbHTHPfPwgAAAME"]
[Sun Nov 23 16:50:00.975824 2025] [:error] [pid 38824:tid 38847] [client 140.99.1.18:36199] [client 140.99.1.18] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/vars-soap.php"] [unique_id "aSLKuE8WZjXLvbHTHPfPyQAAANQ"]
[Sun Nov 23 16:50:01.527266 2025] [:error] [pid 44652:tid 44717] [client 140.99.1.28:45625] File does not exist: /usr/local/apache/htdocs/suspended-page/files.php
[Sun Nov 23 16:50:04.753650 2025] [:error] [pid 44652:tid 44711] [client 140.99.1.28:45625] [client 140.99.1.28] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/id3/wp-work.php"] [unique_id "aSLKvNiQFwsyXQDhwyDNIgAAAQU"]
[Sun Nov 23 16:50:05.176514 2025] [:error] [pid 38738:tid 38743] [client 140.99.1.78:37813] [client 140.99.1.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-wp-taxonomy.editor.php"] [unique_id "aSLKvQytc6TL9XavPmMaSAAAAAE"]
[Sun Nov 23 16:50:05.504747 2025] [:error] [pid 16066:tid 16071] [client 140.99.1.33:47587] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/wp-conflg.php"] [unique_id "aSLKvfq-c47Q5mW5E9GJswAAAYI"]
[Sun Nov 23 16:50:05.745730 2025] [:error] [pid 17534:tid 17552] [client 140.99.1.24:54813] File does not exist: /usr/local/apache/htdocs/suspended-page/blog.php
[Sun Nov 23 16:50:06.304048 2025] [:error] [pid 17534:tid 17544] [client 140.99.1.24:54813] [client 140.99.1.24] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/interactivity-api/interactivity-api-xml.php"] [unique_id "aSLKvnPX9nXBrhgM8sxD1AAAAcg"]
[Sun Nov 23 16:50:06.728621 2025] [:error] [pid 14602:tid 14636] [client 140.99.1.15:33625] [client 140.99.1.15] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/colour.php"] [unique_id "aSLKvh-I77jdD81pU-m49gAAAU8"]
[Sun Nov 23 16:50:06.932324 2025] [:error] [pid 38739:tid 38788] [client 140.99.1.15:58949] File does not exist: /usr/local/apache/htdocs/suspended-page/elp.php
[Sun Nov 23 16:50:07.095706 2025] [:error] [pid 38739:tid 38772] [client 140.99.1.15:58949] [client 140.99.1.15] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/class-wp-customize-background-position-control-variable.php"] [unique_id "aSLKvwdvEgJm2n2cDmpGTAAAAEM"]
[Sun Nov 23 16:50:07.361779 2025] [:error] [pid 38739:tid 38775] [client 140.99.1.67:46915] [client 140.99.1.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/images/include.php"] [unique_id "aSLKvwdvEgJm2n2cDmpGUgAAAEY"]
[Sun Nov 23 16:50:07.816613 2025] [:error] [pid 16066:tid 16071] [client 140.99.1.53:62001] [client 140.99.1.53] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/imgareaselect/wp-login.php"] [unique_id "aSLKv_q-c47Q5mW5E9GJxgAAAYI"]
[Sun Nov 23 16:50:08.638867 2025] [:error] [pid 17534:tid 17543] [client 140.99.1.50:22483] File does not exist: /usr/local/apache/htdocs/suspended-page/entrepreneuse.php
[Sun Nov 23 16:50:08.730633 2025] [:error] [pid 17534:tid 17537] [client 140.99.1.50:22483] [client 140.99.1.50] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/l10n/class-wp-translations-interface.php"] [unique_id "aSLKwHPX9nXBrhgM8sxD6wAAAcE"]
[Sun Nov 23 16:50:08.925833 2025] [:error] [pid 38738:tid 38747] [client 140.99.1.74:60995] [client 140.99.1.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/about5.php"] [unique_id "aSLKwAytc6TL9XavPmMaXwAAAAU"]
[Sun Nov 23 16:50:09.821702 2025] [:error] [pid 17534:tid 17547] [client 140.99.1.67:54455] [client 140.99.1.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/db.php"] [unique_id "aSLKwXPX9nXBrhgM8sxD-wAAAcs"]
[Sun Nov 23 16:50:10.428233 2025] [:error] [pid 38739:tid 38784] [client 140.99.1.37:47125] [client 140.99.1.37] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/dist/bypass.php"] [unique_id "aSLKwgdvEgJm2n2cDmpGhAAAAE8"]
[Sun Nov 23 16:50:10.684058 2025] [:error] [pid 38740:tid 38798] [client 140.99.1.32:63169] File does not exist: /usr/local/apache/htdocs/suspended-page/testt.php
[Sun Nov 23 16:50:11.012925 2025] [:error] [pid 38740:tid 38817] [client 140.99.1.32:63169] [client 140.99.1.32] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/wp-conflg.php"] [unique_id "aSLKww13QPZSi6O8umW2WAAAAJU"]
[Sun Nov 23 16:50:11.294565 2025] [:error] [pid 38824:tid 38838] [client 140.99.1.14:51791] [client 140.99.1.14] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/wp-includes/assets/script-loader-packages.php"] [unique_id "aSLKw08WZjXLvbHTHPfP9QAAAMs"]
[Sun Nov 23 16:50:12.383166 2025] [:error] [pid 38739:tid 38777] [client 140.99.1.15:58959] [client 140.99.1.15] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/login.php"] [unique_id "aSLKxAdvEgJm2n2cDmpGlAAAAEg"]
[Sun Nov 23 16:50:12.681402 2025] [:error] [pid 38739:tid 38783] [client 140.99.1.14:25567] File does not exist: /usr/local/apache/htdocs/suspended-page/network.php
[Sun Nov 23 16:50:12.956777 2025] [:error] [pid 38739:tid 38782] [client 140.99.1.14:25567] [client 140.99.1.14] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/chosen.php"] [unique_id "aSLKxAdvEgJm2n2cDmpGnQAAAE0"]
[Sun Nov 23 16:50:13.157139 2025] [:error] [pid 17534:tid 17547] [client 140.99.1.37:32211] File does not exist: /usr/local/apache/htdocs/suspended-page/wikindex.php
[Sun Nov 23 16:50:13.359743 2025] [:error] [pid 17534:tid 17550] [client 140.99.1.37:32211] [client 140.99.1.37] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Cache/index.php"] [unique_id "aSLKxXPX9nXBrhgM8sxEJgAAAc4"]
[Sun Nov 23 16:50:13.614357 2025] [:error] [pid 38740:tid 38814] [client 140.99.1.71:32791] [client 140.99.1.71] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/about.php"] [unique_id "aSLKxQ13QPZSi6O8umW2jQAAAJI"]
[Sun Nov 23 16:50:14.062687 2025] [:error] [pid 14602:tid 14629] [client 140.99.1.47:64653] [client 140.99.1.47] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/about.php"] [unique_id "aSLKxh-I77jdD81pU-m5OQAAAUg"]
[Sun Nov 23 16:50:14.308143 2025] [:error] [pid 38824:tid 38828] [client 140.99.1.38:42639] [client 140.99.1.38] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/simi.php"] [unique_id "aSLKxk8WZjXLvbHTHPfP_gAAAME"]
[Sun Nov 23 16:50:14.752397 2025] [:error] [pid 16066:tid 16079] [client 140.99.1.48:53861] [client 140.99.1.48] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/Text/index.php"] [unique_id "aSLKxvq-c47Q5mW5E9GJ9AAAAYo"]
[Sun Nov 23 16:50:15.236821 2025] [:error] [pid 38738:tid 38765] [client 140.99.1.39:30835] [client 140.99.1.39] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/abcd.php"] [unique_id "aSLKxwytc6TL9XavPmMaiAAAABc"]
[Sun Nov 23 16:50:15.419963 2025] [:error] [pid 17534:tid 17548] [client 140.99.1.75:62309] [client 140.99.1.75] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/rk2.php"] [unique_id "aSLKx3PX9nXBrhgM8sxEOwAAAcw"]
[Sun Nov 23 16:50:15.629170 2025] [:error] [pid 38824:tid 38847] [client 140.99.1.48:36931] [client 140.99.1.48] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/class-wp-widget-search-interpreter.php"] [unique_id "aSLKx08WZjXLvbHTHPfQBQAAANQ"]
[Sun Nov 23 16:50:16.529609 2025] [:error] [pid 44652:tid 44728] [client 140.99.1.17:60329] [client 140.99.1.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/block-template-utils-other.php"] [unique_id "aSLKyNiQFwsyXQDhwyDNnwAAARY"]
[Sun Nov 23 16:50:17.130569 2025] [:error] [pid 44652:tid 44708] [client 140.99.1.44:28977] [client 140.99.1.44] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/lib/widget-group.php"] [unique_id "aSLKydiQFwsyXQDhwyDNsAAAAQI"]
[Sun Nov 23 16:50:17.442277 2025] [:error] [pid 38824:tid 38835] [client 140.99.1.70:54921] [client 140.99.1.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/jcrop/about.php"] [unique_id "aSLKyU8WZjXLvbHTHPfQEgAAAMg"]
[Sun Nov 23 16:50:17.797566 2025] [:error] [pid 16066:tid 16070] [client 140.99.1.75:57263] [client 140.99.1.75] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/chosen.php"] [unique_id "aSLKyfq-c47Q5mW5E9GKBQAAAYE"]
[Sun Nov 23 16:50:18.317819 2025] [:error] [pid 17534:tid 17548] [client 140.99.1.28:64237] File does not exist: /usr/local/apache/htdocs/suspended-page/media-new.php
[Sun Nov 23 16:50:18.858586 2025] [:error] [pid 17534:tid 17539] [client 140.99.1.28:64237] [client 140.99.1.28] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/plugin.php"] [unique_id "aSLKynPX9nXBrhgM8sxEXAAAAcM"]
[Sun Nov 23 16:50:19.045915 2025] [:error] [pid 17534:tid 17547] [client 140.99.1.38:37997] [client 140.99.1.38] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-wp-scripts-query.php"] [unique_id "aSLKy3PX9nXBrhgM8sxEXgAAAcs"]
[Sun Nov 23 16:50:19.464005 2025] [:error] [pid 38739:tid 38784] [client 140.99.1.6:37413] File does not exist: /usr/local/apache/htdocs/suspended-page/pages.php
[Sun Nov 23 16:50:19.663657 2025] [:error] [pid 38739:tid 38771] [client 140.99.1.6:37413] [client 140.99.1.6] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/module.audio-license.php"] [unique_id "aSLKywdvEgJm2n2cDmpGwwAAAEI"]
[Sun Nov 23 16:50:20.362035 2025] [:error] [pid 38824:tid 38843] [client 140.99.1.2:42401] [client 140.99.1.2] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-wp-error-module.php"] [unique_id "aSLKzE8WZjXLvbHTHPfQSwAAANA"]
[Sun Nov 23 16:50:20.802871 2025] [:error] [pid 16066:tid 16074] [client 140.99.1.70:42449] File does not exist: /usr/local/apache/htdocs/suspended-page/adminfus.php
[Sun Nov 23 16:50:21.204644 2025] [:error] [pid 16066:tid 16070] [client 140.99.1.70:42449] [client 140.99.1.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/litespeed.php"] [unique_id "aSLKzfq-c47Q5mW5E9GKFgAAAYE"]
[Sun Nov 23 16:50:21.725688 2025] [:error] [pid 38739:tid 38773] [client 140.99.1.10:21887] [client 140.99.1.10] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/alam.php"] [unique_id "aSLKzQdvEgJm2n2cDmpGywAAAEQ"]
[Sun Nov 23 16:50:21.978127 2025] [:error] [pid 14602:tid 14629] [client 140.99.1.10:51227] File does not exist: /usr/local/apache/htdocs/suspended-page/cong.php
[Sun Nov 23 16:50:22.117700 2025] [:error] [pid 14602:tid 14630] [client 140.99.1.10:51227] [client 140.99.1.10] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/block-bindings/imagess.php"] [unique_id "aSLKzh-I77jdD81pU-m5cgAAAUk"]
[Sun Nov 23 16:50:22.412651 2025] [:error] [pid 38824:tid 38841] [client 140.99.1.13:20585] [client 140.99.1.13] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/default-filters-edit.php"] [unique_id "aSLKzk8WZjXLvbHTHPfQXAAAAM4"]
[Sun Nov 23 16:50:23.041116 2025] [:error] [pid 16066:tid 16070] [client 140.99.1.28:34717] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-configs.php
[Sun Nov 23 16:50:23.136691 2025] [:error] [pid 16066:tid 16088] [client 140.99.1.28:34717] [client 140.99.1.28] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/Auth/index.php"] [unique_id "aSLKz_q-c47Q5mW5E9GKKAAAAZM"]
[Sun Nov 23 16:50:23.734272 2025] [:error] [pid 38824:tid 38836] [client 140.99.1.2:49293] [client 140.99.1.2] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/theme.php"] [unique_id "aSLKz08WZjXLvbHTHPfQbAAAAMk"]
[Sun Nov 23 16:50:24.108640 2025] [:error] [pid 38738:tid 38750] [client 140.99.1.14:38041] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/mah.php
[Sun Nov 23 16:50:24.531366 2025] [:error] [pid 38738:tid 38750] [client 140.99.1.14:38041] [client 140.99.1.14] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/shell.php"] [unique_id "aSLK0Aytc6TL9XavPmMaxQAAAAg"]
[Sun Nov 23 16:50:24.719220 2025] [:error] [pid 38740:tid 38800] [client 140.99.1.39:62355] [client 140.99.1.39] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/class-wp-customize-selective-refresh-library.php"] [unique_id "aSLK0A13QPZSi6O8umW3CQAAAIQ"]
[Sun Nov 23 16:50:24.961565 2025] [:error] [pid 38738:tid 38747] [client 140.99.1.33:36005] File does not exist: /usr/local/apache/htdocs/suspended-page/ms-users.php
[Sun Nov 23 16:50:25.206943 2025] [:error] [pid 38738:tid 38745] [client 140.99.1.33:36005] [client 140.99.1.33] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/library/wp-login.php"] [unique_id "aSLK0Qytc6TL9XavPmMayQAAAAM"]
[Sun Nov 23 16:50:25.391974 2025] [:error] [pid 38740:tid 38807] [client 140.99.1.2:26377] [client 140.99.1.2] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/interactivity-api/about.php"] [unique_id "aSLK0Q13QPZSi6O8umW3DgAAAIs"]
[Sun Nov 23 16:50:26.739153 2025] [:error] [pid 16066:tid 16087] [client 140.99.1.68:62841] [client 140.99.1.68] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/wp-2019.php"] [unique_id "aSLK0vq-c47Q5mW5E9GKSwAAAZI"]
[Sun Nov 23 16:50:26.985738 2025] [:error] [pid 16066:tid 16081] [client 140.99.1.50:35827] [client 140.99.1.50] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/info.php"] [unique_id "aSLK0vq-c47Q5mW5E9GKTgAAAYw"]
[Sun Nov 23 16:50:27.357896 2025] [:error] [pid 16066:tid 16080] [client 140.99.1.74:37279] [client 140.99.1.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/log.php"] [unique_id "aSLK0_q-c47Q5mW5E9GKUQAAAYs"]
[Sun Nov 23 16:50:27.661588 2025] [:error] [pid 14602:tid 14645] [client 140.99.1.50:48983] [client 140.99.1.50] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/script-loader-react-refresh-runtime-num.php"] [unique_id "aSLK0x-I77jdD81pU-m5lwAAAVg"]
[Sun Nov 23 16:50:27.891878 2025] [:error] [pid 16066:tid 16084] [client 140.99.1.2:52789] [client 140.99.1.2] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/script-loader-react-refresh-entry.min-object.php"] [unique_id "aSLK0_q-c47Q5mW5E9GKVgAAAY8"]
[Sun Nov 23 16:50:28.099186 2025] [:error] [pid 14602:tid 14623] [client 140.99.1.27:42257] [client 140.99.1.27] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/aw.php"] [unique_id "aSLK1B-I77jdD81pU-m5nAAAAUI"]
[Sun Nov 23 16:50:28.905776 2025] [:error] [pid 44652:tid 44715] [client 140.99.1.5:38749] [client 140.99.1.5] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/db.php"] [unique_id "aSLK1NiQFwsyXQDhwyDOJQAAAQk"]
[Sun Nov 23 16:50:29.115266 2025] [:error] [pid 38738:tid 38751] [client 140.99.1.44:53903] [client 140.99.1.44] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/install.php"] [unique_id "aSLK1Qytc6TL9XavPmMa9QAAAAk"]
[Sun Nov 23 16:50:29.409359 2025] [:error] [pid 38738:tid 38766] [client 140.99.1.32:65151] File does not exist: /usr/local/apache/htdocs/suspended-page/top.php
[Sun Nov 23 16:50:29.609648 2025] [:error] [pid 38738:tid 38763] [client 140.99.1.32:65151] [client 140.99.1.32] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/install.php"] [unique_id "aSLK1Qytc6TL9XavPmMbBAAAABU"]
[Sun Nov 23 16:50:29.885691 2025] [:error] [pid 16066:tid 16090] [client 140.99.1.37:42085] [client 140.99.1.37] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/style-engine/dedi1.php"] [unique_id "aSLK1fq-c47Q5mW5E9GKYwAAAZU"]
[Sun Nov 23 16:50:30.297313 2025] [:error] [pid 14602:tid 14631] [client 140.99.1.13:63925] [client 140.99.1.13] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/template-less.php"] [unique_id "aSLK1h-I77jdD81pU-m5rAAAAUo"]
[Sun Nov 23 16:50:30.523665 2025] [:error] [pid 44652:tid 44711] [client 140.99.1.13:57211] [client 140.99.1.13] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/pomo/alfa-rex.php"] [unique_id "aSLK1tiQFwsyXQDhwyDOMQAAAQU"]
[Sun Nov 23 16:50:31.846039 2025] [:error] [pid 16066:tid 16087] [client 140.99.1.69:25983] [client 140.99.1.69] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/min.php"] [unique_id "aSLK1_q-c47Q5mW5E9GKewAAAZI"]
[Sun Nov 23 16:50:32.070424 2025] [:error] [pid 17534:tid 17546] [client 140.99.1.28:52989] [client 140.99.1.28] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/wp-conflg.php"] [unique_id "aSLK2HPX9nXBrhgM8sxE9gAAAco"]
[Sun Nov 23 16:50:32.481878 2025] [:error] [pid 17534:tid 17539] [client 140.99.1.30:23487] [client 140.99.1.30] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/file.php"] [unique_id "aSLK2HPX9nXBrhgM8sxE-QAAAcM"]
[Sun Nov 23 16:50:33.070766 2025] [:error] [pid 38824:tid 38843] [client 140.99.1.67:52327] [client 140.99.1.67] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/block-patterns/about.php"] [unique_id "aSLK2U8WZjXLvbHTHPfQ0gAAANA"]
[Sun Nov 23 16:50:33.992487 2025] [:error] [pid 17534:tid 17557] [client 140.99.1.71:55457] [client 140.99.1.71] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/load.php"] [unique_id "aSLK2XPX9nXBrhgM8sxFBwAAAdU"]
[Sun Nov 23 16:50:34.273711 2025] [:error] [pid 38824:tid 38850] [client 140.99.1.76:21755] [client 140.99.1.76] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/chosen.php"] [unique_id "aSLK2k8WZjXLvbHTHPfQ4QAAANc"]
[Sun Nov 23 16:50:34.562675 2025] [:error] [pid 16066:tid 16087] [client 140.99.1.44:50961] [client 140.99.1.44] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-wp-theme-float.php"] [unique_id "aSLK2vq-c47Q5mW5E9GKlgAAAZI"]
[Sun Nov 23 16:50:35.264147 2025] [:error] [pid 44652:tid 44711] [client 140.99.1.42:52459] [client 140.99.1.42] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/wp-style.php"] [unique_id "aSLK29iQFwsyXQDhwyDORwAAAQU"]
[Sun Nov 23 16:50:35.490316 2025] [:error] [pid 38824:tid 38827] [client 140.99.1.63:38655] File does not exist: /usr/local/apache/htdocs/suspended-page/setup-config.php
[Sun Nov 23 16:50:35.587760 2025] [:error] [pid 38824:tid 38841] [client 140.99.1.63:38655] [client 140.99.1.63] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/widgets/autoload_classmap.php"] [unique_id "aSLK208WZjXLvbHTHPfQ6QAAAM4"]
[Sun Nov 23 16:50:36.147567 2025] [:error] [pid 38739:tid 38787] [client 140.99.1.5:61101] File does not exist: /usr/local/apache/htdocs/suspended-page/type.php
[Sun Nov 23 16:50:36.268682 2025] [:error] [pid 38739:tid 38786] [client 140.99.1.5:61101] [client 140.99.1.5] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/block-bindings/admin.php"] [unique_id "aSLK3AdvEgJm2n2cDmpHUgAAAFE"]
[Sun Nov 23 16:50:36.578825 2025] [:error] [pid 38740:tid 38801] [client 140.99.1.32:61959] [client 140.99.1.32] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/autoload_classmap.php"] [unique_id "aSLK3A13QPZSi6O8umW3YQAAAIU"]
[Sun Nov 23 16:50:36.904128 2025] [:error] [pid 44652:tid 44710] [client 140.99.1.3:27869] [client 140.99.1.3] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/db.php"] [unique_id "aSLK3NiQFwsyXQDhwyDOUgAAAQQ"]
[Sun Nov 23 16:50:38.629337 2025] [:error] [pid 14602:tid 14635] [client 140.99.1.11:53083] File does not exist: /usr/local/apache/htdocs/suspended-page/goat.php
[Sun Nov 23 16:50:39.583577 2025] [:error] [pid 14602:tid 14636] [client 140.99.1.11:53083] [client 140.99.1.11] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/system.php"] [unique_id "aSLK3x-I77jdD81pU-m53gAAAU8"]
[Sun Nov 23 16:50:39.900106 2025] [:error] [pid 17534:tid 17546] [client 140.99.1.42:22319] [client 140.99.1.42] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/block-bindings/about.php"] [unique_id "aSLK33PX9nXBrhgM8sxFPAAAAco"]
[Sun Nov 23 16:50:40.508949 2025] [:error] [pid 38740:tid 38805] [client 140.99.1.42:50725] [client 140.99.1.42] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/class-wp-customize-upload-control-cookie.php"] [unique_id "aSLK4A13QPZSi6O8umW3ggAAAIk"]
[Sun Nov 23 16:50:40.792363 2025] [:error] [pid 38738:tid 38754] [client 140.99.1.78:52439] [client 140.99.1.78] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/simi.php"] [unique_id "aSLK4Aytc6TL9XavPmMbhgAAAAw"]
[Sun Nov 23 16:50:41.005762 2025] [:error] [pid 14602:tid 14628] [client 140.99.1.2:63531] [client 140.99.1.2] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/class-wp-taxonomy-sample.php"] [unique_id "aSLK4R-I77jdD81pU-m54QAAAUc"]
[Sun Nov 23 23:00:00.641762 2025] [:error] [pid 44652:tid 44723] [client 45.128.199.232:59339] File does not exist: /usr/local/apache/htdocs/suspended-page/simple.php
[Sun Nov 23 23:00:02.295733 2025] [:error] [pid 44652:tid 44728] [client 45.128.199.232:59339] File does not exist: /usr/local/apache/htdocs/suspended-page/inputs.php
[Sun Nov 23 23:00:05.123768 2025] [:error] [pid 44652:tid 44709] [client 45.128.199.232:59339] [client 45.128.199.232] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/index.php"] [unique_id "aSMhddiQFwsyXQDhwyA8FAAAAQM"]
[Sun Nov 23 23:00:09.774445 2025] [:error] [pid 17534:tid 17555] [client 45.8.17.29:63727] File does not exist: /usr/local/apache/htdocs/suspended-page/autoload_classmap.php
[Sun Nov 23 23:00:10.222966 2025] [:error] [pid 17534:tid 17554] [client 45.8.17.29:63727] [client 45.8.17.29] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/bk/index.php"] [unique_id "aSMhenPX9nXBrhgM8sym3QAAAdI"]
[Sun Nov 23 23:00:14.199833 2025] [:error] [pid 8036:tid 8056] [client 45.128.199.189:54669] File does not exist: /usr/local/apache/htdocs/suspended-page/file2.php
[Sun Nov 23 23:00:16.761904 2025] [:error] [pid 8036:tid 8070] [client 45.128.199.189:54669] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Sun Nov 23 23:00:17.862121 2025] [:error] [pid 8036:tid 8053] [client 45.128.199.189:54669] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Sun Nov 23 23:00:19.494407 2025] [:error] [pid 8036:tid 8065] [client 45.128.199.189:54669] File does not exist: /usr/local/apache/htdocs/suspended-page/item.php
[Sun Nov 23 23:00:22.139061 2025] [:error] [pid 8036:tid 8067] [client 45.128.199.189:54669] [client 45.128.199.189] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/chosen.php"] [unique_id "aSMhhtBT69EcgFwgTmqJIQAAAhQ"]
[Sun Nov 23 23:00:24.009872 2025] [:error] [pid 38824:tid 38828] [client 45.128.199.130:28411] File does not exist: /usr/local/apache/htdocs/suspended-page/zwso.php
[Sun Nov 23 23:00:25.763129 2025] [:error] [pid 38824:tid 38851] [client 45.128.199.130:28411] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-conflg.php
[Sun Nov 23 23:00:26.799617 2025] [:error] [pid 38824:tid 38829] [client 45.128.199.130:28411] [client 45.128.199.130] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/chosen.php"] [unique_id "aSMhik8WZjXLvbHTHPcQRgAAAMI"]
[Sun Nov 23 23:00:28.461756 2025] [:error] [pid 17534:tid 17550] [client 45.8.17.24:41533] [client 45.8.17.24] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/chosen.php"] [unique_id "aSMhjHPX9nXBrhgM8sym4AAAAc4"]
[Sun Nov 23 23:00:29.455250 2025] [:error] [pid 38824:tid 38844] [client 45.8.17.102:41405] [client 45.8.17.102] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/pomo/wp-conflg.php"] [unique_id "aSMhjU8WZjXLvbHTHPcQSAAAANE"]
[Sun Nov 23 23:00:34.743302 2025] [:error] [pid 44652:tid 44723] [client 45.8.17.30:63615] [client 45.8.17.30] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/chosen.php"] [unique_id "aSMhktiQFwsyXQDhwyA8JwAAARE"]
[Sun Nov 23 23:00:38.298795 2025] [:error] [pid 38738:tid 38760] [client 45.128.199.200:48191] [client 45.128.199.200] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Requests/Auth/index.php"] [unique_id "aSMhlgytc6TL9XavPmNeuAAAABI"]
[Sun Nov 23 23:00:42.938071 2025] [:error] [pid 8036:tid 8059] [client 45.128.199.250:61895] File does not exist: /usr/local/apache/htdocs/suspended-page/cong.php
[Sun Nov 23 23:00:45.707266 2025] [:error] [pid 8036:tid 8047] [client 45.128.199.250:61895] File does not exist: /usr/local/apache/htdocs/suspended-page/dropdown.php
[Sun Nov 23 23:00:46.118471 2025] [:error] [pid 8036:tid 8055] [client 45.128.199.250:61895] [client 45.128.199.250] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/style-engine/wp-conflg.php"] [unique_id "aSMhntBT69EcgFwgTmqJNgAAAgg"]
[Sun Nov 23 23:00:47.444594 2025] [:error] [pid 38740:tid 38805] [client 45.128.199.121:44411] [client 45.128.199.121] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/wp-conflg.php"] [unique_id "aSMhnw13QPZSi6O8umUEswAAAIk"]
[Sun Nov 23 23:00:48.940977 2025] [:error] [pid 17534:tid 17537] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/repeater.php
[Sun Nov 23 23:00:49.543364 2025] [:error] [pid 17534:tid 17540] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-2019.php
[Sun Nov 23 23:00:50.554304 2025] [:error] [pid 17534:tid 17536] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/atomlib.php
[Sun Nov 23 23:00:51.542443 2025] [:error] [pid 17534:tid 17553] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/css.php
[Sun Nov 23 23:00:52.027617 2025] [:error] [pid 17534:tid 17558] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/log.php
[Sun Nov 23 23:00:52.734100 2025] [:error] [pid 17534:tid 17543] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/mail.php
[Sun Nov 23 23:00:53.836874 2025] [:error] [pid 17534:tid 17545] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/lufix.php
[Sun Nov 23 23:00:55.169905 2025] [:error] [pid 17534:tid 17556] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/doc.php
[Sun Nov 23 23:00:56.055094 2025] [:error] [pid 17534:tid 17559] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/bak.php
[Sun Nov 23 23:00:56.506262 2025] [:error] [pid 17534:tid 17546] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/content.php
[Sun Nov 23 23:00:57.057474 2025] [:error] [pid 17534:tid 17540] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/upfile.php
[Sun Nov 23 23:00:58.644556 2025] [:error] [pid 17534:tid 17553] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/wp.php
[Sun Nov 23 23:01:00.572759 2025] [:error] [pid 17534:tid 17560] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/bypass.php
[Sun Nov 23 23:01:01.161994 2025] [:error] [pid 17534:tid 17545] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-activate.php
[Sun Nov 23 23:01:02.191729 2025] [:error] [pid 17534:tid 17555] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/updates.php
[Sun Nov 23 23:01:02.765545 2025] [:error] [pid 17534:tid 17554] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/radio.php
[Sun Nov 23 23:01:03.221710 2025] [:error] [pid 17534:tid 17556] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/plugins.php
[Sun Nov 23 23:01:03.814417 2025] [:error] [pid 17534:tid 17538] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/xmrlpc.php
[Sun Nov 23 23:01:04.578950 2025] [:error] [pid 17534:tid 17551] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/ae.php
[Sun Nov 23 23:01:05.822245 2025] [:error] [pid 17534:tid 17544] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/moon.php
[Sun Nov 23 23:01:08.523910 2025] [:error] [pid 17534:tid 17542] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/blog.php
[Sun Nov 23 23:01:09.350146 2025] [:error] [pid 17534:tid 17550] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/themes.php
[Sun Nov 23 23:01:10.006586 2025] [:error] [pid 17534:tid 17559] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/ini.php
[Sun Nov 23 23:01:10.655425 2025] [:error] [pid 17534:tid 17557] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/as.php
[Sun Nov 23 23:01:11.365287 2025] [:error] [pid 17534:tid 17546] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/shell.php
[Sun Nov 23 23:01:11.936875 2025] [:error] [pid 17534:tid 17552] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/ws.php
[Sun Nov 23 23:01:12.363278 2025] [:error] [pid 17534:tid 17539] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/makeasmtp.php
[Sun Nov 23 23:01:13.352226 2025] [:error] [pid 17534:tid 17549] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-sigunq.php
[Sun Nov 23 23:01:14.842843 2025] [:error] [pid 17534:tid 17537] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/wso112233.php
[Sun Nov 23 23:01:15.281656 2025] [:error] [pid 17534:tid 17540] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-atom.php
[Sun Nov 23 23:01:17.002119 2025] [:error] [pid 17534:tid 17548] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/alfanew.php
[Sun Nov 23 23:01:17.791998 2025] [:error] [pid 17534:tid 17536] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/fw.php
[Sun Nov 23 23:01:18.327159 2025] [:error] [pid 17534:tid 17553] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/install.php
[Sun Nov 23 23:01:18.849786 2025] [:error] [pid 17534:tid 17541] [client 45.128.199.127:58703] [client 45.128.199.127] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 45.128.199.127, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aSMhvnPX9nXBrhgM8synEgAAAcU"]
[Sun Nov 23 23:01:18.853259 2025] [:error] [pid 17534:tid 17541] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php
[Sun Nov 23 23:01:21.148376 2025] [:error] [pid 17534:tid 17547] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/XxX.php
[Sun Nov 23 23:01:22.700381 2025] [:error] [pid 17534:tid 17543] [client 45.128.199.127:58703] File does not exist: /usr/local/apache/htdocs/suspended-page/Marvins.php
[Sun Nov 23 23:01:24.231058 2025] [:error] [pid 17534:tid 17560] [client 45.128.199.127:58703] [client 45.128.199.127] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/modules.php"] [unique_id "aSMhxHPX9nXBrhgM8synFgAAAdg"]
[Sun Nov 23 23:01:25.431597 2025] [:error] [pid 38738:tid 38754] [client 45.128.199.215:38959] File does not exist: /usr/local/apache/htdocs/suspended-page/olux.php
[Sun Nov 23 23:01:25.988348 2025] [:error] [pid 38738:tid 38766] [client 45.128.199.215:38959] File does not exist: /usr/local/apache/htdocs/suspended-page/wso.php
[Sun Nov 23 23:01:27.310517 2025] [:error] [pid 38738:tid 38749] [client 45.128.199.215:38959] File does not exist: /usr/local/apache/htdocs/suspended-page/uploader.php
[Sun Nov 23 23:01:27.813903 2025] [:error] [pid 38738:tid 38751] [client 45.128.199.215:38959] File does not exist: /usr/local/apache/htdocs/suspended-page/1337.php
[Sun Nov 23 23:01:29.452595 2025] [:error] [pid 38738:tid 38742] [client 45.128.199.215:38959] File does not exist: /usr/local/apache/htdocs/suspended-page/user.php
[Sun Nov 23 23:01:30.105618 2025] [:error] [pid 38738:tid 38747] [client 45.128.199.215:38959] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-info.php
[Sun Nov 23 23:01:31.379616 2025] [:error] [pid 38738:tid 38743] [client 45.128.199.215:38959] File does not exist: /usr/local/apache/htdocs/suspended-page/wxo.php
[Sun Nov 23 23:01:34.757698 2025] [:error] [pid 38738:tid 38754] [client 45.128.199.215:38959] File does not exist: /usr/local/apache/htdocs/suspended-page/amigo.php
[Sun Nov 23 23:01:35.453820 2025] [:error] [pid 38738:tid 38746] [client 45.128.199.215:38959] File does not exist: /usr/local/apache/htdocs/suspended-page/yoi.php
[Sun Nov 23 23:01:36.836671 2025] [:error] [pid 38738:tid 38757] [client 45.128.199.215:38959] [client 45.128.199.215] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/codeboy1877_up.php"] [unique_id "aSMh0Aytc6TL9XavPmNe3gAAAA8"]
[Sun Nov 23 23:01:40.382206 2025] [:error] [pid 8036:tid 8053] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-contentt.php
[Sun Nov 23 23:01:41.195128 2025] [:error] [pid 8036:tid 8065] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/we1y8.php
[Sun Nov 23 23:01:45.413358 2025] [:error] [pid 8036:tid 8056] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/hehe.php
[Sun Nov 23 23:01:46.140454 2025] [:error] [pid 8036:tid 8067] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/post-data.php
[Sun Nov 23 23:01:46.645792 2025] [:error] [pid 8036:tid 8063] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/w0.php
[Sun Nov 23 23:01:47.241800 2025] [:error] [pid 8036:tid 8050] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/old-index.php
[Sun Nov 23 23:01:48.708968 2025] [:error] [pid 8036:tid 8051] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/wsanon.php
[Sun Nov 23 23:01:51.065061 2025] [:error] [pid 8036:tid 8052] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/indo.php
[Sun Nov 23 23:01:51.731243 2025] [:error] [pid 8036:tid 8068] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/beence.php
[Sun Nov 23 23:01:52.585687 2025] [:error] [pid 8036:tid 8054] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/indosec.php
[Sun Nov 23 23:01:53.300877 2025] [:error] [pid 8036:tid 8055] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/archives.php
[Sun Nov 23 23:01:53.734782 2025] [:error] [pid 8036:tid 8058] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/po8sa.php
[Sun Nov 23 23:01:55.454514 2025] [:error] [pid 8036:tid 8070] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/thesmartestx.php
[Sun Nov 23 23:01:55.997496 2025] [:error] [pid 8036:tid 8066] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/zcanp.php
[Sun Nov 23 23:01:59.243729 2025] [:error] [pid 8036:tid 8067] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/pvt.php
[Sun Nov 23 23:01:59.923166 2025] [:error] [pid 8036:tid 8050] [client 45.8.17.31:21045] File does not exist: /usr/local/apache/htdocs/suspended-page/shell20211028.php
[Sun Nov 23 23:02:16.531800 2025] [autoindex:error] [pid 14602:tid 14630] [client 45.128.199.200:53453] AH01276: Cannot serve directory /usr/local/apache/autossl_tmp/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive
[Sun Nov 23 23:03:29.922095 2025] [:error] [pid 14602:tid 14645] [client 45.128.199.200:53453] [client 45.128.199.200] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "185.194.178.58_f65329b47eba4d28144d64ccd1d2596c6a3ef5a3"): Internal error (specific information not available) [hostname "randolphaircraft.com.au"] [uri "/index.html"] [unique_id "aSMiPx-I77jdD81pU-n81gAAAVg"]
[Mon Nov 24 00:57:10.831877 2025] [:error] [pid 1453:tid 1491] [client 176.65.132.18:59768] [client 176.65.132.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSM85hUBCt7LU0bO_GBGyAAAAIc"]
[Mon Nov 24 02:09:12.689962 2025] [:error] [pid 1589:tid 1614] [client 43.153.47.201:37054] [client 43.153.47.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aSNNyII2fvripjU0EauL6QAAAVc"]
[Mon Nov 24 02:42:44.968912 2025] [:error] [pid 1454:tid 1519] [client 193.37.33.83:40557] [client 193.37.33.83] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 193.37.33.83, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aSNVpLeh4NH3skJ5n4SKdAAAAMc"]
[Mon Nov 24 02:42:44.973067 2025] [:error] [pid 1454:tid 1519] [client 193.37.33.83:40557] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php
[Mon Nov 24 04:32:50.708784 2025] [:error] [pid 12912:tid 12977] [client 167.71.203.246:50839] File does not exist: /usr/local/apache/htdocs/suspended-page/style.php
[Mon Nov 24 05:40:19.303990 2025] [:error] [pid 53508:tid 53523] [client 176.65.132.18:57540] [client 176.65.132.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSN_Q2639qxbKCcL09y5lgAAAQ0"]
[Mon Nov 24 08:21:28.643713 2025] [:error] [pid 49900:tid 49915] [client 103.65.237.124:50462] [client 103.65.237.124] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/sftp-config.json"] [unique_id "aSOlCDCyPLrvg06aorlmRgAAAA0"]
[Mon Nov 24 08:21:28.873754 2025] [:error] [pid 48688:tid 48698] [client 103.65.237.124:62702] [client 103.65.237.124] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.vscode/sftp.json"] [unique_id "aSOlCBm2q1FkzLam7A0VqAAAAkY"]
[Mon Nov 24 09:41:58.005467 2025] [:error] [pid 48601:tid 48677] [client 129.226.174.80:56308] [client 129.226.174.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aSO35oMM4MaVTk74-AZTbQAAAhQ"]
[Mon Nov 24 16:13:41.431677 2025] [:error] [pid 48688:tid 48706] [client 216.24.219.226:21189] File does not exist: /usr/local/apache/htdocs/suspended-page/simple.php
[Mon Nov 24 16:13:43.574617 2025] [:error] [pid 48688:tid 48697] [client 216.24.219.226:21189] File does not exist: /usr/local/apache/htdocs/suspended-page/inputs.php
[Mon Nov 24 16:13:45.395829 2025] [:error] [pid 48688:tid 48700] [client 216.24.219.226:21189] [client 216.24.219.226] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/index.php"] [unique_id "aSQTuRm2q1FkzLam7A2QRgAAAkg"]
[Mon Nov 24 16:13:46.922816 2025] [:error] [pid 48599:tid 48615] [client 216.24.219.215:38383] File does not exist: /usr/local/apache/htdocs/suspended-page/autoload_classmap.php
[Mon Nov 24 16:13:47.887685 2025] [:error] [pid 48599:tid 48607] [client 216.24.219.215:38383] [client 216.24.219.215] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/bk/index.php"] [unique_id "aSQTu5zvu6PDJiRKE3IXKQAAAYQ"]
[Mon Nov 24 16:13:53.168220 2025] [:error] [pid 9630:tid 9641] [client 216.24.219.229:41817] File does not exist: /usr/local/apache/htdocs/suspended-page/file2.php
[Mon Nov 24 16:13:54.296439 2025] [:error] [pid 9630:tid 9643] [client 216.24.219.229:41817] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Mon Nov 24 16:13:54.760911 2025] [:error] [pid 9630:tid 9640] [client 216.24.219.229:41817] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Mon Nov 24 16:13:58.589443 2025] [:error] [pid 9630:tid 9649] [client 216.24.219.229:41817] File does not exist: /usr/local/apache/htdocs/suspended-page/item.php
[Mon Nov 24 16:13:59.722754 2025] [:error] [pid 9630:tid 9650] [client 216.24.219.229:41817] [client 216.24.219.229] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/chosen.php"] [unique_id "aSQTxyrSgUgPGkizt2rf1wAAAFI"]
[Mon Nov 24 16:14:03.865699 2025] [:error] [pid 16549:tid 16566] [client 216.24.219.238:29889] File does not exist: /usr/local/apache/htdocs/suspended-page/zwso.php
[Mon Nov 24 16:14:06.766925 2025] [:error] [pid 16549:tid 16576] [client 216.24.219.238:29889] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-conflg.php
[Mon Nov 24 16:14:07.901733 2025] [:error] [pid 16549:tid 16562] [client 216.24.219.238:29889] [client 216.24.219.238] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/chosen.php"] [unique_id "aSQTz6eWW19A99PUw_cvkwAAAUo"]
[Mon Nov 24 16:14:09.241905 2025] [:error] [pid 9630:tid 9652] [client 216.24.219.219:43429] [client 216.24.219.219] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/chosen.php"] [unique_id "aSQT0SrSgUgPGkizt2rf2QAAAFQ"]
[Mon Nov 24 16:14:14.124929 2025] [:error] [pid 16441:tid 16454] [client 216.24.219.221:22901] [client 216.24.219.221] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/pomo/wp-conflg.php"] [unique_id "aSQT1oq_bc5MOa9HflkclAAAAIo"]
[Mon Nov 24 16:14:20.620271 2025] [:error] [pid 16516:tid 16525] [client 216.24.219.214:39227] [client 216.24.219.214] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/chosen.php"] [unique_id "aSQT3PqZbniwaNwL8XnaqQAAAQY"]
[Mon Nov 24 16:14:22.606392 2025] [:error] [pid 16549:tid 16575] [client 104.234.19.109:62397] [client 104.234.19.109] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/Auth/index.php"] [unique_id "aSQT3qeWW19A99PUw_cvqAAAAVY"]
[Mon Nov 24 16:14:25.125632 2025] [:error] [pid 49900:tid 49908] [client 216.24.219.209:62995] File does not exist: /usr/local/apache/htdocs/suspended-page/cong.php
[Mon Nov 24 16:14:27.230183 2025] [:error] [pid 49900:tid 49920] [client 216.24.219.209:62995] File does not exist: /usr/local/apache/htdocs/suspended-page/dropdown.php
[Mon Nov 24 16:14:29.565761 2025] [:error] [pid 49900:tid 49925] [client 216.24.219.209:62995] [client 216.24.219.209] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/wp-conflg.php"] [unique_id "aSQT5TCyPLrvg06aorn-cAAAABc"]
[Mon Nov 24 16:14:31.867991 2025] [:error] [pid 9630:tid 9652] [client 104.234.19.113:59241] [client 104.234.19.113] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/wp-conflg.php"] [unique_id "aSQT5yrSgUgPGkizt2rf9wAAAFQ"]
[Mon Nov 24 16:14:33.789153 2025] [:error] [pid 48688:tid 48705] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/repeater.php
[Mon Nov 24 16:14:34.307272 2025] [:error] [pid 48688:tid 48713] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-2019.php
[Mon Nov 24 16:14:35.009565 2025] [:error] [pid 48688:tid 48692] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/atomlib.php
[Mon Nov 24 16:14:36.618994 2025] [:error] [pid 48688:tid 48697] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/css.php
[Mon Nov 24 16:14:38.113475 2025] [:error] [pid 48688:tid 48704] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/log.php
[Mon Nov 24 16:14:39.031847 2025] [:error] [pid 48688:tid 48707] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/mail.php
[Mon Nov 24 16:14:39.654468 2025] [:error] [pid 48688:tid 48696] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/lufix.php
[Mon Nov 24 16:14:40.408031 2025] [:error] [pid 48688:tid 48693] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/doc.php
[Mon Nov 24 16:14:41.241907 2025] [:error] [pid 48688:tid 48700] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/bak.php
[Mon Nov 24 16:14:42.803830 2025] [:error] [pid 48688:tid 48706] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/content.php
[Mon Nov 24 16:14:43.778887 2025] [:error] [pid 48688:tid 48711] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/upfile.php
[Mon Nov 24 16:14:44.718565 2025] [:error] [pid 48688:tid 48699] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/wp.php
[Mon Nov 24 16:14:45.419976 2025] [:error] [pid 48688:tid 48709] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/bypass.php
[Mon Nov 24 16:14:46.288725 2025] [:error] [pid 48688:tid 48703] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-activate.php
[Mon Nov 24 16:14:47.620798 2025] [:error] [pid 48688:tid 48694] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/updates.php
[Mon Nov 24 16:14:48.218437 2025] [:error] [pid 48688:tid 48715] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/radio.php
[Mon Nov 24 16:14:48.699871 2025] [:error] [pid 48688:tid 48701] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/plugins.php
[Mon Nov 24 16:14:50.598213 2025] [:error] [pid 48688:tid 48705] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/xmrlpc.php
[Mon Nov 24 16:14:51.226709 2025] [:error] [pid 48688:tid 48713] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/ae.php
[Mon Nov 24 16:14:52.015886 2025] [:error] [pid 48688:tid 48692] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/moon.php
[Mon Nov 24 16:14:53.962208 2025] [:error] [pid 48688:tid 48704] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/blog.php
[Mon Nov 24 16:14:54.742006 2025] [:error] [pid 48688:tid 48693] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/themes.php
[Mon Nov 24 16:14:55.316267 2025] [:error] [pid 48688:tid 48700] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/ini.php
[Mon Nov 24 16:14:56.125782 2025] [:error] [pid 48688:tid 48706] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/as.php
[Mon Nov 24 16:14:56.686032 2025] [:error] [pid 48688:tid 48711] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/shell.php
[Mon Nov 24 16:14:57.419763 2025] [:error] [pid 48688:tid 48709] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/ws.php
[Mon Nov 24 16:14:57.874059 2025] [:error] [pid 48688:tid 48714] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/makeasmtp.php
[Mon Nov 24 16:14:58.415051 2025] [:error] [pid 48688:tid 48716] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-sigunq.php
[Mon Nov 24 16:14:58.888374 2025] [:error] [pid 48688:tid 48715] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/wso112233.php
[Mon Nov 24 16:15:00.096774 2025] [:error] [pid 48688:tid 48702] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-atom.php
[Mon Nov 24 16:15:02.516381 2025] [:error] [pid 48688:tid 48695] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/alfanew.php
[Mon Nov 24 16:15:04.374779 2025] [:error] [pid 48688:tid 48705] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/fw.php
[Mon Nov 24 16:15:06.178181 2025] [:error] [pid 48688:tid 48713] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/install.php
[Mon Nov 24 16:15:06.708531 2025] [:error] [pid 48688:tid 48692] [client 216.24.219.194:56055] [client 216.24.219.194] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 216.24.219.194, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aSQUChm2q1FkzLam7A2QmwAAAkA"]
[Mon Nov 24 16:15:06.715283 2025] [:error] [pid 48688:tid 48692] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php
[Mon Nov 24 16:15:07.877339 2025] [:error] [pid 48688:tid 48704] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/XxX.php
[Mon Nov 24 16:15:08.328288 2025] [:error] [pid 48688:tid 48707] [client 216.24.219.194:56055] File does not exist: /usr/local/apache/htdocs/suspended-page/Marvins.php
[Mon Nov 24 16:15:08.844778 2025] [:error] [pid 48688:tid 48696] [client 216.24.219.194:56055] [client 216.24.219.194] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/modules.php"] [unique_id "aSQUDBm2q1FkzLam7A2QoAAAAkQ"]
[Mon Nov 24 16:15:15.124505 2025] [:error] [pid 49900:tid 49914] [client 216.24.219.208:26575] File does not exist: /usr/local/apache/htdocs/suspended-page/olux.php
[Mon Nov 24 16:15:15.618908 2025] [:error] [pid 49900:tid 49910] [client 216.24.219.208:26575] File does not exist: /usr/local/apache/htdocs/suspended-page/wso.php
[Mon Nov 24 16:15:16.689264 2025] [:error] [pid 49900:tid 49925] [client 216.24.219.208:26575] File does not exist: /usr/local/apache/htdocs/suspended-page/uploader.php
[Mon Nov 24 16:15:18.894563 2025] [:error] [pid 49900:tid 49917] [client 216.24.219.208:26575] File does not exist: /usr/local/apache/htdocs/suspended-page/1337.php
[Mon Nov 24 16:15:19.701286 2025] [:error] [pid 49900:tid 49916] [client 216.24.219.208:26575] File does not exist: /usr/local/apache/htdocs/suspended-page/user.php
[Mon Nov 24 16:15:20.353782 2025] [:error] [pid 49900:tid 49920] [client 216.24.219.208:26575] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-info.php
[Mon Nov 24 16:15:20.999594 2025] [:error] [pid 49900:tid 49913] [client 216.24.219.208:26575] File does not exist: /usr/local/apache/htdocs/suspended-page/wxo.php
[Mon Nov 24 16:15:21.644101 2025] [:error] [pid 49900:tid 49921] [client 216.24.219.208:26575] File does not exist: /usr/local/apache/htdocs/suspended-page/amigo.php
[Mon Nov 24 16:15:22.258998 2025] [:error] [pid 49900:tid 49907] [client 216.24.219.208:26575] File does not exist: /usr/local/apache/htdocs/suspended-page/yoi.php
[Mon Nov 24 16:15:23.425347 2025] [:error] [pid 49900:tid 49908] [client 216.24.219.208:26575] [client 216.24.219.208] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/codeboy1877_up.php"] [unique_id "aSQUGzCyPLrvg06aorn-qwAAAAY"]
[Mon Nov 24 16:15:25.522126 2025] [:error] [pid 48601:tid 48657] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-contentt.php
[Mon Nov 24 16:15:26.288860 2025] [:error] [pid 48601:tid 48673] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/we1y8.php
[Mon Nov 24 16:15:30.535157 2025] [:error] [pid 48601:tid 48666] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/hehe.php
[Mon Nov 24 16:15:31.138964 2025] [:error] [pid 48601:tid 48681] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/post-data.php
[Mon Nov 24 16:15:32.944839 2025] [:error] [pid 48601:tid 48662] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/w0.php
[Mon Nov 24 16:15:34.498477 2025] [:error] [pid 48601:tid 48662] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/old-index.php
[Mon Nov 24 16:15:37.154309 2025] [:error] [pid 48601:tid 48666] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/wsanon.php
[Mon Nov 24 16:15:39.898777 2025] [:error] [pid 48601:tid 48663] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/indo.php
[Mon Nov 24 16:15:41.987860 2025] [:error] [pid 48601:tid 48660] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/beence.php
[Mon Nov 24 16:15:42.516452 2025] [:error] [pid 48601:tid 48677] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/indosec.php
[Mon Nov 24 16:15:43.848096 2025] [:error] [pid 48601:tid 48659] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/archives.php
[Mon Nov 24 16:15:44.427692 2025] [:error] [pid 48601:tid 48673] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/po8sa.php
[Mon Nov 24 16:15:45.046040 2025] [:error] [pid 48601:tid 48678] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/thesmartestx.php
[Mon Nov 24 16:15:45.686050 2025] [:error] [pid 48601:tid 48658] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/zcanp.php
[Mon Nov 24 16:15:50.197502 2025] [:error] [pid 48601:tid 48681] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/pvt.php
[Mon Nov 24 16:15:50.986846 2025] [:error] [pid 48601:tid 48675] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/shell20211028.php
[Mon Nov 24 16:15:52.270220 2025] [:error] [pid 48601:tid 48663] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/crypted.php
[Mon Nov 24 16:15:54.079381 2025] [:error] [pid 48601:tid 48668] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/h0110w4y.php
[Mon Nov 24 16:15:54.703720 2025] [:error] [pid 48601:tid 48677] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/vesiw.php
[Mon Nov 24 16:15:55.209441 2025] [:error] [pid 48601:tid 48662] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/w.php
[Mon Nov 24 16:15:55.752039 2025] [:error] [pid 48601:tid 48665] [client 216.24.219.224:48799] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-db.php
[Mon Nov 24 16:15:57.520142 2025] [:error] [pid 48601:tid 48658] [client 216.24.219.224:48799] [client 216.24.219.224] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/lx.php"] [unique_id "aSQUPYMM4MaVTk74-AamfAAAAgE"]
[Mon Nov 24 16:16:02.040117 2025] [:error] [pid 48600:tid 48638] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/lx.php
[Mon Nov 24 16:16:03.681634 2025] [:error] [pid 48600:tid 48634] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/tonant.php
[Mon Nov 24 16:16:04.605253 2025] [:error] [pid 48600:tid 48639] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/f0x.php
[Mon Nov 24 16:16:05.124888 2025] [:error] [pid 48600:tid 48650] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/config.bak.php
[Mon Nov 24 16:16:06.851074 2025] [:error] [pid 48600:tid 48635] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/bypass403.php
[Mon Nov 24 16:16:07.733704 2025] [:error] [pid 48600:tid 48646] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/adminer.php
[Mon Nov 24 16:16:09.773937 2025] [:error] [pid 48600:tid 48654] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/allahnaber.php
[Mon Nov 24 16:16:10.895738 2025] [:error] [pid 48600:tid 48633] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/AK-74.php
[Mon Nov 24 16:16:12.944718 2025] [:error] [pid 48600:tid 48637] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/alfa3.php
[Mon Nov 24 16:16:15.131810 2025] [:error] [pid 48600:tid 48647] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/alfaindex.php
[Mon Nov 24 16:16:15.631694 2025] [:error] [pid 48600:tid 48644] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/alfa.php
[Mon Nov 24 16:16:19.296998 2025] [:error] [pid 48600:tid 48652] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/c99.php
[Mon Nov 24 16:16:21.173331 2025] [:error] [pid 48600:tid 48642] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/cmd.php
[Mon Nov 24 16:16:21.730703 2025] [:error] [pid 48600:tid 48640] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/cw.php
[Mon Nov 24 16:16:22.724909 2025] [:error] [pid 48600:tid 48639] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/date.php
[Mon Nov 24 16:16:23.760576 2025] [:error] [pid 48600:tid 48653] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/haxor.php
[Mon Nov 24 16:16:24.422271 2025] [:error] [pid 48600:tid 48630] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/icomsium.php
[Mon Nov 24 16:16:25.036270 2025] [:error] [pid 48600:tid 48647] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/ico.php
[Mon Nov 24 16:16:25.497810 2025] [:error] [pid 48600:tid 48644] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/leaf.php
[Mon Nov 24 16:16:26.031736 2025] [:error] [pid 48600:tid 48635] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/marijuana.php
[Mon Nov 24 16:16:26.629642 2025] [:error] [pid 48600:tid 48652] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/mass.php
[Mon Nov 24 16:16:27.194046 2025] [:error] [pid 48600:tid 48651] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/mini.php
[Mon Nov 24 16:16:29.380715 2025] [:error] [pid 48600:tid 48649] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/priv8.php
[Mon Nov 24 16:16:30.051182 2025] [:error] [pid 48600:tid 48645] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/pws.php
[Mon Nov 24 16:16:31.728951 2025] [:error] [pid 48600:tid 48632] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/r57.php
[Mon Nov 24 16:16:32.506385 2025] [:error] [pid 48600:tid 48631] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/robots.php
[Mon Nov 24 16:16:33.115329 2025] [:error] [pid 48600:tid 48643] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/snd.php
[Mon Nov 24 16:16:34.922720 2025] [:error] [pid 48600:tid 48637] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-class.php
[Mon Nov 24 16:16:36.073106 2025] [:error] [pid 48600:tid 48638] [client 216.24.219.242:20531] File does not exist: /usr/local/apache/htdocs/suspended-page/new-index.php
[Mon Nov 24 16:16:56.311944 2025] [:error] [pid 48600:tid 48638] [client 216.24.219.242:20531] [client 216.24.219.242] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/F0x.php"] [unique_id "aSQUePtOzSUAQvWVjBdxGgAAAcg"]
[Mon Nov 24 16:16:58.366273 2025] [:error] [pid 48601:tid 48675] [client 216.24.219.237:56177] File does not exist: /usr/local/apache/htdocs/suspended-page/class-wp-widget-archives.php
[Mon Nov 24 16:17:07.944642 2025] [:error] [pid 48601:tid 48657] [client 216.24.219.237:56177] File does not exist: /usr/local/apache/htdocs/suspended-page/xleet-shell.php
[Mon Nov 24 16:17:08.869751 2025] [:error] [pid 48601:tid 48672] [client 216.24.219.237:56177] File does not exist: /usr/local/apache/htdocs/suspended-page/xleet.php
[Mon Nov 24 16:17:09.913033 2025] [:error] [pid 48601:tid 48671] [client 216.24.219.237:56177] File does not exist: /usr/local/apache/htdocs/suspended-page/xleetshell.php
[Mon Nov 24 16:17:15.855088 2025] [:error] [pid 48601:tid 48658] [client 216.24.219.237:56177] File does not exist: /usr/local/apache/htdocs/suspended-page/xlt.php
[Mon Nov 24 16:17:29.867335 2025] [:error] [pid 16516:tid 16539] [client 216.24.219.230:44073] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-apxupx.php
[Mon Nov 24 16:17:30.612689 2025] [:error] [pid 16516:tid 16538] [client 216.24.219.230:44073] File does not exist: /usr/local/apache/htdocs/suspended-page/nf_tracking.php
[Mon Nov 24 16:17:31.249073 2025] [:error] [pid 16516:tid 16530] [client 216.24.219.230:44073] File does not exist: /usr/local/apache/htdocs/suspended-page/class.api.php
[Mon Nov 24 16:17:32.039907 2025] [:error] [pid 16516:tid 16540] [client 216.24.219.230:44073] File does not exist: /usr/local/apache/htdocs/suspended-page/xl2023.php
[Mon Nov 24 16:17:32.703335 2025] [:error] [pid 16516:tid 16521] [client 216.24.219.230:44073] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-head.php
[Mon Nov 24 16:17:33.858091 2025] [:error] [pid 16516:tid 16532] [client 216.24.219.230:44073] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-pano.php
[Mon Nov 24 16:17:36.382702 2025] [:error] [pid 16516:tid 16534] [client 216.24.219.230:44073] [client 216.24.219.230] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/index.php"] [unique_id "aSQUoPqZbniwaNwL8XnbiwAAAQ8"]
[Mon Nov 24 16:17:38.083784 2025] [:error] [pid 9630:tid 9651] [client 216.24.219.215:47237] [client 216.24.219.215] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 216.24.219.215, incrementing ddos counter"] [hostname "www.randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aSQUoirSgUgPGkizt2rgxQAAAFM"]
[Mon Nov 24 16:17:38.086537 2025] [:error] [pid 9630:tid 9651] [client 216.24.219.215:47237] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Mon Nov 24 16:17:39.135354 2025] [:error] [pid 9630:tid 9635] [client 216.24.219.215:47237] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-admin.php
[Mon Nov 24 16:17:42.222684 2025] [:error] [pid 9630:tid 9638] [client 216.24.219.215:47237] [client 216.24.219.215] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-content/plugins/pwnd/pwnd.php"] [unique_id "aSQUpirSgUgPGkizt2rgzQAAAEY"]
[Mon Nov 24 16:17:44.763298 2025] [:error] [pid 48688:tid 48702] [client 216.24.219.229:64039] File does not exist: /usr/local/apache/htdocs/suspended-page/WSOEnigma.php
[Mon Nov 24 16:17:49.568878 2025] [:error] [pid 48688:tid 48697] [client 216.24.219.229:64039] File does not exist: /usr/local/apache/htdocs/suspended-page/mah.php
[Mon Nov 24 16:17:51.800122 2025] [:error] [pid 48688:tid 48695] [client 216.24.219.229:64039] File does not exist: /usr/local/apache/htdocs/suspended-page/test.php
[Mon Nov 24 16:17:52.381829 2025] [:error] [pid 48688:tid 48704] [client 216.24.219.229:64039] [client 216.24.219.229] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/about.php"] [unique_id "aSQUsBm2q1FkzLam7A2RFgAAAkw"]
[Mon Nov 24 16:17:53.761723 2025] [:error] [pid 16549:tid 16565] [client 104.234.19.117:50563] File does not exist: /usr/local/apache/htdocs/suspended-page/gebase.php
[Mon Nov 24 16:17:54.239779 2025] [:error] [pid 16549:tid 16560] [client 104.234.19.117:50563] File does not exist: /usr/local/apache/htdocs/suspended-page/defaults.php
[Mon Nov 24 16:17:55.208506 2025] [:error] [pid 16549:tid 16572] [client 104.234.19.117:50563] File does not exist: /usr/local/apache/htdocs/suspended-page/asasx.php
[Mon Nov 24 16:17:58.710318 2025] [:error] [pid 16549:tid 16555] [client 104.234.19.117:50563] File does not exist: /usr/local/apache/htdocs/suspended-page/contact.php
[Mon Nov 24 16:17:59.451843 2025] [:error] [pid 16549:tid 16567] [client 104.234.19.117:50563] File does not exist: /usr/local/apache/htdocs/suspended-page/classwithtostring.php
[Mon Nov 24 16:18:00.062318 2025] [:error] [pid 16549:tid 16557] [client 104.234.19.117:50563] File does not exist: /usr/local/apache/htdocs/suspended-page/mah.php
[Mon Nov 24 16:18:02.550398 2025] [:error] [pid 16549:tid 16568] [client 104.234.19.117:50563] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-add.php
[Mon Nov 24 16:18:07.575267 2025] [:error] [pid 16549:tid 16564] [client 104.234.19.117:50563] File does not exist: /usr/local/apache/htdocs/suspended-page/403.php
[Mon Nov 24 16:18:13.186746 2025] [:error] [pid 16549:tid 16565] [client 104.234.19.117:50563] [client 104.234.19.117] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/index.php"] [unique_id "aSQUxaeWW19A99PUw_cwRwAAAU0"]
[Mon Nov 24 16:18:14.319206 2025] [:error] [pid 9630:tid 9642] [client 216.24.219.202:38027] [client 216.24.219.202] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/fonts/index.php"] [unique_id "aSQUxirSgUgPGkizt2rg7QAAAEo"]
[Mon Nov 24 16:18:18.660952 2025] [:error] [pid 16593:tid 16605] [client 216.24.219.210:37063] [client 216.24.219.210] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/about.php"] [unique_id "aSQUyhVGznHBJI2LKpQz4gAAAoo"]
[Mon Nov 24 16:18:19.796766 2025] [:error] [pid 48599:tid 48623] [client 216.24.219.214:60045] [client 216.24.219.214] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/about.php"] [unique_id "aSQUy5zvu6PDJiRKE3IYCAAAAZQ"]
[Mon Nov 24 16:18:21.204127 2025] [:error] [pid 48601:tid 48667] [client 216.24.219.225:62757] File does not exist: /usr/local/apache/htdocs/suspended-page/text.php
[Mon Nov 24 16:18:21.743375 2025] [:error] [pid 48601:tid 48664] [client 216.24.219.225:62757] File does not exist: /usr/local/apache/htdocs/suspended-page/xc.php
[Mon Nov 24 16:18:26.027625 2025] [:error] [pid 48601:tid 48675] [client 216.24.219.225:62757] [client 216.24.219.225] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 216.24.219.225, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/images/wp-login.php"] [unique_id "aSQU0oMM4MaVTk74-AanBwAAAhI"]
[Mon Nov 24 16:18:32.641230 2025] [:error] [pid 48601:tid 48670] [client 216.24.219.225:62757] File does not exist: /usr/local/apache/htdocs/suspended-page/go.php
[Mon Nov 24 16:18:33.943121 2025] [:error] [pid 48601:tid 48666] [client 216.24.219.225:62757] File does not exist: /usr/local/apache/htdocs/suspended-page/byp.php
[Mon Nov 24 16:18:40.666714 2025] [:error] [pid 48601:tid 48671] [client 216.24.219.225:62757] [client 216.24.219.225] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/blocks/about.php"] [unique_id "aSQU4IMM4MaVTk74-AanGgAAAg4"]
[Mon Nov 24 16:18:43.240122 2025] [:error] [pid 16593:tid 16618] [client 136.144.19.10:35399] File does not exist: /usr/local/apache/htdocs/suspended-page/click.php
[Mon Nov 24 16:18:45.875963 2025] [:error] [pid 16593:tid 16598] [client 136.144.19.10:35399] [client 136.144.19.10] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 136.144.19.10, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/css/wp-login.php"] [unique_id "aSQU5RVGznHBJI2LKpQz9wAAAoM"]
[Mon Nov 24 16:18:47.270385 2025] [:error] [pid 16593:tid 16598] [client 136.144.19.10:35399] File does not exist: /usr/local/apache/htdocs/suspended-page/baxa1.php
[Mon Nov 24 16:18:48.913697 2025] [:error] [pid 16593:tid 16614] [client 136.144.19.10:35399] File does not exist: /usr/local/apache/htdocs/suspended-page/in.php
[Mon Nov 24 16:18:49.919614 2025] [:error] [pid 16593:tid 16616] [client 136.144.19.10:35399] File does not exist: /usr/local/apache/htdocs/suspended-page/geju.php
[Mon Nov 24 16:18:52.634306 2025] [:error] [pid 16593:tid 16603] [client 136.144.19.10:35399] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-signup.php
[Mon Nov 24 16:18:53.346976 2025] [:error] [pid 16593:tid 16609] [client 136.144.19.10:35399] File does not exist: /usr/local/apache/htdocs/suspended-page/elp.php
[Mon Nov 24 16:18:53.875733 2025] [:error] [pid 16593:tid 16611] [client 136.144.19.10:35399] [client 136.144.19.10] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/makeasmtp.php"] [unique_id "aSQU7RVGznHBJI2LKpQ0AgAAApA"]
[Mon Nov 24 16:18:55.196239 2025] [:error] [pid 48599:tid 48618] [client 216.24.219.233:27679] [client 216.24.219.233] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/about.php"] [unique_id "aSQU75zvu6PDJiRKE3IYGwAAAY8"]
[Mon Nov 24 16:18:56.828733 2025] [:error] [pid 16593:tid 16595] [client 216.24.219.235:53071] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen-667.php
[Mon Nov 24 16:19:00.806147 2025] [:error] [pid 16593:tid 16619] [client 216.24.219.235:53071] File does not exist: /usr/local/apache/htdocs/suspended-page/network.php
[Mon Nov 24 16:19:01.363925 2025] [:error] [pid 16593:tid 16596] [client 216.24.219.235:53071] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php
[Mon Nov 24 16:19:01.969087 2025] [:error] [pid 16593:tid 16600] [client 216.24.219.235:53071] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-mail.php
[Mon Nov 24 16:19:04.896364 2025] [:error] [pid 16593:tid 16617] [client 216.24.219.235:53071] File does not exist: /usr/local/apache/htdocs/suspended-page/yanz.php
[Mon Nov 24 16:19:08.936156 2025] [:error] [pid 16593:tid 16597] [client 216.24.219.235:53071] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/zmFM.php
[Mon Nov 24 16:19:19.834172 2025] [:error] [pid 16593:tid 16614] [client 216.24.219.235:53071] File does not exist: /usr/local/apache/htdocs/suspended-page/tiny.php
[Mon Nov 24 16:19:20.605252 2025] [:error] [pid 16593:tid 16601] [client 216.24.219.235:53071] File does not exist: /usr/local/apache/htdocs/suspended-page/edit.php
[Mon Nov 24 16:19:21.107974 2025] [:error] [pid 16593:tid 16616] [client 216.24.219.235:53071] File does not exist: /usr/local/apache/htdocs/suspended-page/first.php
[Mon Nov 24 16:19:24.828867 2025] [:error] [pid 16593:tid 16603] [client 216.24.219.235:53071] [client 216.24.219.235] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/index.php"] [unique_id "aSQVDBVGznHBJI2LKpQ0IwAAAog"]
[Mon Nov 24 16:19:30.542665 2025] [:error] [pid 16593:tid 16619] [client 216.24.219.191:65071] [client 216.24.219.191] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/bak.php"] [unique_id "aSQVEhVGznHBJI2LKpQ0KwAAApg"]
[Mon Nov 24 16:19:31.475956 2025] [:error] [pid 9630:tid 9650] [client 216.24.219.197:52721] File does not exist: /usr/local/apache/htdocs/suspended-page/bs1.php
[Mon Nov 24 16:19:32.993183 2025] [:error] [pid 9630:tid 9634] [client 216.24.219.197:52721] [client 216.24.219.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/wp-login.php"] [unique_id "aSQVFCrSgUgPGkizt2rhLAAAAEI"]
[Mon Nov 24 16:19:37.079242 2025] [:error] [pid 9630:tid 9654] [client 216.24.219.225:58935] File does not exist: /usr/local/apache/htdocs/suspended-page/cron.php
[Mon Nov 24 16:19:38.995276 2025] [:error] [pid 9630:tid 9645] [client 216.24.219.225:58935] File does not exist: /usr/local/apache/htdocs/suspended-page/db.php
[Mon Nov 24 16:19:40.008800 2025] [:error] [pid 9630:tid 9632] [client 216.24.219.225:58935] [client 216.24.219.225] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/fm.php"] [unique_id "aSQVHCrSgUgPGkizt2rhNwAAAEA"]
[Mon Nov 24 16:19:41.415906 2025] [:error] [pid 16516:tid 16526] [client 104.234.19.110:25579] [client 104.234.19.110] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/index.php"] [unique_id "aSQVHfqZbniwaNwL8XnbuQAAAQc"]
[Mon Nov 24 16:19:43.005185 2025] [:error] [pid 48600:tid 48645] [client 216.24.219.192:47161] [client 216.24.219.192] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 216.24.219.192, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-content/upgrade-temp-backup/wp-login.php"] [unique_id "aSQVH_tOzSUAQvWVjBdxQgAAAc8"]
[Mon Nov 24 16:19:43.648734 2025] [:error] [pid 48600:tid 48630] [client 216.24.219.192:47161] File does not exist: /usr/local/apache/htdocs/suspended-page/a.php
[Mon Nov 24 16:19:45.176710 2025] [:error] [pid 48600:tid 48634] [client 216.24.219.192:47161] [client 216.24.219.192] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/themes.php"] [unique_id "aSQVIftOzSUAQvWVjBdxRQAAAcQ"]
[Mon Nov 24 16:19:47.386847 2025] [:error] [pid 16441:tid 16447] [client 216.24.219.197:38811] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Mon Nov 24 16:19:48.411876 2025] [:error] [pid 16441:tid 16468] [client 216.24.219.197:38811] File does not exist: /usr/local/apache/htdocs/suspended-page/back.php
[Mon Nov 24 16:19:54.768485 2025] [:error] [pid 16441:tid 16461] [client 216.24.219.197:38811] [client 216.24.219.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/wp-includes_function.php"] [unique_id "aSQVKoq_bc5MOa9HflkeVwAAAJE"]
[Mon Nov 24 16:19:55.876211 2025] [:error] [pid 16549:tid 16576] [client 216.24.219.232:53485] File does not exist: /usr/local/apache/htdocs/suspended-page/new.php
[Mon Nov 24 16:19:57.418059 2025] [:error] [pid 16549:tid 16561] [client 216.24.219.232:53485] [client 216.24.219.232] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/about.php"] [unique_id "aSQVLaeWW19A99PUw_cwawAAAUk"]
[Mon Nov 24 16:19:59.182286 2025] [:error] [pid 48600:tid 48646] [client 104.234.19.114:22449] File does not exist: /usr/local/apache/htdocs/suspended-page/phpfm3.php
[Mon Nov 24 16:19:59.650434 2025] [:error] [pid 48600:tid 48641] [client 104.234.19.114:22449] [client 104.234.19.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/codemirror/about.php"] [unique_id "aSQVL_tOzSUAQvWVjBdxTAAAAcs"]
[Mon Nov 24 16:20:07.174968 2025] [:error] [pid 9630:tid 9652] [client 216.24.219.232:44333] File does not exist: /usr/local/apache/htdocs/suspended-page/post.php
[Mon Nov 24 16:20:07.668838 2025] [:error] [pid 9630:tid 9636] [client 216.24.219.232:44333] [client 216.24.219.232] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 216.24.219.232, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-content/languages/themes/wp-login.php"] [unique_id "aSQVNyrSgUgPGkizt2rhUAAAAEQ"]
[Mon Nov 24 16:20:11.938681 2025] [:error] [pid 9630:tid 9638] [client 216.24.219.232:44333] [client 216.24.219.232] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-supports/index.php"] [unique_id "aSQVOyrSgUgPGkizt2rhVgAAAEY"]
[Mon Nov 24 16:20:13.214849 2025] [:error] [pid 49900:tid 49905] [client 216.24.219.198:38551] [client 216.24.219.198] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/about.php"] [unique_id "aSQVPTCyPLrvg06aorkAAwAAAAM"]
[Mon Nov 24 16:20:18.363531 2025] [:error] [pid 16549:tid 16556] [client 216.24.219.205:60309] File does not exist: /usr/local/apache/htdocs/suspended-page/randkeyword.php
[Mon Nov 24 16:20:23.434093 2025] [:error] [pid 16549:tid 16554] [client 216.24.219.205:60309] File does not exist: /usr/local/apache/htdocs/suspended-page/xxx.php
[Mon Nov 24 16:20:25.862136 2025] [:error] [pid 16549:tid 16562] [client 216.24.219.205:60309] File does not exist: /usr/local/apache/htdocs/suspended-page/lv.php
[Mon Nov 24 16:20:26.607869 2025] [:error] [pid 16549:tid 16571] [client 216.24.219.205:60309] File does not exist: /usr/local/apache/htdocs/suspended-page/zip.php
[Mon Nov 24 16:20:29.418412 2025] [:error] [pid 16549:tid 16553] [client 216.24.219.205:60309] [client 216.24.219.205] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-patterns/about.php"] [unique_id "aSQVTaeWW19A99PUw_cwggAAAUE"]
[Mon Nov 24 16:20:31.970077 2025] [:error] [pid 48600:tid 48633] [client 104.234.19.114:46169] [client 104.234.19.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/about.php"] [unique_id "aSQVT_tOzSUAQvWVjBdxWQAAAcM"]
[Mon Nov 24 16:20:33.293706 2025] [:error] [pid 48601:tid 48669] [client 216.24.219.224:29551] [client 216.24.219.224] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/about.php"] [unique_id "aSQVUYMM4MaVTk74-AanfQAAAgw"]
[Mon Nov 24 16:20:35.515546 2025] [:error] [pid 16441:tid 16455] [client 216.24.219.192:50887] [client 216.24.219.192] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Content/index.php"] [unique_id "aSQVU4q_bc5MOa9HflkemAAAAIs"]
[Mon Nov 24 16:20:36.901447 2025] [:error] [pid 16441:tid 16447] [client 216.24.219.197:30633] [client 216.24.219.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/autoload_classmap.php"] [unique_id "aSQVVIq_bc5MOa9HflkemQAAAIM"]
[Mon Nov 24 16:20:41.296985 2025] [:error] [pid 48599:tid 48617] [client 216.24.219.239:52005] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-cron.php
[Mon Nov 24 16:20:41.849062 2025] [:error] [pid 48599:tid 48623] [client 216.24.219.239:52005] [client 216.24.219.239] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/autoload_classmap.php"] [unique_id "aSQVWZzvu6PDJiRKE3IYWwAAAZQ"]
[Mon Nov 24 16:20:43.864978 2025] [:error] [pid 16593:tid 16614] [client 216.24.219.233:51071] File does not exist: /usr/local/apache/htdocs/suspended-page/jp.php
[Mon Nov 24 16:20:44.525789 2025] [:error] [pid 16593:tid 16596] [client 216.24.219.233:51071] File does not exist: /usr/local/apache/htdocs/suspended-page/rcc.php
[Mon Nov 24 16:20:46.244162 2025] [:error] [pid 16593:tid 16601] [client 216.24.219.233:51071] [client 216.24.219.233] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/pomo/about.php"] [unique_id "aSQVXhVGznHBJI2LKpQ0RQAAAoY"]
[Mon Nov 24 16:20:48.640175 2025] [:error] [pid 16549:tid 16568] [client 216.24.219.225:49021] File does not exist: /usr/local/apache/htdocs/suspended-page/class.api.php
[Mon Nov 24 16:20:49.393402 2025] [:error] [pid 16549:tid 16567] [client 216.24.219.225:49021] File does not exist: /usr/local/apache/htdocs/suspended-page/layout.php
[Mon Nov 24 16:20:50.587578 2025] [:error] [pid 16549:tid 16558] [client 216.24.219.225:49021] [client 216.24.219.225] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/rest-api/about.php"] [unique_id "aSQVYqeWW19A99PUw_cwhgAAAUY"]
[Mon Nov 24 16:20:52.505331 2025] [:error] [pid 16441:tid 16455] [client 216.24.219.239:35157] File does not exist: /usr/local/apache/htdocs/suspended-page/history.php
[Mon Nov 24 16:20:52.978782 2025] [:error] [pid 16441:tid 16446] [client 216.24.219.239:35157] [client 216.24.219.239] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/autoload_classmap.php"] [unique_id "aSQVZIq_bc5MOa9HflkeoAAAAII"]
[Mon Nov 24 16:20:57.476493 2025] [:error] [pid 9630:tid 9636] [client 104.234.19.111:56641] [client 104.234.19.111] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/rest-api/autoload_classmap.php"] [unique_id "aSQVaSrSgUgPGkizt2rhdAAAAEQ"]
[Mon Nov 24 16:20:58.486198 2025] [:error] [pid 16549:tid 16566] [client 104.234.19.113:35831] [client 104.234.19.113] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sitemaps/providers/zmFM.php"] [unique_id "aSQVaqeWW19A99PUw_cwiQAAAU4"]
[Mon Nov 24 16:21:02.381678 2025] [:error] [pid 9630:tid 9638] [client 104.234.19.113:59877] [client 104.234.19.113] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/autoload_classmap.php"] [unique_id "aSQVbirSgUgPGkizt2rhewAAAEY"]
[Mon Nov 24 16:21:05.741465 2025] [:error] [pid 9630:tid 9641] [client 216.24.219.193:27035] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Mon Nov 24 16:21:07.357150 2025] [:error] [pid 9630:tid 9644] [client 216.24.219.193:27035] File does not exist: /usr/local/apache/htdocs/suspended-page/cong.php
[Mon Nov 24 16:21:07.976611 2025] [:error] [pid 9630:tid 9655] [client 216.24.219.193:27035] [client 216.24.219.193] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 216.24.219.193, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/cgi-bin/wp-login.php"] [unique_id "aSQVcyrSgUgPGkizt2rhgwAAAFc"]
[Mon Nov 24 16:21:08.889925 2025] [:error] [pid 9630:tid 9633] [client 216.24.219.193:27035] [client 216.24.219.193] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/wp-login.php"] [unique_id "aSQVdCrSgUgPGkizt2rhjAAAAEE"]
[Mon Nov 24 16:21:14.422681 2025] [:error] [pid 49900:tid 49909] [client 216.24.219.215:62233] [client 216.24.219.215] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/wp-login.php"] [unique_id "aSQVejCyPLrvg06aorkAPgAAAAc"]
[Mon Nov 24 16:21:15.744809 2025] [:error] [pid 16516:tid 16540] [client 216.24.219.227:64163] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-links.php
[Mon Nov 24 16:21:16.547084 2025] [:error] [pid 16516:tid 16539] [client 216.24.219.227:64163] File does not exist: /usr/local/apache/htdocs/suspended-page/makeasmtp.php
[Mon Nov 24 16:21:19.286346 2025] [:error] [pid 16516:tid 16532] [client 216.24.219.227:64163] File does not exist: /usr/local/apache/htdocs/suspended-page/login.php
[Mon Nov 24 16:21:24.033980 2025] [:error] [pid 16516:tid 16526] [client 216.24.219.227:64163] [client 216.24.219.227] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 216.24.219.227, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/maint/wp-login.php"] [unique_id "aSQVhPqZbniwaNwL8Xnb6QAAAQc"]
[Mon Nov 24 16:21:25.999050 2025] [:error] [pid 16516:tid 16536] [client 216.24.219.227:64163] [client 216.24.219.227] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/fonts/autoload_classmap.php"] [unique_id "aSQVhfqZbniwaNwL8Xnb6gAAARE"]
[Mon Nov 24 16:21:29.218306 2025] [:error] [pid 48599:tid 48604] [client 216.24.219.239:33557] [client 216.24.219.239] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/network.php"] [unique_id "aSQViZzvu6PDJiRKE3IYmwAAAYE"]
[Mon Nov 24 16:21:31.445659 2025] [:error] [pid 48599:tid 48620] [client 216.24.219.227:28391] [client 216.24.219.227] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/index.php"] [unique_id "aSQVi5zvu6PDJiRKE3IYnQAAAZE"]
[Mon Nov 24 16:21:47.909227 2025] [:error] [pid 16441:tid 16466] [client 216.24.219.237:61299] File does not exist: /usr/local/apache/htdocs/suspended-page/wander.php
[Mon Nov 24 16:21:49.113540 2025] [:error] [pid 16441:tid 16468] [client 216.24.219.237:61299] [client 216.24.219.237] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/php-compat/autoload_classmap.php"] [unique_id "aSQVnYq_bc5MOa9HflkeyQAAAJg"]
[Mon Nov 24 16:21:54.249731 2025] [:error] [pid 9630:tid 9635] [client 216.24.219.235:53739] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-config-sample.php
[Mon Nov 24 16:21:58.068062 2025] [:error] [pid 9630:tid 9642] [client 216.24.219.235:53739] File does not exist: /usr/local/apache/htdocs/suspended-page/manager.php
[Mon Nov 24 16:22:02.755461 2025] [:error] [pid 9630:tid 9645] [client 216.24.219.235:53739] File does not exist: /usr/local/apache/htdocs/suspended-page/users.php
[Mon Nov 24 16:22:03.384633 2025] [:error] [pid 9630:tid 9651] [client 216.24.219.235:53739] [client 216.24.219.235] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-patterns/autoload_classmap.php"] [unique_id "aSQVqyrSgUgPGkizt2rhyQAAAFM"]
[Mon Nov 24 16:22:16.489953 2025] [:error] [pid 16516:tid 16530] [client 216.24.219.230:42809] File does not exist: /usr/local/apache/htdocs/suspended-page/sim.php
[Mon Nov 24 16:22:18.211885 2025] [:error] [pid 16516:tid 16537] [client 216.24.219.230:42809] [client 216.24.219.230] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/index.php"] [unique_id "aSQVuvqZbniwaNwL8XncAAAAARI"]
[Mon Nov 24 16:22:20.075766 2025] [:error] [pid 9630:tid 9638] [client 216.24.219.240:62455] File does not exist: /usr/local/apache/htdocs/suspended-page/function.php
[Mon Nov 24 16:22:21.989928 2025] [:error] [pid 9630:tid 9644] [client 216.24.219.240:62455] [client 216.24.219.240] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/about.php"] [unique_id "aSQVvSrSgUgPGkizt2rh6QAAAEw"]
[Mon Nov 24 16:22:25.550115 2025] [:error] [pid 16549:tid 16563] [client 216.24.219.240:27853] [client 216.24.219.240] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/wp-login.php"] [unique_id "aSQVwaeWW19A99PUw_cwtwAAAUs"]
[Mon Nov 24 16:22:28.336959 2025] [:error] [pid 48600:tid 48635] [client 216.24.219.203:20481] [client 216.24.219.203] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/index.php"] [unique_id "aSQVxPtOzSUAQvWVjBdxiwAAAcU"]
[Mon Nov 24 16:22:30.242686 2025] [:error] [pid 48599:tid 48620] [client 216.24.219.208:36049] [client 216.24.219.208] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/index.php"] [unique_id "aSQVxpzvu6PDJiRKE3IYtQAAAZE"]
[Mon Nov 24 16:22:32.209860 2025] [:error] [pid 9630:tid 9645] [client 216.24.219.233:62997] [client 216.24.219.233] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/about.php"] [unique_id "aSQVyCrSgUgPGkizt2rh7QAAAE0"]
[Mon Nov 24 16:22:36.587730 2025] [:error] [pid 16593:tid 16607] [client 216.24.219.224:50799] [client 216.24.219.224] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/codemirror/index.php"] [unique_id "aSQVzBVGznHBJI2LKpQ0iQAAAow"]
[Mon Nov 24 16:22:41.957664 2025] [:error] [pid 48600:tid 48654] [client 216.24.219.236:61117] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-mail.php
[Mon Nov 24 16:22:43.602301 2025] [:error] [pid 48600:tid 48641] [client 216.24.219.236:61117] [client 216.24.219.236] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/autoload_classmap.php"] [unique_id "aSQV0_tOzSUAQvWVjBdxnAAAAcs"]
[Mon Nov 24 16:22:45.946189 2025] [:error] [pid 48600:tid 48647] [client 216.24.219.203:37335] File does not exist: /usr/local/apache/htdocs/suspended-page/admin-post.php
[Mon Nov 24 16:22:47.406772 2025] [:error] [pid 48600:tid 48632] [client 216.24.219.203:37335] File does not exist: /usr/local/apache/htdocs/suspended-page/conf_upload.php
[Mon Nov 24 16:22:48.182294 2025] [:error] [pid 48600:tid 48631] [client 216.24.219.203:37335] [client 216.24.219.203] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/about.php"] [unique_id "aSQV2PtOzSUAQvWVjBdxoQAAAcE"]
[Mon Nov 24 16:22:51.279765 2025] [:error] [pid 16441:tid 16444] [client 216.24.219.193:61215] [client 216.24.219.193] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/src/index.php"] [unique_id "aSQV24q_bc5MOa9Hflke-QAAAIA"]
[Mon Nov 24 16:22:53.682137 2025] [:error] [pid 48599:tid 48606] [client 216.24.219.198:26259] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-configs.php
[Mon Nov 24 16:22:55.494493 2025] [:error] [pid 48599:tid 48612] [client 216.24.219.198:26259] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/license.php
[Mon Nov 24 16:22:59.802649 2025] [:error] [pid 48599:tid 48605] [client 216.24.219.198:26259] File does not exist: /usr/local/apache/htdocs/suspended-page/f35.php
[Mon Nov 24 16:23:01.250598 2025] [:error] [pid 48599:tid 48626] [client 216.24.219.198:26259] [client 216.24.219.198] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/autoload_classmap.php"] [unique_id "aSQV5Zzvu6PDJiRKE3IY5gAAAZc"]
[Mon Nov 24 16:23:03.329716 2025] [:error] [pid 16593:tid 16619] [client 216.24.219.215:36679] File does not exist: /usr/local/apache/htdocs/suspended-page/edit.php
[Mon Nov 24 16:23:05.597619 2025] [:error] [pid 16593:tid 16615] [client 216.24.219.215:36679] File does not exist: /usr/local/apache/htdocs/suspended-page/files.php
[Mon Nov 24 16:23:06.973955 2025] [:error] [pid 16593:tid 16614] [client 216.24.219.215:36679] File does not exist: /usr/local/apache/htdocs/suspended-page/webadmin.php
[Mon Nov 24 16:23:10.904458 2025] [:error] [pid 16593:tid 16617] [client 216.24.219.215:36679] File does not exist: /usr/local/apache/htdocs/suspended-page/wsa.php
[Mon Nov 24 16:23:11.866611 2025] [:error] [pid 16593:tid 16608] [client 216.24.219.215:36679] File does not exist: /usr/local/apache/htdocs/suspended-page/tinyfilemanager.php
[Mon Nov 24 16:23:16.502683 2025] [:error] [pid 16593:tid 16600] [client 216.24.219.215:36679] File does not exist: /usr/local/apache/htdocs/suspended-page/woh.php
[Mon Nov 24 16:23:17.424213 2025] [:error] [pid 16593:tid 16598] [client 216.24.219.215:36679] [client 216.24.219.215] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/autoload_classmap.php"] [unique_id "aSQV9RVGznHBJI2LKpQ0pgAAAoM"]
[Mon Nov 24 16:23:18.705872 2025] [:error] [pid 49900:tid 49916] [client 104.234.19.115:32965] [client 104.234.19.115] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/about.php"] [unique_id "aSQV9jCyPLrvg06aorkAlwAAAA4"]
[Mon Nov 24 16:23:22.630040 2025] [:error] [pid 48599:tid 48621] [client 216.24.219.240:28485] File does not exist: /usr/local/apache/htdocs/suspended-page/bless.php
[Mon Nov 24 16:23:23.185329 2025] [:error] [pid 48599:tid 48624] [client 216.24.219.240:28485] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-trackback.php
[Mon Nov 24 16:23:23.709392 2025] [:error] [pid 48599:tid 48625] [client 216.24.219.240:28485] File does not exist: /usr/local/apache/htdocs/suspended-page/info.php
[Mon Nov 24 16:23:24.371486 2025] [:error] [pid 48599:tid 48623] [client 216.24.219.240:28485] [client 216.24.219.240] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/html-api/index.php"] [unique_id "aSQV_Jzvu6PDJiRKE3IZCAAAAZQ"]
[Mon Nov 24 16:23:25.887343 2025] [:error] [pid 49900:tid 49926] [client 216.24.219.214:41001] [client 216.24.219.214] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-supports/autoload_classmap.php"] [unique_id "aSQV_TCyPLrvg06aorkAmwAAABg"]
[Mon Nov 24 16:23:31.751005 2025] [:error] [pid 48688:tid 48696] [client 216.24.219.242:35707] File does not exist: /usr/local/apache/htdocs/suspended-page/buy.php
[Mon Nov 24 16:23:32.530698 2025] [:error] [pid 48688:tid 48714] [client 216.24.219.242:35707] [client 216.24.219.242] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/fonts/wp-login.php"] [unique_id "aSQWBBm2q1FkzLam7A2R9wAAAlY"]
[Mon Nov 24 16:23:33.997530 2025] [:error] [pid 9630:tid 9656] [client 216.24.219.219:47267] File does not exist: /usr/local/apache/htdocs/suspended-page/readme.php
[Mon Nov 24 16:23:34.733217 2025] [:error] [pid 9630:tid 9651] [client 216.24.219.219:47267] File does not exist: /usr/local/apache/htdocs/suspended-page/sck.php
[Mon Nov 24 16:23:35.282257 2025] [:error] [pid 9630:tid 9635] [client 216.24.219.219:47267] File does not exist: /usr/local/apache/htdocs/suspended-page/fm.php
[Mon Nov 24 16:23:39.414119 2025] [:error] [pid 9630:tid 9634] [client 216.24.219.219:47267] File does not exist: /usr/local/apache/htdocs/suspended-page/packed.php
[Mon Nov 24 16:23:40.133370 2025] [:error] [pid 9630:tid 9638] [client 216.24.219.219:47267] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Mon Nov 24 16:23:41.636052 2025] [:error] [pid 9630:tid 9639] [client 216.24.219.219:47267] [client 216.24.219.219] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/autoload_classmap.php"] [unique_id "aSQWDSrSgUgPGkizt2riIgAAAEc"]
[Mon Nov 24 16:23:46.719777 2025] [:error] [pid 16593:tid 16605] [client 216.24.219.221:33305] [client 216.24.219.221] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 216.24.219.221, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/wp-login.php"] [unique_id "aSQWEhVGznHBJI2LKpQ0rQAAAoo"]
[Mon Nov 24 16:23:47.184590 2025] [:error] [pid 16593:tid 16595] [client 216.24.219.221:33305] File does not exist: /usr/local/apache/htdocs/suspended-page/plugin.php
[Mon Nov 24 16:23:47.643798 2025] [:error] [pid 16593:tid 16602] [client 216.24.219.221:33305] [client 216.24.219.221] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/blocks/table/int/tmpl/index.php"] [unique_id "aSQWExVGznHBJI2LKpQ0rwAAAoc"]
[Mon Nov 24 16:23:49.719856 2025] [:error] [pid 16593:tid 16610] [client 216.24.219.239:48155] [client 216.24.219.239] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/index.php"] [unique_id "aSQWFRVGznHBJI2LKpQ0sQAAAo8"]
[Mon Nov 24 16:23:55.838085 2025] [:error] [pid 16441:tid 16453] [client 136.144.19.4:54723] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Mon Nov 24 16:23:57.578318 2025] [:error] [pid 16441:tid 16457] [client 136.144.19.4:54723] File does not exist: /usr/local/apache/htdocs/suspended-page/load.php
[Mon Nov 24 16:23:58.374968 2025] [:error] [pid 16441:tid 16459] [client 136.144.19.4:54723] [client 136.144.19.4] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/dist/autoload_classmap.php"] [unique_id "aSQWHoq_bc5MOa9HflkfWAAAAI8"]
[Mon Nov 24 16:24:02.593680 2025] [:error] [pid 48688:tid 48705] [client 216.24.219.231:27955] File does not exist: /usr/local/apache/htdocs/suspended-page/edit-tags.php
[Mon Nov 24 16:24:03.046227 2025] [:error] [pid 48688:tid 48710] [client 216.24.219.231:27955] [client 216.24.219.231] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/rk2.php"] [unique_id "aSQWIxm2q1FkzLam7A2SCQAAAlI"]
[Mon Nov 24 16:24:04.525302 2025] [:error] [pid 48688:tid 48715] [client 216.24.219.210:29031] File does not exist: /usr/local/apache/htdocs/suspended-page/autoload_classmap.php
[Mon Nov 24 16:24:05.907303 2025] [:error] [pid 48688:tid 48711] [client 216.24.219.210:29031] File does not exist: /usr/local/apache/htdocs/suspended-page/lock.php
[Mon Nov 24 16:24:06.973953 2025] [:error] [pid 48688:tid 48697] [client 216.24.219.210:29031] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/cloud.php
[Mon Nov 24 16:24:10.237920 2025] [:error] [pid 48688:tid 48696] [client 216.24.219.210:29031] File does not exist: /usr/local/apache/htdocs/suspended-page/product.php
[Mon Nov 24 16:24:11.412778 2025] [:error] [pid 48688:tid 48703] [client 216.24.219.210:29031] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/class_api.php
[Mon Nov 24 16:24:13.115410 2025] [:error] [pid 48688:tid 48712] [client 216.24.219.210:29031] [client 216.24.219.210] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/plugin.php"] [unique_id "aSQWLRm2q1FkzLam7A2SFwAAAlQ"]
[Mon Nov 24 16:24:14.960300 2025] [:error] [pid 9630:tid 9650] [client 216.24.219.230:50361] File does not exist: /usr/local/apache/htdocs/suspended-page/base.php
[Mon Nov 24 16:24:16.024006 2025] [:error] [pid 9630:tid 9647] [client 216.24.219.230:50361] File does not exist: /usr/local/apache/htdocs/suspended-page/zero.php
[Mon Nov 24 16:24:18.164349 2025] [:error] [pid 9630:tid 9645] [client 216.24.219.230:50361] [client 216.24.219.230] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/wp-tinymce.php"] [unique_id "aSQWMirSgUgPGkizt2riNQAAAE0"]
[Mon Nov 24 16:24:20.283698 2025] [:error] [pid 48600:tid 48630] [client 216.24.219.202:20645] File does not exist: /usr/local/apache/htdocs/suspended-page/style.php
[Mon Nov 24 16:24:20.744946 2025] [:error] [pid 48600:tid 48637] [client 216.24.219.202:20645] File does not exist: /usr/local/apache/htdocs/suspended-page/db.php
[Mon Nov 24 16:24:21.274713 2025] [:error] [pid 48600:tid 48642] [client 216.24.219.202:20645] [client 216.24.219.202] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 216.24.219.202, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/wp-login.php"] [unique_id "aSQWNftOzSUAQvWVjBdxwAAAAcw"]
[Mon Nov 24 16:24:21.279702 2025] [:error] [pid 48600:tid 48642] [client 216.24.219.202:20645] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/wp-login.php
[Mon Nov 24 16:24:23.730045 2025] [:error] [pid 48600:tid 48645] [client 216.24.219.202:20645] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-set.php
[Mon Nov 24 16:24:24.294302 2025] [:error] [pid 48600:tid 48650] [client 216.24.219.202:20645] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Mon Nov 24 16:24:25.721237 2025] [:error] [pid 48600:tid 48651] [client 216.24.219.202:20645] [client 216.24.219.202] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/mah.php"] [unique_id "aSQWOftOzSUAQvWVjBdxxwAAAdU"]
[Mon Nov 24 16:24:27.210748 2025] [:error] [pid 9630:tid 9654] [client 136.144.19.4:46481] [client 136.144.19.4] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 136.144.19.4, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/css/colors/sunrise/wp-login.php"] [unique_id "aSQWOyrSgUgPGkizt2riTwAAAFY"]
[Mon Nov 24 16:24:28.406444 2025] [:error] [pid 9630:tid 9654] [client 136.144.19.4:46481] [client 136.144.19.4] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/lmfi.php"] [unique_id "aSQWPCrSgUgPGkizt2riUQAAAFY"]
[Mon Nov 24 16:24:33.248242 2025] [:error] [pid 48688:tid 48716] [client 216.24.219.227:60607] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/file.php
[Mon Nov 24 16:24:36.608996 2025] [:error] [pid 48688:tid 48702] [client 216.24.219.227:60607] [client 216.24.219.227] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/langs/about.php"] [unique_id "aSQWRBm2q1FkzLam7A2SMAAAAko"]
[Mon Nov 24 16:24:38.772495 2025] [:error] [pid 49900:tid 49924] [client 216.24.219.194:50795] File does not exist: /usr/local/apache/htdocs/suspended-page/moon.php
[Mon Nov 24 16:24:39.771451 2025] [:error] [pid 49900:tid 49914] [client 216.24.219.194:50795] [client 216.24.219.194] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/about.php"] [unique_id "aSQWRzCyPLrvg06aorkAyQAAAAw"]
[Mon Nov 24 16:24:41.808162 2025] [:error] [pid 16441:tid 16461] [client 104.234.19.115:33803] [client 104.234.19.115] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 104.234.19.115, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/css/colors/light/wp-login.php"] [unique_id "aSQWSYq_bc5MOa9HflkfpgAAAJE"]
[Mon Nov 24 16:24:45.271278 2025] [:error] [pid 16441:tid 16458] [client 104.234.19.115:33803] File does not exist: /usr/local/apache/htdocs/suspended-page/pages.php
[Mon Nov 24 16:24:45.955132 2025] [:error] [pid 16441:tid 16459] [client 104.234.19.115:33803] File does not exist: /usr/local/apache/htdocs/suspended-page/bulk.php
[Mon Nov 24 16:24:46.529334 2025] [:error] [pid 16441:tid 16462] [client 104.234.19.115:33803] File does not exist: /usr/local/apache/htdocs/suspended-page/kk.php
[Mon Nov 24 16:24:48.037564 2025] [:error] [pid 16441:tid 16459] [client 104.234.19.115:33803] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-logout.php
[Mon Nov 24 16:24:48.608402 2025] [:error] [pid 16441:tid 16445] [client 104.234.19.115:33803] [client 104.234.19.115] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/blocks/button/index.php"] [unique_id "aSQWUIq_bc5MOa9Hflkf1gAAAIE"]
[Mon Nov 24 16:24:51.167312 2025] [:error] [pid 16516:tid 16542] [client 216.24.219.191:52819] [client 216.24.219.191] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/packed.php"] [unique_id "aSQWU_qZbniwaNwL8XncMgAAARc"]
[Mon Nov 24 16:24:52.377569 2025] [:error] [pid 49900:tid 49909] [client 216.24.219.198:23767] File does not exist: /usr/local/apache/htdocs/suspended-page/classwithtostring.php
[Mon Nov 24 16:24:53.129069 2025] [:error] [pid 49900:tid 49913] [client 216.24.219.198:23767] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-setup.php
[Mon Nov 24 16:24:58.460586 2025] [:error] [pid 49900:tid 49904] [client 216.24.219.198:23767] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-editor.php
[Mon Nov 24 16:24:59.062049 2025] [:error] [pid 49900:tid 49913] [client 216.24.219.198:23767] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-simple.php
[Mon Nov 24 16:25:02.942840 2025] [:error] [pid 49900:tid 49917] [client 216.24.219.198:23767] [client 216.24.219.198] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/file.php"] [unique_id "aSQWXjCyPLrvg06aorkA5gAAAA8"]
[Mon Nov 24 16:25:05.398438 2025] [:error] [pid 16441:tid 16453] [client 216.24.219.227:37081] [client 216.24.219.227] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/chosen.php"] [unique_id "aSQWYYq_bc5MOa9Hflkf7QAAAIk"]
[Mon Nov 24 16:25:11.045076 2025] [:error] [pid 16441:tid 16448] [client 216.24.219.229:34455] [client 216.24.219.229] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/Cache/about.php"] [unique_id "aSQWZ4q_bc5MOa9Hflkf_AAAAIQ"]
[Mon Nov 24 16:25:14.957344 2025] [:error] [pid 16516:tid 16529] [client 216.24.219.231:41117] File does not exist: /usr/local/apache/htdocs/suspended-page/hehehehe.php
[Mon Nov 24 16:25:17.007496 2025] [:error] [pid 16516:tid 16531] [client 216.24.219.231:41117] [client 216.24.219.231] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 216.24.219.231, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-content/languages/wp-login.php"] [unique_id "aSQWbfqZbniwaNwL8XncSQAAAQw"]
[Mon Nov 24 16:25:17.874248 2025] [:error] [pid 16516:tid 16533] [client 216.24.219.231:41117] [client 216.24.219.231] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/about.php"] [unique_id "aSQWbfqZbniwaNwL8XncSgAAAQ4"]
[Mon Nov 24 16:25:22.099308 2025] [:error] [pid 48601:tid 48659] [client 104.234.19.114:51459] File does not exist: /usr/local/apache/htdocs/suspended-page/header.php
[Mon Nov 24 16:25:23.012004 2025] [:error] [pid 48601:tid 48677] [client 104.234.19.114:51459] File does not exist: /usr/local/apache/htdocs/suspended-page/gecko.php
[Mon Nov 24 16:25:24.454196 2025] [:error] [pid 48601:tid 48658] [client 104.234.19.114:51459] [client 104.234.19.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/about.php"] [unique_id "aSQWdIMM4MaVTk74-Aao5QAAAgE"]
[Mon Nov 24 16:25:25.475437 2025] [:error] [pid 16549:tid 16576] [client 216.24.219.232:54541] [client 216.24.219.232] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Text/wp-login.php"] [unique_id "aSQWdaeWW19A99PUw_cxQwAAAVc"]
[Mon Nov 24 16:25:27.304013 2025] [:error] [pid 48601:tid 48679] [client 216.24.219.192:48201] File does not exist: /usr/local/apache/htdocs/suspended-page/bk.php
[Mon Nov 24 16:25:30.289882 2025] [:error] [pid 48601:tid 48659] [client 216.24.219.192:48201] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/moon.php
[Mon Nov 24 16:25:33.549216 2025] [:error] [pid 48601:tid 48657] [client 216.24.219.192:48201] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/dropdown.php
[Mon Nov 24 16:25:35.851565 2025] [:error] [pid 48601:tid 48668] [client 216.24.219.192:48201] [client 216.24.219.192] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/function.php"] [unique_id "aSQWf4MM4MaVTk74-Aao_QAAAgs"]
[Mon Nov 24 16:25:37.163093 2025] [:error] [pid 16593:tid 16614] [client 216.24.219.234:38523] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Mon Nov 24 16:25:37.927751 2025] [:error] [pid 16593:tid 16607] [client 216.24.219.234:38523] File does not exist: /usr/local/apache/htdocs/suspended-page/sym.php
[Mon Nov 24 16:25:40.678282 2025] [:error] [pid 16593:tid 16603] [client 216.24.219.234:38523] [client 216.24.219.234] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/votes.php"] [unique_id "aSQWhBVGznHBJI2LKpQ1HQAAAog"]
[Mon Nov 24 16:25:45.234085 2025] [:error] [pid 49900:tid 49902] [client 216.24.219.197:41873] File does not exist: /usr/local/apache/htdocs/suspended-page/sk.php
[Mon Nov 24 16:25:47.625914 2025] [:error] [pid 49900:tid 49917] [client 216.24.219.197:41873] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/blurbs.php
[Mon Nov 24 16:25:50.398256 2025] [:error] [pid 49900:tid 49906] [client 216.24.219.197:41873] [client 216.24.219.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/file.php"] [unique_id "aSQWjjCyPLrvg06aorkBCAAAAAQ"]
[Mon Nov 24 16:25:54.025749 2025] [:error] [pid 16593:tid 16611] [client 216.24.219.207:37881] [client 216.24.219.207] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/fonts/parx.php"] [unique_id "aSQWkhVGznHBJI2LKpQ1IwAAApA"]
[Mon Nov 24 16:25:58.519157 2025] [:error] [pid 48599:tid 48626] [client 216.24.219.208:62379] File does not exist: /usr/local/apache/htdocs/suspended-page/sys.php
[Mon Nov 24 16:26:02.541615 2025] [:error] [pid 48599:tid 48619] [client 216.24.219.208:62379] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-user.php
[Mon Nov 24 16:26:05.080906 2025] [:error] [pid 48599:tid 48603] [client 216.24.219.208:62379] File does not exist: /usr/local/apache/htdocs/suspended-page/customize.php
[Mon Nov 24 16:26:05.588113 2025] [:error] [pid 48599:tid 48609] [client 216.24.219.208:62379] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/content.php
[Mon Nov 24 16:26:06.052029 2025] [:error] [pid 48599:tid 48605] [client 216.24.219.208:62379] [client 216.24.219.208] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/dist/components/about.php"] [unique_id "aSQWnpzvu6PDJiRKE3IZfwAAAYI"]
[Mon Nov 24 16:26:07.351623 2025] [:error] [pid 16516:tid 16524] [client 216.24.219.202:23677] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/doc.php
[Mon Nov 24 16:26:08.142015 2025] [:error] [pid 16516:tid 16523] [client 216.24.219.202:23677] File does not exist: /usr/local/apache/htdocs/suspended-page/fm1.php
[Mon Nov 24 16:26:11.441354 2025] [:error] [pid 16516:tid 16532] [client 216.24.219.202:23677] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-settings.php
[Mon Nov 24 16:26:12.024116 2025] [:error] [pid 16516:tid 16529] [client 216.24.219.202:23677] [client 216.24.219.202] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/autoload_classmap.php"] [unique_id "aSQWpPqZbniwaNwL8XncVAAAAQo"]
[Mon Nov 24 16:26:13.182152 2025] [:error] [pid 49900:tid 49922] [client 104.234.19.114:42189] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-file.php
[Mon Nov 24 16:26:13.990734 2025] [:error] [pid 49900:tid 49925] [client 104.234.19.114:42189] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-content.php
[Mon Nov 24 16:26:17.668363 2025] [:error] [pid 49900:tid 49905] [client 104.234.19.114:42189] File does not exist: /usr/local/apache/htdocs/suspended-page/log.php
[Mon Nov 24 16:26:21.366364 2025] [:error] [pid 49900:tid 49914] [client 104.234.19.114:42189] File does not exist: /usr/local/apache/htdocs/suspended-page/ioxi01.php
[Mon Nov 24 16:26:22.972005 2025] [:error] [pid 49900:tid 49902] [client 104.234.19.114:42189] [client 104.234.19.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/item.php"] [unique_id "aSQWrjCyPLrvg06aorkBIQAAAAA"]
[Mon Nov 24 16:26:30.832904 2025] [:error] [pid 16516:tid 16539] [client 216.24.219.194:37597] [client 216.24.219.194] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 216.24.219.194, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/.well-known/pki-validation/wp-login.php"] [unique_id "aSQWtvqZbniwaNwL8XncYQAAARQ"]
[Mon Nov 24 16:26:31.473313 2025] [:error] [pid 16516:tid 16530] [client 216.24.219.194:37597] [client 216.24.219.194] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 216.24.219.194, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-content/plugins/classic-editor/wp-login.php"] [unique_id "aSQWt_qZbniwaNwL8XncYgAAAQs"]
[Mon Nov 24 16:26:32.301350 2025] [:error] [pid 16516:tid 16524] [client 216.24.219.194:37597] [client 216.24.219.194] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/mani.php"] [unique_id "aSQWuPqZbniwaNwL8XncYwAAAQU"]
[Mon Nov 24 16:26:33.638269 2025] [:error] [pid 16549:tid 16577] [client 216.24.219.234:63917] File does not exist: /usr/local/apache/htdocs/suspended-page/xx.php
[Mon Nov 24 16:26:39.911591 2025] [:error] [pid 16549:tid 16561] [client 216.24.219.234:63917] [client 216.24.219.234] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/network.php"] [unique_id "aSQWv6eWW19A99PUw_cxZwAAAUk"]
[Mon Nov 24 16:26:41.252454 2025] [:error] [pid 16549:tid 16574] [client 216.24.219.193:61213] File does not exist: /usr/local/apache/htdocs/suspended-page/images.php
[Mon Nov 24 16:26:42.063127 2025] [:error] [pid 16549:tid 16555] [client 216.24.219.193:61213] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-aespa.php
[Mon Nov 24 16:26:45.733738 2025] [:error] [pid 16549:tid 16563] [client 216.24.219.193:61213] [client 216.24.219.193] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/defaults.php"] [unique_id "aSQWxaeWW19A99PUw_cxagAAAUs"]
[Mon Nov 24 16:26:51.334048 2025] [:error] [pid 9630:tid 9640] [client 104.234.19.112:57513] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/mariju.php
[Mon Nov 24 16:26:53.761086 2025] [:error] [pid 9630:tid 9642] [client 104.234.19.112:57513] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/themes.php
[Mon Nov 24 16:26:55.569699 2025] [:error] [pid 9630:tid 9652] [client 104.234.19.112:57513] [client 104.234.19.112] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/plugins/fullscreen/about.php"] [unique_id "aSQWzyrSgUgPGkizt2rjSAAAAFQ"]
[Mon Nov 24 16:26:58.671970 2025] [:error] [pid 48599:tid 48621] [client 216.24.219.206:45691] [client 216.24.219.206] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-supports/about.php"] [unique_id "aSQW0pzvu6PDJiRKE3IZjgAAAZI"]
[Mon Nov 24 16:27:05.216371 2025] [:error] [pid 48688:tid 48702] [client 104.234.19.116:41727] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-l0gin.php
[Mon Nov 24 16:27:06.911165 2025] [:error] [pid 48688:tid 48704] [client 104.234.19.116:41727] [client 104.234.19.116] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 104.234.19.116, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-content/wp-login.php"] [unique_id "aSQW2hm2q1FkzLam7A2SoAAAAkw"]
[Mon Nov 24 16:27:10.256634 2025] [:error] [pid 48688:tid 48701] [client 104.234.19.116:41727] [client 104.234.19.116] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/file.php"] [unique_id "aSQW3hm2q1FkzLam7A2SpQAAAkk"]
[Mon Nov 24 16:27:11.392706 2025] [:error] [pid 49900:tid 49906] [client 216.24.219.236:55815] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-conflg.php
[Mon Nov 24 16:27:13.646016 2025] [:error] [pid 49900:tid 49918] [client 216.24.219.236:55815] [client 216.24.219.236] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/xBrain.php"] [unique_id "aSQW4TCyPLrvg06aorkBOQAAABA"]
[Mon Nov 24 16:27:15.149334 2025] [:error] [pid 49900:tid 49926] [client 216.24.219.206:44635] [client 216.24.219.206] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/certificates/autoload_classmap.php"] [unique_id "aSQW4zCyPLrvg06aorkBOgAAABg"]
[Mon Nov 24 16:27:19.277162 2025] [:error] [pid 48688:tid 48714] [client 216.24.219.235:52595] [client 216.24.219.235] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/index.php"] [unique_id "aSQW5xm2q1FkzLam7A2SrAAAAlY"]
[Mon Nov 24 16:27:25.685527 2025] [:error] [pid 16549:tid 16556] [client 216.24.219.221:30615] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/parx.php
[Mon Nov 24 16:27:26.775135 2025] [:error] [pid 16549:tid 16573] [client 216.24.219.221:30615] [client 216.24.219.221] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/css/dist/widgets/about.php"] [unique_id "aSQW7qeWW19A99PUw_cxeQAAAVQ"]
[Mon Nov 24 16:27:28.454798 2025] [:error] [pid 48601:tid 48660] [client 216.24.219.240:51683] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php
[Mon Nov 24 16:27:29.101678 2025] [:error] [pid 48601:tid 48665] [client 216.24.219.240:51683] File does not exist: /usr/local/apache/htdocs/suspended-page/0x.php
[Mon Nov 24 16:27:31.131900 2025] [:error] [pid 48601:tid 48671] [client 216.24.219.240:51683] File does not exist: /usr/local/apache/htdocs/suspended-page/wpn.php
[Mon Nov 24 16:27:31.914071 2025] [:error] [pid 48601:tid 48666] [client 216.24.219.240:51683] File does not exist: /usr/local/apache/htdocs/suspended-page/cloud.php
[Mon Nov 24 16:27:33.480672 2025] [:error] [pid 48601:tid 48659] [client 216.24.219.240:51683] File does not exist: /usr/local/apache/htdocs/suspended-page/upload.php
[Mon Nov 24 16:27:33.986031 2025] [:error] [pid 48601:tid 48670] [client 216.24.219.240:51683] File does not exist: /usr/local/apache/htdocs/suspended-page/init.php
[Mon Nov 24 16:27:34.874215 2025] [:error] [pid 48601:tid 48658] [client 216.24.219.240:51683] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-blog.php
[Mon Nov 24 16:27:37.788305 2025] [:error] [pid 48601:tid 48665] [client 216.24.219.240:51683] [client 216.24.219.240] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/radio.php"] [unique_id "aSQW-YMM4MaVTk74-AapRAAAAgg"]
[Mon Nov 24 16:27:40.052883 2025] [:error] [pid 48688:tid 48702] [client 216.24.219.222:63803] File does not exist: /usr/local/apache/htdocs/suspended-page/payout.php
[Mon Nov 24 16:27:40.576289 2025] [:error] [pid 48688:tid 48713] [client 216.24.219.222:63803] File does not exist: /usr/local/apache/htdocs/suspended-page/lock360.php
[Mon Nov 24 16:27:41.106966 2025] [:error] [pid 48688:tid 48699] [client 216.24.219.222:63803] File does not exist: /usr/local/apache/htdocs/suspended-page/x.php
[Mon Nov 24 16:27:41.632806 2025] [:error] [pid 48688:tid 48711] [client 216.24.219.222:63803] File does not exist: /usr/local/apache/htdocs/suspended-page/wp_info.php
[Mon Nov 24 16:27:45.103036 2025] [:error] [pid 48688:tid 48696] [client 216.24.219.222:63803] File does not exist: /usr/local/apache/htdocs/suspended-page/xml.php
[Mon Nov 24 16:27:45.559922 2025] [:error] [pid 48688:tid 48704] [client 216.24.219.222:63803] File does not exist: /usr/local/apache/htdocs/suspended-page/by.php
[Mon Nov 24 16:27:46.817483 2025] [:error] [pid 48688:tid 48698] [client 216.24.219.222:63803] [client 216.24.219.222] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/sodium_compat/src/Core/Curve25519/Ge/wp_blog.php"] [unique_id "aSQXAhm2q1FkzLam7A2SvAAAAkY"]
[Mon Nov 24 16:27:50.678807 2025] [:error] [pid 9630:tid 9634] [client 216.24.219.208:20801] [client 216.24.219.208] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/wp-class.php"] [unique_id "aSQXBirSgUgPGkizt2rjWwAAAEI"]
[Mon Nov 24 16:27:53.293952 2025] [:error] [pid 16549:tid 16554] [client 104.234.19.112:21501] [client 104.234.19.112] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/skins/lightgray/fonts/index.php"] [unique_id "aSQXCaeWW19A99PUw_cxggAAAUI"]
[Mon Nov 24 16:27:54.476534 2025] [:error] [pid 9630:tid 9652] [client 104.234.19.112:58877] File does not exist: /usr/local/apache/htdocs/suspended-page/default.php
[Mon Nov 24 16:27:55.850475 2025] [:error] [pid 9630:tid 9641] [client 104.234.19.112:58877] File does not exist: /usr/local/apache/htdocs/suspended-page/fox.php
[Mon Nov 24 16:27:57.492057 2025] [:error] [pid 9630:tid 9653] [client 104.234.19.112:58877] File does not exist: /usr/local/apache/htdocs/suspended-page/google.php
[Mon Nov 24 16:27:59.502894 2025] [:error] [pid 9630:tid 9644] [client 104.234.19.112:58877] File does not exist: /usr/local/apache/htdocs/suspended-page/ovatools.php
[Mon Nov 24 16:28:00.078924 2025] [:error] [pid 9630:tid 9656] [client 104.234.19.112:58877] File does not exist: /usr/local/apache/htdocs/suspended-page/sidwso.php
[Mon Nov 24 16:28:00.604419 2025] [:error] [pid 9630:tid 9632] [client 104.234.19.112:58877] File does not exist: /usr/local/apache/htdocs/suspended-page/worksec.php
[Mon Nov 24 16:28:01.126020 2025] [:error] [pid 9630:tid 9645] [client 104.234.19.112:58877] [client 104.234.19.112] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/tinymce/plugins/compat3x/css/index.php"] [unique_id "aSQXESrSgUgPGkizt2rjaAAAAE0"]
[Mon Nov 24 16:28:02.155665 2025] [:error] [pid 16516:tid 16543] [client 216.24.219.209:49655] [client 216.24.219.209] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/Text/index.php"] [unique_id "aSQXEvqZbniwaNwL8XncmgAAARg"]
[Mon Nov 24 16:28:06.613127 2025] [:error] [pid 48688:tid 48699] [client 216.24.219.206:27453] [client 216.24.219.206] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/random_compat/about.php"] [unique_id "aSQXFhm2q1FkzLam7A2SxwAAAkc"]
[Mon Nov 24 16:28:08.363994 2025] [:error] [pid 16441:tid 16462] [client 104.234.19.112:39437] File does not exist: /usr/local/apache/htdocs/suspended-page/Simple.php
[Mon Nov 24 16:28:08.867908 2025] [:error] [pid 16441:tid 16452] [client 104.234.19.112:39437] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-blog-header.php
[Mon Nov 24 16:28:09.599293 2025] [:error] [pid 16441:tid 16454] [client 104.234.19.112:39437] File does not exist: /usr/local/apache/htdocs/suspended-page/style2.php
[Mon Nov 24 16:28:10.366345 2025] [:error] [pid 16441:tid 16453] [client 104.234.19.112:39437] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-scripts.php
[Mon Nov 24 16:28:11.071194 2025] [:error] [pid 16441:tid 16456] [client 104.234.19.112:39437] File does not exist: /usr/local/apache/htdocs/suspended-page/adminfuns.php
[Mon Nov 24 16:28:11.555498 2025] [:error] [pid 16441:tid 16444] [client 104.234.19.112:39437] File does not exist: /usr/local/apache/htdocs/suspended-page/cjfuns.php
[Mon Nov 24 16:28:14.181358 2025] [:error] [pid 16441:tid 16460] [client 104.234.19.112:39437] File does not exist: /usr/local/apache/htdocs/suspended-page/comfunctions.php
[Mon Nov 24 16:28:31.174412 2025] [autoindex:error] [pid 16441:tid 16446] [client 216.24.219.240:25757] AH01276: Cannot serve directory /usr/local/apache/autossl_tmp/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive
[Mon Nov 24 16:33:38.677673 2025] [:error] [pid 49900:tid 49909] [client 216.24.219.240:46169] [client 216.24.219.240] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "216.24.219.215_1b4abfb22885715d272db955d753a084503c81b1"): Internal error (specific information not available) [hostname "www.randolphaircraft.com.au"] [uri "/index.html"] [unique_id "aSQYXzCyPLrvg06aorkCtAAAAAc"]
[Mon Nov 24 17:03:28.290354 2025] [:error] [pid 9630:tid 9632] [client 117.238.110.114:54470] [client 117.238.110.114] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 117.238.110.114, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aSQfYCrSgUgPGkizt2rstwAAAEA"]
[Mon Nov 24 17:03:28.295594 2025] [:error] [pid 9630:tid 9632] [client 117.238.110.114:54470] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Mon Nov 24 17:56:42.482456 2025] [:error] [pid 16441:tid 16461] [client 124.226.222.66:33681] [client 124.226.222.66] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aSQr2oq_bc5MOa9Hflk-5AAAAJE"]
[Mon Nov 24 18:49:52.702006 2025] [:error] [pid 49900:tid 49905] [client 64.226.65.160:51024] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/v2/api-docs"] [unique_id "aSQ4UDCyPLrvg06aorki5wAAAAM"]
[Mon Nov 24 18:49:53.735312 2025] [:error] [pid 48688:tid 48708] [client 64.226.65.160:51040] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/v3/api-docs"] [unique_id "aSQ4URm2q1FkzLam7A2sugAAAlA"]
[Mon Nov 24 18:49:54.881003 2025] [:error] [pid 9630:tid 9639] [client 64.226.65.160:51056] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/api-docs/swagger.json"] [unique_id "aSQ4UirSgUgPGkizt2oJbwAAAEc"]
[Mon Nov 24 18:49:56.055964 2025] [:error] [pid 49900:tid 49923] [client 64.226.65.160:51060] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/@vite/env"] [unique_id "aSQ4VDCyPLrvg06aorki7AAAABU"]
[Mon Nov 24 18:49:57.247207 2025] [:error] [pid 16516:tid 16520] [client 64.226.65.160:51072] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/actuator/env"] [unique_id "aSQ4VfqZbniwaNwL8Xnv6QAAAQE"]
[Mon Nov 24 18:49:58.249922 2025] [:error] [pid 16441:tid 16448] [client 64.226.65.160:51076] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/server"] [unique_id "aSQ4Voq_bc5MOa9HfllTCgAAAIQ"]
[Mon Nov 24 18:50:00.712832 2025] [:error] [pid 48688:tid 48697] [client 64.226.65.160:51084] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/.vscode/sftp.json"] [unique_id "aSQ4WBm2q1FkzLam7A2svQAAAkU"]
[Mon Nov 24 18:50:02.292367 2025] [:error] [pid 9630:tid 9650] [client 64.226.65.160:60202] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/about"] [unique_id "aSQ4WirSgUgPGkizt2oJdgAAAFI"]
[Mon Nov 24 18:50:03.871829 2025] [:error] [pid 16441:tid 16455] [client 64.226.65.160:60204] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/debug/default/view"] [unique_id "aSQ4W4q_bc5MOa9HfllTCwAAAIs"]
[Mon Nov 24 18:50:05.128250 2025] [:error] [pid 9630:tid 9641] [client 64.226.65.160:60216] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/v2/_catalog"] [unique_id "aSQ4XSrSgUgPGkizt2oJeAAAAEk"]
[Mon Nov 24 18:50:06.424234 2025] [:error] [pid 16516:tid 16543] [client 64.226.65.160:60230] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "aSQ4XvqZbniwaNwL8Xnv7gAAARg"]
[Mon Nov 24 18:50:07.941860 2025] [:error] [pid 9630:tid 9634] [client 64.226.65.160:60232] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/server-status"] [unique_id "aSQ4XyrSgUgPGkizt2oJegAAAEI"]
[Mon Nov 24 18:50:09.159770 2025] [:error] [pid 48600:tid 48638] [client 64.226.65.160:60242] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/login.action"] [unique_id "aSQ4YftOzSUAQvWVjBeHjQAAAcg"]
[Mon Nov 24 18:50:10.789177 2025] [:error] [pid 9630:tid 9632] [client 64.226.65.160:60258] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/_all_dbs"] [unique_id "aSQ4YirSgUgPGkizt2oJfQAAAEA"]
[Mon Nov 24 18:50:12.016825 2025] [:error] [pid 16516:tid 16541] [client 64.226.65.160:48016] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/.DS_Store"] [unique_id "aSQ4ZPqZbniwaNwL8Xnv8gAAARY"]
[Mon Nov 24 18:50:13.169053 2025] [:error] [pid 16441:tid 16463] [client 64.226.65.160:48032] [client 64.226.65.160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.env"] [unique_id "aSQ4ZYq_bc5MOa9HfllTEQAAAJM"]
[Mon Nov 24 18:50:14.639742 2025] [:error] [pid 48600:tid 48650] [client 64.226.65.160:48038] [client 64.226.65.160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSQ4ZvtOzSUAQvWVjBeHkwAAAdQ"]
[Mon Nov 24 18:50:15.705308 2025] [:error] [pid 9630:tid 9649] [client 64.226.65.160:48040] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/s/4313e2232313e243e2330313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties"] [unique_id "aSQ4ZyrSgUgPGkizt2oJfgAAAFE"]
[Mon Nov 24 18:50:16.849149 2025] [:error] [pid 48599:tid 48604] [client 64.226.65.160:48050] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/config.json"] [unique_id "aSQ4aJzvu6PDJiRKE3IxlgAAAYE"]
[Mon Nov 24 18:50:18.214813 2025] [:error] [pid 49900:tid 49912] [client 64.226.65.160:48062] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/telescope/requests"] [unique_id "aSQ4ajCyPLrvg06aorkjBAAAAAo"]
[Mon Nov 24 18:50:19.345823 2025] [:error] [pid 48688:tid 48692] [client 64.226.65.160:48076] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/info.php"] [unique_id "aSQ4axm2q1FkzLam7A2sxAAAAkA"]
[Mon Nov 24 18:50:20.403869 2025] [:error] [pid 16593:tid 16611] [client 64.226.65.160:48078] [client 64.226.65.160] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aSQ4bBVGznHBJI2LKpRM9wAAApA"]
[Mon Nov 24 20:30:25.802058 2025] [:error] [pid 48599:tid 48618] [client 4.233.64.129:47893] [client 4.233.64.129] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "aSRP4Zzvu6PDJiRKE3JEfgAAAY8"]
[Mon Nov 24 20:30:28.057017 2025] [:error] [pid 48688:tid 48696] [client 4.233.64.129:49317] [client 4.233.64.129] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "aSRP5Bm2q1FkzLam7A3BDgAAAkQ"]
[Mon Nov 24 20:30:31.614457 2025] [:error] [pid 48599:tid 48603] [client 4.233.64.129:49873] [client 4.233.64.129] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "aSRP55zvu6PDJiRKE3JEgwAAAYA"]
[Mon Nov 24 21:45:37.125400 2025] [:error] [pid 48600:tid 48642] [client 193.32.126.212:52601] [client 193.32.126.212] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aSRhgftOzSUAQvWVjBeh_AAAAcw"]
[Mon Nov 24 21:45:37.637205 2025] [:error] [pid 48600:tid 48635] [client 193.32.126.212:53514] [client 193.32.126.212] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/wlwmanifest.xml"] [unique_id "aSRhgftOzSUAQvWVjBeiBAAAAcU"]
[Mon Nov 24 21:57:00.207611 2025] [:error] [pid 16441:tid 16459] [client 119.28.140.106:33924] [client 119.28.140.106] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aSRkLIq_bc5MOa9HflmYBgAAAI8"]
[Mon Nov 24 22:58:23.806187 2025] [:error] [pid 16593:tid 16595] [client 194.164.149.129:57168] File does not exist: /usr/local/apache/htdocs/suspended-page/phpinfo.php
[Mon Nov 24 23:37:50.283627 2025] [:error] [pid 16441:tid 16458] [client 20.119.211.79:5025] File does not exist: /usr/local/apache/htdocs/suspended-page/file4.php
[Mon Nov 24 23:37:50.513760 2025] [:error] [pid 16441:tid 16466] [client 20.119.211.79:5025] File does not exist: /usr/local/apache/htdocs/suspended-page/lv.php
[Mon Nov 24 23:37:51.549796 2025] [:error] [pid 16441:tid 16466] [client 20.119.211.79:5025] File does not exist: /usr/local/apache/htdocs/suspended-page/golden.php
[Mon Nov 24 23:37:52.204251 2025] [:error] [pid 16441:tid 16466] [client 20.119.211.79:5025] File does not exist: /usr/local/apache/htdocs/suspended-page/pp.php
[Mon Nov 24 23:37:52.417629 2025] [:error] [pid 16441:tid 16446] [client 20.119.211.79:5025] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Mon Nov 24 23:37:52.752720 2025] [:error] [pid 16441:tid 16455] [client 20.119.211.79:5025] [client 20.119.211.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/fm.php"] [unique_id "aSR70Iq_bc5MOa9Hflm8_wAAAIs"]
[Mon Nov 24 23:37:53.624101 2025] [:error] [pid 48599:tid 48621] [client 20.119.211.79:4956] File does not exist: /usr/local/apache/htdocs/suspended-page/file2.php
[Mon Nov 24 23:37:53.834354 2025] [:error] [pid 48599:tid 48607] [client 20.119.211.79:4956] File does not exist: /usr/local/apache/htdocs/suspended-page/ffile.php
[Mon Nov 24 23:37:54.052071 2025] [:error] [pid 48599:tid 48620] [client 20.119.211.79:4956] File does not exist: /usr/local/apache/htdocs/suspended-page/alfa.php
[Mon Nov 24 23:37:54.374285 2025] [:error] [pid 48599:tid 48622] [client 20.119.211.79:4956] File does not exist: /usr/local/apache/htdocs/suspended-page/re.php
[Mon Nov 24 23:37:54.582847 2025] [:error] [pid 48599:tid 48619] [client 20.119.211.79:4956] File does not exist: /usr/local/apache/htdocs/suspended-page/adminer.php
[Mon Nov 24 23:37:54.789767 2025] [:error] [pid 48599:tid 48615] [client 20.119.211.79:4956] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bolt.php"] [unique_id "aSR70pzvu6PDJiRKE3JlkgAAAYw"]
[Mon Nov 24 23:37:55.553021 2025] [:error] [pid 16516:tid 16533] [client 20.119.211.79:4884] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bolt.php"] [unique_id "aSR70_qZbniwaNwL8Xke0QAAAQ4"]
[Mon Nov 24 23:37:56.757212 2025] [:error] [pid 49900:tid 49912] [client 20.119.211.79:4840] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bolt.php"] [unique_id "aSR71DCyPLrvg06aorljIQAAAAo"]
[Mon Nov 24 23:37:58.996216 2025] [:error] [pid 49900:tid 49907] [client 20.119.211.79:4838] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bolt.php"] [unique_id "aSR71jCyPLrvg06aorljIwAAAAU"]
[Mon Nov 24 23:38:02.002650 2025] [:error] [pid 48688:tid 48713] [client 20.119.211.79:4900] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file7.php"] [unique_id "aSR72hm2q1FkzLam7A3lAwAAAlU"]
[Mon Nov 24 23:38:07.976633 2025] [:error] [pid 48600:tid 48630] [client 20.119.211.79:5062] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file7.php"] [unique_id "aSR73_tOzSUAQvWVjBeyxwAAAcA"]
[Mon Nov 24 23:38:09.760663 2025] [:error] [pid 16441:tid 16467] [client 20.119.211.79:5107] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file7.php"] [unique_id "aSR74Yq_bc5MOa9Hflm9FQAAAJc"]
[Mon Nov 24 23:38:12.200692 2025] [:error] [pid 48599:tid 48621] [client 20.119.211.79:4984] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file7.php"] [unique_id "aSR75Jzvu6PDJiRKE3JlrQAAAZI"]
[Mon Nov 24 23:38:13.108606 2025] [:error] [pid 9630:tid 9632] [client 20.119.211.79:5169] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gmo.php"] [unique_id "aSR75SrSgUgPGkizt2pVmQAAAEA"]
[Mon Nov 24 23:38:16.106455 2025] [:error] [pid 9630:tid 9643] [client 20.119.211.79:5099] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gmo.php"] [unique_id "aSR76CrSgUgPGkizt2pVoAAAAEs"]
[Mon Nov 24 23:38:18.924958 2025] [:error] [pid 48599:tid 48619] [client 20.119.211.79:5061] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gmo.php"] [unique_id "aSR76pzvu6PDJiRKE3JlrwAAAZA"]
[Mon Nov 24 23:38:20.014835 2025] [:error] [pid 48600:tid 48644] [client 20.119.211.79:3331] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gmo.php"] [unique_id "aSR77PtOzSUAQvWVjBeyyQAAAc4"]
[Mon Nov 24 23:38:21.718433 2025] [:error] [pid 48599:tid 48624] [client 20.119.211.79:3363] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless2.php"] [unique_id "aSR77Zzvu6PDJiRKE3JlswAAAZU"]
[Mon Nov 24 23:38:23.327298 2025] [:error] [pid 48688:tid 48706] [client 20.119.211.79:3451] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless2.php"] [unique_id "aSR77xm2q1FkzLam7A3lFgAAAk4"]
[Mon Nov 24 23:38:24.887758 2025] [:error] [pid 48688:tid 48696] [client 20.119.211.79:3359] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless2.php"] [unique_id "aSR78Bm2q1FkzLam7A3lGgAAAkQ"]
[Mon Nov 24 23:38:26.734325 2025] [:error] [pid 48688:tid 48695] [client 20.119.211.79:3396] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless2.php"] [unique_id "aSR78hm2q1FkzLam7A3lHAAAAkM"]
[Mon Nov 24 23:38:28.157284 2025] [:error] [pid 48601:tid 48665] [client 20.119.211.79:3423] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-blog.php"] [unique_id "aSR79IMM4MaVTk74-Ab-tAAAAgg"]
[Mon Nov 24 23:38:29.259503 2025] [:error] [pid 48688:tid 48692] [client 20.119.211.79:3347] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-blog.php"] [unique_id "aSR79Rm2q1FkzLam7A3lIAAAAkA"]
[Mon Nov 24 23:38:32.433594 2025] [:error] [pid 16441:tid 16453] [client 20.119.211.79:3436] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-blog.php"] [unique_id "aSR7-Iq_bc5MOa9Hflm9KQAAAIk"]
[Mon Nov 24 23:38:34.317055 2025] [:error] [pid 48599:tid 48609] [client 20.119.211.79:4025] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-blog.php"] [unique_id "aSR7-pzvu6PDJiRKE3JluwAAAYY"]
[Mon Nov 24 23:38:36.215820 2025] [:error] [pid 16441:tid 16444] [client 20.119.211.79:2432] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-class.php"] [unique_id "aSR7_Iq_bc5MOa9Hflm9OwAAAIA"]
[Mon Nov 24 23:38:39.121268 2025] [:error] [pid 48599:tid 48616] [client 20.119.211.79:4502] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-class.php"] [unique_id "aSR7_5zvu6PDJiRKE3JlvQAAAY0"]
[Mon Nov 24 23:38:40.397266 2025] [:error] [pid 48599:tid 48603] [client 20.119.211.79:4543] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-class.php"] [unique_id "aSR8AJzvu6PDJiRKE3JlvgAAAYA"]
[Mon Nov 24 23:38:41.421716 2025] [:error] [pid 9630:tid 9653] [client 20.119.211.79:2228] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-class.php"] [unique_id "aSR8ASrSgUgPGkizt2pVpwAAAFU"]
[Mon Nov 24 23:38:43.235125 2025] [:error] [pid 49900:tid 49920] [client 20.119.211.79:1207] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wsa.php"] [unique_id "aSR8AzCyPLrvg06aorljNQAAABI"]
[Mon Nov 24 23:38:44.425639 2025] [:error] [pid 49900:tid 49911] [client 20.119.211.79:1208] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wsa.php"] [unique_id "aSR8BDCyPLrvg06aorljNwAAAAk"]
[Mon Nov 24 23:38:45.542133 2025] [:error] [pid 16593:tid 16615] [client 20.119.211.79:3097] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wsa.php"] [unique_id "aSR8BRVGznHBJI2LKpR81wAAApQ"]
[Mon Nov 24 23:38:48.054100 2025] [:error] [pid 16516:tid 16521] [client 20.119.211.79:1061] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wsa.php"] [unique_id "aSR8CPqZbniwaNwL8Xke_QAAAQI"]
[Mon Nov 24 23:38:50.043070 2025] [:error] [pid 49900:tid 49918] [client 20.119.211.79:4548] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/z.php"] [unique_id "aSR8CjCyPLrvg06aorljOwAAABA"]
[Mon Nov 24 23:38:51.782336 2025] [:error] [pid 16593:tid 16600] [client 20.119.211.79:3288] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/z.php"] [unique_id "aSR8CxVGznHBJI2LKpR83AAAAoU"]
[Mon Nov 24 23:38:52.678662 2025] [:error] [pid 48601:tid 48663] [client 20.119.211.79:2896] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/z.php"] [unique_id "aSR8DIMM4MaVTk74-Ab-xQAAAgY"]
[Mon Nov 24 23:38:53.791407 2025] [:error] [pid 48600:tid 48642] [client 20.119.211.79:2329] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/z.php"] [unique_id "aSR8DftOzSUAQvWVjBey1QAAAcw"]
[Mon Nov 24 23:38:56.324317 2025] [:error] [pid 9630:tid 9633] [client 20.119.211.79:3231] File does not exist: /usr/local/apache/htdocs/suspended-page/nc4.php
[Mon Nov 24 23:38:56.532294 2025] [:error] [pid 9630:tid 9632] [client 20.119.211.79:3231] File does not exist: /usr/local/apache/htdocs/suspended-page/ahax.php
[Mon Nov 24 23:38:56.742543 2025] [:error] [pid 9630:tid 9641] [client 20.119.211.79:3231] File does not exist: /usr/local/apache/htdocs/suspended-page/dejavu.php
[Mon Nov 24 23:38:56.951426 2025] [:error] [pid 9630:tid 9639] [client 20.119.211.79:3231] File does not exist: /usr/local/apache/htdocs/suspended-page/config.php
[Mon Nov 24 23:38:58.170721 2025] [:error] [pid 9630:tid 9639] [client 20.119.211.79:3231] File does not exist: /usr/local/apache/htdocs/suspended-page/atomlib.php
[Mon Nov 24 23:38:58.447284 2025] [:error] [pid 9630:tid 9645] [client 20.119.211.79:3231] File does not exist: /usr/local/apache/htdocs/suspended-page/css.php
[Mon Nov 24 23:38:58.654077 2025] [:error] [pid 9630:tid 9653] [client 20.119.211.79:3231] File does not exist: /usr/local/apache/htdocs/suspended-page/past.php
[Mon Nov 24 23:38:58.879491 2025] [:error] [pid 9630:tid 9644] [client 20.119.211.79:3231] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php
[Mon Nov 24 23:38:59.212947 2025] [:error] [pid 9630:tid 9637] [client 20.119.211.79:3231] File does not exist: /usr/local/apache/htdocs/suspended-page/ol.php
[Mon Nov 24 23:38:59.443993 2025] [:error] [pid 9630:tid 9636] [client 20.119.211.79:3231] File does not exist: /usr/local/apache/htdocs/suspended-page/we.php
[Mon Nov 24 23:38:59.737997 2025] [:error] [pid 9630:tid 9654] [client 20.119.211.79:3231] File does not exist: /usr/local/apache/htdocs/suspended-page/404.php
[Mon Nov 24 23:38:59.952952 2025] [:error] [pid 9630:tid 9642] [client 20.119.211.79:3231] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aSR8EyrSgUgPGkizt2pVxAAAAEo"]
[Mon Nov 24 23:39:01.541623 2025] [:error] [pid 48599:tid 48618] [client 20.119.211.79:4543] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aSR8FZzvu6PDJiRKE3JlwQAAAY8"]
[Mon Nov 24 23:39:04.077792 2025] [:error] [pid 16516:tid 16524] [client 20.119.211.79:4469] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aSR8GPqZbniwaNwL8XkfBgAAAQU"]
[Mon Nov 24 23:39:05.194972 2025] [:error] [pid 49900:tid 49904] [client 20.119.211.79:1981] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aSR8GTCyPLrvg06aorljRAAAAAI"]
[Mon Nov 24 23:39:06.145202 2025] [:error] [pid 48688:tid 48711] [client 20.119.211.79:4417] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/build.php"] [unique_id "aSR8Ghm2q1FkzLam7A3lKwAAAlM"]
[Mon Nov 24 23:39:09.117821 2025] [:error] [pid 16549:tid 16559] [client 20.119.211.79:1422] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/build.php"] [unique_id "aSR8HaeWW19A99PUw_d4aQAAAUc"]
[Mon Nov 24 23:39:11.797093 2025] [:error] [pid 48688:tid 48714] [client 20.119.211.79:4420] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/build.php"] [unique_id "aSR8Hxm2q1FkzLam7A3lMAAAAlY"]
[Mon Nov 24 23:39:15.029776 2025] [:error] [pid 16549:tid 16576] [client 20.119.211.79:1926] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/build.php"] [unique_id "aSR8I6eWW19A99PUw_d4bAAAAVc"]
[Mon Nov 24 23:39:16.836532 2025] [:error] [pid 48601:tid 48659] [client 20.119.211.79:1748] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ot.php"] [unique_id "aSR8JIMM4MaVTk74-Ab-zwAAAgI"]
[Mon Nov 24 23:39:19.176800 2025] [:error] [pid 48688:tid 48697] [client 20.119.211.79:1956] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ot.php"] [unique_id "aSR8Jxm2q1FkzLam7A3lMwAAAkU"]
[Mon Nov 24 23:39:20.986778 2025] [:error] [pid 9630:tid 9653] [client 20.119.211.79:1508] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ot.php"] [unique_id "aSR8KCrSgUgPGkizt2pV3AAAAFU"]
[Mon Nov 24 23:39:24.360208 2025] [:error] [pid 16549:tid 16553] [client 20.119.211.79:1980] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ot.php"] [unique_id "aSR8LKeWW19A99PUw_d4eAAAAUE"]
[Mon Nov 24 23:39:27.482142 2025] [:error] [pid 16441:tid 16445] [client 20.119.211.79:1273] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lc.php"] [unique_id "aSR8L4q_bc5MOa9Hflm9dgAAAIE"]
[Mon Nov 24 23:39:28.961454 2025] [:error] [pid 48688:tid 48699] [client 20.119.211.79:1754] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lc.php"] [unique_id "aSR8MBm2q1FkzLam7A3lSQAAAkc"]
[Mon Nov 24 23:39:31.045599 2025] [:error] [pid 16593:tid 16596] [client 20.119.211.79:1760] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lc.php"] [unique_id "aSR8MxVGznHBJI2LKpR89QAAAoE"]
[Mon Nov 24 23:39:31.894347 2025] [:error] [pid 48688:tid 48693] [client 20.119.211.79:1766] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lc.php"] [unique_id "aSR8Mxm2q1FkzLam7A3lSwAAAkE"]
[Mon Nov 24 23:39:32.746333 2025] [:error] [pid 9630:tid 9639] [client 20.119.211.79:1523] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cool.php"] [unique_id "aSR8NCrSgUgPGkizt2pV6AAAAEc"]
[Mon Nov 24 23:39:34.839210 2025] [:error] [pid 16549:tid 16573] [client 20.119.211.79:1511] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cool.php"] [unique_id "aSR8NqeWW19A99PUw_d4fQAAAVQ"]
[Mon Nov 24 23:39:36.038070 2025] [:error] [pid 16593:tid 16612] [client 20.119.211.79:3865] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cool.php"] [unique_id "aSR8OBVGznHBJI2LKpR8-QAAApE"]
[Mon Nov 24 23:39:37.660814 2025] [:error] [pid 16441:tid 16459] [client 20.119.211.79:1234] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cool.php"] [unique_id "aSR8OYq_bc5MOa9Hflm9ewAAAI8"]
[Mon Nov 24 23:39:38.781007 2025] [:error] [pid 16516:tid 16530] [client 20.119.211.79:1746] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aSR8OvqZbniwaNwL8XkfdAAAAQs"]
[Mon Nov 24 23:39:39.943220 2025] [:error] [pid 48600:tid 48630] [client 20.119.211.79:1250] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aSR8O_tOzSUAQvWVjBey6wAAAcA"]
[Mon Nov 24 23:39:42.241139 2025] [:error] [pid 9630:tid 9642] [client 20.119.211.79:3867] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aSR8PirSgUgPGkizt2pV7wAAAEo"]
[Mon Nov 24 23:39:45.077002 2025] [:error] [pid 16593:tid 16606] [client 20.119.211.79:2498] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/manager.php"] [unique_id "aSR8QRVGznHBJI2LKpR8_QAAAos"]
[Mon Nov 24 23:39:46.744821 2025] [:error] [pid 16549:tid 16559] [client 20.119.211.79:3938] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/aa.php"] [unique_id "aSR8QqeWW19A99PUw_d4hAAAAUc"]
[Mon Nov 24 23:39:47.969500 2025] [:error] [pid 16516:tid 16534] [client 20.119.211.79:1490] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/aa.php"] [unique_id "aSR8Q_qZbniwaNwL8XkfdgAAAQ8"]
[Mon Nov 24 23:39:49.005480 2025] [:error] [pid 48601:tid 48666] [client 20.119.211.79:3926] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/aa.php"] [unique_id "aSR8RYMM4MaVTk74-Ab-4wAAAgk"]
[Mon Nov 24 23:39:50.442329 2025] [:error] [pid 48601:tid 48662] [client 20.119.211.79:1813] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/aa.php"] [unique_id "aSR8RoMM4MaVTk74-Ab-5QAAAgU"]
[Mon Nov 24 23:39:53.419212 2025] [:error] [pid 48601:tid 48679] [client 20.119.211.79:1734] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gfile.php"] [unique_id "aSR8SYMM4MaVTk74-Ab-6AAAAhY"]
[Mon Nov 24 23:39:54.886621 2025] [:error] [pid 16516:tid 16537] [client 20.119.211.79:1812] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gfile.php"] [unique_id "aSR8SvqZbniwaNwL8XkfgAAAARI"]
[Mon Nov 24 23:39:56.989404 2025] [:error] [pid 48599:tid 48606] [client 20.119.211.79:1530] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gfile.php"] [unique_id "aSR8TJzvu6PDJiRKE3Jl5wAAAYM"]
[Mon Nov 24 23:39:59.444924 2025] [:error] [pid 48600:tid 48632] [client 20.119.211.79:1222] File does not exist: /usr/local/apache/htdocs/suspended-page/gfile.php
[Mon Nov 24 23:39:59.652648 2025] [:error] [pid 48600:tid 48644] [client 20.119.211.79:1222] File does not exist: /usr/local/apache/htdocs/suspended-page/file5.php
[Mon Nov 24 23:39:59.874311 2025] [:error] [pid 48600:tid 48651] [client 20.119.211.79:1222] File does not exist: /usr/local/apache/htdocs/suspended-page/k.php
[Mon Nov 24 23:40:00.084603 2025] [:error] [pid 48600:tid 48654] [client 20.119.211.79:1222] File does not exist: /usr/local/apache/htdocs/suspended-page/num.php
[Mon Nov 24 23:40:00.293268 2025] [:error] [pid 48600:tid 48652] [client 20.119.211.79:1222] File does not exist: /usr/local/apache/htdocs/suspended-page/astab.php
[Mon Nov 24 23:40:00.503052 2025] [:error] [pid 48600:tid 48653] [client 20.119.211.79:1222] File does not exist: /usr/local/apache/htdocs/suspended-page/xl.php
[Mon Nov 24 23:40:00.710934 2025] [:error] [pid 48600:tid 48639] [client 20.119.211.79:1222] File does not exist: /usr/local/apache/htdocs/suspended-page/file17.php
[Mon Nov 24 23:40:01.147881 2025] [:error] [pid 48600:tid 48634] [client 20.119.211.79:1222] File does not exist: /usr/local/apache/htdocs/suspended-page/pepe.php
[Mon Nov 24 23:40:01.384120 2025] [:error] [pid 48600:tid 48631] [client 20.119.211.79:1222] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Mon Nov 24 23:40:01.593603 2025] [:error] [pid 48600:tid 48636] [client 20.119.211.79:1222] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-update.php
[Mon Nov 24 23:40:01.804944 2025] [:error] [pid 48600:tid 48633] [client 20.119.211.79:1222] File does not exist: /usr/local/apache/htdocs/suspended-page/bless.php
[Mon Nov 24 23:40:02.010039 2025] [:error] [pid 48600:tid 48643] [client 20.119.211.79:1222] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/faq.php"] [unique_id "aSR8UvtOzSUAQvWVjBey_QAAAc0"]
[Mon Nov 24 23:40:03.120862 2025] [:error] [pid 48601:tid 48673] [client 20.119.211.79:4292] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/faq.php"] [unique_id "aSR8U4MM4MaVTk74-Ab-7gAAAhA"]
[Mon Nov 24 23:40:03.974176 2025] [:error] [pid 16593:tid 16612] [client 20.119.211.79:2796] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/faq.php"] [unique_id "aSR8UxVGznHBJI2LKpR9BgAAApE"]
[Mon Nov 24 23:40:06.484096 2025] [:error] [pid 48600:tid 48647] [client 20.119.211.79:2540] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/faq.php"] [unique_id "aSR8VvtOzSUAQvWVjBezBAAAAdE"]
[Mon Nov 24 23:40:08.516006 2025] [:error] [pid 16593:tid 16606] [client 20.119.211.79:4313] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/abcd.php"] [unique_id "aSR8WBVGznHBJI2LKpR9CgAAAos"]
[Mon Nov 24 23:40:09.806384 2025] [:error] [pid 48601:tid 48674] [client 20.119.211.79:4328] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/abcd.php"] [unique_id "aSR8WYMM4MaVTk74-Ab-8AAAAhE"]
[Mon Nov 24 23:40:13.288998 2025] [:error] [pid 16593:tid 16618] [client 20.119.211.79:2811] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/abcd.php"] [unique_id "aSR8XRVGznHBJI2LKpR9DAAAApc"]
[Mon Nov 24 23:40:15.427106 2025] [:error] [pid 16593:tid 16604] [client 20.119.211.79:3166] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/abcd.php"] [unique_id "aSR8XxVGznHBJI2LKpR9DgAAAok"]
[Mon Nov 24 23:40:17.159908 2025] [:error] [pid 48600:tid 48641] [client 20.119.211.79:3191] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/CLA.php"] [unique_id "aSR8YftOzSUAQvWVjBezEgAAAcs"]
[Mon Nov 24 23:40:18.200937 2025] [:error] [pid 16593:tid 16597] [client 20.119.211.79:1354] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/CLA.php"] [unique_id "aSR8YhVGznHBJI2LKpR9EQAAAoI"]
[Mon Nov 24 23:40:20.761481 2025] [:error] [pid 16441:tid 16453] [client 20.119.211.79:2744] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/CLA.php"] [unique_id "aSR8ZIq_bc5MOa9Hflm9ngAAAIk"]
[Mon Nov 24 23:40:23.054756 2025] [:error] [pid 48601:tid 48666] [client 20.119.211.79:2583] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/CLA.php"] [unique_id "aSR8Z4MM4MaVTk74-Ab_AQAAAgk"]
[Mon Nov 24 23:40:26.744795 2025] [:error] [pid 16593:tid 16605] [client 20.119.211.79:2631] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/chosen.php"] [unique_id "aSR8ahVGznHBJI2LKpR9JgAAAoo"]
[Mon Nov 24 23:40:28.993702 2025] [:error] [pid 16516:tid 16538] [client 20.119.211.79:3779] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/chosen.php"] [unique_id "aSR8bPqZbniwaNwL8XkfsAAAARM"]
[Mon Nov 24 23:40:31.307514 2025] [:error] [pid 49900:tid 49910] [client 20.119.211.79:2067] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/chosen.php"] [unique_id "aSR8bzCyPLrvg06aorljkgAAAAg"]
[Mon Nov 24 23:40:32.631356 2025] [:error] [pid 48601:tid 48677] [client 20.119.211.79:1675] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/chosen.php"] [unique_id "aSR8cIMM4MaVTk74-Ab_GgAAAhQ"]
[Mon Nov 24 23:40:33.940602 2025] [:error] [pid 16516:tid 16530] [client 20.119.211.79:1670] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-mn.php"] [unique_id "aSR8cfqZbniwaNwL8XkftQAAAQs"]
[Mon Nov 24 23:40:34.768155 2025] [:error] [pid 16441:tid 16452] [client 20.119.211.79:1680] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-mn.php"] [unique_id "aSR8coq_bc5MOa9Hflm9uAAAAIg"]
[Mon Nov 24 23:40:36.493461 2025] [:error] [pid 48601:tid 48658] [client 20.119.211.79:1709] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-mn.php"] [unique_id "aSR8dIMM4MaVTk74-Ab_HgAAAgE"]
[Mon Nov 24 23:40:37.474263 2025] [:error] [pid 16441:tid 16468] [client 20.119.211.79:2058] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-mn.php"] [unique_id "aSR8dYq_bc5MOa9Hflm9ugAAAJg"]
[Mon Nov 24 23:40:39.229801 2025] [:error] [pid 16549:tid 16564] [client 20.119.211.79:1280] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ss.php"] [unique_id "aSR8d6eWW19A99PUw_d4owAAAUw"]
[Mon Nov 24 23:40:40.179452 2025] [:error] [pid 9630:tid 9656] [client 20.119.211.79:3801] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ss.php"] [unique_id "aSR8eCrSgUgPGkizt2pWPwAAAFg"]
[Mon Nov 24 23:40:43.569184 2025] [:error] [pid 49900:tid 49919] [client 20.119.211.79:1283] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ss.php"] [unique_id "aSR8ezCyPLrvg06aorljmQAAABE"]
[Mon Nov 24 23:40:44.749675 2025] [:error] [pid 16516:tid 16522] [client 20.119.211.79:1320] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ss.php"] [unique_id "aSR8fPqZbniwaNwL8XkfuQAAAQM"]
[Mon Nov 24 23:40:46.469779 2025] [:error] [pid 48599:tid 48605] [client 20.119.211.79:4083] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-logiin.php"] [unique_id "aSR8fpzvu6PDJiRKE3JmHAAAAYI"]
[Mon Nov 24 23:40:47.390850 2025] [:error] [pid 48688:tid 48701] [client 20.119.211.79:3137] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-logiin.php"] [unique_id "aSR8fxm2q1FkzLam7A3l4QAAAkk"]
[Mon Nov 24 23:40:48.401355 2025] [:error] [pid 49900:tid 49904] [client 20.119.211.79:1592] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-logiin.php"] [unique_id "aSR8gDCyPLrvg06aorljmwAAAAI"]
[Mon Nov 24 23:40:49.223213 2025] [:error] [pid 16441:tid 16460] [client 20.119.211.79:1841] [client 20.119.211.79] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-logiin.php"] [unique_id "aSR8gYq_bc5MOa9Hflm9wQAAAJA"]
[Tue Nov 25 00:06:24.031656 2025] [:error] [pid 16549:tid 16575] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/xmrlpc.php, referer: https://www.google.de/
[Tue Nov 25 00:06:24.247294 2025] [:error] [pid 16549:tid 16559] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/abcd.php, referer: https://duckduckgo.com/
[Tue Nov 25 00:06:24.475047 2025] [:error] [pid 16549:tid 16552] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php, referer: https://www.bing.com/
[Tue Nov 25 00:06:24.689677 2025] [:error] [pid 16549:tid 16568] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/info.php, referer: https://www.bing.com/
[Tue Nov 25 00:06:25.309789 2025] [:error] [pid 16549:tid 16560] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/edit.php, referer: https://www.google.com/
[Tue Nov 25 00:06:25.593727 2025] [:error] [pid 16549:tid 16553] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/moon.php, referer: https://www.google.com/
[Tue Nov 25 00:06:26.037429 2025] [:error] [pid 16549:tid 16556] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/classwithtostring.php, referer: https://www.google.co.uk/
[Tue Nov 25 00:06:26.281489 2025] [:error] [pid 16549:tid 16566] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/file4.php, referer: https://www.google.co.uk/
[Tue Nov 25 00:06:26.494659 2025] [:error] [pid 16549:tid 16564] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/ioxi-o.php, referer: https://www.bing.com/
[Tue Nov 25 00:06:26.751074 2025] [:error] [pid 16549:tid 16571] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-good.php, referer: https://www.google.de/
[Tue Nov 25 00:06:26.964042 2025] [:error] [pid 16549:tid 16558] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/ds.php, referer: https://www.yahoo.com/
[Tue Nov 25 00:06:27.182371 2025] [:error] [pid 16549:tid 16567] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/bolt.php, referer: https://www.bing.com/
[Tue Nov 25 00:06:27.431262 2025] [:error] [pid 16549:tid 16565] [client 104.209.248.242:7565] File does not exist: /usr/local/apache/htdocs/suspended-page/new.php, referer: https://www.google.com/
[Tue Nov 25 00:06:38.953254 2025] [autoindex:error] [pid 16549:tid 16574] [client 104.209.248.242:7565] AH01276: Cannot serve directory /usr/local/apache/autossl_tmp/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://duckduckgo.com/
[Tue Nov 25 00:37:28.752689 2025] [:error] [pid 16441:tid 16463] [client 58.49.233.126:39118] [client 58.49.233.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aSSJyIq_bc5MOa9HflnPtQAAAJM"]
[Tue Nov 25 01:27:43.351507 2025] [:error] [pid 48688:tid 48700] [client 172.177.184.114:3895] File does not exist: /usr/local/apache/htdocs/suspended-page/acxx.php
[Tue Nov 25 01:27:43.563297 2025] [:error] [pid 48688:tid 48711] [client 172.177.184.114:3895] File does not exist: /usr/local/apache/htdocs/suspended-page/dev1s.php
[Tue Nov 25 01:27:43.771890 2025] [:error] [pid 48688:tid 48704] [client 172.177.184.114:3895] File does not exist: /usr/local/apache/htdocs/suspended-page/ww1.php
[Tue Nov 25 01:27:43.981236 2025] [:error] [pid 48688:tid 48706] [client 172.177.184.114:3895] File does not exist: /usr/local/apache/htdocs/suspended-page/c4.php
[Tue Nov 25 01:27:44.202646 2025] [:error] [pid 48688:tid 48702] [client 172.177.184.114:3895] File does not exist: /usr/local/apache/htdocs/suspended-page/wsx.php
[Tue Nov 25 01:27:44.541851 2025] [:error] [pid 48688:tid 48710] [client 172.177.184.114:3895] File does not exist: /usr/local/apache/htdocs/suspended-page/b4.php
[Tue Nov 25 01:27:44.758607 2025] [:error] [pid 48688:tid 48701] [client 172.177.184.114:3895] File does not exist: /usr/local/apache/htdocs/suspended-page/xenium4.php
[Tue Nov 25 01:27:45.028751 2025] [:error] [pid 48688:tid 48694] [client 172.177.184.114:3895] File does not exist: /usr/local/apache/htdocs/suspended-page/xpw.php
[Tue Nov 25 01:27:45.240144 2025] [:error] [pid 48688:tid 48709] [client 172.177.184.114:3895] File does not exist: /usr/local/apache/htdocs/suspended-page/ww2.php
[Tue Nov 25 01:27:45.493391 2025] [:error] [pid 48688:tid 48716] [client 172.177.184.114:3895] File does not exist: /usr/local/apache/htdocs/suspended-page/ww3.php
[Tue Nov 25 01:27:45.709665 2025] [:error] [pid 48688:tid 48695] [client 172.177.184.114:3895] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v.php"] [unique_id "aSSVkRm2q1FkzLam7A32WAAAAkM"]
[Tue Nov 25 01:27:51.156979 2025] [:error] [pid 16441:tid 16459] [client 172.177.184.114:8309] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v.php"] [unique_id "aSSVl4q_bc5MOa9HflnfkwAAAI8"]
[Tue Nov 25 01:27:53.557619 2025] [:error] [pid 16441:tid 16444] [client 172.177.184.114:6122] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v.php"] [unique_id "aSSVmYq_bc5MOa9HflnflQAAAIA"]
[Tue Nov 25 01:27:56.848511 2025] [:error] [pid 48688:tid 48707] [client 172.177.184.114:4246] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v.php"] [unique_id "aSSVnBm2q1FkzLam7A32WgAAAk8"]
[Tue Nov 25 01:27:58.593374 2025] [:error] [pid 48601:tid 48670] [client 172.177.184.114:6888] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/d2.php"] [unique_id "aSSVnoMM4MaVTk74-AYSXgAAAg0"]
[Tue Nov 25 01:28:00.410863 2025] [:error] [pid 48688:tid 48701] [client 172.177.184.114:5825] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/d2.php"] [unique_id "aSSVoBm2q1FkzLam7A32ZQAAAkk"]
[Tue Nov 25 01:28:01.917767 2025] [:error] [pid 16549:tid 16568] [client 172.177.184.114:6870] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/d2.php"] [unique_id "aSSVoaeWW19A99PUw_eHdwAAAVA"]
[Tue Nov 25 01:28:05.466111 2025] [:error] [pid 16549:tid 16574] [client 172.177.184.114:7563] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/d2.php"] [unique_id "aSSVpaeWW19A99PUw_eHeAAAAVU"]
[Tue Nov 25 01:28:08.971355 2025] [:error] [pid 48599:tid 48612] [client 172.177.184.114:1785] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/snus.php"] [unique_id "aSSVqJzvu6PDJiRKE3J18gAAAYk"]
[Tue Nov 25 01:28:10.164658 2025] [:error] [pid 16593:tid 16619] [client 172.177.184.114:7588] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/snus.php"] [unique_id "aSSVqhVGznHBJI2LKpSMZAAAApg"]
[Tue Nov 25 01:28:12.407061 2025] [:error] [pid 16593:tid 16603] [client 172.177.184.114:1737] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/snus.php"] [unique_id "aSSVrBVGznHBJI2LKpSMZwAAAog"]
[Tue Nov 25 01:28:14.751731 2025] [:error] [pid 16593:tid 16601] [client 172.177.184.114:5152] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/snus.php"] [unique_id "aSSVrhVGznHBJI2LKpSMawAAAoY"]
[Tue Nov 25 01:28:33.465754 2025] [:error] [pid 48601:tid 48669] [client 172.177.184.114:8578] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disaos.php"] [unique_id "aSSVwYMM4MaVTk74-AYSdQAAAgw"]
[Tue Nov 25 01:28:42.281241 2025] [:error] [pid 16441:tid 16461] [client 172.177.184.114:8094] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disaos.php"] [unique_id "aSSVyoq_bc5MOa9HflnfwgAAAJE"]
[Tue Nov 25 01:28:50.182709 2025] [:error] [pid 48600:tid 48635] [client 172.177.184.114:5076] File does not exist: /usr/local/apache/htdocs/suspended-page/gdn.php
[Tue Nov 25 01:28:50.411023 2025] [:error] [pid 48600:tid 48639] [client 172.177.184.114:5076] File does not exist: /usr/local/apache/htdocs/suspended-page/ww4.php
[Tue Nov 25 01:28:50.620931 2025] [:error] [pid 48600:tid 48636] [client 172.177.184.114:5076] File does not exist: /usr/local/apache/htdocs/suspended-page/xc.php
[Tue Nov 25 01:28:50.831212 2025] [:error] [pid 48600:tid 48634] [client 172.177.184.114:5076] File does not exist: /usr/local/apache/htdocs/suspended-page/g.php
[Tue Nov 25 01:28:51.053160 2025] [:error] [pid 48600:tid 48651] [client 172.177.184.114:5076] File does not exist: /usr/local/apache/htdocs/suspended-page/nx1.php
[Tue Nov 25 01:28:51.264727 2025] [:error] [pid 48600:tid 48649] [client 172.177.184.114:5076] File does not exist: /usr/local/apache/htdocs/suspended-page/ii.php
[Tue Nov 25 01:28:51.476727 2025] [:error] [pid 48600:tid 48631] [client 172.177.184.114:5076] File does not exist: /usr/local/apache/htdocs/suspended-page/kr.php
[Tue Nov 25 01:28:51.879954 2025] [:error] [pid 48600:tid 48652] [client 172.177.184.114:5076] File does not exist: /usr/local/apache/htdocs/suspended-page/18299.php
[Tue Nov 25 01:28:52.089099 2025] [:error] [pid 48600:tid 48638] [client 172.177.184.114:5076] File does not exist: /usr/local/apache/htdocs/suspended-page/3.php
[Tue Nov 25 01:28:52.439585 2025] [:error] [pid 48600:tid 48645] [client 172.177.184.114:5076] File does not exist: /usr/local/apache/htdocs/suspended-page/chati.php
[Tue Nov 25 01:28:52.649455 2025] [:error] [pid 48600:tid 48643] [client 172.177.184.114:5076] File does not exist: /usr/local/apache/htdocs/suspended-page/content-over.php
[Tue Nov 25 01:28:53.051963 2025] [:error] [pid 48600:tid 48647] [client 172.177.184.114:5076] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gm.php"] [unique_id "aSSV1ftOzSUAQvWVjBe_6wAAAdE"]
[Tue Nov 25 01:28:56.439029 2025] [:error] [pid 16516:tid 16535] [client 172.177.184.114:2291] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gm.php"] [unique_id "aSSV2PqZbniwaNwL8XktgQAAARA"]
[Tue Nov 25 01:29:00.215479 2025] [:error] [pid 16549:tid 16560] [client 172.177.184.114:4347] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gm.php"] [unique_id "aSSV3KeWW19A99PUw_eHjAAAAUg"]
[Tue Nov 25 01:29:04.202754 2025] [:error] [pid 48601:tid 48675] [client 172.177.184.114:3178] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gm.php"] [unique_id "aSSV4IMM4MaVTk74-AYSjQAAAhI"]
[Tue Nov 25 01:29:08.911529 2025] [:error] [pid 48599:tid 48621] [client 172.177.184.114:7839] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/naxc.php"] [unique_id "aSSV5Jzvu6PDJiRKE3J2GwAAAZI"]
[Tue Nov 25 01:29:17.363518 2025] [:error] [pid 48601:tid 48681] [client 172.177.184.114:5681] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/naxc.php"] [unique_id "aSSV7YMM4MaVTk74-AYSkwAAAhg"]
[Tue Nov 25 01:29:26.289823 2025] [:error] [pid 16549:tid 16552] [client 172.177.184.114:5326] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aSSV9qeWW19A99PUw_eHlwAAAUA"]
[Tue Nov 25 01:29:28.379249 2025] [:error] [pid 9630:tid 9632] [client 172.177.184.114:7663] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aSSV-CrSgUgPGkizt2pvlAAAAEA"]
[Tue Nov 25 01:29:30.391810 2025] [:error] [pid 48688:tid 48705] [client 172.177.184.114:6430] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aSSV-hm2q1FkzLam7A32mwAAAk0"]
[Tue Nov 25 01:29:31.284325 2025] [:error] [pid 16441:tid 16463] [client 172.177.184.114:1531] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aSSV-4q_bc5MOa9Hflnf-gAAAJM"]
[Tue Nov 25 01:29:32.342103 2025] [:error] [pid 49900:tid 49925] [client 172.177.184.114:7865] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/size.php"] [unique_id "aSSV_DCyPLrvg06aorl5tAAAABc"]
[Tue Nov 25 01:29:33.756034 2025] [:error] [pid 48601:tid 48680] [client 172.177.184.114:6734] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/size.php"] [unique_id "aSSV_YMM4MaVTk74-AYSpAAAAhc"]
[Tue Nov 25 01:29:35.062861 2025] [:error] [pid 9630:tid 9646] [client 172.177.184.114:8222] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/size.php"] [unique_id "aSSV_yrSgUgPGkizt2pvlQAAAE4"]
[Tue Nov 25 01:29:37.006231 2025] [:error] [pid 48688:tid 48710] [client 172.177.184.114:7810] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/size.php"] [unique_id "aSSWARm2q1FkzLam7A32oAAAAlI"]
[Tue Nov 25 01:29:38.887801 2025] [:error] [pid 16441:tid 16465] [client 172.177.184.114:5349] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/rsjlrria.php"] [unique_id "aSSWAoq_bc5MOa9Hflnf_wAAAJU"]
[Tue Nov 25 01:29:41.046688 2025] [:error] [pid 16593:tid 16613] [client 172.177.184.114:3450] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/rsjlrria.php"] [unique_id "aSSWBRVGznHBJI2LKpSMjgAAApI"]
[Tue Nov 25 01:29:42.601037 2025] [:error] [pid 48599:tid 48625] [client 172.177.184.114:7055] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/rsjlrria.php"] [unique_id "aSSWBpzvu6PDJiRKE3J2JQAAAZY"]
[Tue Nov 25 01:29:44.029004 2025] [:error] [pid 16516:tid 16529] [client 172.177.184.114:2016] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/rsjlrria.php"] [unique_id "aSSWCPqZbniwaNwL8XktlQAAAQo"]
[Tue Nov 25 01:29:46.107835 2025] [:error] [pid 16593:tid 16618] [client 172.177.184.114:4393] [client 172.177.184.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/about.php"] [unique_id "aSSWChVGznHBJI2LKpSMlAAAApc"]
[Tue Nov 25 01:29:52.174812 2025] [:error] [pid 16549:tid 16556] [client 172.177.184.114:8147] File does not exist: /usr/local/apache/htdocs/suspended-page/gec.php
[Tue Nov 25 01:29:52.820851 2025] [:error] [pid 16549:tid 16555] [client 172.177.184.114:8147] File does not exist: /usr/local/apache/htdocs/suspended-page/nfu.php
[Tue Nov 25 01:29:53.265369 2025] [:error] [pid 16549:tid 16568] [client 172.177.184.114:8147] File does not exist: /usr/local/apache/htdocs/suspended-page/xl8.php
[Tue Nov 25 01:29:53.491305 2025] [:error] [pid 16549:tid 16557] [client 172.177.184.114:8147] File does not exist: /usr/local/apache/htdocs/suspended-page/xl6.php
[Tue Nov 25 01:29:53.888160 2025] [:error] [pid 16549:tid 16565] [client 172.177.184.114:8147] File does not exist: /usr/local/apache/htdocs/suspended-page/class-t.api.php
[Tue Nov 25 01:29:54.162048 2025] [:error] [pid 16549:tid 16572] [client 172.177.184.114:8147] File does not exist: /usr/local/apache/htdocs/suspended-page/zc-706.php
[Tue Nov 25 01:29:54.374212 2025] [:error] [pid 16549:tid 16575] [client 172.177.184.114:8147] File does not exist: /usr/local/apache/htdocs/suspended-page/gifclass.php
[Tue Nov 25 01:29:54.601229 2025] [:error] [pid 16549:tid 16577] [client 172.177.184.114:8147] File does not exist: /usr/local/apache/htdocs/suspended-page/manager.php
[Tue Nov 25 01:29:55.023277 2025] [:error] [pid 16549:tid 16554] [client 172.177.184.114:8147] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSSWE6eWW19A99PUw_eHsQAAAUI"]
[Tue Nov 25 01:29:56.580341 2025] [:error] [pid 16549:tid 16562] [client 172.177.184.114:8471] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSSWFKeWW19A99PUw_eHswAAAUo"]
[Tue Nov 25 01:29:57.927605 2025] [:error] [pid 9630:tid 9647] [client 172.177.184.114:6440] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSSWFSrSgUgPGkizt2pvwAAAAE8"]
[Tue Nov 25 01:29:58.662216 2025] [:error] [pid 49900:tid 49909] [client 172.177.184.114:8132] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSSWFjCyPLrvg06aorl5wgAAAAc"]
[Tue Nov 25 01:30:03.286250 2025] [:error] [pid 48688:tid 48699] [client 172.177.184.114:2557] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/e56.php"] [unique_id "aSSWGxm2q1FkzLam7A32pgAAAkc"]
[Tue Nov 25 01:30:05.760275 2025] [:error] [pid 16549:tid 16555] [client 172.177.184.114:6648] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/e56.php"] [unique_id "aSSWHaeWW19A99PUw_eHvAAAAUM"]
[Tue Nov 25 01:30:06.742806 2025] [:error] [pid 16441:tid 16467] [client 172.177.184.114:8505] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/e56.php"] [unique_id "aSSWHoq_bc5MOa9HflngIwAAAJc"]
[Tue Nov 25 01:30:08.534145 2025] [:error] [pid 9630:tid 9644] [client 172.177.184.114:6450] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/e56.php"] [unique_id "aSSWICrSgUgPGkizt2pv0QAAAEw"]
[Tue Nov 25 01:30:10.940286 2025] [:error] [pid 49900:tid 49921] [client 172.177.184.114:5238] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-x.php"] [unique_id "aSSWIjCyPLrvg06aorl5xQAAABM"]
[Tue Nov 25 01:30:12.752657 2025] [:error] [pid 16441:tid 16454] [client 172.177.184.114:4996] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-x.php"] [unique_id "aSSWJIq_bc5MOa9HflngKgAAAIo"]
[Tue Nov 25 01:30:14.305860 2025] [:error] [pid 16549:tid 16576] [client 172.177.184.114:2760] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-x.php"] [unique_id "aSSWJqeWW19A99PUw_eHwgAAAVc"]
[Tue Nov 25 01:30:22.344268 2025] [:error] [pid 16441:tid 16463] [client 172.177.184.114:8496] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-x.php"] [unique_id "aSSWLoq_bc5MOa9HflngMwAAAJM"]
[Tue Nov 25 01:30:25.192116 2025] [:error] [pid 16549:tid 16554] [client 172.177.184.114:2410] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/css.php"] [unique_id "aSSWMaeWW19A99PUw_eHxAAAAUI"]
[Tue Nov 25 01:30:39.440259 2025] [:error] [pid 16593:tid 16601] [client 172.177.184.114:7160] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/11.php"] [unique_id "aSSWPxVGznHBJI2LKpSMnwAAAoY"]
[Tue Nov 25 01:30:56.394256 2025] [:error] [pid 49900:tid 49924] [client 172.177.184.114:7714] File does not exist: /usr/local/apache/htdocs/suspended-page/20.php
[Tue Nov 25 01:30:56.596988 2025] [:error] [pid 49900:tid 49907] [client 172.177.184.114:7714] File does not exist: /usr/local/apache/htdocs/suspended-page/1.php
[Tue Nov 25 01:30:57.038336 2025] [:error] [pid 49900:tid 49915] [client 172.177.184.114:7714] File does not exist: /usr/local/apache/htdocs/suspended-page/c.php
[Tue Nov 25 01:30:57.243392 2025] [:error] [pid 49900:tid 49902] [client 172.177.184.114:7714] File does not exist: /usr/local/apache/htdocs/suspended-page/build.php
[Tue Nov 25 01:30:57.650842 2025] [:error] [pid 49900:tid 49923] [client 172.177.184.114:7714] File does not exist: /usr/local/apache/htdocs/suspended-page/lock360.php
[Tue Nov 25 01:30:57.855000 2025] [:error] [pid 49900:tid 49921] [client 172.177.184.114:7714] File does not exist: /usr/local/apache/htdocs/suspended-page/4.php
[Tue Nov 25 01:30:58.059423 2025] [:error] [pid 49900:tid 49905] [client 172.177.184.114:7714] File does not exist: /usr/local/apache/htdocs/suspended-page/X7x.php
[Tue Nov 25 01:30:58.384614 2025] [:error] [pid 49900:tid 49920] [client 172.177.184.114:7714] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Tue Nov 25 01:30:58.590857 2025] [:error] [pid 49900:tid 49909] [client 172.177.184.114:7714] File does not exist: /usr/local/apache/htdocs/suspended-page/r.php
[Tue Nov 25 01:30:58.812143 2025] [:error] [pid 49900:tid 49916] [client 172.177.184.114:7714] File does not exist: /usr/local/apache/htdocs/suspended-page/v4.php
[Tue Nov 25 01:30:59.031469 2025] [:error] [pid 49900:tid 49910] [client 172.177.184.114:7714] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-22.php"] [unique_id "aSSWUzCyPLrvg06aorl56wAAAAg"]
[Tue Nov 25 01:31:01.175141 2025] [:error] [pid 49900:tid 49919] [client 172.177.184.114:7052] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-22.php"] [unique_id "aSSWVTCyPLrvg06aorl58AAAABE"]
[Tue Nov 25 01:31:02.987074 2025] [:error] [pid 16441:tid 16462] [client 172.177.184.114:7050] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-22.php"] [unique_id "aSSWVoq_bc5MOa9HflngWwAAAJI"]
[Tue Nov 25 01:31:04.175915 2025] [:error] [pid 48688:tid 48700] [client 172.177.184.114:7738] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-22.php"] [unique_id "aSSWWBm2q1FkzLam7A32yQAAAkg"]
[Tue Nov 25 01:31:05.644763 2025] [:error] [pid 16441:tid 16465] [client 172.177.184.114:5218] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/makeasmtp.php"] [unique_id "aSSWWYq_bc5MOa9HflngYgAAAJU"]
[Tue Nov 25 01:31:46.461715 2025] [:error] [pid 48599:tid 48603] [client 172.177.184.114:9408] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/NewFile.php"] [unique_id "aSSWgpzvu6PDJiRKE3J2VwAAAYA"]
[Tue Nov 25 01:31:49.811692 2025] [:error] [pid 48599:tid 48611] [client 172.177.184.114:4644] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/NewFile.php"] [unique_id "aSSWhZzvu6PDJiRKE3J2WQAAAYg"]
[Tue Nov 25 01:32:10.993108 2025] [:error] [pid 16441:tid 16454] [client 172.177.184.114:3368] File does not exist: /usr/local/apache/htdocs/suspended-page/t.php
[Tue Nov 25 01:32:11.206715 2025] [:error] [pid 16441:tid 16466] [client 172.177.184.114:3368] File does not exist: /usr/local/apache/htdocs/suspended-page/ee.php
[Tue Nov 25 01:32:11.446768 2025] [:error] [pid 16441:tid 16458] [client 172.177.184.114:3368] File does not exist: /usr/local/apache/htdocs/suspended-page/2.php
[Tue Nov 25 01:32:11.658518 2025] [:error] [pid 16441:tid 16462] [client 172.177.184.114:3368] File does not exist: /usr/local/apache/htdocs/suspended-page/6.php
[Tue Nov 25 01:32:11.958796 2025] [:error] [pid 16441:tid 16452] [client 172.177.184.114:3368] File does not exist: /usr/local/apache/htdocs/suspended-page/12.php
[Tue Nov 25 01:32:12.184622 2025] [:error] [pid 16441:tid 16465] [client 172.177.184.114:3368] File does not exist: /usr/local/apache/htdocs/suspended-page/0.php
[Tue Nov 25 01:32:12.610558 2025] [:error] [pid 16441:tid 16464] [client 172.177.184.114:3368] File does not exist: /usr/local/apache/htdocs/suspended-page/02.php
[Tue Nov 25 01:32:12.866632 2025] [:error] [pid 16441:tid 16456] [client 172.177.184.114:3368] File does not exist: /usr/local/apache/htdocs/suspended-page/w.php
[Tue Nov 25 01:32:13.090194 2025] [:error] [pid 16441:tid 16461] [client 172.177.184.114:3368] File does not exist: /usr/local/apache/htdocs/suspended-page/go.php
[Tue Nov 25 01:32:13.324328 2025] [:error] [pid 16441:tid 16460] [client 172.177.184.114:3368] File does not exist: /usr/local/apache/htdocs/suspended-page/an.php
[Tue Nov 25 01:32:13.624166 2025] [:error] [pid 16441:tid 16455] [client 172.177.184.114:3368] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp.php"] [unique_id "aSSWnYq_bc5MOa9HflngvgAAAIs"]
[Tue Nov 25 01:32:14.459988 2025] [:error] [pid 49900:tid 49917] [client 172.177.184.114:3338] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp.php"] [unique_id "aSSWnjCyPLrvg06aorl6XgAAAA8"]
[Tue Nov 25 01:32:16.051204 2025] [:error] [pid 48688:tid 48694] [client 172.177.184.114:5872] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp.php"] [unique_id "aSSWoBm2q1FkzLam7A326AAAAkI"]
[Tue Nov 25 01:32:23.760884 2025] [:error] [pid 48601:tid 48667] [client 172.177.184.114:3338] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp.php"] [unique_id "aSSWp4MM4MaVTk74-AYTBQAAAgo"]
[Tue Nov 25 01:32:29.573431 2025] [:error] [pid 16516:tid 16525] [client 172.177.184.114:1850] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin.php"] [unique_id "aSSWrfqZbniwaNwL8Xkt0gAAAQY"]
[Tue Nov 25 01:32:31.419337 2025] [:error] [pid 48601:tid 48661] [client 172.177.184.114:3065] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin.php"] [unique_id "aSSWr4MM4MaVTk74-AYTCAAAAgQ"]
[Tue Nov 25 01:32:32.995272 2025] [:error] [pid 16549:tid 16567] [client 172.177.184.114:7561] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin.php"] [unique_id "aSSWsKeWW19A99PUw_eIBwAAAU8"]
[Tue Nov 25 01:32:34.693844 2025] [:error] [pid 16441:tid 16450] [client 172.177.184.114:5982] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin.php"] [unique_id "aSSWsoq_bc5MOa9HflngxQAAAIY"]
[Tue Nov 25 01:32:36.337223 2025] [:error] [pid 16593:tid 16596] [client 172.177.184.114:7142] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin.php"] [unique_id "aSSWtBVGznHBJI2LKpSNBAAAAoE"]
[Tue Nov 25 01:32:52.330235 2025] [:error] [pid 49900:tid 49912] [client 172.177.184.114:6480] [client 172.177.184.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/about.php"] [unique_id "aSSWxDCyPLrvg06aorl6awAAAAo"]
[Tue Nov 25 01:32:55.370397 2025] [:error] [pid 16593:tid 16607] [client 172.177.184.114:1791] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/index/function.php"] [unique_id "aSSWxxVGznHBJI2LKpSNFwAAAow"]
[Tue Nov 25 01:33:00.776169 2025] [:error] [pid 16441:tid 16463] [client 172.177.184.114:6613] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/index/function.php"] [unique_id "aSSWzIq_bc5MOa9Hflng9QAAAJM"]
[Tue Nov 25 01:33:17.607025 2025] [:error] [pid 48600:tid 48637] [client 172.177.184.114:7283] [client 172.177.184.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/rk2.php"] [unique_id "aSSW3ftOzSUAQvWVjBfAMQAAAcc"]
[Tue Nov 25 01:33:21.120290 2025] [:error] [pid 48599:tid 48626] [client 172.177.184.114:1545] File does not exist: /usr/local/apache/htdocs/suspended-page/license.php
[Tue Nov 25 01:33:21.349988 2025] [:error] [pid 48599:tid 48604] [client 172.177.184.114:1545] File does not exist: /usr/local/apache/htdocs/suspended-page/radio.php
[Tue Nov 25 01:33:21.566933 2025] [:error] [pid 48599:tid 48611] [client 172.177.184.114:1545] File does not exist: /usr/local/apache/htdocs/suspended-page/info.php
[Tue Nov 25 01:33:21.781898 2025] [:error] [pid 48599:tid 48620] [client 172.177.184.114:1545] File does not exist: /usr/local/apache/htdocs/suspended-page/alfanew.php
[Tue Nov 25 01:33:22.004888 2025] [:error] [pid 48599:tid 48608] [client 172.177.184.114:1545] File does not exist: /usr/local/apache/htdocs/suspended-page/inputs.php
[Tue Nov 25 01:33:22.656605 2025] [:error] [pid 48599:tid 48625] [client 172.177.184.114:1545] [client 172.177.184.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/index.php"] [unique_id "aSSW4pzvu6PDJiRKE3J2lwAAAZY"]
[Tue Nov 25 01:33:25.338728 2025] [:error] [pid 16441:tid 16456] [client 172.177.184.114:1883] File does not exist: /usr/local/apache/htdocs/suspended-page/default.php
[Tue Nov 25 01:33:25.546973 2025] [:error] [pid 16441:tid 16461] [client 172.177.184.114:1883] File does not exist: /usr/local/apache/htdocs/suspended-page/lv.php
[Tue Nov 25 01:33:25.985364 2025] [:error] [pid 16441:tid 16455] [client 172.177.184.114:1883] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/marijuana.php"] [unique_id "aSSW5Yq_bc5MOa9HflnhAgAAAIs"]
[Tue Nov 25 01:33:28.761099 2025] [:error] [pid 16593:tid 16597] [client 172.177.184.114:8941] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/marijuana.php"] [unique_id "aSSW6BVGznHBJI2LKpSNJAAAAoI"]
[Tue Nov 25 01:33:31.634106 2025] [:error] [pid 9630:tid 9647] [client 172.177.184.114:1595] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/marijuana.php"] [unique_id "aSSW6yrSgUgPGkizt2pwVgAAAE8"]
[Tue Nov 25 01:33:36.426208 2025] [:error] [pid 48600:tid 48640] [client 172.177.184.114:4000] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/marijuana.php"] [unique_id "aSSW8PtOzSUAQvWVjBfAOgAAAco"]
[Tue Nov 25 01:33:38.753408 2025] [:error] [pid 16441:tid 16454] [client 172.177.184.114:4650] [client 172.177.184.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/autoload_classmap.php"] [unique_id "aSSW8oq_bc5MOa9HflnhCgAAAIo"]
[Tue Nov 25 01:33:42.715799 2025] [:error] [pid 9630:tid 9632] [client 172.177.184.114:2518] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/403.php"] [unique_id "aSSW9irSgUgPGkizt2pwXgAAAEA"]
[Tue Nov 25 01:33:58.906151 2025] [:error] [pid 16441:tid 16454] [client 172.177.184.114:4800] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/user/about.php"] [unique_id "aSSXBoq_bc5MOa9HflnhFwAAAIo"]
[Tue Nov 25 01:33:59.780720 2025] [:error] [pid 16516:tid 16529] [client 172.177.184.114:8874] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/user/about.php"] [unique_id "aSSXB_qZbniwaNwL8Xkt6wAAAQo"]
[Tue Nov 25 01:34:06.359882 2025] [:error] [pid 48688:tid 48704] [client 172.177.184.114:4847] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/user/about.php"] [unique_id "aSSXDhm2q1FkzLam7A33BQAAAkw"]
[Tue Nov 25 01:34:07.328813 2025] [:error] [pid 49900:tid 49918] [client 172.177.184.114:3610] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/user/about.php"] [unique_id "aSSXDzCyPLrvg06aorl6ugAAABA"]
[Tue Nov 25 01:34:09.081809 2025] [:error] [pid 49900:tid 49923] [client 172.177.184.114:8858] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/1.php"] [unique_id "aSSXETCyPLrvg06aorl6vwAAABU"]
[Tue Nov 25 01:34:10.811801 2025] [:error] [pid 16441:tid 16458] [client 172.177.184.114:9924] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/1.php"] [unique_id "aSSXEoq_bc5MOa9HflnhJwAAAI4"]
[Tue Nov 25 01:34:12.945673 2025] [:error] [pid 16549:tid 16571] [client 172.177.184.114:1568] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/1.php"] [unique_id "aSSXFKeWW19A99PUw_eINgAAAVI"]
[Tue Nov 25 01:34:18.565738 2025] [:error] [pid 49900:tid 49925] [client 172.177.184.114:4323] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/1.php"] [unique_id "aSSXGjCyPLrvg06aorl6xAAAABc"]
[Tue Nov 25 01:34:20.000712 2025] [:error] [pid 16441:tid 16447] [client 172.177.184.114:8194] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/marijuana.php"] [unique_id "aSSXG4q_bc5MOa9HflnhLwAAAIM"]
[Tue Nov 25 01:34:25.771857 2025] [:error] [pid 16441:tid 16460] [client 172.177.184.114:1599] File does not exist: /usr/local/apache/htdocs/suspended-page/marijuana.php
[Tue Nov 25 01:34:26.397247 2025] [:error] [pid 16441:tid 16462] [client 172.177.184.114:1599] File does not exist: /usr/local/apache/htdocs/suspended-page/simple.php
[Tue Nov 25 01:34:26.709180 2025] [:error] [pid 16441:tid 16454] [client 172.177.184.114:1599] File does not exist: /usr/local/apache/htdocs/suspended-page/goat1.php
[Tue Nov 25 01:34:26.931411 2025] [:error] [pid 16441:tid 16459] [client 172.177.184.114:1599] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Tue Nov 25 01:34:27.139336 2025] [:error] [pid 16441:tid 16452] [client 172.177.184.114:1599] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-cron.php
[Tue Nov 25 01:34:27.363462 2025] [:error] [pid 16441:tid 16458] [client 172.177.184.114:1599] File does not exist: /usr/local/apache/htdocs/suspended-page/yanz.php
[Tue Nov 25 01:34:27.583148 2025] [:error] [pid 16441:tid 16464] [client 172.177.184.114:1599] File does not exist: /usr/local/apache/htdocs/suspended-page/config.php
[Tue Nov 25 01:34:28.033308 2025] [:error] [pid 16441:tid 16465] [client 172.177.184.114:1599] File does not exist: /usr/local/apache/htdocs/suspended-page/network.php
[Tue Nov 25 01:34:28.240959 2025] [:error] [pid 16441:tid 16445] [client 172.177.184.114:1599] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-2019.php
[Tue Nov 25 01:34:28.908101 2025] [:error] [pid 16441:tid 16446] [client 172.177.184.114:1599] File does not exist: /usr/local/apache/htdocs/suspended-page/bypass.php
[Tue Nov 25 01:34:29.198173 2025] [:error] [pid 16441:tid 16461] [client 172.177.184.114:1599] [client 172.177.184.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/admin.php"] [unique_id "aSSXJYq_bc5MOa9HflnhXQAAAJE"]
[Tue Nov 25 01:34:31.946728 2025] [:error] [pid 48688:tid 48696] [client 172.177.184.114:6769] [client 172.177.184.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/wp-login.php"] [unique_id "aSSXJxm2q1FkzLam7A33JQAAAkQ"]
[Tue Nov 25 01:34:36.801490 2025] [:error] [pid 9630:tid 9643] [client 172.177.184.114:1531] [client 172.177.184.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/tiny.php"] [unique_id "aSSXLCrSgUgPGkizt2pwoQAAAEs"]
[Tue Nov 25 01:34:39.344956 2025] [:error] [pid 48601:tid 48667] [client 172.177.184.114:3447] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lock.php"] [unique_id "aSSXL4MM4MaVTk74-AYTQgAAAgo"]
[Tue Nov 25 01:34:41.957689 2025] [:error] [pid 49900:tid 49913] [client 172.177.184.114:4407] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lock.php"] [unique_id "aSSXMTCyPLrvg06aorl66QAAAAs"]
[Tue Nov 25 01:34:48.868732 2025] [:error] [pid 48601:tid 48670] [client 172.177.184.114:9475] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lock.php"] [unique_id "aSSXOIMM4MaVTk74-AYTSgAAAg0"]
[Tue Nov 25 01:34:50.913185 2025] [:error] [pid 16549:tid 16564] [client 172.177.184.114:2986] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lock.php"] [unique_id "aSSXOqeWW19A99PUw_eIWQAAAUw"]
[Tue Nov 25 01:34:52.877234 2025] [:error] [pid 16549:tid 16571] [client 172.177.184.114:8335] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/mail.php"] [unique_id "aSSXPKeWW19A99PUw_eIWgAAAVI"]
[Tue Nov 25 01:34:54.497246 2025] [:error] [pid 9630:tid 9637] [client 172.177.184.114:5199] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/mail.php"] [unique_id "aSSXPirSgUgPGkizt2pwsQAAAEU"]
[Tue Nov 25 01:35:07.909312 2025] [:error] [pid 48599:tid 48605] [client 172.177.184.114:3540] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/system_log.php"] [unique_id "aSSXS5zvu6PDJiRKE3J2-AAAAYI"]
[Tue Nov 25 01:35:10.143522 2025] [:error] [pid 16516:tid 16537] [client 172.177.184.114:1088] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/system_log.php"] [unique_id "aSSXTvqZbniwaNwL8XkuJwAAARI"]
[Tue Nov 25 01:35:16.115407 2025] [:error] [pid 48601:tid 48662] [client 172.177.184.114:6402] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/system_log.php"] [unique_id "aSSXVIMM4MaVTk74-AYTVwAAAgU"]
[Tue Nov 25 01:35:18.481152 2025] [:error] [pid 48599:tid 48607] [client 172.177.184.114:1376] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/system_log.php"] [unique_id "aSSXVpzvu6PDJiRKE3J3CAAAAYQ"]
[Tue Nov 25 01:35:21.074124 2025] [:error] [pid 16593:tid 16601] [client 172.177.184.114:5477] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file.php"] [unique_id "aSSXWRVGznHBJI2LKpSNXgAAAoY"]
[Tue Nov 25 01:35:24.181190 2025] [:error] [pid 16516:tid 16538] [client 172.177.184.114:6648] [client 172.177.184.114] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/file.php"] [unique_id "aSSXXPqZbniwaNwL8XkuLQAAARM"]
[Tue Nov 25 01:35:37.068000 2025] [:error] [pid 48688:tid 48698] [client 172.177.184.114:2007] File does not exist: /usr/local/apache/htdocs/suspended-page/as.php
[Tue Nov 25 01:35:37.280116 2025] [:error] [pid 48688:tid 48703] [client 172.177.184.114:2007] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php
[Tue Nov 25 01:35:39.279151 2025] [:error] [pid 48688:tid 48706] [client 172.177.184.114:2007] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-configs.php
[Tue Nov 25 01:35:39.874247 2025] [:error] [pid 48688:tid 48693] [client 172.177.184.114:2007] [client 172.177.184.114] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/crop/zmFM.php"] [unique_id "aSSXaxm2q1FkzLam7A33QwAAAkE"]
[Tue Nov 25 01:35:43.035381 2025] [:error] [pid 9630:tid 9650] [client 172.177.184.114:2036] File does not exist: /usr/local/apache/htdocs/suspended-page/post.php
[Tue Nov 25 01:35:43.247621 2025] [:error] [pid 9630:tid 9636] [client 172.177.184.114:2036] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php
[Tue Nov 25 08:14:28.769775 2025] [:error] [pid 14077:tid 14130] [client 170.106.161.78:36464] [client 170.106.161.78] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aST05BG9n7UHEkwDTyh8NgAAAFQ"]
[Tue Nov 25 10:45:12.628895 2025] [:error] [pid 28842:tid 29021] [client 20.10.155.17:9942] File does not exist: /usr/local/apache/htdocs/suspended-page/acxx.php
[Tue Nov 25 10:45:12.981088 2025] [:error] [pid 28842:tid 28990] [client 20.10.155.17:9942] File does not exist: /usr/local/apache/htdocs/suspended-page/dev1s.php
[Tue Nov 25 10:45:13.209236 2025] [:error] [pid 28842:tid 28994] [client 20.10.155.17:9942] File does not exist: /usr/local/apache/htdocs/suspended-page/ww1.php
[Tue Nov 25 10:45:13.439179 2025] [:error] [pid 28842:tid 29018] [client 20.10.155.17:9942] File does not exist: /usr/local/apache/htdocs/suspended-page/c4.php
[Tue Nov 25 10:45:13.652856 2025] [:error] [pid 28842:tid 28992] [client 20.10.155.17:9942] File does not exist: /usr/local/apache/htdocs/suspended-page/wsx.php
[Tue Nov 25 10:45:13.921850 2025] [:error] [pid 28842:tid 28995] [client 20.10.155.17:9942] File does not exist: /usr/local/apache/htdocs/suspended-page/b4.php
[Tue Nov 25 10:45:14.144177 2025] [:error] [pid 28842:tid 29017] [client 20.10.155.17:9942] File does not exist: /usr/local/apache/htdocs/suspended-page/xenium4.php
[Tue Nov 25 10:45:14.358599 2025] [:error] [pid 28842:tid 29022] [client 20.10.155.17:9942] File does not exist: /usr/local/apache/htdocs/suspended-page/xpw.php
[Tue Nov 25 10:45:14.572788 2025] [:error] [pid 28842:tid 28999] [client 20.10.155.17:9942] File does not exist: /usr/local/apache/htdocs/suspended-page/ww2.php
[Tue Nov 25 10:45:14.805769 2025] [:error] [pid 28842:tid 28993] [client 20.10.155.17:9942] File does not exist: /usr/local/apache/htdocs/suspended-page/ww3.php
[Tue Nov 25 10:45:15.029877 2025] [:error] [pid 28842:tid 29003] [client 20.10.155.17:9942] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v.php"] [unique_id "aSUYO9NmoaPf6T4-6C3ocwAAA00"]
[Tue Nov 25 10:45:16.270501 2025] [:error] [pid 28842:tid 29001] [client 20.10.155.17:6492] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v.php"] [unique_id "aSUYPNNmoaPf6T4-6C3odQAAA0s"]
[Tue Nov 25 10:45:18.168809 2025] [:error] [pid 14688:tid 14700] [client 20.10.155.17:3814] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v.php"] [unique_id "aSUYPm9vYrBoEsiDniw2IgAAAQo"]
[Tue Nov 25 10:45:25.622055 2025] [:error] [pid 28842:tid 28998] [client 20.10.155.17:7107] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v.php"] [unique_id "aSUYRdNmoaPf6T4-6C3ofAAAA0g"]
[Tue Nov 25 10:45:27.577160 2025] [:error] [pid 14168:tid 14188] [client 20.10.155.17:3085] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/d2.php"] [unique_id "aSUYR_R-ZDU0QEgAIIvJvQAAANE"]
[Tue Nov 25 10:45:41.573102 2025] [:error] [pid 28739:tid 28764] [client 20.10.155.17:3566] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/d2.php"] [unique_id "aSUYVRxGpKmlkG4FexQBHQAAAgI"]
[Tue Nov 25 10:45:45.460333 2025] [:error] [pid 14077:tid 14122] [client 20.10.155.17:11184] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/snus.php"] [unique_id "aSUYWRG9n7UHEkwDTyjAIQAAAEw"]
[Tue Nov 25 10:45:53.634602 2025] [:error] [pid 28836:tid 28959] [client 20.10.155.17:1526] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/snus.php"] [unique_id "aSUYYZwNRsoxcLQGkTc55QAAAsQ"]
[Tue Nov 25 10:45:58.026889 2025] [:error] [pid 14077:tid 14126] [client 20.10.155.17:4052] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/011i.php"] [unique_id "aSUYZhG9n7UHEkwDTyjAJwAAAFA"]
[Tue Nov 25 10:46:01.474297 2025] [:error] [pid 14076:tid 14082] [client 20.10.155.17:5234] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/011i.php"] [unique_id "aSUYaXsB4Gz6Qw-pvBtaaQAAAAE"]
[Tue Nov 25 10:46:05.756126 2025] [:error] [pid 28739:tid 28782] [client 20.10.155.17:9428] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/011i.php"] [unique_id "aSUYbRxGpKmlkG4FexQBPAAAAhQ"]
[Tue Nov 25 10:46:06.702993 2025] [:error] [pid 28842:tid 28992] [client 20.10.155.17:10531] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/011i.php"] [unique_id "aSUYbtNmoaPf6T4-6C3oqwAAA0I"]
[Tue Nov 25 10:46:08.083802 2025] [:error] [pid 14078:tid 14138] [client 20.10.155.17:8524] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disaos.php"] [unique_id "aSUYcNVXYbb0ii_rVoKj2QAAAIE"]
[Tue Nov 25 10:46:09.136740 2025] [:error] [pid 28842:tid 28995] [client 20.10.155.17:11245] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disaos.php"] [unique_id "aSUYcdNmoaPf6T4-6C3orgAAA0U"]
[Tue Nov 25 10:46:24.354842 2025] [:error] [pid 28739:tid 28780] [client 20.10.155.17:2805] File does not exist: /usr/local/apache/htdocs/suspended-page/gdn.php
[Tue Nov 25 10:46:24.762161 2025] [:error] [pid 28739:tid 28765] [client 20.10.155.17:2805] File does not exist: /usr/local/apache/htdocs/suspended-page/ww4.php
[Tue Nov 25 10:46:24.992982 2025] [:error] [pid 28739:tid 28785] [client 20.10.155.17:2805] File does not exist: /usr/local/apache/htdocs/suspended-page/xc.php
[Tue Nov 25 10:46:25.205299 2025] [:error] [pid 28739:tid 28783] [client 20.10.155.17:2805] File does not exist: /usr/local/apache/htdocs/suspended-page/g.php
[Tue Nov 25 10:46:25.418866 2025] [:error] [pid 28739:tid 28782] [client 20.10.155.17:2805] File does not exist: /usr/local/apache/htdocs/suspended-page/nx1.php
[Tue Nov 25 10:46:25.655064 2025] [:error] [pid 28739:tid 28771] [client 20.10.155.17:2805] File does not exist: /usr/local/apache/htdocs/suspended-page/ii.php
[Tue Nov 25 10:46:25.870114 2025] [:error] [pid 28739:tid 28779] [client 20.10.155.17:2805] File does not exist: /usr/local/apache/htdocs/suspended-page/kr.php
[Tue Nov 25 10:46:26.100851 2025] [:error] [pid 28739:tid 28786] [client 20.10.155.17:2805] File does not exist: /usr/local/apache/htdocs/suspended-page/18299.php
[Tue Nov 25 10:46:26.313215 2025] [:error] [pid 28739:tid 28784] [client 20.10.155.17:2805] File does not exist: /usr/local/apache/htdocs/suspended-page/3.php
[Tue Nov 25 10:46:26.530489 2025] [:error] [pid 28739:tid 28768] [client 20.10.155.17:2805] File does not exist: /usr/local/apache/htdocs/suspended-page/chati.php
[Tue Nov 25 10:46:26.756703 2025] [:error] [pid 28739:tid 28767] [client 20.10.155.17:2805] File does not exist: /usr/local/apache/htdocs/suspended-page/content-over.php
[Tue Nov 25 10:46:26.966874 2025] [:error] [pid 28739:tid 28764] [client 20.10.155.17:2805] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gm.php"] [unique_id "aSUYghxGpKmlkG4FexQBUgAAAgI"]
[Tue Nov 25 10:46:30.958158 2025] [:error] [pid 14168:tid 14171] [client 20.10.155.17:10524] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gm.php"] [unique_id "aSUYhvR-ZDU0QEgAIIvJ9wAAAMA"]
[Tue Nov 25 10:46:58.688199 2025] [:error] [pid 28842:tid 29026] [client 20.10.155.17:9519] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aSUYotNmoaPf6T4-6C3ozgAAA1g"]
[Tue Nov 25 10:47:03.433020 2025] [:error] [pid 28842:tid 29021] [client 20.10.155.17:5609] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aSUYp9NmoaPf6T4-6C3o0QAAA1M"]
[Tue Nov 25 10:47:07.978941 2025] [:error] [pid 14077:tid 14119] [client 20.10.155.17:6376] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aSUYqxG9n7UHEkwDTyjAfQAAAEk"]
[Tue Nov 25 10:47:08.669899 2025] [:error] [pid 14077:tid 14134] [client 20.10.155.17:7494] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/we.php"] [unique_id "aSUYrBG9n7UHEkwDTyjAfwAAAFg"]
[Tue Nov 25 10:47:12.071803 2025] [:error] [pid 14077:tid 14112] [client 20.10.155.17:7275] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/size.php"] [unique_id "aSUYsBG9n7UHEkwDTyjAgQAAAEI"]
[Tue Nov 25 10:47:13.278681 2025] [:error] [pid 14168:tid 14183] [client 20.10.155.17:5828] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/size.php"] [unique_id "aSUYsfR-ZDU0QEgAIIvKJQAAAMw"]
[Tue Nov 25 10:47:15.797764 2025] [:error] [pid 28739:tid 28777] [client 20.10.155.17:7851] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/size.php"] [unique_id "aSUYsxxGpKmlkG4FexQBaQAAAg8"]
[Tue Nov 25 10:47:16.984212 2025] [:error] [pid 28842:tid 28999] [client 20.10.155.17:8573] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/size.php"] [unique_id "aSUYtNNmoaPf6T4-6C3o2QAAA0k"]
[Tue Nov 25 10:47:32.126865 2025] [:error] [pid 28842:tid 28995] [client 20.10.155.17:4195] File does not exist: /usr/local/apache/htdocs/suspended-page/rsjlrria.php
[Tue Nov 25 10:47:32.685123 2025] [:error] [pid 14077:tid 14134] [client 20.10.155.17:11303] [client 20.10.155.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/customize/about.php"] [unique_id "aSUYxBG9n7UHEkwDTyjAiwAAAFg"]
[Tue Nov 25 10:47:35.010946 2025] [:error] [pid 28739:tid 28770] [client 20.10.155.17:8139] File does not exist: /usr/local/apache/htdocs/suspended-page/gec.php
[Tue Nov 25 10:47:35.527013 2025] [:error] [pid 28739:tid 28786] [client 20.10.155.17:8139] File does not exist: /usr/local/apache/htdocs/suspended-page/nfu.php
[Tue Nov 25 10:47:35.962925 2025] [:error] [pid 28739:tid 28781] [client 20.10.155.17:8139] File does not exist: /usr/local/apache/htdocs/suspended-page/xl8.php
[Tue Nov 25 10:47:36.284412 2025] [:error] [pid 28739:tid 28778] [client 20.10.155.17:8139] File does not exist: /usr/local/apache/htdocs/suspended-page/xl6.php
[Tue Nov 25 10:47:36.502467 2025] [:error] [pid 28739:tid 28776] [client 20.10.155.17:8139] File does not exist: /usr/local/apache/htdocs/suspended-page/class-t.api.php
[Tue Nov 25 10:47:36.726430 2025] [:error] [pid 28739:tid 28769] [client 20.10.155.17:8139] File does not exist: /usr/local/apache/htdocs/suspended-page/zc-706.php
[Tue Nov 25 10:47:37.237776 2025] [:error] [pid 28739:tid 28780] [client 20.10.155.17:8139] File does not exist: /usr/local/apache/htdocs/suspended-page/gifclass.php
[Tue Nov 25 10:47:37.611212 2025] [:error] [pid 28739:tid 28762] [client 20.10.155.17:8139] File does not exist: /usr/local/apache/htdocs/suspended-page/manager.php
[Tue Nov 25 10:47:37.816359 2025] [:error] [pid 28739:tid 28784] [client 20.10.155.17:8139] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/as.php"] [unique_id "aSUYyRxGpKmlkG4FexQBgAAAAhY"]
[Tue Nov 25 10:47:38.688118 2025] [:error] [pid 28836:tid 28968] [client 20.10.155.17:10054] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/as.php"] [unique_id "aSUYypwNRsoxcLQGkTc6MAAAAs0"]
[Tue Nov 25 10:47:42.650310 2025] [:error] [pid 28836:tid 28986] [client 20.10.155.17:11101] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/as.php"] [unique_id "aSUYzpwNRsoxcLQGkTc6MgAAAs8"]
[Tue Nov 25 10:47:45.734870 2025] [:error] [pid 28739:tid 28777] [client 20.10.155.17:5628] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/as.php"] [unique_id "aSUY0RxGpKmlkG4FexQBgwAAAg8"]
[Tue Nov 25 10:47:47.950491 2025] [:error] [pid 14076:tid 14084] [client 20.10.155.17:9880] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSUY03sB4Gz6Qw-pvBta9AAAAAM"]
[Tue Nov 25 10:47:50.170996 2025] [:error] [pid 14077:tid 14113] [client 20.10.155.17:1620] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSUY1hG9n7UHEkwDTyjAkAAAAEM"]
[Tue Nov 25 10:47:52.142809 2025] [:error] [pid 14076:tid 14089] [client 20.10.155.17:10442] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSUY2HsB4Gz6Qw-pvBta-AAAAAg"]
[Tue Nov 25 10:47:55.306160 2025] [:error] [pid 28609:tid 28633] [client 20.10.155.17:5714] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/product.php"] [unique_id "aSUY2yGGdT-nZJVs3x1ITQAAAY8"]
[Tue Nov 25 10:47:57.859626 2025] [:error] [pid 14168:tid 14190] [client 20.10.155.17:6783] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/e56.php"] [unique_id "aSUY3fR-ZDU0QEgAIIvKQwAAANM"]
[Tue Nov 25 10:47:58.829371 2025] [:error] [pid 14077:tid 14116] [client 20.10.155.17:4808] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/e56.php"] [unique_id "aSUY3hG9n7UHEkwDTyjAkgAAAEY"]
[Tue Nov 25 10:48:01.643291 2025] [:error] [pid 28836:tid 29009] [client 20.10.155.17:4489] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/e56.php"] [unique_id "aSUY4ZwNRsoxcLQGkTc6OQAAAtM"]
[Tue Nov 25 10:48:11.721829 2025] [:error] [pid 28842:tid 28992] [client 20.10.155.17:5998] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-x.php"] [unique_id "aSUY69NmoaPf6T4-6C3pBwAAA0I"]
[Tue Nov 25 10:48:13.622343 2025] [:error] [pid 14076:tid 14091] [client 20.10.155.17:1372] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-x.php"] [unique_id "aSUY7XsB4Gz6Qw-pvBtbFAAAAAo"]
[Tue Nov 25 10:48:18.811765 2025] [:error] [pid 14076:tid 14083] [client 20.10.155.17:5352] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-x.php"] [unique_id "aSUY8nsB4Gz6Qw-pvBtbIAAAAAI"]
[Tue Nov 25 10:48:20.557010 2025] [:error] [pid 28740:tid 28807] [client 20.10.155.17:7289] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-x.php"] [unique_id "aSUY9FppQCoYxWW6V0X0GAAAAlA"]
[Tue Nov 25 10:48:22.642624 2025] [:error] [pid 28739:tid 28771] [client 20.10.155.17:4851] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/css.php"] [unique_id "aSUY9hxGpKmlkG4FexQBtAAAAgk"]
[Tue Nov 25 10:48:25.044667 2025] [:error] [pid 28739:tid 28786] [client 20.10.155.17:7236] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/css.php"] [unique_id "aSUY-RxGpKmlkG4FexQBtQAAAhg"]
[Tue Nov 25 10:48:27.415240 2025] [:error] [pid 28842:tid 29023] [client 20.10.155.17:2762] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/css.php"] [unique_id "aSUY-9NmoaPf6T4-6C3pDwAAA1U"]
[Tue Nov 25 10:48:32.664759 2025] [:error] [pid 14688:tid 14703] [client 20.10.155.17:9472] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/css.php"] [unique_id "aSUZAG9vYrBoEsiDniw2rgAAAQ0"]
[Tue Nov 25 10:48:38.707642 2025] [:error] [pid 28739:tid 28785] [client 20.10.155.17:3594] File does not exist: /usr/local/apache/htdocs/suspended-page/11.php
[Tue Nov 25 10:48:38.918216 2025] [:error] [pid 28739:tid 28783] [client 20.10.155.17:3594] File does not exist: /usr/local/apache/htdocs/suspended-page/20.php
[Tue Nov 25 10:48:39.142491 2025] [:error] [pid 28739:tid 28770] [client 20.10.155.17:3594] File does not exist: /usr/local/apache/htdocs/suspended-page/1.php
[Tue Nov 25 10:48:39.352561 2025] [:error] [pid 28739:tid 28782] [client 20.10.155.17:3594] File does not exist: /usr/local/apache/htdocs/suspended-page/c.php
[Tue Nov 25 10:48:39.706345 2025] [:error] [pid 28739:tid 28777] [client 20.10.155.17:3594] File does not exist: /usr/local/apache/htdocs/suspended-page/build.php
[Tue Nov 25 10:48:40.281656 2025] [:error] [pid 28739:tid 28766] [client 20.10.155.17:3594] File does not exist: /usr/local/apache/htdocs/suspended-page/lock360.php
[Tue Nov 25 10:48:40.507001 2025] [:error] [pid 28739:tid 28763] [client 20.10.155.17:3594] File does not exist: /usr/local/apache/htdocs/suspended-page/4.php
[Tue Nov 25 10:48:40.715447 2025] [:error] [pid 28739:tid 28773] [client 20.10.155.17:3594] File does not exist: /usr/local/apache/htdocs/suspended-page/X7x.php
[Tue Nov 25 10:48:40.927839 2025] [:error] [pid 28739:tid 28774] [client 20.10.155.17:3594] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Tue Nov 25 10:48:41.144737 2025] [:error] [pid 28739:tid 28778] [client 20.10.155.17:3594] File does not exist: /usr/local/apache/htdocs/suspended-page/r.php
[Tue Nov 25 10:48:41.364103 2025] [:error] [pid 28739:tid 28764] [client 20.10.155.17:3594] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v4.php"] [unique_id "aSUZCRxGpKmlkG4FexQBzQAAAgI"]
[Tue Nov 25 10:48:44.562310 2025] [:error] [pid 14168:tid 14172] [client 20.10.155.17:9640] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v4.php"] [unique_id "aSUZDPR-ZDU0QEgAIIvKbAAAAME"]
[Tue Nov 25 10:48:51.076278 2025] [:error] [pid 28739:tid 28770] [client 20.10.155.17:8161] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v4.php"] [unique_id "aSUZExxGpKmlkG4FexQB5wAAAgg"]
[Tue Nov 25 10:48:56.151096 2025] [:error] [pid 14688:tid 14699] [client 20.10.155.17:9115] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v4.php"] [unique_id "aSUZGG9vYrBoEsiDniw2wAAAAQk"]
[Tue Nov 25 10:48:58.719688 2025] [:error] [pid 14078:tid 14157] [client 20.10.155.17:9151] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-22.php"] [unique_id "aSUZGtVXYbb0ii_rVoKkYwAAAJQ"]
[Tue Nov 25 10:49:43.149140 2025] [:error] [pid 14688:tid 14701] [client 20.10.155.17:5597] File does not exist: /usr/local/apache/htdocs/suspended-page/makeasmtp.php
[Tue Nov 25 10:49:43.439415 2025] [:error] [pid 14688:tid 14707] [client 20.10.155.17:5597] File does not exist: /usr/local/apache/htdocs/suspended-page/system_log.php
[Tue Nov 25 10:49:43.673948 2025] [:error] [pid 14688:tid 14705] [client 20.10.155.17:5597] File does not exist: /usr/local/apache/htdocs/suspended-page/NewFile.php
[Tue Nov 25 10:49:43.887724 2025] [:error] [pid 14688:tid 14691] [client 20.10.155.17:5597] File does not exist: /usr/local/apache/htdocs/suspended-page/t.php
[Tue Nov 25 10:49:44.102323 2025] [:error] [pid 14688:tid 14693] [client 20.10.155.17:5597] File does not exist: /usr/local/apache/htdocs/suspended-page/ee.php
[Tue Nov 25 10:49:44.416021 2025] [:error] [pid 14688:tid 14713] [client 20.10.155.17:5597] File does not exist: /usr/local/apache/htdocs/suspended-page/2.php
[Tue Nov 25 10:49:44.632417 2025] [:error] [pid 14688:tid 14695] [client 20.10.155.17:5597] File does not exist: /usr/local/apache/htdocs/suspended-page/6.php
[Tue Nov 25 10:49:44.852777 2025] [:error] [pid 14688:tid 14711] [client 20.10.155.17:5597] File does not exist: /usr/local/apache/htdocs/suspended-page/12.php
[Tue Nov 25 10:49:45.075732 2025] [:error] [pid 14688:tid 14702] [client 20.10.155.17:5597] File does not exist: /usr/local/apache/htdocs/suspended-page/0.php
[Tue Nov 25 10:49:45.515222 2025] [:error] [pid 14688:tid 14714] [client 20.10.155.17:5597] File does not exist: /usr/local/apache/htdocs/suspended-page/02.php
[Tue Nov 25 10:49:45.732736 2025] [:error] [pid 14688:tid 14708] [client 20.10.155.17:5597] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/w.php"] [unique_id "aSUZSW9vYrBoEsiDniw2-wAAARI"]
[Tue Nov 25 10:49:48.864205 2025] [:error] [pid 28609:tid 28636] [client 20.10.155.17:8442] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/w.php"] [unique_id "aSUZTCGGdT-nZJVs3x1IhQAAAZI"]
[Tue Nov 25 10:49:49.990479 2025] [:error] [pid 14168:tid 14188] [client 20.10.155.17:2817] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/w.php"] [unique_id "aSUZTfR-ZDU0QEgAIIvKrAAAANE"]
[Tue Nov 25 10:49:52.013209 2025] [:error] [pid 14076:tid 14104] [client 20.10.155.17:11276] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/w.php"] [unique_id "aSUZUHsB4Gz6Qw-pvBtboQAAABc"]
[Tue Nov 25 10:49:53.992161 2025] [:error] [pid 28836:tid 28957] [client 20.10.155.17:3230] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/go.php"] [unique_id "aSUZUZwNRsoxcLQGkTc6kAAAAsI"]
[Tue Nov 25 10:49:55.018799 2025] [:error] [pid 28836:tid 29009] [client 20.10.155.17:5614] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/go.php"] [unique_id "aSUZU5wNRsoxcLQGkTc6kgAAAtM"]
[Tue Nov 25 10:49:59.747927 2025] [:error] [pid 28609:tid 28627] [client 20.10.155.17:8515] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/go.php"] [unique_id "aSUZVyGGdT-nZJVs3x1IjwAAAYk"]
[Tue Nov 25 10:50:01.179795 2025] [:error] [pid 14076:tid 14100] [client 20.10.155.17:5730] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/go.php"] [unique_id "aSUZWXsB4Gz6Qw-pvBtbqAAAABM"]
[Tue Nov 25 10:50:05.269315 2025] [:error] [pid 14078:tid 14146] [client 20.10.155.17:11234] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/an.php"] [unique_id "aSUZXdVXYbb0ii_rVoKknAAAAIk"]
[Tue Nov 25 10:50:10.032843 2025] [:error] [pid 28609:tid 28632] [client 20.10.155.17:1946] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/an.php"] [unique_id "aSUZYiGGdT-nZJVs3x1ImgAAAY4"]
[Tue Nov 25 10:50:19.525421 2025] [:error] [pid 14076:tid 14086] [client 20.10.155.17:4835] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp.php"] [unique_id "aSUZa3sB4Gz6Qw-pvBtbwQAAAAU"]
[Tue Nov 25 10:50:29.332137 2025] [:error] [pid 14076:tid 14084] [client 20.10.155.17:2821] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp.php"] [unique_id "aSUZdXsB4Gz6Qw-pvBtbzgAAAAM"]
[Tue Nov 25 10:50:31.104027 2025] [:error] [pid 14078:tid 14157] [client 20.10.155.17:9414] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp.php"] [unique_id "aSUZd9VXYbb0ii_rVoKktQAAAJQ"]
[Tue Nov 25 10:50:36.267664 2025] [:error] [pid 14078:tid 14146] [client 20.10.155.17:5750] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin.php"] [unique_id "aSUZfNVXYbb0ii_rVoKkuAAAAIk"]
[Tue Nov 25 10:50:38.036657 2025] [:error] [pid 14168:tid 14195] [client 20.10.155.17:2879] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin.php"] [unique_id "aSUZfvR-ZDU0QEgAIIvK1QAAANg"]
[Tue Nov 25 10:50:39.404579 2025] [:error] [pid 14076:tid 14081] [client 20.10.155.17:6199] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin.php"] [unique_id "aSUZf3sB4Gz6Qw-pvBtb2wAAAAA"]
[Tue Nov 25 10:50:40.855137 2025] [:error] [pid 28836:tid 29006] [client 20.10.155.17:6174] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/admin.php"] [unique_id "aSUZgJwNRsoxcLQGkTc6zQAAAtA"]
[Tue Nov 25 10:50:46.990685 2025] [:error] [pid 14076:tid 14102] [client 20.10.155.17:6485] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php
[Tue Nov 25 10:50:47.949902 2025] [:error] [pid 14076:tid 14090] [client 20.10.155.17:6485] [client 20.10.155.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/Text/Diff/Engine/about.php"] [unique_id "aSUZh3sB4Gz6Qw-pvBtb-AAAAAk"]
[Tue Nov 25 10:50:59.955294 2025] [:error] [pid 14076:tid 14102] [client 20.10.155.17:4822] [client 20.10.155.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/rk2.php"] [unique_id "aSUZk3sB4Gz6Qw-pvBtcDAAAABU"]
[Tue Nov 25 10:51:02.617066 2025] [:error] [pid 14078:tid 14140] [client 20.10.155.17:2766] File does not exist: /usr/local/apache/htdocs/suspended-page/license.php
[Tue Nov 25 10:51:02.832297 2025] [:error] [pid 14078:tid 14141] [client 20.10.155.17:2766] File does not exist: /usr/local/apache/htdocs/suspended-page/radio.php
[Tue Nov 25 10:51:03.090933 2025] [:error] [pid 14078:tid 14137] [client 20.10.155.17:2766] File does not exist: /usr/local/apache/htdocs/suspended-page/info.php
[Tue Nov 25 10:51:03.318303 2025] [:error] [pid 14078:tid 14152] [client 20.10.155.17:2766] File does not exist: /usr/local/apache/htdocs/suspended-page/alfanew.php
[Tue Nov 25 10:51:03.538880 2025] [:error] [pid 14078:tid 14149] [client 20.10.155.17:2766] File does not exist: /usr/local/apache/htdocs/suspended-page/inputs.php
[Tue Nov 25 10:51:04.177141 2025] [:error] [pid 14078:tid 14158] [client 20.10.155.17:2766] [client 20.10.155.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/index.php"] [unique_id "aSUZmNVXYbb0ii_rVoKk0wAAAJU"]
[Tue Nov 25 10:51:11.535909 2025] [:error] [pid 14688:tid 14695] [client 20.10.155.17:6444] File does not exist: /usr/local/apache/htdocs/suspended-page/default.php
[Tue Nov 25 10:51:11.747715 2025] [:error] [pid 14688:tid 14702] [client 20.10.155.17:6444] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lv.php"] [unique_id "aSUZn29vYrBoEsiDniw3MwAAAQw"]
[Tue Nov 25 10:51:16.588986 2025] [:error] [pid 14688:tid 14699] [client 20.10.155.17:3402] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lv.php"] [unique_id "aSUZpG9vYrBoEsiDniw3NQAAAQk"]
[Tue Nov 25 10:51:18.085045 2025] [:error] [pid 28740:tid 28795] [client 20.10.155.17:4242] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lv.php"] [unique_id "aSUZplppQCoYxWW6V0X0yQAAAkQ"]
[Tue Nov 25 10:51:19.914236 2025] [:error] [pid 14168:tid 14179] [client 20.10.155.17:5150] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lv.php"] [unique_id "aSUZp_R-ZDU0QEgAIIvK8wAAAMg"]
[Tue Nov 25 10:51:22.716949 2025] [:error] [pid 14168:tid 14181] [client 20.10.155.17:5063] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/wp-pridmag/init.php"] [unique_id "aSUZqvR-ZDU0QEgAIIvK9wAAAMo"]
[Tue Nov 25 10:51:25.869102 2025] [:error] [pid 14168:tid 14177] [client 20.10.155.17:5056] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/wp-pridmag/init.php"] [unique_id "aSUZrfR-ZDU0QEgAIIvK_wAAAMY"]
[Tue Nov 25 10:51:49.849627 2025] [:error] [pid 14078:tid 14145] [client 20.10.155.17:8052] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/marijuana.php"] [unique_id "aSUZxdVXYbb0ii_rVoKk7QAAAIg"]
[Tue Nov 25 10:51:51.691072 2025] [:error] [pid 28609:tid 28638] [client 20.10.155.17:4824] [client 20.10.155.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/autoload_classmap.php"] [unique_id "aSUZxyGGdT-nZJVs3x1I4AAAAZQ"]
[Tue Nov 25 10:51:53.718154 2025] [:error] [pid 14076:tid 14089] [client 20.10.155.17:7278] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/403.php"] [unique_id "aSUZyXsB4Gz6Qw-pvBtcYQAAAAg"]
[Tue Nov 25 10:51:54.709632 2025] [:error] [pid 28740:tid 28813] [client 20.10.155.17:3488] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/403.php"] [unique_id "aSUZylppQCoYxWW6V0X03QAAAlY"]
[Tue Nov 25 10:51:58.591784 2025] [:error] [pid 28740:tid 28805] [client 20.10.155.17:2428] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/403.php"] [unique_id "aSUZzlppQCoYxWW6V0X04QAAAk4"]
[Tue Nov 25 10:52:02.833865 2025] [:error] [pid 14078:tid 14154] [client 20.10.155.17:7386] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/user/about.php"] [unique_id "aSUZ0tVXYbb0ii_rVoKk_AAAAJE"]
[Tue Nov 25 10:52:05.884767 2025] [:error] [pid 28836:tid 28964] [client 20.10.155.17:2864] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/user/about.php"] [unique_id "aSUZ1ZwNRsoxcLQGkTc6_QAAAsk"]
[Tue Nov 25 10:52:10.573203 2025] [:error] [pid 28842:tid 29005] [client 20.10.155.17:7821] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/user/about.php"] [unique_id "aSUZ2tNmoaPf6T4-6C3pzQAAA08"]
[Tue Nov 25 10:52:12.896520 2025] [:error] [pid 14078:tid 14144] [client 20.10.155.17:11297] File does not exist: /usr/local/apache/htdocs/suspended-page/1.php
[Tue Nov 25 10:52:13.110300 2025] [:error] [pid 14078:tid 14138] [client 20.10.155.17:11297] File does not exist: /usr/local/apache/htdocs/suspended-page/marijuana.php
[Tue Nov 25 10:52:13.535447 2025] [:error] [pid 14078:tid 14155] [client 20.10.155.17:11297] File does not exist: /usr/local/apache/htdocs/suspended-page/simple.php
[Tue Nov 25 10:52:13.784046 2025] [:error] [pid 14078:tid 14146] [client 20.10.155.17:11297] File does not exist: /usr/local/apache/htdocs/suspended-page/goat1.php
[Tue Nov 25 10:52:14.102213 2025] [:error] [pid 14078:tid 14150] [client 20.10.155.17:11297] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Tue Nov 25 10:52:14.327768 2025] [:error] [pid 14078:tid 14137] [client 20.10.155.17:11297] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-cron.php
[Tue Nov 25 10:52:14.559703 2025] [:error] [pid 14078:tid 14140] [client 20.10.155.17:11297] File does not exist: /usr/local/apache/htdocs/suspended-page/yanz.php
[Tue Nov 25 10:52:14.772266 2025] [:error] [pid 14078:tid 14161] [client 20.10.155.17:11297] File does not exist: /usr/local/apache/htdocs/suspended-page/config.php
[Tue Nov 25 10:52:14.984230 2025] [:error] [pid 14078:tid 14142] [client 20.10.155.17:11297] File does not exist: /usr/local/apache/htdocs/suspended-page/network.php
[Tue Nov 25 10:52:15.195466 2025] [:error] [pid 14078:tid 14156] [client 20.10.155.17:11297] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-2019.php"] [unique_id "aSUZ39VXYbb0ii_rVoKlHQAAAJM"]
[Tue Nov 25 10:52:18.963507 2025] [:error] [pid 28609:tid 28641] [client 20.10.155.17:7721] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-2019.php"] [unique_id "aSUZ4iGGdT-nZJVs3x1JAAAAAZc"]
[Tue Nov 25 10:52:22.241584 2025] [:error] [pid 28609:tid 28624] [client 20.10.155.17:7833] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-2019.php"] [unique_id "aSUZ5iGGdT-nZJVs3x1JAgAAAYY"]
[Tue Nov 25 10:52:24.461870 2025] [:error] [pid 14688:tid 14710] [client 20.10.155.17:7824] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-2019.php"] [unique_id "aSUZ6G9vYrBoEsiDniw3VwAAARQ"]
[Tue Nov 25 10:52:26.313287 2025] [:error] [pid 14078:tid 14150] [client 20.10.155.17:5439] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bypass.php"] [unique_id "aSUZ6tVXYbb0ii_rVoKlIwAAAI0"]
[Tue Nov 25 10:52:28.870279 2025] [:error] [pid 14078:tid 14161] [client 20.10.155.17:4485] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bypass.php"] [unique_id "aSUZ7NVXYbb0ii_rVoKlJQAAAJg"]
[Tue Nov 25 10:52:38.692283 2025] [:error] [pid 14688:tid 14696] [client 20.10.155.17:2202] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bypass.php"] [unique_id "aSUZ9m9vYrBoEsiDniw3WwAAAQY"]
[Tue Nov 25 10:52:39.318944 2025] [:error] [pid 14688:tid 14691] [client 20.10.155.17:5548] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bypass.php"] [unique_id "aSUZ929vYrBoEsiDniw3XAAAAQE"]
[Tue Nov 25 10:52:40.041756 2025] [:error] [pid 28836:tid 28957] [client 20.10.155.17:11272] [client 20.10.155.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/IXR/admin.php"] [unique_id "aSUZ-JwNRsoxcLQGkTc7CQAAAsI"]
[Tue Nov 25 10:52:41.927873 2025] [:error] [pid 14168:tid 14178] [client 20.10.155.17:5553] [client 20.10.155.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/wp-login.php"] [unique_id "aSUZ-fR-ZDU0QEgAIIvLMQAAAMc"]
[Tue Nov 25 10:52:46.103006 2025] [:error] [pid 14076:tid 14082] [client 20.10.155.17:11282] [client 20.10.155.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "randolphaircraft.com.au"] [uri "/tiny.php"] [unique_id "aSUZ_nsB4Gz6Qw-pvBtcggAAAAE"]
[Tue Nov 25 10:52:47.544474 2025] [:error] [pid 14076:tid 14099] [client 20.10.155.17:9268] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lock.php"] [unique_id "aSUZ_3sB4Gz6Qw-pvBtchAAAABI"]
[Tue Nov 25 10:52:48.942709 2025] [:error] [pid 28836:tid 29013] [client 20.10.155.17:2913] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lock.php"] [unique_id "aSUaAJwNRsoxcLQGkTc7CwAAAtc"]
[Tue Nov 25 10:52:53.875451 2025] [:error] [pid 28842:tid 29002] [client 20.10.155.17:6667] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lock.php"] [unique_id "aSUaBdNmoaPf6T4-6C3p3wAAA0w"]
[Tue Nov 25 10:52:55.767059 2025] [:error] [pid 28609:tid 28626] [client 20.10.155.17:6661] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/lock.php"] [unique_id "aSUaByGGdT-nZJVs3x1JCwAAAYg"]
[Tue Nov 25 10:53:00.697636 2025] [:error] [pid 14076:tid 14095] [client 20.10.155.17:9269] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/mail.php"] [unique_id "aSUaDHsB4Gz6Qw-pvBtcjQAAAA4"]
[Tue Nov 25 10:53:13.962721 2025] [:error] [pid 28739:tid 28781] [client 20.10.155.17:7856] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/system_log.php"] [unique_id "aSUaGRxGpKmlkG4FexQCdAAAAhM"]
[Tue Nov 25 10:53:22.299042 2025] [:error] [pid 14077:tid 14131] [client 20.10.155.17:3280] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Tue Nov 25 10:53:22.526233 2025] [:error] [pid 14077:tid 14134] [client 20.10.155.17:3280] File does not exist: /usr/local/apache/htdocs/suspended-page/as.php
[Tue Nov 25 10:53:22.738187 2025] [:error] [pid 14077:tid 14133] [client 20.10.155.17:3280] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php
[Tue Nov 25 10:53:23.368374 2025] [:error] [pid 14077:tid 14114] [client 20.10.155.17:3280] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-configs.php
[Tue Nov 25 10:53:23.884748 2025] [:error] [pid 14077:tid 14121] [client 20.10.155.17:3280] [client 20.10.155.17] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/js/crop/zmFM.php"] [unique_id "aSUaIxG9n7UHEkwDTyjBTQAAAEs"]
[Tue Nov 25 10:53:26.829992 2025] [:error] [pid 14076:tid 14081] [client 20.10.155.17:9781] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/post.php"] [unique_id "aSUaJnsB4Gz6Qw-pvBtcnwAAAAA"]
[Tue Nov 25 10:53:28.829655 2025] [:error] [pid 28739:tid 28777] [client 20.10.155.17:1599] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/post.php"] [unique_id "aSUaKBxGpKmlkG4FexQCeQAAAg8"]
[Tue Nov 25 10:53:39.800972 2025] [:error] [pid 28739:tid 28770] [client 20.10.155.17:1538] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/post.php"] [unique_id "aSUaMxxGpKmlkG4FexQCfQAAAgg"]
[Tue Nov 25 10:53:43.266766 2025] [:error] [pid 14168:tid 14187] [client 20.10.155.17:9019] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/admin.php"] [unique_id "aSUaN_R-ZDU0QEgAIIvLTAAAANA"]
[Tue Nov 25 10:53:47.228524 2025] [:error] [pid 14077:tid 14113] [client 20.10.155.17:3790] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/admin.php"] [unique_id "aSUaOxG9n7UHEkwDTyjBUwAAAEM"]
[Tue Nov 25 10:53:48.115940 2025] [:error] [pid 14077:tid 14125] [client 20.10.155.17:3727] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/admin.php"] [unique_id "aSUaPBG9n7UHEkwDTyjBVQAAAE8"]
[Tue Nov 25 10:53:57.821298 2025] [:error] [pid 14078:tid 14150] [client 20.10.155.17:2549] [client 20.10.155.17] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.well-known/acme-challenge/admin.php"] [unique_id "aSUaRdVXYbb0ii_rVoKlUAAAAI0"]
[Tue Nov 25 13:14:45.037985 2025] [:error] [pid 28739:tid 28766] [client 120.71.59.24:35451] [client 120.71.59.24] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aSU7RRxGpKmlkG4FexQlqAAAAgQ"]
[Tue Nov 25 14:02:14.090859 2025] [:error] [pid 14077:tid 14128] [client 126.209.53.84:55766] [client 126.209.53.84] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 126.209.53.84, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aSVGZhG9n7UHEkwDTyj7GAAAAFI"]
[Tue Nov 25 14:02:14.096299 2025] [:error] [pid 14077:tid 14128] [client 126.209.53.84:55766] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Tue Nov 25 14:19:32.568450 2025] [:error] [pid 14076:tid 14085] [client 170.106.147.63:35126] [client 170.106.147.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aSVKdHsB4Gz6Qw-pvBu_MwAAAAQ"]
[Tue Nov 25 15:39:34.452155 2025] [:error] [pid 14077:tid 14113] [client 165.227.34.121:59927] [client 165.227.34.121] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 165.227.34.121, incrementing brute counter"] [hostname "randolphaircraft.com.au"] [uri "/wp-login.php"] [unique_id "aSVdNhG9n7UHEkwDTygrKwAAAEM"]
[Tue Nov 25 15:39:34.455835 2025] [:error] [pid 14077:tid 14113] [client 165.227.34.121:59927] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-login.php
[Tue Nov 25 17:24:58.458213 2025] [:error] [pid 28739:tid 28768] [client 172.177.202.95:4513] [client 172.177.202.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/certificates/index.php"] [unique_id "aSV16hxGpKmlkG4FexRcQgAAAgY"]
[Tue Nov 25 17:24:59.678978 2025] [:error] [pid 14078:tid 14151] [client 172.177.202.95:4520] [client 172.177.202.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/ID3/index.php"] [unique_id "aSV169VXYbb0ii_rVoIeFAAAAI4"]
[Tue Nov 25 17:25:03.431949 2025] [:error] [pid 14077:tid 14126] [client 172.177.202.95:4500] [client 172.177.202.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/html-api/wp-conflg.php"] [unique_id "aSV17xG9n7UHEkwDTyhVrwAAAFA"]
[Tue Nov 25 17:25:04.975267 2025] [:error] [pid 14077:tid 14110] [client 172.177.202.95:3360] [client 172.177.202.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/index.php"] [unique_id "aSV18BG9n7UHEkwDTyhVtAAAAEA"]
[Tue Nov 25 17:25:07.751868 2025] [:error] [pid 28609:tid 28639] [client 172.177.202.95:5342] File does not exist: /usr/local/apache/htdocs/suspended-page/info.php
[Tue Nov 25 17:25:08.811014 2025] [:error] [pid 28609:tid 28628] [client 172.177.202.95:5342] [client 172.177.202.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/index.php"] [unique_id "aSV19CGGdT-nZJVs3x2lPQAAAYo"]
[Tue Nov 25 17:25:10.162142 2025] [:error] [pid 28609:tid 28633] [client 172.177.202.95:3337] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/about.php"] [unique_id "aSV19iGGdT-nZJVs3x2lQwAAAY8"]
[Tue Nov 25 17:25:11.155264 2025] [:error] [pid 28739:tid 28777] [client 172.177.202.95:7023] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/about.php"] [unique_id "aSV19xxGpKmlkG4FexRcUAAAAg8"]
[Tue Nov 25 17:25:21.996307 2025] [:error] [pid 28842:tid 28997] [client 172.177.202.95:4488] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/about.php"] [unique_id "aSV2AdNmoaPf6T4-6C1ldAAAA0c"]
[Tue Nov 25 17:25:31.232085 2025] [:error] [pid 28836:tid 28986] [client 172.177.202.95:5095] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/includes/plugins.php"] [unique_id "aSV2C5wNRsoxcLQGkTehewAAAs8"]
[Tue Nov 25 17:25:41.756617 2025] [:error] [pid 14168:tid 14192] [client 172.177.202.95:7704] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/includes/plugins.php"] [unique_id "aSV2FfR-ZDU0QEgAIItIUQAAANU"]
[Tue Nov 25 17:25:45.796761 2025] [:error] [pid 14077:tid 14113] [client 172.177.202.95:5863] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/autoload_classmap.php"] [unique_id "aSV2GRG9n7UHEkwDTyhV7wAAAEM"]
[Tue Nov 25 17:25:50.362018 2025] [:error] [pid 14078:tid 14146] [client 172.177.202.95:7737] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/autoload_classmap.php"] [unique_id "aSV2HtVXYbb0ii_rVoIeVAAAAIk"]
[Tue Nov 25 17:25:53.174317 2025] [:error] [pid 28842:tid 29023] [client 172.177.202.95:5070] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/autoload_classmap.php"] [unique_id "aSV2IdNmoaPf6T4-6C1lqQAAA1U"]
[Tue Nov 25 17:25:55.977662 2025] [:error] [pid 28739:tid 28765] [client 172.177.202.95:5243] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/autoload_classmap.php"] [unique_id "aSV2IxxGpKmlkG4FexRceQAAAgM"]
[Tue Nov 25 17:26:01.540855 2025] [:error] [pid 28836:tid 28966] [client 172.177.202.95:6210] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/network/index.php"] [unique_id "aSV2KZwNRsoxcLQGkTehnwAAAss"]
[Tue Nov 25 17:26:03.230020 2025] [:error] [pid 14078:tid 14160] [client 172.177.202.95:6230] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/network/index.php"] [unique_id "aSV2K9VXYbb0ii_rVoIeZgAAAJc"]
[Tue Nov 25 17:26:05.812359 2025] [:error] [pid 2987:tid 3004] [client 172.177.202.95:5087] [client 172.177.202.95] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-admin/network/index.php"] [unique_id "aSV2Lc-djEt-pTzPxnx61wAAAU8"]
[Tue Nov 25 17:26:13.356243 2025] [:error] [pid 14076:tid 14096] [client 172.177.202.95:1834] [client 172.177.202.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/assets/admin.php"] [unique_id "aSV2NXsB4Gz6Qw-pvBvz5QAAAA8"]
[Tue Nov 25 17:26:18.378914 2025] [:error] [pid 28609:tid 28622] [client 172.177.202.95:1832] File does not exist: /usr/local/apache/htdocs/suspended-page/alfa.php
[Tue Nov 25 17:26:18.714030 2025] [:error] [pid 28609:tid 28618] [client 172.177.202.95:1832] [client 172.177.202.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/wp-conflg.php"] [unique_id "aSV2OiGGdT-nZJVs3x2lhwAAAYA"]
[Tue Nov 25 17:26:20.014672 2025] [:error] [pid 2987:tid 3009] [client 172.177.202.95:4363] [client 172.177.202.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/wp-conflg.php/wp-content/plugins/google-seo-rank/index.php"] [unique_id "aSV2PM-djEt-pTzPxnx67gAAAVQ"]
[Tue Nov 25 18:28:55.777512 2025] [:error] [pid 28609:tid 28626] [client 54.173.250.15:46074] [client 54.173.250.15] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSWE5yGGdT-nZJVs3x20HgAAAYg"]
[Tue Nov 25 18:53:11.414642 2025] [:error] [pid 14078:tid 14141] [client 138.199.60.187:52864] File does not exist: /usr/local/apache/htdocs/suspended-page/manager.php
[Tue Nov 25 18:53:12.020968 2025] [:error] [pid 14078:tid 14141] [client 138.199.60.187:52864] [client 138.199.60.187] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless.php"] [unique_id "aSWKmNVXYbb0ii_rVoI36QAAAIQ"]
[Tue Nov 25 18:53:12.293382 2025] [:error] [pid 14168:tid 14193] [client 138.199.60.187:53154] [client 138.199.60.187] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless.php"] [unique_id "aSWKmPR-ZDU0QEgAIItcOAAAANY"]
[Tue Nov 25 18:53:12.549144 2025] [:error] [pid 14168:tid 14195] [client 138.199.60.187:53306] [client 138.199.60.187] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless.php"] [unique_id "aSWKmPR-ZDU0QEgAIItcPQAAANg"]
[Tue Nov 25 18:53:12.817919 2025] [:error] [pid 28740:tid 28791] [client 138.199.60.187:53512] [client 138.199.60.187] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless.php"] [unique_id "aSWKmFppQCoYxWW6V0VyjAAAAkA"]
[Tue Nov 25 18:53:13.146297 2025] [:error] [pid 28842:tid 29001] [client 138.199.60.187:53712] [client 138.199.60.187] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bless.php"] [unique_id "aSWKmdNmoaPf6T4-6C2DvgAAA0s"]
[Tue Nov 25 18:53:13.370980 2025] [:error] [pid 14168:tid 14188] [client 138.199.60.187:53896] [client 138.199.60.187] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/"] [unique_id "aSWKmfR-ZDU0QEgAIItcRQAAANE"]
[Tue Nov 25 18:53:14.693096 2025] [:error] [pid 28609:tid 28633] [client 138.199.60.187:54636] [client 138.199.60.187] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/"] [unique_id "aSWKmiGGdT-nZJVs3x25CwAAAY8"]
[Tue Nov 25 18:53:14.942099 2025] [:error] [pid 14076:tid 14096] [client 138.199.60.187:54794] [client 138.199.60.187] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/"] [unique_id "aSWKmnsB4Gz6Qw-pvBsKbwAAAA8"]
[Tue Nov 25 18:53:15.206000 2025] [:error] [pid 28842:tid 29020] [client 138.199.60.187:10706] [client 138.199.60.187] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/"] [unique_id "aSWKm9NmoaPf6T4-6C2D3QAAA1I"]
[Tue Nov 25 18:53:15.487736 2025] [:error] [pid 14078:tid 14150] [client 138.199.60.187:55156] [client 138.199.60.187] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-includes/css/dist/"] [unique_id "aSWKm9VXYbb0ii_rVoI4AgAAAI0"]
[Tue Nov 25 22:20:42.206282 2025] [:error] [pid 43981:tid 44000] [client 4.241.179.168:28668] File does not exist: /usr/local/apache/htdocs/suspended-page/tj.php
[Tue Nov 25 22:20:42.327020 2025] [:error] [pid 43981:tid 44005] [client 4.241.179.168:28668] File does not exist: /usr/local/apache/htdocs/suspended-page/v3.php
[Tue Nov 25 22:20:42.443795 2025] [:error] [pid 43981:tid 43985] [client 4.241.179.168:28668] File does not exist: /usr/local/apache/htdocs/suspended-page/asd.php
[Tue Nov 25 22:20:42.564447 2025] [:error] [pid 43981:tid 44006] [client 4.241.179.168:28668] File does not exist: /usr/local/apache/htdocs/suspended-page/f8moue.php
[Tue Nov 25 22:20:42.681435 2025] [:error] [pid 43981:tid 44003] [client 4.241.179.168:28668] File does not exist: /usr/local/apache/htdocs/suspended-page/3i8som87avh59dosfymtvCakc.php
[Tue Nov 25 22:20:42.815510 2025] [:error] [pid 43981:tid 44004] [client 4.241.179.168:28668] File does not exist: /usr/local/apache/htdocs/suspended-page/nonesoterically.php
[Tue Nov 25 22:20:42.934917 2025] [:error] [pid 43981:tid 43991] [client 4.241.179.168:28668] File does not exist: /usr/local/apache/htdocs/suspended-page/palsy.php
[Tue Nov 25 22:20:43.075863 2025] [:error] [pid 43981:tid 43988] [client 4.241.179.168:28668] File does not exist: /usr/local/apache/htdocs/suspended-page/vanda.php
[Tue Nov 25 22:20:43.205846 2025] [:error] [pid 43981:tid 43983] [client 4.241.179.168:28668] File does not exist: /usr/local/apache/htdocs/suspended-page/asciferous.php
[Tue Nov 25 22:20:43.364626 2025] [:error] [pid 43981:tid 43993] [client 4.241.179.168:28668] File does not exist: /usr/local/apache/htdocs/suspended-page/coenoecic.php
[Tue Nov 25 22:20:43.479293 2025] [:error] [pid 43981:tid 43990] [client 4.241.179.168:28668] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cyanamids.php"] [unique_id "aSW7OwgZn97m_qh_RaF00gAAAwc"]
[Tue Nov 25 22:20:44.924266 2025] [:error] [pid 14078:tid 14152] [client 4.241.179.168:28618] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cyanamids.php"] [unique_id "aSW7PNVXYbb0ii_rVoKUhAAAAI8"]
[Tue Nov 25 22:20:46.199696 2025] [:error] [pid 14077:tid 14112] [client 4.241.179.168:28552] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cyanamids.php"] [unique_id "aSW7PhG9n7UHEkwDTyjaNgAAAEI"]
[Tue Nov 25 22:20:48.815950 2025] [:error] [pid 43981:tid 43999] [client 4.241.179.168:28631] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cyanamids.php"] [unique_id "aSW7QAgZn97m_qh_RaF00wAAAxA"]
[Tue Nov 25 22:20:50.128047 2025] [:error] [pid 28836:tid 28966] [client 4.241.179.168:28667] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disengaging.php"] [unique_id "aSW7QpwNRsoxcLQGkTf2MgAAAss"]
[Tue Nov 25 22:20:54.030401 2025] [:error] [pid 14077:tid 14131] [client 4.241.179.168:28548] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disengaging.php"] [unique_id "aSW7RhG9n7UHEkwDTyjaOwAAAFU"]
[Tue Nov 25 22:20:56.306718 2025] [:error] [pid 14168:tid 14172] [client 4.241.179.168:28502] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disengaging.php"] [unique_id "aSW7SPR-ZDU0QEgAIIuZJgAAAME"]
[Tue Nov 25 22:20:58.755899 2025] [:error] [pid 14076:tid 14101] [client 4.241.179.168:28656] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disengaging.php"] [unique_id "aSW7SnsB4Gz6Qw-pvBtRRAAAABQ"]
[Tue Nov 25 22:20:59.877307 2025] [:error] [pid 14077:tid 14133] [client 4.241.179.168:28669] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disquiet.php"] [unique_id "aSW7SxG9n7UHEkwDTyjaQQAAAFc"]
[Tue Nov 25 22:21:02.318021 2025] [:error] [pid 43981:tid 43996] [client 4.241.179.168:28661] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disquiet.php"] [unique_id "aSW7TggZn97m_qh_RaF03QAAAw0"]
[Tue Nov 25 22:21:04.678030 2025] [:error] [pid 28739:tid 28764] [client 4.241.179.168:28555] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disquiet.php"] [unique_id "aSW7UBxGpKmlkG4FexS8UwAAAgI"]
[Tue Nov 25 22:21:06.519340 2025] [:error] [pid 14078:tid 14152] [client 4.241.179.168:28493] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disquiet.php"] [unique_id "aSW7UtVXYbb0ii_rVoKUqgAAAI8"]
[Tue Nov 25 22:21:08.555402 2025] [:error] [pid 14168:tid 14179] [client 4.241.179.168:28606] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/duplicand.php"] [unique_id "aSW7VPR-ZDU0QEgAIIuZNwAAAMg"]
[Tue Nov 25 22:21:10.658577 2025] [:error] [pid 28609:tid 28618] [client 4.241.179.168:28645] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/duplicand.php"] [unique_id "aSW7ViGGdT-nZJVs3x38bQAAAYA"]
[Tue Nov 25 22:21:12.745146 2025] [:error] [pid 43981:tid 43994] [client 4.241.179.168:28619] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/duplicand.php"] [unique_id "aSW7WAgZn97m_qh_RaF08wAAAws"]
[Tue Nov 25 22:21:14.511268 2025] [:error] [pid 14077:tid 14114] [client 4.241.179.168:28657] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/duplicand.php"] [unique_id "aSW7WhG9n7UHEkwDTyjaTQAAAEQ"]
[Tue Nov 25 22:21:15.846002 2025] [:error] [pid 14077:tid 14122] [client 4.241.179.168:28614] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/parturiency.php"] [unique_id "aSW7WxG9n7UHEkwDTyjaUQAAAEw"]
[Tue Nov 25 22:21:18.610225 2025] [:error] [pid 14076:tid 14087] [client 4.241.179.168:28558] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/parturiency.php"] [unique_id "aSW7XnsB4Gz6Qw-pvBtRWwAAAAY"]
[Tue Nov 25 22:21:20.709753 2025] [:error] [pid 2987:tid 3002] [client 4.241.179.168:28518] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/parturiency.php"] [unique_id "aSW7YM-djEt-pTzPxnzYuAAAAU0"]
[Tue Nov 25 22:21:21.457987 2025] [:error] [pid 2987:tid 2996] [client 4.241.179.168:28536] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/parturiency.php"] [unique_id "aSW7Yc-djEt-pTzPxnzYuQAAAUc"]
[Tue Nov 25 22:21:22.750328 2025] [:error] [pid 43981:tid 44007] [client 4.241.179.168:28592] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/tithings.php"] [unique_id "aSW7YggZn97m_qh_RaF09wAAAxg"]
[Tue Nov 25 22:21:24.501273 2025] [:error] [pid 14078:tid 14150] [client 4.241.179.168:28583] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/tithings.php"] [unique_id "aSW7ZNVXYbb0ii_rVoKUxwAAAI0"]
[Tue Nov 25 22:21:27.078765 2025] [:error] [pid 28739:tid 28764] [client 4.241.179.168:28617] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/tithings.php"] [unique_id "aSW7ZxxGpKmlkG4FexS8cAAAAgI"]
[Tue Nov 25 22:21:29.652503 2025] [:error] [pid 28609:tid 28641] [client 4.241.179.168:28527] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/tithings.php"] [unique_id "aSW7aSGGdT-nZJVs3x38hgAAAZc"]
[Tue Nov 25 22:21:31.919285 2025] [:error] [pid 43981:tid 43996] [client 4.241.179.168:28671] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww5.php"] [unique_id "aSW7awgZn97m_qh_RaF1AAAAAw0"]
[Tue Nov 25 22:21:33.653892 2025] [:error] [pid 28609:tid 28637] [client 4.241.179.168:28580] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww5.php"] [unique_id "aSW7bSGGdT-nZJVs3x38jAAAAZM"]
[Tue Nov 25 22:21:34.524739 2025] [:error] [pid 14076:tid 14083] [client 4.241.179.168:28572] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww5.php"] [unique_id "aSW7bnsB4Gz6Qw-pvBtReAAAAAI"]
[Tue Nov 25 22:21:35.886833 2025] [:error] [pid 28836:tid 29007] [client 4.241.179.168:28665] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww5.php"] [unique_id "aSW7b5wNRsoxcLQGkTf2TwAAAtE"]
[Tue Nov 25 22:21:38.593834 2025] [:error] [pid 28739:tid 28779] [client 4.241.179.168:28557] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/z60.php"] [unique_id "aSW7chxGpKmlkG4FexS8eQAAAhE"]
[Tue Nov 25 22:21:40.167495 2025] [:error] [pid 28609:tid 28632] [client 4.241.179.168:28445] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/z60.php"] [unique_id "aSW7dCGGdT-nZJVs3x38kQAAAY4"]
[Tue Nov 25 22:21:41.965115 2025] [:error] [pid 14078:tid 14161] [client 4.241.179.168:28591] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/z60.php"] [unique_id "aSW7ddVXYbb0ii_rVoKU4AAAAJg"]
[Tue Nov 25 22:21:44.651905 2025] [:error] [pid 14168:tid 14171] [client 4.241.179.168:28533] File does not exist: /usr/local/apache/htdocs/suspended-page/z60.php
[Tue Nov 25 22:21:44.776065 2025] [:error] [pid 14168:tid 14184] [client 4.241.179.168:28533] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-themes.php
[Tue Nov 25 22:21:44.893171 2025] [:error] [pid 14168:tid 14177] [client 4.241.179.168:28533] File does not exist: /usr/local/apache/htdocs/suspended-page/edd.php
[Tue Nov 25 22:21:45.010730 2025] [:error] [pid 14168:tid 14186] [client 4.241.179.168:28533] File does not exist: /usr/local/apache/htdocs/suspended-page/bo.php
[Tue Nov 25 22:21:45.775050 2025] [:error] [pid 14168:tid 14186] [client 4.241.179.168:28533] File does not exist: /usr/local/apache/htdocs/suspended-page/bn.php
[Tue Nov 25 22:21:46.213697 2025] [:error] [pid 14168:tid 14188] [client 4.241.179.168:28533] File does not exist: /usr/local/apache/htdocs/suspended-page/fishmen.php
[Tue Nov 25 22:21:46.347505 2025] [:error] [pid 14168:tid 14172] [client 4.241.179.168:28533] File does not exist: /usr/local/apache/htdocs/suspended-page/obfuscous.php
[Tue Nov 25 22:21:46.468193 2025] [:error] [pid 14168:tid 14180] [client 4.241.179.168:28533] File does not exist: /usr/local/apache/htdocs/suspended-page/oitava.php
[Tue Nov 25 22:21:46.594494 2025] [:error] [pid 14168:tid 14181] [client 4.241.179.168:28533] File does not exist: /usr/local/apache/htdocs/suspended-page/phrensying.php
[Tue Nov 25 22:21:46.711675 2025] [:error] [pid 14168:tid 14191] [client 4.241.179.168:28533] File does not exist: /usr/local/apache/htdocs/suspended-page/pyrometry.php
[Tue Nov 25 22:21:46.829826 2025] [:error] [pid 14168:tid 14183] [client 4.241.179.168:28533] File does not exist: /usr/local/apache/htdocs/suspended-page/unprecipitously.php
[Tue Nov 25 22:21:48.329842 2025] [:error] [pid 14168:tid 14175] [client 4.241.179.168:28533] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbefittingly.php"] [unique_id "aSW7fPR-ZDU0QEgAIIuZcQAAAMQ"]
[Tue Nov 25 22:21:50.930706 2025] [:error] [pid 14077:tid 14123] [client 4.241.179.168:28632] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbefittingly.php"] [unique_id "aSW7fhG9n7UHEkwDTyjadwAAAE0"]
[Tue Nov 25 22:21:53.586075 2025] [:error] [pid 28609:tid 28621] [client 4.241.179.168:28532] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbefittingly.php"] [unique_id "aSW7gSGGdT-nZJVs3x38ngAAAYM"]
[Tue Nov 25 22:21:54.534278 2025] [:error] [pid 14078:tid 14157] [client 4.241.179.168:28424] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbefittingly.php"] [unique_id "aSW7gtVXYbb0ii_rVoKVAwAAAJQ"]
[Tue Nov 25 22:21:58.737542 2025] [:error] [pid 2987:tid 2989] [client 4.241.179.168:28505] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-home.php"] [unique_id "aSW7hs-djEt-pTzPxnzY5gAAAUA"]
[Tue Nov 25 22:22:02.145769 2025] [:error] [pid 14168:tid 14180] [client 4.241.179.168:28629] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-home.php"] [unique_id "aSW7ivR-ZDU0QEgAIIuZhAAAAMk"]
[Tue Nov 25 22:22:04.717861 2025] [:error] [pid 28836:tid 29014] [client 4.241.179.168:28489] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-home.php"] [unique_id "aSW7jJwNRsoxcLQGkTf2XAAAAtg"]
[Tue Nov 25 22:22:08.767364 2025] [:error] [pid 43843:tid 43867] [client 4.241.179.168:28596] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-home.php"] [unique_id "aSW7kBhx4v3NUNdMKDMA0gAAAdY"]
[Tue Nov 25 22:22:12.284494 2025] [:error] [pid 43981:tid 43994] [client 4.241.179.168:28566] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-securitiy.php"] [unique_id "aSW7lAgZn97m_qh_RaF1JgAAAws"]
[Tue Nov 25 22:22:12.746671 2025] [:error] [pid 43981:tid 43984] [client 4.241.179.168:28649] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-securitiy.php"] [unique_id "aSW7lAgZn97m_qh_RaF1JwAAAwE"]
[Tue Nov 25 22:22:14.583735 2025] [:error] [pid 28609:tid 28639] [client 4.241.179.168:28670] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-securitiy.php"] [unique_id "aSW7liGGdT-nZJVs3x38uAAAAZU"]
[Tue Nov 25 22:22:17.329164 2025] [:error] [pid 28739:tid 28762] [client 4.241.179.168:28510] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-securitiy.php"] [unique_id "aSW7mRxGpKmlkG4FexS8vwAAAgA"]
[Tue Nov 25 22:22:18.621181 2025] [:error] [pid 43981:tid 43990] [client 4.241.179.168:28605] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-ac.php"] [unique_id "aSW7mggZn97m_qh_RaF1LAAAAwc"]
[Tue Nov 25 22:22:21.380935 2025] [:error] [pid 14168:tid 14182] [client 4.241.179.168:28654] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-ac.php"] [unique_id "aSW7nfR-ZDU0QEgAIIuZjAAAAMs"]
[Tue Nov 25 22:22:22.592394 2025] [:error] [pid 14076:tid 14089] [client 4.241.179.168:28587] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-ac.php"] [unique_id "aSW7nnsB4Gz6Qw-pvBtRtgAAAAg"]
[Tue Nov 25 22:22:23.591799 2025] [:error] [pid 43981:tid 44001] [client 4.241.179.168:28640] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-ac.php"] [unique_id "aSW7nwgZn97m_qh_RaF1MAAAAxI"]
[Tue Nov 25 22:22:24.596449 2025] [:error] [pid 43843:tid 43854] [client 4.241.179.168:28516] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nof.php"] [unique_id "aSW7oBhx4v3NUNdMKDMA3wAAAck"]
[Tue Nov 25 22:22:26.397536 2025] [:error] [pid 14168:tid 14186] [client 4.241.179.168:28438] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nof.php"] [unique_id "aSW7ovR-ZDU0QEgAIIuZjwAAAM8"]
[Tue Nov 25 22:22:27.932597 2025] [:error] [pid 28836:tid 28958] [client 4.241.179.168:28571] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nof.php"] [unique_id "aSW7o5wNRsoxcLQGkTf2pAAAAsM"]
[Tue Nov 25 22:22:29.921212 2025] [:error] [pid 14077:tid 14124] [client 4.241.179.168:28593] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nof.php"] [unique_id "aSW7pRG9n7UHEkwDTyjaogAAAE4"]
[Tue Nov 25 22:22:31.405163 2025] [:error] [pid 14078:tid 14151] [client 4.241.179.168:28498] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/test1.php"] [unique_id "aSW7p9VXYbb0ii_rVoKVNQAAAI4"]
[Tue Nov 25 22:22:32.078309 2025] [:error] [pid 14078:tid 14148] [client 4.241.179.168:28538] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/test1.php"] [unique_id "aSW7qNVXYbb0ii_rVoKVNgAAAIs"]
[Tue Nov 25 22:22:34.243261 2025] [:error] [pid 2987:tid 2997] [client 4.241.179.168:28641] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/test1.php"] [unique_id "aSW7qs-djEt-pTzPxnzZAAAAAUg"]
[Tue Nov 25 22:22:35.722766 2025] [:error] [pid 28836:tid 28955] [client 4.241.179.168:28627] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/test1.php"] [unique_id "aSW7q5wNRsoxcLQGkTf2tgAAAsA"]
[Tue Nov 25 22:22:38.145678 2025] [:error] [pid 28739:tid 28764] [client 4.241.179.168:28633] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbalanceable.php"] [unique_id "aSW7rhxGpKmlkG4FexS9CQAAAgI"]
[Tue Nov 25 22:22:39.491872 2025] [:error] [pid 2987:tid 2994] [client 4.241.179.168:28602] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbalanceable.php"] [unique_id "aSW7r8-djEt-pTzPxnzZHQAAAUU"]
[Tue Nov 25 22:22:44.606959 2025] [:error] [pid 28836:tid 29014] [client 4.241.179.168:28520] [client 4.241.179.168] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbalanceable.php"] [unique_id "aSW7tJwNRsoxcLQGkTf2vwAAAtg"]
[Tue Nov 25 22:22:46.091353 2025] [:error] [pid 43843:tid 43848] [client 4.241.179.168:28660] File does not exist: /usr/local/apache/htdocs/suspended-page/unbalanceable.php
[Tue Nov 25 22:22:46.365056 2025] [:error] [pid 43843:tid 43858] [client 4.241.179.168:28660] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-blog-front.php
[Tue Nov 25 22:22:47.089297 2025] [:error] [pid 43843:tid 43865] [client 4.241.179.168:28660] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-advaced.php
[Tue Nov 25 22:22:48.572410 2025] [:error] [pid 43843:tid 43865] [client 4.241.179.168:28660] File does not exist: /usr/local/apache/htdocs/suspended-page/poliomyelopathy.php
[Tue Nov 25 22:22:48.783317 2025] [:error] [pid 43843:tid 43846] [client 4.241.179.168:28660] File does not exist: /usr/local/apache/htdocs/suspended-page/abc.php
[Tue Nov 25 23:07:11.384884 2025] [:error] [pid 14078:tid 14159] [client 170.106.84.136:43948] [client 170.106.84.136] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aSXGH9VXYbb0ii_rVoKpOwAAAJY"]
[Wed Nov 26 03:39:19.660982 2025] [:error] [pid 23968:tid 23995] [client 54.173.250.15:50294] [client 54.173.250.15] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSYF584ofN5EjQSFyQcUiwAAAAc"]
[Wed Nov 26 04:16:02.919671 2025] [:error] [pid 3012:tid 3083] [client 49.51.253.83:53388] [client 49.51.253.83] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aSYOgkfo8Sm1Un9NK6gdFAAAAI4"]
[Wed Nov 26 09:33:00.512737 2025] [:error] [pid 35540:tid 35550] [client 64.231.37.104:62362] [client 64.231.37.104] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 64.231.37.104, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aSZYzMGrIq2A6SZSnkIoBAAAAIQ"]
[Wed Nov 26 09:33:00.520375 2025] [:error] [pid 35540:tid 35550] [client 64.231.37.104:62362] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Wed Nov 26 11:10:51.437844 2025] [:error] [pid 45901:tid 45927] [client 213.21.239.4:58122] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/app/.git/config"] [unique_id "aSZvuyunQ1SpfPRNrtyELAAAARg"]
[Wed Nov 26 11:10:51.438631 2025] [:error] [pid 34744:tid 34827] [client 213.21.239.4:58088] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft/.git/config"] [unique_id "aSZvu0tgOvVbhyALkTTaAQAAAZg"]
[Wed Nov 26 11:10:51.438670 2025] [:error] [pid 35540:tid 35555] [client 213.21.239.4:58054] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/api/.git/config"] [unique_id "aSZvu8GrIq2A6SZSnkJMWwAAAIk"]
[Wed Nov 26 11:10:51.443834 2025] [:error] [pid 45901:tid 45907] [client 213.21.239.4:58210] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/common/.git/config"] [unique_id "aSZvuyunQ1SpfPRNrtyELQAAAQQ"]
[Wed Nov 26 11:10:51.443828 2025] [:error] [pid 34743:tid 34788] [client 213.21.239.4:58208] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft/static../.git/config"] [unique_id "aSZvuwvyX7Q5oU7_mBx-3wAAAUw"]
[Wed Nov 26 11:10:51.458053 2025] [:error] [pid 45901:tid 45919] [client 213.21.239.4:58056] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/admin/.git/config"] [unique_id "aSZvuyunQ1SpfPRNrtyELgAAARA"]
[Wed Nov 26 11:10:51.459743 2025] [:error] [pid 34743:tid 34789] [client 213.21.239.4:58260] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/css../.git/config"] [unique_id "aSZvuwvyX7Q5oU7_mBx-4AAAAU0"]
[Wed Nov 26 11:10:51.461997 2025] [:error] [pid 45901:tid 45908] [client 213.21.239.4:58180] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/content../.git/config"] [unique_id "aSZvuyunQ1SpfPRNrtyEMAAAAQU"]
[Wed Nov 26 11:10:51.466953 2025] [:error] [pid 34744:tid 34825] [client 213.21.239.4:58096] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft/..;/.git/config"] [unique_id "aSZvu0tgOvVbhyALkTTaAgAAAZY"]
[Wed Nov 26 11:10:51.467088 2025] [:error] [pid 45901:tid 45906] [client 213.21.239.4:58154] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft../.git/config"] [unique_id "aSZvuyunQ1SpfPRNrtyEMQAAAQM"]
[Wed Nov 26 11:10:51.467885 2025] [:error] [pid 34742:tid 34748] [client 213.21.239.4:58168] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft/.git/%0Aconfig"] [unique_id "aSZvu5SuLNwpQF_jzAcjjwAAAEA"]
[Wed Nov 26 11:10:51.467977 2025] [:error] [pid 34744:tid 34807] [client 213.21.239.4:58234] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/database/.git/config"] [unique_id "aSZvu0tgOvVbhyALkTTaAwAAAYQ"]
[Wed Nov 26 11:10:51.468153 2025] [:error] [pid 35540:tid 35551] [client 213.21.239.4:58198] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/application/.git/config"] [unique_id "aSZvu8GrIq2A6SZSnkJMXQAAAIU"]
[Wed Nov 26 11:10:51.468838 2025] [:error] [pid 45836:tid 45869] [client 213.21.239.4:58276] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft/;/.git/config"] [unique_id "aSZvu5frnOGqL-seZAwcIQAAANc"]
[Wed Nov 26 11:10:51.469306 2025] [:error] [pid 45836:tid 45867] [client 213.21.239.4:58236] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/developer/.git/config"] [unique_id "aSZvu5frnOGqL-seZAwcIAAAANU"]
[Wed Nov 26 11:10:51.469507 2025] [:error] [pid 45836:tid 45870] [client 213.21.239.4:58278] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/dev/.git/config"] [unique_id "aSZvu5frnOGqL-seZAwcIgAAANg"]
[Wed Nov 26 11:10:51.469762 2025] [:error] [pid 34744:tid 34803] [client 213.21.239.4:58138] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft/.git/config;.."] [unique_id "aSZvu0tgOvVbhyALkTTaBAAAAYA"]
[Wed Nov 26 11:10:51.470867 2025] [:error] [pid 34742:tid 34765] [client 213.21.239.4:58250] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft/.git/config;"] [unique_id "aSZvu5SuLNwpQF_jzAcjkAAAAFE"]
[Wed Nov 26 11:10:51.471151 2025] [:error] [pid 45836:tid 45865] [client 213.21.239.4:58230] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/backup/.git/config"] [unique_id "aSZvu5frnOGqL-seZAwcJAAAANM"]
[Wed Nov 26 11:10:51.471635 2025] [:error] [pid 34830:tid 34836] [client 213.21.239.4:58282] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/assets../.git/config"] [unique_id "aSZvu0ukvkWgWN6jCR2J_AAAAAQ"]
[Wed Nov 26 11:10:54.607779 2025] [:error] [pid 45901:tid 45915] [client 213.21.239.4:54804] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/static../.git/config"] [unique_id "aSZvviunQ1SpfPRNrtyENQAAAQw"]
[Wed Nov 26 11:10:54.607836 2025] [:error] [pid 10383:tid 10394] [client 213.21.239.4:54754] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/%0Aconfig"] [unique_id "aSZvvq0RJ-zjhOVjD8-bnwAAAcg"]
[Wed Nov 26 11:10:54.609029 2025] [:error] [pid 45901:tid 45921] [client 213.21.239.4:54842] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/;/.git/config"] [unique_id "aSZvviunQ1SpfPRNrtyENgAAARI"]
[Wed Nov 26 11:10:54.613686 2025] [:error] [pid 34743:tid 34800] [client 213.21.239.4:54904] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/live/.git/config"] [unique_id "aSZvvgvyX7Q5oU7_mBx-5QAAAVg"]
[Wed Nov 26 11:10:54.616633 2025] [:error] [pid 45836:tid 45851] [client 213.21.239.4:54742] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/;/.git/config"] [unique_id "aSZvvpfrnOGqL-seZAwcJgAAAMU"]
[Wed Nov 26 11:10:54.617894 2025] [:error] [pid 34743:tid 34786] [client 213.21.239.4:54816] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config;"] [unique_id "aSZvvgvyX7Q5oU7_mBx-5gAAAUo"]
[Wed Nov 26 11:10:54.618074 2025] [:error] [pid 34743:tid 34790] [client 213.21.239.4:54796] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSZvvgvyX7Q5oU7_mBx-5wAAAU4"]
[Wed Nov 26 11:10:54.618269 2025] [:error] [pid 10383:tid 10388] [client 213.21.239.4:54834] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/images../.git/config"] [unique_id "aSZvvq0RJ-zjhOVjD8-boAAAAcI"]
[Wed Nov 26 11:10:54.621465 2025] [:error] [pid 34742:tid 34758] [client 213.21.239.4:54856] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/git/.git/config"] [unique_id "aSZvvpSuLNwpQF_jzAcjlgAAAEo"]
[Wed Nov 26 11:10:54.622362 2025] [:error] [pid 34743:tid 34797] [client 213.21.239.4:54898] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/message-api/.git/config"] [unique_id "aSZvvgvyX7Q5oU7_mBx-6QAAAVU"]
[Wed Nov 26 11:10:54.626423 2025] [:error] [pid 45836:tid 45848] [client 213.21.239.4:54908] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/.git/%0Aconfig"] [unique_id "aSZvvpfrnOGqL-seZAwcJwAAAMI"]
[Wed Nov 26 11:10:54.627035 2025] [:error] [pid 34742:tid 34751] [client 213.21.239.4:54878] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/img../.git/config"] [unique_id "aSZvvpSuLNwpQF_jzAcjlwAAAEM"]
[Wed Nov 26 11:10:54.632417 2025] [:error] [pid 34743:tid 34784] [client 213.21.239.4:54900] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/m/.git/config"] [unique_id "aSZvvgvyX7Q5oU7_mBx-6gAAAUg"]
[Wed Nov 26 11:10:54.633359 2025] [:error] [pid 34742:tid 34762] [client 213.21.239.4:54784] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/.git/config;.."] [unique_id "aSZvvpSuLNwpQF_jzAcjmAAAAE4"]
[Wed Nov 26 11:10:54.634452 2025] [:error] [pid 45836:tid 45858] [client 213.21.239.4:54822] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config;.."] [unique_id "aSZvvpfrnOGqL-seZAwcKAAAAMw"]
[Wed Nov 26 11:10:54.634608 2025] [:error] [pid 45901:tid 45912] [client 213.21.239.4:54916] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au../.git/config"] [unique_id "aSZvviunQ1SpfPRNrtyENwAAAQk"]
[Wed Nov 26 11:10:54.634718 2025] [:error] [pid 34742:tid 34752] [client 213.21.239.4:54768] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/..;/.git/config"] [unique_id "aSZvvpSuLNwpQF_jzAcjmQAAAEQ"]
[Wed Nov 26 11:10:54.638920 2025] [:error] [pid 34743:tid 34793] [client 213.21.239.4:54890] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/js../.git/config"] [unique_id "aSZvvgvyX7Q5oU7_mBx-6wAAAVE"]
[Wed Nov 26 11:10:54.639296 2025] [:error] [pid 34743:tid 34776] [client 213.21.239.4:54932] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/..;/.git/config"] [unique_id "aSZvvgvyX7Q5oU7_mBx-7AAAAUA"]
[Wed Nov 26 11:10:54.642332 2025] [:error] [pid 34743:tid 34795] [client 213.21.239.4:54894] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/lib../.git/config"] [unique_id "aSZvvgvyX7Q5oU7_mBx-7QAAAVM"]
[Wed Nov 26 11:10:54.643202 2025] [:error] [pid 45836:tid 45868] [client 213.21.239.4:54936] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/.git/config"] [unique_id "aSZvvpfrnOGqL-seZAwcKgAAANY"]
[Wed Nov 26 11:10:54.646139 2025] [:error] [pid 45901:tid 45927] [client 213.21.239.4:54940] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/.git/config;"] [unique_id "aSZvviunQ1SpfPRNrtyEOAAAARg"]
[Wed Nov 26 11:10:56.618048 2025] [:error] [pid 34743:tid 34779] [client 213.21.239.4:55040] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/%0Aconfig"] [unique_id "aSZvwAvyX7Q5oU7_mBx-7gAAAUM"]
[Wed Nov 26 11:10:56.618194 2025] [:error] [pid 35540:tid 35551] [client 213.21.239.4:55044] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/.git/config"] [unique_id "aSZvwMGrIq2A6SZSnkJMZAAAAIU"]
[Wed Nov 26 11:10:56.626894 2025] [:error] [pid 35540:tid 35566] [client 213.21.239.4:55108] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/.git/config;"] [unique_id "aSZvwMGrIq2A6SZSnkJMZQAAAJQ"]
[Wed Nov 26 11:10:56.631403 2025] [:error] [pid 34830:tid 34832] [client 213.21.239.4:55076] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/;/.git/config"] [unique_id "aSZvwEukvkWgWN6jCR2KAwAAAAA"]
[Wed Nov 26 11:10:56.631667 2025] [core:error] [pid 35540:tid 35563] [client 213.21.239.4:55020] AH10244: invalid URI path (/../config)
[Wed Nov 26 11:10:56.632654 2025] [:error] [pid 34743:tid 34800] [client 213.21.239.4:55078] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSZvwAvyX7Q5oU7_mBx-7wAAAVg"]
[Wed Nov 26 11:10:56.633208 2025] [:error] [pid 35540:tid 35570] [client 213.21.239.4:54954] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/new/.git/config"] [unique_id "aSZvwMGrIq2A6SZSnkJMaQAAAJg"]
[Wed Nov 26 11:10:56.635024 2025] [:error] [pid 35540:tid 35548] [client 213.21.239.4:55054] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/..;/.git/config"] [unique_id "aSZvwMGrIq2A6SZSnkJMagAAAII"]
[Wed Nov 26 11:10:56.638052 2025] [:error] [pid 35540:tid 35568] [client 213.21.239.4:54968] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/qa/.git/config"] [unique_id "aSZvwMGrIq2A6SZSnkJMawAAAJY"]
[Wed Nov 26 11:10:56.638431 2025] [:error] [pid 34742:tid 34768] [client 213.21.239.4:54992] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/.git/config;.."] [unique_id "aSZvwJSuLNwpQF_jzAcjmwAAAFQ"]
[Wed Nov 26 11:10:56.638961 2025] [:error] [pid 34742:tid 34761] [client 213.21.239.4:55118] [client 213.21.239.4] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.git;/config"] [unique_id "aSZvwJSuLNwpQF_jzAcjnAAAAE0"]
[Wed Nov 26 11:10:56.640509 2025] [:error] [pid 34742:tid 34756] [client 213.21.239.4:55136] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/static../.git/config"] [unique_id "aSZvwJSuLNwpQF_jzAcjnQAAAEg"]
[Wed Nov 26 11:10:56.642050 2025] [:error] [pid 10383:tid 10393] [client 213.21.239.4:54964] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/prod/.git/config"] [unique_id "aSZvwK0RJ-zjhOVjD8-bqAAAAcc"]
[Wed Nov 26 11:10:56.646423 2025] [:error] [pid 34743:tid 34786] [client 213.21.239.4:55094] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config;.."] [unique_id "aSZvwAvyX7Q5oU7_mBx-8AAAAUo"]
[Wed Nov 26 11:10:56.647036 2025] [:error] [pid 35540:tid 35554] [client 213.21.239.4:54966] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/public/.git/config"] [unique_id "aSZvwMGrIq2A6SZSnkJMbAAAAIg"]
[Wed Nov 26 11:10:56.648504 2025] [:error] [pid 34742:tid 34759] [client 213.21.239.4:55004] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/.git/%0Aconfig"] [unique_id "aSZvwJSuLNwpQF_jzAcjngAAAEs"]
[Wed Nov 26 11:10:56.650122 2025] [:error] [pid 34743:tid 34790] [client 213.21.239.4:55142] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/../.git/config"] [unique_id "aSZvwAvyX7Q5oU7_mBx-8QAAAU4"]
[Wed Nov 26 11:10:56.651101 2025] [:error] [pid 34830:tid 34835] [client 213.21.239.4:55028] [client 213.21.239.4] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/config"] [unique_id "aSZvwEukvkWgWN6jCR2KBAAAAAM"]
[Wed Nov 26 11:10:56.653614 2025] [:error] [pid 34744:tid 34822] [client 213.21.239.4:55062] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config;"] [unique_id "aSZvwEtgOvVbhyALkTTaCQAAAZM"]
[Wed Nov 26 11:10:56.656852 2025] [:error] [pid 34742:tid 34749] [client 213.21.239.4:55124] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au../.git/config"] [unique_id "aSZvwJSuLNwpQF_jzAcjnwAAAEE"]
[Wed Nov 26 11:10:56.657447 2025] [:error] [pid 45901:tid 45922] [client 213.21.239.4:55030] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/;/.git/config"] [unique_id "aSZvwCunQ1SpfPRNrtyEQgAAARM"]
[Wed Nov 26 11:10:56.662705 2025] [:error] [pid 35540:tid 35552] [client 213.21.239.4:55102] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/randolphaircraft.com.au/..;/.git/config"] [unique_id "aSZvwMGrIq2A6SZSnkJMbQAAAIY"]
[Wed Nov 26 11:10:58.609087 2025] [:error] [pid 34743:tid 34785] [client 213.21.239.4:55192] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/web/.git/config"] [unique_id "aSZvwgvyX7Q5oU7_mBx-8gAAAUk"]
[Wed Nov 26 11:10:58.611352 2025] [:error] [pid 34743:tid 34782] [client 213.21.239.4:55158] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/static../.git/config"] [unique_id "aSZvwgvyX7Q5oU7_mBx-8wAAAUY"]
[Wed Nov 26 11:10:58.612224 2025] [:error] [pid 34742:tid 34766] [client 213.21.239.4:55172] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/staging/.git/config"] [unique_id "aSZvwpSuLNwpQF_jzAcjoAAAAFI"]
[Wed Nov 26 11:10:58.613058 2025] [:error] [pid 35540:tid 35554] [client 213.21.239.4:55210] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/plugins/.git/config"] [unique_id "aSZvwsGrIq2A6SZSnkJMcAAAAIg"]
[Wed Nov 26 11:10:58.614496 2025] [:error] [pid 35540:tid 35552] [client 213.21.239.4:55214] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/themes/.git/config"] [unique_id "aSZvwsGrIq2A6SZSnkJMcQAAAIY"]
[Wed Nov 26 11:10:58.621773 2025] [:error] [pid 34742:tid 34755] [client 213.21.239.4:55176] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/static../.git/config"] [unique_id "aSZvwpSuLNwpQF_jzAcjoQAAAEc"]
[Wed Nov 26 11:10:58.621948 2025] [:error] [pid 34744:tid 34812] [client 213.21.239.4:55206] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/wp-content/.git/config"] [unique_id "aSZvwktgOvVbhyALkTTaDwAAAYk"]
[Wed Nov 26 11:10:58.624564 2025] [:error] [pid 35540:tid 35560] [client 213.21.239.4:55180] [client 213.21.239.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/uat/.git/config"] [unique_id "aSZvwsGrIq2A6SZSnkJMcgAAAI4"]
[Wed Nov 26 11:10:58.663399 2025] [:error] [pid 35540:tid 35558] [client 213.21.239.4:55224] [client 213.21.239.4] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.git;/config"] [unique_id "aSZvwsGrIq2A6SZSnkJMcwAAAIw"]
[Wed Nov 26 11:10:58.687706 2025] [:error] [pid 35540:tid 35559] [client 213.21.239.4:55240] [client 213.21.239.4] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/config"] [unique_id "aSZvwsGrIq2A6SZSnkJMdAAAAI0"]
[Wed Nov 26 13:25:40.053305 2025] [:error] [pid 34744:tid 34809] [client 139.59.30.253:61130] [client 139.59.30.253] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/admin/controller/extension/extension/"] [unique_id "aSaPVEtgOvVbhyALkTT35wAAAYY"], referer: binance.com
[Wed Nov 26 13:25:45.991763 2025] [:error] [pid 34744:tid 34808] [client 139.59.30.253:63574] [client 139.59.30.253] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/uploads/"] [unique_id "aSaPWUtgOvVbhyALkTT37AAAAYU"], referer: binance.com
[Wed Nov 26 13:25:50.797868 2025] [:error] [pid 10383:tid 10402] [client 139.59.30.253:58284] [client 139.59.30.253] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/images/"] [unique_id "aSaPXq0RJ-zjhOVjD8_M2wAAAdA"], referer: binance.com
[Wed Nov 26 13:25:56.732372 2025] [:error] [pid 34744:tid 34817] [client 139.59.30.253:65010] [client 139.59.30.253] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/files/"] [unique_id "aSaPZEtgOvVbhyALkTT38AAAAY4"], referer: binance.com
[Wed Nov 26 18:16:44.250672 2025] [:error] [pid 6471:tid 6491] [client 145.239.10.137:49160] File does not exist: /usr/local/apache/htdocs/suspended-page/up2.php, referer: http://randolphaircraft.com.au/up2.php
[Wed Nov 26 19:34:02.959157 2025] [:error] [pid 45683:tid 45690] [client 159.89.127.165:36468] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/v2/api-docs"] [unique_id "aSblqhX1gQgNFW_222qtHAAAAUI"]
[Wed Nov 26 19:34:03.610442 2025] [:error] [pid 45683:tid 45697] [client 159.89.127.165:36476] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/v3/api-docs"] [unique_id "aSblqxX1gQgNFW_222qtHQAAAUk"]
[Wed Nov 26 19:34:04.264989 2025] [:error] [pid 6471:tid 6489] [client 159.89.127.165:35576] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/api-docs/swagger.json"] [unique_id "aSblrOh3Z9TZLlRuTiOR1wAAAI8"]
[Wed Nov 26 19:34:04.914533 2025] [:error] [pid 6471:tid 6475] [client 159.89.127.165:35578] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/api/swagger.json"] [unique_id "aSblrOh3Z9TZLlRuTiOR2gAAAIE"]
[Wed Nov 26 19:34:05.565275 2025] [:error] [pid 6471:tid 6474] [client 159.89.127.165:35582] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/@vite/env"] [unique_id "aSblreh3Z9TZLlRuTiOR3QAAAIA"]
[Wed Nov 26 19:34:06.215572 2025] [:error] [pid 45683:tid 45712] [client 159.89.127.165:35594] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/actuator/env"] [unique_id "aSblrhX1gQgNFW_222qtIwAAAVg"]
[Wed Nov 26 19:34:06.865283 2025] [:error] [pid 45683:tid 45708] [client 159.89.127.165:35606] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/server"] [unique_id "aSblrhX1gQgNFW_222qtJQAAAVQ"]
[Wed Nov 26 19:34:07.516868 2025] [:error] [pid 45684:tid 45731] [client 159.89.127.165:35616] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/.vscode/sftp.json"] [unique_id "aSblr_g5LMxwI4-PD1dPBwAAABA"]
[Wed Nov 26 19:34:08.232351 2025] [:error] [pid 45684:tid 45730] [client 159.89.127.165:35626] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/about"] [unique_id "aSblsPg5LMxwI4-PD1dPCQAAAA8"]
[Wed Nov 26 19:34:08.956867 2025] [:error] [pid 45769:tid 45792] [client 159.89.127.165:35630] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/debug/default/view"] [unique_id "aSblsFdG5Eht9c3yy4MmowAAAdQ"]
[Wed Nov 26 19:34:09.644907 2025] [:error] [pid 45769:tid 45791] [client 159.89.127.165:35644] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/v2/_catalog"] [unique_id "aSblsVdG5Eht9c3yy4MmpQAAAdM"]
[Wed Nov 26 19:34:10.295623 2025] [:error] [pid 45685:tid 45751] [client 159.89.127.165:35650] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "aSblslj3f_NRdgU0DQ7bXAAAAQk"]
[Wed Nov 26 19:34:10.946508 2025] [:error] [pid 46443:tid 46465] [client 159.89.127.165:35656] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/server-status"] [unique_id "aSblssLmDsnHrj-QFB_lFAAAAFQ"]
[Wed Nov 26 19:34:11.598113 2025] [:error] [pid 6471:tid 6479] [client 159.89.127.165:35672] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/login.action"] [unique_id "aSbls-h3Z9TZLlRuTiOR7QAAAIU"]
[Wed Nov 26 19:34:12.248073 2025] [:error] [pid 45683:tid 45698] [client 159.89.127.165:35678] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/_all_dbs"] [unique_id "aSbltBX1gQgNFW_222qtMAAAAUo"]
[Wed Nov 26 19:34:12.898463 2025] [:error] [pid 45684:tid 45718] [client 159.89.127.165:35686] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/.DS_Store"] [unique_id "aSbltPg5LMxwI4-PD1dPGAAAAAM"]
[Wed Nov 26 19:34:13.549835 2025] [:error] [pid 20733:tid 20741] [client 159.89.127.165:35698] [client 159.89.127.165] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.env"] [unique_id "aSbltQV9EP2HuRvnH8dZdQAAAMY"]
[Wed Nov 26 19:34:14.200802 2025] [:error] [pid 45684:tid 45723] [client 159.89.127.165:40386] [client 159.89.127.165] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSbltvg5LMxwI4-PD1dPGQAAAAg"]
[Wed Nov 26 19:34:14.850096 2025] [:error] [pid 45684:tid 45727] [client 159.89.127.165:40402] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/s/4313e2232313e243e2330313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties"] [unique_id "aSbltvg5LMxwI4-PD1dPGwAAAAw"]
[Wed Nov 26 19:34:15.503588 2025] [:error] [pid 45684:tid 45730] [client 159.89.127.165:40406] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/config.json"] [unique_id "aSblt_g5LMxwI4-PD1dPHQAAAA8"]
[Wed Nov 26 19:34:16.152731 2025] [:error] [pid 45684:tid 45737] [client 159.89.127.165:40416] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/telescope/requests"] [unique_id "aSbluPg5LMxwI4-PD1dPHwAAABY"]
[Wed Nov 26 19:34:16.802679 2025] [:error] [pid 45684:tid 45738] [client 159.89.127.165:40432] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/info.php"] [unique_id "aSbluPg5LMxwI4-PD1dPIAAAABc"]
[Wed Nov 26 19:34:17.452436 2025] [:error] [pid 45684:tid 45724] [client 159.89.127.165:40442] [client 159.89.127.165] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aSblufg5LMxwI4-PD1dPIwAAAAk"]
[Wed Nov 26 20:18:08.250756 2025] [:error] [pid 6471:tid 6481] [client 43.167.239.66:40360] [client 43.167.239.66] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aSbwAOh3Z9TZLlRuTiOdeQAAAIc"]
[Wed Nov 26 21:06:18.251330 2025] [:error] [pid 20733:tid 20750] [client 35.94.214.18:36654] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSb7SgV9EP2HuRvnH8dsLwAAAM8"]
[Wed Nov 26 21:06:18.976834 2025] [:error] [pid 6471:tid 6476] [client 35.94.214.18:36658] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aSb7Suh3Z9TZLlRuTiOpMgAAAII"]
[Wed Nov 26 21:06:19.701992 2025] [:error] [pid 45685:tid 45765] [client 35.94.214.18:36674] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.local"] [unique_id "aSb7S1j3f_NRdgU0DQ7uLgAAARc"]
[Wed Nov 26 21:06:20.430110 2025] [:error] [pid 45685:tid 45748] [client 35.94.214.18:36676] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.dev"] [unique_id "aSb7TFj3f_NRdgU0DQ7uLwAAAQY"]
[Wed Nov 26 21:06:21.156874 2025] [:error] [pid 45684:tid 45734] [client 35.94.214.18:36690] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.prod"] [unique_id "aSb7Tfg5LMxwI4-PD1d4LgAAABM"]
[Wed Nov 26 21:06:21.884606 2025] [:error] [pid 45769:tid 45781] [client 35.94.214.18:36694] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.staging"] [unique_id "aSb7TVdG5Eht9c3yy4M5JwAAAck"]
[Wed Nov 26 21:06:22.615939 2025] [:error] [pid 45684:tid 45722] [client 35.94.214.18:36708] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.development"] [unique_id "aSb7Tvg5LMxwI4-PD1d4LwAAAAc"]
[Wed Nov 26 21:06:23.342760 2025] [:error] [pid 45684:tid 45733] [client 35.94.214.18:36712] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.production"] [unique_id "aSb7T_g5LMxwI4-PD1d4MAAAABI"]
[Wed Nov 26 21:06:24.157053 2025] [:error] [pid 45769:tid 45785] [client 35.94.214.18:36714] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.test"] [unique_id "aSb7UFdG5Eht9c3yy4M5KQAAAc0"]
[Wed Nov 26 21:06:24.882043 2025] [:error] [pid 45684:tid 45723] [client 35.94.214.18:36724] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.backup"] [unique_id "aSb7UPg5LMxwI4-PD1d4MgAAAAg"]
[Wed Nov 26 21:06:25.609789 2025] [:error] [pid 45684:tid 45731] [client 35.94.214.18:36734] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env~"] [unique_id "aSb7Ufg5LMxwI4-PD1d4NAAAABA"]
[Wed Nov 26 21:06:26.338376 2025] [:error] [pid 45683:tid 45697] [client 35.94.214.18:36744] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.sample"] [unique_id "aSb7UhX1gQgNFW_222rBvwAAAUk"]
[Wed Nov 26 21:06:27.064973 2025] [:error] [pid 45683:tid 45704] [client 35.94.214.18:36746] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.old"] [unique_id "aSb7UxX1gQgNFW_222rBwAAAAVA"]
[Wed Nov 26 21:06:27.792461 2025] [:error] [pid 45683:tid 45712] [client 35.94.214.18:53110] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.bak"] [unique_id "aSb7UxX1gQgNFW_222rBwQAAAVg"]
[Wed Nov 26 21:06:28.526239 2025] [:error] [pid 20733:tid 20741] [client 35.94.214.18:53126] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.save"] [unique_id "aSb7VAV9EP2HuRvnH8dsMwAAAMY"]
[Wed Nov 26 21:06:29.255749 2025] [:error] [pid 45684:tid 45718] [client 35.94.214.18:53132] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.orig"] [unique_id "aSb7Vfg5LMxwI4-PD1d4NQAAAAM"]
[Wed Nov 26 21:06:29.988344 2025] [:error] [pid 45684:tid 45729] [client 35.94.214.18:53140] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.swp"] [unique_id "aSb7Vfg5LMxwI4-PD1d4NgAAAA4"]
[Wed Nov 26 21:06:30.719236 2025] [:error] [pid 20733:tid 20737] [client 35.94.214.18:53142] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.tmp"] [unique_id "aSb7VgV9EP2HuRvnH8dsNAAAAMI"]
[Wed Nov 26 21:06:31.446367 2025] [:error] [pid 45684:tid 45722] [client 35.94.214.18:53150] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env.dist"] [unique_id "aSb7V_g5LMxwI4-PD1d4OwAAAAc"]
[Wed Nov 26 21:06:32.171127 2025] [:error] [pid 45684:tid 45735] [client 35.94.214.18:53162] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/admin/.env"] [unique_id "aSb7WPg5LMxwI4-PD1d4QgAAABQ"]
[Wed Nov 26 21:06:32.903421 2025] [:error] [pid 20733:tid 20740] [client 35.94.214.18:53176] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/admin/.env.save"] [unique_id "aSb7WAV9EP2HuRvnH8dsNQAAAMU"]
[Wed Nov 26 21:06:33.641055 2025] [:error] [pid 6471:tid 6490] [client 35.94.214.18:53188] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/admin/.env.bak"] [unique_id "aSb7Weh3Z9TZLlRuTiOpNgAAAJA"]
[Wed Nov 26 21:06:34.379756 2025] [:error] [pid 45683:tid 45710] [client 35.94.214.18:53196] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/admin/.env.old"] [unique_id "aSb7WhX1gQgNFW_222rBxQAAAVY"]
[Wed Nov 26 21:06:35.109067 2025] [:error] [pid 45684:tid 45722] [client 35.94.214.18:53212] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/api/.env"] [unique_id "aSb7W_g5LMxwI4-PD1d4UgAAAAc"]
[Wed Nov 26 21:06:35.844029 2025] [:error] [pid 45685:tid 45763] [client 35.94.214.18:53216] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/api/.env.save"] [unique_id "aSb7W1j3f_NRdgU0DQ7uMgAAARU"]
[Wed Nov 26 21:06:36.572725 2025] [:error] [pid 45683:tid 45695] [client 35.94.214.18:53226] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/api/.env.bak"] [unique_id "aSb7XBX1gQgNFW_222rByAAAAUc"]
[Wed Nov 26 21:06:37.299194 2025] [:error] [pid 46443:tid 46463] [client 35.94.214.18:53238] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/api/.env.old"] [unique_id "aSb7XcLmDsnHrj-QFB8ECwAAAFI"]
[Wed Nov 26 21:06:38.023956 2025] [:error] [pid 45685:tid 45749] [client 35.94.214.18:47046] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/app/.env"] [unique_id "aSb7Xlj3f_NRdgU0DQ7uMwAAAQc"]
[Wed Nov 26 21:06:38.753539 2025] [:error] [pid 45685:tid 45759] [client 35.94.214.18:47056] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/app/.env.save"] [unique_id "aSb7Xlj3f_NRdgU0DQ7uNQAAARE"]
[Wed Nov 26 21:06:39.480805 2025] [:error] [pid 46443:tid 46468] [client 35.94.214.18:47060] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/app/.env.bak"] [unique_id "aSb7X8LmDsnHrj-QFB8EDQAAAFc"]
[Wed Nov 26 21:06:40.207859 2025] [:error] [pid 46443:tid 46448] [client 35.94.214.18:47064] [client 35.94.214.18] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/app/.env.old"] [unique_id "aSb7YMLmDsnHrj-QFB8EDgAAAEM"]
[Wed Nov 26 21:19:31.317982 2025] [:error] [pid 45684:tid 45722] [client 167.172.158.128:54944] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v2/api-docs"] [unique_id "aSb-Y_g5LMxwI4-PD1d-mAAAAAc"]
[Wed Nov 26 21:19:31.946991 2025] [:error] [pid 6471:tid 6495] [client 167.172.158.128:55646] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v3/api-docs"] [unique_id "aSb-Y-h3Z9TZLlRuTiOsuQAAAJU"]
[Wed Nov 26 21:19:32.565043 2025] [:error] [pid 45769:tid 45786] [client 167.172.158.128:55656] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/api-docs/swagger.json"] [unique_id "aSb-ZFdG5Eht9c3yy4M77AAAAc4"]
[Wed Nov 26 21:19:33.193303 2025] [:error] [pid 6471:tid 6477] [client 167.172.158.128:55658] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/api/swagger.json"] [unique_id "aSb-Zeh3Z9TZLlRuTiOsvAAAAIM"]
[Wed Nov 26 21:19:33.820824 2025] [:error] [pid 46443:tid 46456] [client 167.172.158.128:55662] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/@vite/env"] [unique_id "aSb-ZcLmDsnHrj-QFB8IugAAAEs"]
[Wed Nov 26 21:19:34.457906 2025] [:error] [pid 45769:tid 45772] [client 167.172.158.128:55670] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/actuator/env"] [unique_id "aSb-ZldG5Eht9c3yy4M78gAAAcA"]
[Wed Nov 26 21:19:35.083273 2025] [:error] [pid 45684:tid 45731] [client 167.172.158.128:55676] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/server"] [unique_id "aSb-Z_g5LMxwI4-PD1d-qwAAABA"]
[Wed Nov 26 21:19:35.701447 2025] [:error] [pid 45684:tid 45721] [client 167.172.158.128:55682] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.vscode/sftp.json"] [unique_id "aSb-Z_g5LMxwI4-PD1d-tAAAAAY"]
[Wed Nov 26 21:19:36.319827 2025] [:error] [pid 6471:tid 6491] [client 167.172.158.128:55688] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/about"] [unique_id "aSb-aOh3Z9TZLlRuTiOsxQAAAJE"]
[Wed Nov 26 21:19:36.944025 2025] [:error] [pid 45684:tid 45735] [client 167.172.158.128:55700] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/debug/default/view"] [unique_id "aSb-aPg5LMxwI4-PD1d-vQAAABQ"]
[Wed Nov 26 21:19:37.563367 2025] [:error] [pid 6471:tid 6478] [client 167.172.158.128:55702] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/v2/_catalog"] [unique_id "aSb-aeh3Z9TZLlRuTiOsygAAAIQ"]
[Wed Nov 26 21:19:38.192255 2025] [:error] [pid 45683:tid 45710] [client 167.172.158.128:55714] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "aSb-ahX1gQgNFW_222rFwgAAAVY"]
[Wed Nov 26 21:19:38.809657 2025] [:error] [pid 45683:tid 45709] [client 167.172.158.128:55722] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/server-status"] [unique_id "aSb-ahX1gQgNFW_222rFxQAAAVU"]
[Wed Nov 26 21:19:39.433949 2025] [:error] [pid 20733:tid 20755] [client 167.172.158.128:55738] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/login.action"] [unique_id "aSb-awV9EP2HuRvnH8duuQAAANQ"]
[Wed Nov 26 21:19:40.067841 2025] [:error] [pid 45769:tid 45774] [client 167.172.158.128:55750] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/_all_dbs"] [unique_id "aSb-bFdG5Eht9c3yy4M7-QAAAcI"]
[Wed Nov 26 21:19:40.693020 2025] [:error] [pid 46443:tid 46456] [client 167.172.158.128:55754] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/.DS_Store"] [unique_id "aSb-bMLmDsnHrj-QFB8IzQAAAEs"]
[Wed Nov 26 21:19:41.309796 2025] [:error] [pid 45685:tid 45751] [client 167.172.158.128:55768] [client 167.172.158.128] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.env"] [unique_id "aSb-bVj3f_NRdgU0DQ7xagAAAQk"]
[Wed Nov 26 21:19:41.929582 2025] [:error] [pid 46443:tid 46453] [client 167.172.158.128:34222] [client 167.172.158.128] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSb-bcLmDsnHrj-QFB8I0wAAAEg"]
[Wed Nov 26 21:19:42.559609 2025] [:error] [pid 45684:tid 45721] [client 167.172.158.128:34236] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/s/4313e2232313e243e2330313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties"] [unique_id "aSb-bvg5LMxwI4-PD1d-xwAAAAY"]
[Wed Nov 26 21:19:43.184030 2025] [:error] [pid 45684:tid 45728] [client 167.172.158.128:34250] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/config.json"] [unique_id "aSb-b_g5LMxwI4-PD1d-ygAAAA0"]
[Wed Nov 26 21:19:43.809834 2025] [:error] [pid 45684:tid 45716] [client 167.172.158.128:34260] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/telescope/requests"] [unique_id "aSb-b_g5LMxwI4-PD1d-zAAAAAE"]
[Wed Nov 26 21:19:44.447888 2025] [:error] [pid 45684:tid 45738] [client 167.172.158.128:34270] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/info.php"] [unique_id "aSb-cPg5LMxwI4-PD1d-zgAAABc"]
[Wed Nov 26 21:19:45.089420 2025] [:error] [pid 45684:tid 45722] [client 167.172.158.128:34274] [client 167.172.158.128] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aSb-cfg5LMxwI4-PD1d-0gAAAAc"]
[Wed Nov 26 21:36:42.718537 2025] [:error] [pid 45683:tid 45696] [client 49.7.227.204:33884] [client 49.7.227.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "randolphaircraft.com.au"] [uri "/"] [unique_id "aScCahX1gQgNFW_222rJNgAAAUg"]
[Wed Nov 26 23:52:48.969785 2025] [:error] [pid 20733:tid 20749] [client 216.126.239.203:45114] [client 216.126.239.203] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/.git/config"] [unique_id "aSciUAV9EP2HuRvnH8eMswAAAM4"]
[Thu Nov 27 00:55:39.645006 2025] [:error] [pid 54723:tid 54735] [client 103.77.107.57:52575] [client 103.77.107.57] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randolphaircraft.com.au"] [uri "/sftp-config.json"] [unique_id "aScxCw2CEg7QoyDosdLzaQAAAAU"]
[Thu Nov 27 03:40:55.170643 2025] [:error] [pid 53739:tid 53755] [client 130.33.50.246:15415] File does not exist: /usr/local/apache/htdocs/suspended-page/tj.php
[Thu Nov 27 03:40:55.289355 2025] [:error] [pid 53739:tid 53766] [client 130.33.50.246:15415] File does not exist: /usr/local/apache/htdocs/suspended-page/v3.php
[Thu Nov 27 03:40:55.407394 2025] [:error] [pid 53739:tid 53746] [client 130.33.50.246:15415] File does not exist: /usr/local/apache/htdocs/suspended-page/asd.php
[Thu Nov 27 03:40:55.526671 2025] [:error] [pid 53739:tid 53757] [client 130.33.50.246:15415] File does not exist: /usr/local/apache/htdocs/suspended-page/f8moue.php
[Thu Nov 27 03:40:55.644481 2025] [:error] [pid 53739:tid 53765] [client 130.33.50.246:15415] File does not exist: /usr/local/apache/htdocs/suspended-page/3i8som87avh59dosfymtvCakc.php
[Thu Nov 27 03:40:55.761772 2025] [:error] [pid 53739:tid 53743] [client 130.33.50.246:15415] File does not exist: /usr/local/apache/htdocs/suspended-page/nonesoterically.php
[Thu Nov 27 03:40:55.888558 2025] [:error] [pid 53739:tid 53748] [client 130.33.50.246:15415] File does not exist: /usr/local/apache/htdocs/suspended-page/palsy.php
[Thu Nov 27 03:40:56.013203 2025] [:error] [pid 53739:tid 53744] [client 130.33.50.246:15415] File does not exist: /usr/local/apache/htdocs/suspended-page/vanda.php
[Thu Nov 27 03:40:56.129775 2025] [:error] [pid 53739:tid 53751] [client 130.33.50.246:15415] File does not exist: /usr/local/apache/htdocs/suspended-page/asciferous.php
[Thu Nov 27 03:40:56.249732 2025] [:error] [pid 53739:tid 53764] [client 130.33.50.246:15415] File does not exist: /usr/local/apache/htdocs/suspended-page/coenoecic.php
[Thu Nov 27 03:40:56.364301 2025] [:error] [pid 53739:tid 53767] [client 130.33.50.246:15415] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cyanamids.php"] [unique_id "aSdXyM0J_NoeqMM0rg2spgAAANg"]
[Thu Nov 27 03:40:56.645853 2025] [:error] [pid 53739:tid 53763] [client 130.33.50.246:16334] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cyanamids.php"] [unique_id "aSdXyM0J_NoeqMM0rg2sqAAAANQ"]
[Thu Nov 27 03:40:56.901557 2025] [:error] [pid 53613:tid 53638] [client 130.33.50.246:15380] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cyanamids.php"] [unique_id "aSdXyBNZMUHuAhTmCSP8bgAAAA4"]
[Thu Nov 27 03:40:57.150110 2025] [:error] [pid 53615:tid 53703] [client 130.33.50.246:15420] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/cyanamids.php"] [unique_id "aSdXyWLrH3MZ4ZYmsVWlZQAAAJc"]
[Thu Nov 27 03:40:57.414822 2025] [:error] [pid 53615:tid 53682] [client 130.33.50.246:15414] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disengaging.php"] [unique_id "aSdXyWLrH3MZ4ZYmsVWlZgAAAII"]
[Thu Nov 27 03:40:57.655184 2025] [:error] [pid 53739:tid 53745] [client 130.33.50.246:16340] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disengaging.php"] [unique_id "aSdXyc0J_NoeqMM0rg2srAAAAMI"]
[Thu Nov 27 03:40:57.976960 2025] [:error] [pid 53615:tid 53689] [client 130.33.50.246:15386] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disengaging.php"] [unique_id "aSdXyWLrH3MZ4ZYmsVWlZwAAAIk"]
[Thu Nov 27 03:40:58.255224 2025] [:error] [pid 53739:tid 53760] [client 130.33.50.246:16321] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disengaging.php"] [unique_id "aSdXys0J_NoeqMM0rg2srQAAANE"]
[Thu Nov 27 03:40:58.507163 2025] [:error] [pid 53739:tid 53758] [client 130.33.50.246:15396] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disquiet.php"] [unique_id "aSdXys0J_NoeqMM0rg2srgAAAM8"]
[Thu Nov 27 03:40:58.777447 2025] [:error] [pid 53739:tid 53755] [client 130.33.50.246:16382] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disquiet.php"] [unique_id "aSdXys0J_NoeqMM0rg2srwAAAMw"]
[Thu Nov 27 03:40:59.031232 2025] [:error] [pid 53614:tid 53677] [client 130.33.50.246:15390] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disquiet.php"] [unique_id "aSdXy362lbq4ocSGM7zgGAAAAFg"]
[Thu Nov 27 03:40:59.290064 2025] [:error] [pid 53615:tid 53681] [client 130.33.50.246:15381] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/disquiet.php"] [unique_id "aSdXy2LrH3MZ4ZYmsVWlaAAAAIE"]
[Thu Nov 27 03:40:59.577081 2025] [:error] [pid 53614:tid 53667] [client 130.33.50.246:15408] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/duplicand.php"] [unique_id "aSdXy362lbq4ocSGM7zgGgAAAE4"]
[Thu Nov 27 03:40:59.842369 2025] [:error] [pid 53739:tid 53751] [client 130.33.50.246:15418] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/duplicand.php"] [unique_id "aSdXy80J_NoeqMM0rg2sswAAAMg"]
[Thu Nov 27 03:41:00.095888 2025] [:error] [pid 53615:tid 53704] [client 130.33.50.246:15406] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/duplicand.php"] [unique_id "aSdXzGLrH3MZ4ZYmsVWlagAAAJg"]
[Thu Nov 27 03:41:00.362051 2025] [:error] [pid 53613:tid 53633] [client 130.33.50.246:15384] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/duplicand.php"] [unique_id "aSdXzBNZMUHuAhTmCSP8fQAAAAk"]
[Thu Nov 27 03:41:00.671192 2025] [:error] [pid 53739:tid 53762] [client 130.33.50.246:15395] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/parturiency.php"] [unique_id "aSdXzM0J_NoeqMM0rg2stwAAANM"]
[Thu Nov 27 03:41:00.920441 2025] [:error] [pid 53615:tid 53680] [client 130.33.50.246:16363] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/parturiency.php"] [unique_id "aSdXzGLrH3MZ4ZYmsVWlbQAAAIA"]
[Thu Nov 27 03:41:01.153289 2025] [:error] [pid 53615:tid 53686] [client 130.33.50.246:16325] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/parturiency.php"] [unique_id "aSdXzWLrH3MZ4ZYmsVWlbgAAAIY"]
[Thu Nov 27 03:41:01.390450 2025] [:error] [pid 53614:tid 53674] [client 130.33.50.246:15392] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/parturiency.php"] [unique_id "aSdXzX62lbq4ocSGM7zgGwAAAFU"]
[Thu Nov 27 03:41:01.640996 2025] [:error] [pid 53739:tid 53745] [client 130.33.50.246:15365] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/tithings.php"] [unique_id "aSdXzc0J_NoeqMM0rg2suwAAAMI"]
[Thu Nov 27 03:41:01.896963 2025] [:error] [pid 53739:tid 53760] [client 130.33.50.246:16336] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/tithings.php"] [unique_id "aSdXzc0J_NoeqMM0rg2svAAAANE"]
[Thu Nov 27 03:41:02.151862 2025] [:error] [pid 53739:tid 53758] [client 130.33.50.246:15363] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/tithings.php"] [unique_id "aSdXzs0J_NoeqMM0rg2svQAAAM8"]
[Thu Nov 27 03:41:02.387888 2025] [:error] [pid 53615:tid 53688] [client 130.33.50.246:16343] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/tithings.php"] [unique_id "aSdXzmLrH3MZ4ZYmsVWlbwAAAIg"]
[Thu Nov 27 03:41:02.616542 2025] [:error] [pid 53739:tid 53766] [client 130.33.50.246:15376] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww5.php"] [unique_id "aSdXzs0J_NoeqMM0rg2svgAAANc"]
[Thu Nov 27 03:41:02.851695 2025] [:error] [pid 53615:tid 53692] [client 130.33.50.246:15385] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww5.php"] [unique_id "aSdXzmLrH3MZ4ZYmsVWlcAAAAIw"]
[Thu Nov 27 03:41:03.111090 2025] [:error] [pid 53615:tid 53697] [client 130.33.50.246:16327] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww5.php"] [unique_id "aSdXz2LrH3MZ4ZYmsVWlcQAAAJE"]
[Thu Nov 27 03:41:03.354068 2025] [:error] [pid 53739:tid 53748] [client 130.33.50.246:15361] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww5.php"] [unique_id "aSdXz80J_NoeqMM0rg2swQAAAMU"]
[Thu Nov 27 03:41:03.603896 2025] [:error] [pid 53739:tid 53759] [client 130.33.50.246:16341] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/z60.php"] [unique_id "aSdXz80J_NoeqMM0rg2swwAAANA"]
[Thu Nov 27 03:41:03.863928 2025] [:error] [pid 53739:tid 53764] [client 130.33.50.246:15391] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/z60.php"] [unique_id "aSdXz80J_NoeqMM0rg2sxAAAANU"]
[Thu Nov 27 03:41:04.107939 2025] [:error] [pid 53739:tid 53750] [client 130.33.50.246:15417] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/z60.php"] [unique_id "aSdX0M0J_NoeqMM0rg2sxQAAAMc"]
[Thu Nov 27 03:41:04.471044 2025] [:error] [pid 53739:tid 53762] [client 130.33.50.246:15369] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/z60.php"] [unique_id "aSdX0M0J_NoeqMM0rg2sxwAAANM"]
[Thu Nov 27 03:41:04.711355 2025] [:error] [pid 53613:tid 53642] [client 130.33.50.246:15397] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-themes.php"] [unique_id "aSdX0BNZMUHuAhTmCSP8kAAAABI"]
[Thu Nov 27 03:41:05.037101 2025] [:error] [pid 53739:tid 53745] [client 130.33.50.246:15367] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-themes.php"] [unique_id "aSdX0c0J_NoeqMM0rg2syQAAAMI"]
[Thu Nov 27 03:41:05.283497 2025] [:error] [pid 53613:tid 53643] [client 130.33.50.246:16357] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-themes.php"] [unique_id "aSdX0RNZMUHuAhTmCSP8kwAAABM"]
[Thu Nov 27 03:41:05.656026 2025] [:error] [pid 53613:tid 53627] [client 130.33.50.246:16330] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-themes.php"] [unique_id "aSdX0RNZMUHuAhTmCSP8lQAAAAM"]
[Thu Nov 27 03:41:05.906925 2025] [:error] [pid 53615:tid 53684] [client 130.33.50.246:16320] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/edd.php"] [unique_id "aSdX0WLrH3MZ4ZYmsVWldAAAAIQ"]
[Thu Nov 27 03:41:06.243404 2025] [:error] [pid 53739:tid 53757] [client 130.33.50.246:15398] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/edd.php"] [unique_id "aSdX0s0J_NoeqMM0rg2szwAAAM4"]
[Thu Nov 27 03:41:06.505247 2025] [:error] [pid 53615:tid 53700] [client 130.33.50.246:16335] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/edd.php"] [unique_id "aSdX0mLrH3MZ4ZYmsVWldgAAAJQ"]
[Thu Nov 27 03:41:06.775919 2025] [:error] [pid 53615:tid 53681] [client 130.33.50.246:15405] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/edd.php"] [unique_id "aSdX0mLrH3MZ4ZYmsVWleAAAAIE"]
[Thu Nov 27 03:41:07.114797 2025] [:error] [pid 53615:tid 53685] [client 130.33.50.246:16331] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bo.php"] [unique_id "aSdX02LrH3MZ4ZYmsVWleQAAAIU"]
[Thu Nov 27 03:41:07.391631 2025] [:error] [pid 53613:tid 53624] [client 130.33.50.246:16337] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bo.php"] [unique_id "aSdX0xNZMUHuAhTmCSP8ngAAAAA"]
[Thu Nov 27 03:41:07.659229 2025] [:error] [pid 53615:tid 53694] [client 130.33.50.246:16333] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bo.php"] [unique_id "aSdX02LrH3MZ4ZYmsVWlewAAAI4"]
[Thu Nov 27 03:41:07.897482 2025] [:error] [pid 53615:tid 53690] [client 130.33.50.246:15368] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bo.php"] [unique_id "aSdX02LrH3MZ4ZYmsVWlfAAAAIo"]
[Thu Nov 27 03:41:08.231431 2025] [:error] [pid 53739:tid 53762] [client 130.33.50.246:15421] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bn.php"] [unique_id "aSdX1M0J_NoeqMM0rg2s1AAAANM"]
[Thu Nov 27 03:41:08.945087 2025] [:error] [pid 53739:tid 53756] [client 130.33.50.246:16323] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bn.php"] [unique_id "aSdX1M0J_NoeqMM0rg2s9gAAAM0"]
[Thu Nov 27 03:41:09.557924 2025] [:error] [pid 53739:tid 53745] [client 130.33.50.246:16353] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bn.php"] [unique_id "aSdX1c0J_NoeqMM0rg2s_gAAAMI"]
[Thu Nov 27 03:41:09.954718 2025] [:error] [pid 53739:tid 53747] [client 130.33.50.246:15422] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/bn.php"] [unique_id "aSdX1c0J_NoeqMM0rg2tAAAAAMQ"]
[Thu Nov 27 03:41:10.288524 2025] [:error] [pid 53614:tid 53668] [client 130.33.50.246:16264] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/fishmen.php"] [unique_id "aSdX1n62lbq4ocSGM7zgKQAAAE8"]
[Thu Nov 27 03:41:10.706991 2025] [:error] [pid 53615:tid 53696] [client 130.33.50.246:15412] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/fishmen.php"] [unique_id "aSdX1mLrH3MZ4ZYmsVWlhQAAAJA"]
[Thu Nov 27 03:41:11.072702 2025] [:error] [pid 53615:tid 53681] [client 130.33.50.246:15379] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/fishmen.php"] [unique_id "aSdX12LrH3MZ4ZYmsVWlhgAAAIE"]
[Thu Nov 27 03:41:11.398948 2025] [:error] [pid 53613:tid 53635] [client 130.33.50.246:15371] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/fishmen.php"] [unique_id "aSdX1xNZMUHuAhTmCSP8vAAAAAs"]
[Thu Nov 27 03:41:11.816876 2025] [:error] [pid 53613:tid 53639] [client 130.33.50.246:16349] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/obfuscous.php"] [unique_id "aSdX1xNZMUHuAhTmCSP8vgAAAA8"]
[Thu Nov 27 03:41:12.112281 2025] [:error] [pid 53614:tid 53660] [client 130.33.50.246:15370] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/obfuscous.php"] [unique_id "aSdX2H62lbq4ocSGM7zgLgAAAEc"]
[Thu Nov 27 03:41:12.439757 2025] [:error] [pid 53614:tid 53677] [client 130.33.50.246:16371] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/obfuscous.php"] [unique_id "aSdX2H62lbq4ocSGM7zgMAAAAFg"]
[Thu Nov 27 03:41:12.693235 2025] [:error] [pid 53613:tid 53648] [client 130.33.50.246:16326] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/obfuscous.php"] [unique_id "aSdX2BNZMUHuAhTmCSP8wAAAABg"]
[Thu Nov 27 03:41:12.944230 2025] [:error] [pid 53739:tid 53756] [client 130.33.50.246:16273] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/oitava.php"] [unique_id "aSdX2M0J_NoeqMM0rg2tEQAAAM0"]
[Thu Nov 27 03:41:13.204059 2025] [:error] [pid 53739:tid 53757] [client 130.33.50.246:16329] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/oitava.php"] [unique_id "aSdX2c0J_NoeqMM0rg2tEgAAAM4"]
[Thu Nov 27 03:41:13.629193 2025] [:error] [pid 53739:tid 53759] [client 130.33.50.246:16354] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/oitava.php"] [unique_id "aSdX2c0J_NoeqMM0rg2tEwAAANA"]
[Thu Nov 27 03:41:14.138919 2025] [:error] [pid 53613:tid 53630] [client 130.33.50.246:16338] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/oitava.php"] [unique_id "aSdX2hNZMUHuAhTmCSP8xgAAAAY"]
[Thu Nov 27 03:41:14.472013 2025] [:error] [pid 53613:tid 53641] [client 130.33.50.246:15400] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/phrensying.php"] [unique_id "aSdX2hNZMUHuAhTmCSP8ygAAABE"]
[Thu Nov 27 03:41:14.799796 2025] [:error] [pid 53613:tid 53624] [client 130.33.50.246:16356] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/phrensying.php"] [unique_id "aSdX2hNZMUHuAhTmCSP8zQAAAAA"]
[Thu Nov 27 03:41:15.269923 2025] [:error] [pid 53613:tid 53626] [client 130.33.50.246:16298] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/phrensying.php"] [unique_id "aSdX2xNZMUHuAhTmCSP80AAAAAI"]
[Thu Nov 27 03:41:15.546198 2025] [:error] [pid 53739:tid 53766] [client 130.33.50.246:16365] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/phrensying.php"] [unique_id "aSdX280J_NoeqMM0rg2tFgAAANc"]
[Thu Nov 27 03:41:15.840820 2025] [:error] [pid 53739:tid 53743] [client 130.33.50.246:15375] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pyrometry.php"] [unique_id "aSdX280J_NoeqMM0rg2tFwAAAMA"]
[Thu Nov 27 03:41:16.164177 2025] [:error] [pid 53739:tid 53753] [client 130.33.50.246:16275] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pyrometry.php"] [unique_id "aSdX3M0J_NoeqMM0rg2tGAAAAMo"]
[Thu Nov 27 03:41:16.403320 2025] [:error] [pid 53614:tid 53674] [client 130.33.50.246:15413] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pyrometry.php"] [unique_id "aSdX3H62lbq4ocSGM7zgNgAAAFU"]
[Thu Nov 27 03:41:16.679878 2025] [:error] [pid 53614:tid 53668] [client 130.33.50.246:15419] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/pyrometry.php"] [unique_id "aSdX3H62lbq4ocSGM7zgOAAAAE8"]
[Thu Nov 27 03:41:16.970900 2025] [:error] [pid 53614:tid 53660] [client 130.33.50.246:16262] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unprecipitously.php"] [unique_id "aSdX3H62lbq4ocSGM7zgOgAAAEc"]
[Thu Nov 27 03:41:17.227036 2025] [:error] [pid 53614:tid 53659] [client 130.33.50.246:15423] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unprecipitously.php"] [unique_id "aSdX3X62lbq4ocSGM7zgOwAAAEY"]
[Thu Nov 27 03:41:17.492914 2025] [:error] [pid 53614:tid 53677] [client 130.33.50.246:16283] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unprecipitously.php"] [unique_id "aSdX3X62lbq4ocSGM7zgPQAAAFg"]
[Thu Nov 27 03:41:17.781856 2025] [:error] [pid 53614:tid 53665] [client 130.33.50.246:15409] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unprecipitously.php"] [unique_id "aSdX3X62lbq4ocSGM7zgPgAAAEw"]
[Thu Nov 27 03:41:18.023245 2025] [:error] [pid 53613:tid 53631] [client 130.33.50.246:16348] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbefittingly.php"] [unique_id "aSdX3hNZMUHuAhTmCSP83QAAAAc"]
[Thu Nov 27 03:41:18.384507 2025] [:error] [pid 53739:tid 53752] [client 130.33.50.246:16361] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbefittingly.php"] [unique_id "aSdX3s0J_NoeqMM0rg2tGQAAAMk"]
[Thu Nov 27 03:41:18.646132 2025] [:error] [pid 53614:tid 53669] [client 130.33.50.246:16314] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbefittingly.php"] [unique_id "aSdX3n62lbq4ocSGM7zgQAAAAFA"]
[Thu Nov 27 03:41:18.902318 2025] [:error] [pid 53739:tid 53745] [client 130.33.50.246:16370] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbefittingly.php"] [unique_id "aSdX3s0J_NoeqMM0rg2tGgAAAMI"]
[Thu Nov 27 03:41:19.304444 2025] [:error] [pid 53615:tid 53688] [client 130.33.50.246:16265] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-home.php"] [unique_id "aSdX32LrH3MZ4ZYmsVWljQAAAIg"]
[Thu Nov 27 03:41:19.571639 2025] [:error] [pid 53615:tid 53692] [client 130.33.50.246:15411] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-home.php"] [unique_id "aSdX32LrH3MZ4ZYmsVWljgAAAIw"]
[Thu Nov 27 03:41:19.879561 2025] [:error] [pid 53613:tid 53635] [client 130.33.50.246:16372] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-home.php"] [unique_id "aSdX3xNZMUHuAhTmCSP85gAAAAs"]
[Thu Nov 27 03:41:20.179721 2025] [:error] [pid 53613:tid 53639] [client 130.33.50.246:16295] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-home.php"] [unique_id "aSdX4BNZMUHuAhTmCSP86AAAAA8"]
[Thu Nov 27 03:41:20.523244 2025] [:error] [pid 53615:tid 53691] [client 130.33.50.246:16286] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-securitiy.php"] [unique_id "aSdX4GLrH3MZ4ZYmsVWljwAAAIs"]
[Thu Nov 27 03:41:20.774814 2025] [:error] [pid 53739:tid 53760] [client 130.33.50.246:16267] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-securitiy.php"] [unique_id "aSdX4M0J_NoeqMM0rg2tHQAAANE"]
[Thu Nov 27 03:41:21.039043 2025] [:error] [pid 53739:tid 53755] [client 130.33.50.246:16271] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-securitiy.php"] [unique_id "aSdX4c0J_NoeqMM0rg2tHwAAAMw"]
[Thu Nov 27 03:41:21.283283 2025] [:error] [pid 53615:tid 53700] [client 130.33.50.246:16339] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-securitiy.php"] [unique_id "aSdX4WLrH3MZ4ZYmsVWlkQAAAJQ"]
[Thu Nov 27 03:41:21.583313 2025] [:error] [pid 53615:tid 53689] [client 130.33.50.246:16344] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-ac.php"] [unique_id "aSdX4WLrH3MZ4ZYmsVWlkgAAAIk"]
[Thu Nov 27 03:41:21.899355 2025] [:error] [pid 53615:tid 53696] [client 130.33.50.246:16268] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-ac.php"] [unique_id "aSdX4WLrH3MZ4ZYmsVWllAAAAJA"]
[Thu Nov 27 03:41:22.151700 2025] [:error] [pid 53739:tid 53756] [client 130.33.50.246:15416] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-ac.php"] [unique_id "aSdX4s0J_NoeqMM0rg2tIwAAAM0"]
[Thu Nov 27 03:41:22.445180 2025] [:error] [pid 53613:tid 53633] [client 130.33.50.246:15377] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-ac.php"] [unique_id "aSdX4hNZMUHuAhTmCSP87QAAAAk"]
[Thu Nov 27 03:41:22.681329 2025] [:error] [pid 53613:tid 53630] [client 130.33.50.246:16288] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nof.php"] [unique_id "aSdX4hNZMUHuAhTmCSP87wAAAAY"]
[Thu Nov 27 03:41:22.967057 2025] [:error] [pid 53614:tid 53657] [client 130.33.50.246:16359] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nof.php"] [unique_id "aSdX4n62lbq4ocSGM7zgRQAAAEU"]
[Thu Nov 27 03:41:23.220184 2025] [:error] [pid 53614:tid 53656] [client 130.33.50.246:15393] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nof.php"] [unique_id "aSdX4362lbq4ocSGM7zgRwAAAEQ"]
[Thu Nov 27 03:41:23.496868 2025] [:error] [pid 53614:tid 53664] [client 130.33.50.246:16270] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/nof.php"] [unique_id "aSdX4362lbq4ocSGM7zgSAAAAEs"]
[Thu Nov 27 03:41:23.770001 2025] [:error] [pid 53614:tid 53660] [client 130.33.50.246:16285] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/test1.php"] [unique_id "aSdX4362lbq4ocSGM7zgSQAAAEc"]
[Thu Nov 27 03:41:24.013140 2025] [:error] [pid 53615:tid 53683] [client 130.33.50.246:16322] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/test1.php"] [unique_id "aSdX5GLrH3MZ4ZYmsVWlnAAAAIM"]
[Thu Nov 27 03:41:24.270674 2025] [:error] [pid 53614:tid 53654] [client 130.33.50.246:16272] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/test1.php"] [unique_id "aSdX5H62lbq4ocSGM7zgSwAAAEI"]
[Thu Nov 27 03:41:24.507460 2025] [:error] [pid 53613:tid 53646] [client 130.33.50.246:16351] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/test1.php"] [unique_id "aSdX5BNZMUHuAhTmCSP88wAAABY"]
[Thu Nov 27 03:41:24.778215 2025] [:error] [pid 53615:tid 53695] [client 130.33.50.246:16383] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbalanceable.php"] [unique_id "aSdX5GLrH3MZ4ZYmsVWloQAAAI8"]
[Thu Nov 27 03:41:25.090308 2025] [:error] [pid 53614:tid 53665] [client 130.33.50.246:16332] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbalanceable.php"] [unique_id "aSdX5X62lbq4ocSGM7zgTQAAAEw"]
[Thu Nov 27 03:41:25.325263 2025] [:error] [pid 53615:tid 53684] [client 130.33.50.246:16266] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbalanceable.php"] [unique_id "aSdX5WLrH3MZ4ZYmsVWlpgAAAIQ"]
[Thu Nov 27 03:41:25.586343 2025] [:error] [pid 53615:tid 53685] [client 130.33.50.246:15366] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/unbalanceable.php"] [unique_id "aSdX5WLrH3MZ4ZYmsVWlpwAAAIU"]
[Thu Nov 27 03:41:25.823411 2025] [:error] [pid 53615:tid 53703] [client 130.33.50.246:16366] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-blog-front.php"] [unique_id "aSdX5WLrH3MZ4ZYmsVWlqAAAAJc"]
[Thu Nov 27 03:41:26.077902 2025] [:error] [pid 53613:tid 53635] [client 130.33.50.246:16296] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-blog-front.php"] [unique_id "aSdX5hNZMUHuAhTmCSP89QAAAAs"]
[Thu Nov 27 03:41:26.332903 2025] [:error] [pid 53615:tid 53694] [client 130.33.50.246:16232] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-blog-front.php"] [unique_id "aSdX5mLrH3MZ4ZYmsVWlqQAAAI4"]
[Thu Nov 27 03:41:26.588601 2025] [:error] [pid 53615:tid 53681] [client 130.33.50.246:16342] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-blog-front.php"] [unique_id "aSdX5mLrH3MZ4ZYmsVWlrQAAAIE"]
[Thu Nov 27 03:41:26.856832 2025] [:error] [pid 53613:tid 53638] [client 130.33.50.246:16226] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-advaced.php"] [unique_id "aSdX5hNZMUHuAhTmCSP89wAAAA4"]
[Thu Nov 27 03:41:27.154342 2025] [:error] [pid 53615:tid 53693] [client 130.33.50.246:15410] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-advaced.php"] [unique_id "aSdX52LrH3MZ4ZYmsVWlrgAAAI0"]
[Thu Nov 27 03:41:27.477224 2025] [:error] [pid 53615:tid 53683] [client 130.33.50.246:15374] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-advaced.php"] [unique_id "aSdX52LrH3MZ4ZYmsVWlsAAAAIM"]
[Thu Nov 27 03:41:27.763175 2025] [:error] [pid 53615:tid 53698] [client 130.33.50.246:15364] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/wp-advaced.php"] [unique_id "aSdX52LrH3MZ4ZYmsVWlsQAAAJI"]
[Thu Nov 27 03:41:28.012808 2025] [:error] [pid 53615:tid 53700] [client 130.33.50.246:16378] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/poliomyelopathy.php"] [unique_id "aSdX6GLrH3MZ4ZYmsVWltAAAAJQ"]
[Thu Nov 27 03:41:28.286667 2025] [:error] [pid 53614:tid 53653] [client 130.33.50.246:16376] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/poliomyelopathy.php"] [unique_id "aSdX6H62lbq4ocSGM7zgUAAAAEE"]
[Thu Nov 27 03:41:28.566084 2025] [:error] [pid 53615:tid 53703] [client 130.33.50.246:16223] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/poliomyelopathy.php"] [unique_id "aSdX6GLrH3MZ4ZYmsVWluQAAAJc"]
[Thu Nov 27 03:41:28.830539 2025] [:error] [pid 53614:tid 53662] [client 130.33.50.246:16289] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/poliomyelopathy.php"] [unique_id "aSdX6H62lbq4ocSGM7zgUgAAAEk"]
[Thu Nov 27 03:41:29.112710 2025] [:error] [pid 53614:tid 53672] [client 130.33.50.246:16258] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/abc.php"] [unique_id "aSdX6X62lbq4ocSGM7zgVQAAAFM"]
[Thu Nov 27 03:41:29.366312 2025] [:error] [pid 53614:tid 53652] [client 130.33.50.246:16364] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/abc.php"] [unique_id "aSdX6X62lbq4ocSGM7zgVwAAAEA"]
[Thu Nov 27 03:41:29.626738 2025] [:error] [pid 53614:tid 53676] [client 130.33.50.246:16350] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/abc.php"] [unique_id "aSdX6X62lbq4ocSGM7zgWAAAAFc"]
[Thu Nov 27 03:41:29.883777 2025] [:error] [pid 53613:tid 53631] [client 130.33.50.246:16259] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/abc.php"] [unique_id "aSdX6RNZMUHuAhTmCSP8-wAAAAc"]
[Thu Nov 27 03:41:30.201026 2025] [:error] [pid 53614:tid 53665] [client 130.33.50.246:16299] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/clss.php"] [unique_id "aSdX6n62lbq4ocSGM7zgWwAAAEw"]
[Thu Nov 27 03:41:30.463986 2025] [:error] [pid 53614:tid 53677] [client 130.33.50.246:16362] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/clss.php"] [unique_id "aSdX6n62lbq4ocSGM7zgXQAAAFg"]
[Thu Nov 27 03:41:30.712055 2025] [:error] [pid 53739:tid 53754] [client 130.33.50.246:16213] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/clss.php"] [unique_id "aSdX6s0J_NoeqMM0rg2tKgAAAMs"]
[Thu Nov 27 03:41:30.990530 2025] [:error] [pid 53739:tid 53747] [client 130.33.50.246:16355] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/clss.php"] [unique_id "aSdX6s0J_NoeqMM0rg2tKwAAAMQ"]
[Thu Nov 27 03:41:31.227916 2025] [:error] [pid 53739:tid 53755] [client 130.33.50.246:16284] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/t.php"] [unique_id "aSdX680J_NoeqMM0rg2tLAAAAMw"]
[Thu Nov 27 03:41:31.464361 2025] [:error] [pid 53615:tid 53702] [client 130.33.50.246:16260] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/t.php"] [unique_id "aSdX62LrH3MZ4ZYmsVWlvQAAAJY"]
[Thu Nov 27 03:41:31.696374 2025] [:error] [pid 53615:tid 53689] [client 130.33.50.246:16367] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/t.php"] [unique_id "aSdX62LrH3MZ4ZYmsVWlvwAAAIk"]
[Thu Nov 27 03:41:32.041665 2025] [:error] [pid 53615:tid 53696] [client 130.33.50.246:16200] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/t.php"] [unique_id "aSdX7GLrH3MZ4ZYmsVWlwAAAAJA"]
[Thu Nov 27 03:41:32.424537 2025] [:error] [pid 53615:tid 53685] [client 130.33.50.246:15382] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/d12.php"] [unique_id "aSdX7GLrH3MZ4ZYmsVWlwQAAAIU"]
[Thu Nov 27 03:41:32.699217 2025] [:error] [pid 53614:tid 53676] [client 130.33.50.246:16345] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/d12.php"] [unique_id "aSdX7H62lbq4ocSGM7zgawAAAFc"]
[Thu Nov 27 03:41:32.962333 2025] [:error] [pid 53739:tid 53766] [client 130.33.50.246:15372] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/d12.php"] [unique_id "aSdX7M0J_NoeqMM0rg2tNgAAANc"]
[Thu Nov 27 03:41:33.273152 2025] [:error] [pid 53614:tid 53661] [client 130.33.50.246:16203] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/d12.php"] [unique_id "aSdX7X62lbq4ocSGM7zgcwAAAEg"]
[Thu Nov 27 03:41:33.507377 2025] [:error] [pid 53614:tid 53655] [client 130.33.50.246:16287] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/x.php"] [unique_id "aSdX7X62lbq4ocSGM7zgdgAAAEM"]
[Thu Nov 27 03:41:33.751396 2025] [:error] [pid 53615:tid 53690] [client 130.33.50.246:16219] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/x.php"] [unique_id "aSdX7WLrH3MZ4ZYmsVWlxQAAAIo"]
[Thu Nov 27 03:41:34.024096 2025] [:error] [pid 53613:tid 53642] [client 130.33.50.246:16324] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/x.php"] [unique_id "aSdX7hNZMUHuAhTmCSP9FwAAABI"]
[Thu Nov 27 03:41:34.333632 2025] [:error] [pid 53739:tid 53745] [client 130.33.50.246:16292] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/x.php"] [unique_id "aSdX7s0J_NoeqMM0rg2tQAAAAMI"]
[Thu Nov 27 03:41:34.583859 2025] [:error] [pid 53615:tid 53693] [client 130.33.50.246:16240] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/domains.php"] [unique_id "aSdX7mLrH3MZ4ZYmsVWlxwAAAI0"]
[Thu Nov 27 03:41:34.850882 2025] [:error] [pid 53615:tid 53683] [client 130.33.50.246:16215] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/domains.php"] [unique_id "aSdX7mLrH3MZ4ZYmsVWlyAAAAIM"]
[Thu Nov 27 03:41:35.135033 2025] [:error] [pid 53739:tid 53758] [client 130.33.50.246:16291] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/domains.php"] [unique_id "aSdX780J_NoeqMM0rg2tQgAAAM8"]
[Thu Nov 27 03:41:35.386978 2025] [:error] [pid 53615:tid 53692] [client 130.33.50.246:15362] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/domains.php"] [unique_id "aSdX72LrH3MZ4ZYmsVWlygAAAIw"]
[Thu Nov 27 03:41:35.632737 2025] [:error] [pid 53739:tid 53757] [client 130.33.50.246:15407] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/zc-729.php"] [unique_id "aSdX780J_NoeqMM0rg2tRAAAAM4"]
[Thu Nov 27 03:41:35.901799 2025] [:error] [pid 53739:tid 53759] [client 130.33.50.246:16379] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/zc-729.php"] [unique_id "aSdX780J_NoeqMM0rg2tRQAAANA"]
[Thu Nov 27 03:41:36.177303 2025] [:error] [pid 53615:tid 53698] [client 130.33.50.246:16282] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/zc-729.php"] [unique_id "aSdX8GLrH3MZ4ZYmsVWlzAAAAJI"]
[Thu Nov 27 03:41:36.459986 2025] [:error] [pid 53739:tid 53766] [client 130.33.50.246:15403] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/zc-729.php"] [unique_id "aSdX8M0J_NoeqMM0rg2tRwAAANc"]
[Thu Nov 27 03:41:36.702653 2025] [:error] [pid 53615:tid 53691] [client 130.33.50.246:15373] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/sx.php"] [unique_id "aSdX8GLrH3MZ4ZYmsVWlzQAAAIs"]
[Thu Nov 27 03:41:36.995309 2025] [:error] [pid 53615:tid 53700] [client 130.33.50.246:16328] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/sx.php"] [unique_id "aSdX8GLrH3MZ4ZYmsVWlzgAAAJQ"]
[Thu Nov 27 03:41:37.251947 2025] [:error] [pid 53739:tid 53762] [client 130.33.50.246:15378] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/sx.php"] [unique_id "aSdX8c0J_NoeqMM0rg2tSwAAANM"]
[Thu Nov 27 03:41:37.574415 2025] [:error] [pid 53739:tid 53743] [client 130.33.50.246:16313] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/sx.php"] [unique_id "aSdX8c0J_NoeqMM0rg2tTQAAAMA"]
[Thu Nov 27 03:41:37.825579 2025] [:error] [pid 53614:tid 53667] [client 130.33.50.246:16195] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww1.php"] [unique_id "aSdX8X62lbq4ocSGM7zggQAAAE4"]
[Thu Nov 27 03:41:38.139111 2025] [:error] [pid 53615:tid 53702] [client 130.33.50.246:16381] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww1.php"] [unique_id "aSdX8mLrH3MZ4ZYmsVWl0AAAAJY"]
[Thu Nov 27 03:41:38.402079 2025] [:error] [pid 53739:tid 53755] [client 130.33.50.246:16294] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww1.php"] [unique_id "aSdX8s0J_NoeqMM0rg2tTwAAAMw"]
[Thu Nov 27 03:41:38.663887 2025] [:error] [pid 53614:tid 53663] [client 130.33.50.246:16310] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/ww1.php"] [unique_id "aSdX8n62lbq4ocSGM7zggwAAAEo"]
[Thu Nov 27 03:41:38.969154 2025] [:error] [pid 53614:tid 53660] [client 130.33.50.246:16281] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aSdX8n62lbq4ocSGM7zghAAAAEc"]
[Thu Nov 27 03:41:39.334148 2025] [:error] [pid 53615:tid 53703] [client 130.33.50.246:16206] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aSdX82LrH3MZ4ZYmsVWl0gAAAJc"]
[Thu Nov 27 03:41:39.583120 2025] [:error] [pid 53615:tid 53694] [client 130.33.50.246:16309] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aSdX82LrH3MZ4ZYmsVWl1AAAAI4"]
[Thu Nov 27 03:41:39.816431 2025] [:error] [pid 53613:tid 53646] [client 130.33.50.246:16311] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/goods.php"] [unique_id "aSdX8xNZMUHuAhTmCSP9HgAAABY"]
[Thu Nov 27 03:41:40.056250 2025] [:error] [pid 53614:tid 53664] [client 130.33.50.246:16213] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/s.php"] [unique_id "aSdX9H62lbq4ocSGM7zghwAAAEs"]
[Thu Nov 27 03:41:40.373510 2025] [:error] [pid 53739:tid 53766] [client 130.33.50.246:16377] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/s.php"] [unique_id "aSdX9M0J_NoeqMM0rg2tVAAAANc"]
[Thu Nov 27 03:41:40.688814 2025] [:error] [pid 53739:tid 53750] [client 130.33.50.246:16274] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/s.php"] [unique_id "aSdX9M0J_NoeqMM0rg2tVQAAAMc"]
[Thu Nov 27 03:41:40.927219 2025] [:error] [pid 53613:tid 53642] [client 130.33.50.246:16138] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/s.php"] [unique_id "aSdX9BNZMUHuAhTmCSP9HwAAABI"]
[Thu Nov 27 03:41:41.161442 2025] [:error] [pid 53615:tid 53699] [client 130.33.50.246:16305] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gecko.php"] [unique_id "aSdX9WLrH3MZ4ZYmsVWl1QAAAJM"]
[Thu Nov 27 03:41:41.427990 2025] [:error] [pid 53615:tid 53693] [client 130.33.50.246:16193] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gecko.php"] [unique_id "aSdX9WLrH3MZ4ZYmsVWl1gAAAI0"]
[Thu Nov 27 03:41:41.674581 2025] [:error] [pid 53739:tid 53755] [client 130.33.50.246:16352] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gecko.php"] [unique_id "aSdX9c0J_NoeqMM0rg2tVgAAAMw"]
[Thu Nov 27 03:41:41.904985 2025] [:error] [pid 53739:tid 53763] [client 130.33.50.246:16233] [client 130.33.50.246] ModSecurity: Access denied with connection close (phase 1). Operator GT matched 10 at IP:wp404_cnt. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "47"] [id "771005"] [msg "Too many 404s in short window (likely scanner)"] [tag "rate_limit"] [tag "probes"] [hostname "randolphaircraft.com.au"] [uri "/gecko.php"] [unique_id "aSdX9c0J_NoeqMM0rg2tVwAAANQ"]
[Thu Nov 27 03:55:05.196735 2025] [:error] [pid 6202:tid 6249] [client 43.130.139.136:59168] [client 43.130.139.136] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.randolphaircraft.com.au|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.randolphaircraft.com.au"] [uri "/"] [unique_id "aSdbGdJa7NTP0XPyZ6lXIgAAAFA"]
[Thu Nov 27 04:34:37.811838 2025] [:error] [pid 21017:tid 21061] [client 179.6.169.81:41482] [client 179.6.169.81] ModSecurity: Warning. Pattern match "/xmlrpc\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "6"] [id "400001"] [msg "xmlrpc.php hit from 179.6.169.81, incrementing ddos counter"] [hostname "randolphaircraft.com.au"] [uri "/xmlrpc.php"] [unique_id "aSdkXaZA663ub03MMQt8cAAAAQI"]
[Thu Nov 27 04:34:37.819172 2025] [:error] [pid 21017:tid 21061] [client 179.6.169.81:41482] File does not exist: /usr/local/apache/htdocs/suspended-page/xmlrpc.php
[Thu Nov 27 07:28:43.671042 2025] [:error] [pid 7481:tid 7702] [client 194.5.82.74:36067] File does not exist: /usr/local/apache/htdocs/suspended-page/manager.php
[Thu Nov 27 07:28:43.785524 2025] [:error] [pid 7481:tid 7704] [client 194.5.82.74:36067] File does not exist: /usr/local/apache/htdocs/suspended-page/bless.php
[Thu Nov 27 07:28:43.929918 2025] [:error] [pid 7481:tid 7705] [client 194.5.82.74:36067] File does not exist: /usr/local/apache/htdocs/suspended-page/O-Simple.php
[Thu Nov 27 07:28:44.056301 2025] [:error] [pid 7481:tid 7682] [client 194.5.82.74:36067] File does not exist: /usr/local/apache/htdocs/suspended-page/lock360.php
[Thu Nov 27 07:28:44.196852 2025] [:error] [pid 7481:tid 7684] [client 194.5.82.74:36067] File does not exist: /usr/local/apache/htdocs/suspended-page/zwso.php
[Thu Nov 27 07:28:47.650887 2025] [:error] [pid 11332:tid 11392] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/chosen.php
[Thu Nov 27 07:28:47.793742 2025] [:error] [pid 11332:tid 11404] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/about.php
[Thu Nov 27 07:28:47.930980 2025] [:error] [pid 11332:tid 11391] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/admin.php
[Thu Nov 27 07:28:48.422112 2025] [:error] [pid 11332:tid 11407] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/mah.php
[Thu Nov 27 07:28:48.754370 2025] [:error] [pid 11332:tid 11398] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/core.php
[Thu Nov 27 07:28:48.911878 2025] [:error] [pid 11332:tid 11405] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/robots.php
[Thu Nov 27 07:28:49.039204 2025] [:error] [pid 11332:tid 11393] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/inputs.php
[Thu Nov 27 07:28:49.155134 2025] [:error] [pid 11332:tid 11401] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/mini.php
[Thu Nov 27 07:28:49.270461 2025] [:error] [pid 11332:tid 11388] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/goods.php
[Thu Nov 27 07:28:49.407736 2025] [:error] [pid 11332:tid 11397] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/file5.php
[Thu Nov 27 07:28:49.608962 2025] [:error] [pid 11332:tid 11384] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/ahax.php
[Thu Nov 27 07:28:49.790251 2025] [:error] [pid 11332:tid 11403] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/f35.php
[Thu Nov 27 07:28:49.915810 2025] [:error] [pid 11332:tid 11394] [client 194.5.82.70:36669] File does not exist: /usr/local/apache/htdocs/suspended-page/simple.php
[Thu Nov 27 07:28:51.809116 2025] [:error] [pid 11332:tid 11391] [client 194.5.82.70:36669] [client 194.5.82.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-content/plugins/pwnd/pwnd.php"] [unique_id "aSeNMwdwxFvT7a-DQjOemwAAAEc"]
[Thu Nov 27 07:28:52.466043 2025] [:error] [pid 11488:tid 11537] [client 194.5.82.64:32607] [client 194.5.82.64] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/worksec.php"] [unique_id "aSeNNJizcrrnZYNumua8gQAAAZI"]
[Thu Nov 27 07:28:53.357036 2025] [:error] [pid 11488:tid 11521] [client 194.5.82.74:44817] File does not exist: /usr/local/apache/htdocs/suspended-page/classwithtostring.php
[Thu Nov 27 07:28:53.866138 2025] [:error] [pid 11488:tid 11526] [client 194.5.82.74:44817] [client 194.5.82.74] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/tinyfilemanager.php"] [unique_id "aSeNNZizcrrnZYNumua8jgAAAYc"]
[Thu Nov 27 07:28:54.443883 2025] [:error] [pid 11676:tid 11755] [client 194.5.82.59:59603] File does not exist: /usr/local/apache/htdocs/suspended-page/file.php
[Thu Nov 27 07:28:54.564038 2025] [:error] [pid 11676:tid 11756] [client 194.5.82.59:59603] [client 194.5.82.59] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/index.php"] [unique_id "aSeNNtfaeHt313Ts2HIjHQAAAJE"]
[Thu Nov 27 07:28:55.144628 2025] [:error] [pid 11332:tid 11387] [client 194.5.82.80:57007] File does not exist: /usr/local/apache/htdocs/suspended-page/buy.php
[Thu Nov 27 07:28:55.967603 2025] [:error] [pid 11332:tid 11394] [client 194.5.82.80:57007] [client 194.5.82.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/dyqvcfqv.php"] [unique_id "aSeNNwdwxFvT7a-DQjOetgAAAEo"]
[Thu Nov 27 07:28:56.360174 2025] [:error] [pid 11488:tid 11527] [client 194.5.82.100:43367] [client 194.5.82.100] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/about.php"] [unique_id "aSeNOJizcrrnZYNumua8nQAAAYg"]
[Thu Nov 27 07:28:56.708433 2025] [:error] [pid 11487:tid 11505] [client 194.5.82.80:33617] [client 194.5.82.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/crop/admin.php"] [unique_id "aSeNOMAEJJlNliCT29mn_wAAAQ0"]
[Thu Nov 27 07:29:00.776385 2025] [:error] [pid 16377:tid 16736] [client 194.5.82.77:30421] [client 194.5.82.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/wp-conflg.php"] [unique_id "aSeNPNMPpzKut6cIBdxtDAAAAEM"]
[Thu Nov 27 07:29:01.176168 2025] [:error] [pid 16401:tid 16786] [client 194.5.82.104:21787] [client 194.5.82.104] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/admin.php"] [unique_id "aSeNPUuVHQIcwItUx-ZyZQAAAQQ"]
[Thu Nov 27 07:29:01.477999 2025] [:error] [pid 16432:tid 16813] [client 194.5.82.87:57547] [client 194.5.82.87] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/widgets/wp-login.php"] [unique_id "aSeNPc6cRsTt0Hw5Bh207wAAAYM"]
[Thu Nov 27 07:29:01.998916 2025] [:error] [pid 16432:tid 16821] [client 194.5.82.95:45427] [client 194.5.82.95] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/PHPMailer/options.php"] [unique_id "aSeNPc6cRsTt0Hw5Bh208wAAAYs"]
[Thu Nov 27 07:29:02.220049 2025] [:error] [pid 16432:tid 16823] [client 194.5.82.95:43945] File does not exist: /usr/local/apache/htdocs/suspended-page/inc.php
[Thu Nov 27 07:29:06.309474 2025] [:error] [pid 19010:tid 19035] [client 194.5.82.58:45665] [client 194.5.82.58] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/(?:tinyfilemanager(?:\\\\.php)?|filemanager\\\\.php|fm\\\\.php|tiny\\\\.php|wp-content/plugins/pwnd/pwnd\\\\.php|wp-includes/(?:block-supports/autoload_classmap\\\\.php|Text/Diff/Engine/wp\\\\.php|blocks/details/about\\\\.php))$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "29"] [id "771002"] [msg "Blocked probe for known bad path/file manager/webshell"] [tag "probes"] [tag "wordpress"] [hostname "www.randolphaircraft.com.au"] [uri "/filemanager.php"] [unique_id "aSeNQvv6iq0GzfGBcn16fAAAANE"]
[Thu Nov 27 07:29:06.837776 2025] [:error] [pid 19010:tid 19023] [client 194.5.82.79:22917] [client 194.5.82.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/IXR/admin.php"] [unique_id "aSeNQvv6iq0GzfGBcn16lAAAAMU"]
[Thu Nov 27 07:29:07.360517 2025] [:error] [pid 19011:tid 19057] [client 194.5.82.62:45693] [client 194.5.82.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/jquery/jquery.php"] [unique_id "aSeNQyQOxt0mnxZWt17OkQAAAYs"]
[Thu Nov 27 07:29:11.272155 2025] [:error] [pid 19912:tid 20297] [client 194.5.82.62:64615] File does not exist: /usr/local/apache/htdocs/suspended-page/function.php
[Thu Nov 27 07:29:11.402341 2025] [:error] [pid 19912:tid 20318] [client 194.5.82.62:64615] [client 194.5.82.62] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/block-supports/autoload_classmap.php"] [unique_id "aSeNR8AXlPVc9JkrnBbHwAAAAZg"]
[Thu Nov 27 07:29:11.658210 2025] [:error] [pid 19912:tid 20301] [client 194.5.82.83:56339] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-signup.php
[Thu Nov 27 07:29:12.055891 2025] [:error] [pid 19912:tid 20309] [client 194.5.82.83:56339] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-blog.php
[Thu Nov 27 07:29:12.544009 2025] [:error] [pid 19912:tid 20296] [client 194.5.82.83:56339] [client 194.5.82.83] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/blocks/table/int/tmpl/index.php"] [unique_id "aSeNSMAXlPVc9JkrnBbH2gAAAYI"]
[Thu Nov 27 07:29:18.848342 2025] [:error] [pid 21219:tid 21227] [client 194.5.82.99:45825] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-l0gin.php
[Thu Nov 27 07:29:19.036827 2025] [:error] [pid 21219:tid 21241] [client 194.5.82.99:45825] [client 194.5.82.99] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/js/jquery/suggest.php"] [unique_id "aSeNT7GiIIhkfjGpORKsmQAAANE"]
[Thu Nov 27 07:29:19.358164 2025] [:error] [pid 21219:tid 21245] [client 194.5.82.70:29901] File does not exist: /usr/local/apache/htdocs/suspended-page/new.php
[Thu Nov 27 07:29:19.672012 2025] [:error] [pid 21219:tid 21241] [client 194.5.82.70:29901] [client 194.5.82.70] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/defaults.php"] [unique_id "aSeNT7GiIIhkfjGpORKsoAAAANE"]
[Thu Nov 27 07:29:20.110342 2025] [:error] [pid 21221:tid 21285] [client 194.5.82.72:37269] [client 194.5.82.72] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/customize/index.php"] [unique_id "aSeNUEUGpaQ-vuZdmCCRxAAAAAY"]
[Thu Nov 27 07:29:20.475888 2025] [:error] [pid 21221:tid 21289] [client 194.5.82.56:52379] File does not exist: /usr/local/apache/htdocs/suspended-page/natural.php
[Thu Nov 27 07:29:20.601136 2025] [:error] [pid 21221:tid 21292] [client 194.5.82.56:52379] File does not exist: /usr/local/apache/htdocs/suspended-page/item.php
[Thu Nov 27 07:29:20.891816 2025] [:error] [pid 21221:tid 21294] [client 194.5.82.56:52379] [client 194.5.82.56] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/SimplePie/index.php"] [unique_id "aSeNUEUGpaQ-vuZdmCCRzAAAAA8"]
[Thu Nov 27 07:29:21.236990 2025] [:error] [pid 21221:tid 21298] [client 194.5.82.101:39867] [client 194.5.82.101] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/theme-compat/about.php"] [unique_id "aSeNUUUGpaQ-vuZdmCCRzgAAABM"]
[Thu Nov 27 07:29:21.627536 2025] [:error] [pid 21221:tid 21303] [client 194.5.82.87:63121] [client 194.5.82.87] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/Requests/index.php"] [unique_id "aSeNUUUGpaQ-vuZdmCCR0AAAABg"]
[Thu Nov 27 07:29:21.885844 2025] [:error] [pid 21221:tid 21282] [client 194.5.82.104:61135] [client 194.5.82.104] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/about.php/wp-content/x/index.php"] [unique_id "aSeNUUUGpaQ-vuZdmCCR0gAAAAM"]
[Thu Nov 27 07:29:22.241075 2025] [:error] [pid 21221:tid 21289] [client 194.5.82.80:25621] [client 194.5.82.80] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/ID3/about.php"] [unique_id "aSeNUkUGpaQ-vuZdmCCR1gAAAAo"]
[Thu Nov 27 07:29:23.923893 2025] [:error] [pid 21307:tid 21324] [client 194.5.82.167:28981] File does not exist: /usr/local/apache/htdocs/suspended-page/default.php
[Thu Nov 27 07:29:24.047280 2025] [:error] [pid 21307:tid 21311] [client 194.5.82.167:28981] [client 194.5.82.167] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/info.php"] [unique_id "aSeNVCZFT858M_WF7QNnGgAAAIE"]
[Thu Nov 27 07:29:24.377039 2025] [:error] [pid 21220:tid 21257] [client 194.5.82.64:58405] [client 194.5.82.64] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/class.api.php"] [unique_id "aSeNVJ3Mlhid6qr4bCN6XAAAAYU"]
[Thu Nov 27 07:29:24.633667 2025] [:error] [pid 21221:tid 21290] [client 194.5.82.92:62151] [client 194.5.82.92] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/fonts/index.php"] [unique_id "aSeNVEUGpaQ-vuZdmCCR4wAAAAs"]
[Thu Nov 27 07:29:25.478564 2025] [:error] [pid 21221:tid 21279] [client 194.5.82.85:39829] File does not exist: /usr/local/apache/htdocs/suspended-page/dropdown.php
[Thu Nov 27 07:29:25.793594 2025] [:error] [pid 21221:tid 21298] [client 194.5.82.85:39829] File does not exist: /usr/local/apache/htdocs/suspended-page/db.php
[Thu Nov 27 07:29:30.090585 2025] [:error] [pid 23284:tid 23312] [client 194.5.82.77:58797] [client 194.5.82.77] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/admin.php"] [unique_id "aSeNWtpIaJjkLhs1bspxlwAAAZc"]
[Thu Nov 27 07:29:31.239506 2025] [:error] [pid 23284:tid 23307] [client 194.5.82.79:37051] [client 194.5.82.79] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 194.5.82.79, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/js/wp-login.php"] [unique_id "aSeNW9pIaJjkLhs1bspxnwAAAZI"]
[Thu Nov 27 07:29:31.423965 2025] [:error] [pid 23284:tid 23293] [client 194.5.82.79:37051] File does not exist: /usr/local/apache/htdocs/suspended-page/install.php
[Thu Nov 27 07:29:32.377290 2025] [:error] [pid 23284:tid 23297] [client 194.5.82.79:37051] File does not exist: /usr/local/apache/htdocs/suspended-page/bypass.php
[Thu Nov 27 07:29:32.509531 2025] [:error] [pid 23284:tid 23289] [client 194.5.82.79:37051] File does not exist: /usr/local/apache/htdocs/suspended-page/class.php
[Thu Nov 27 07:29:33.161197 2025] [:error] [pid 23284:tid 23313] [client 194.5.82.79:37051] [client 194.5.82.79] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/rest-api/about.php"] [unique_id "aSeNXdpIaJjkLhs1bspxuQAAAZg"]
[Thu Nov 27 07:29:33.516284 2025] [:error] [pid 23284:tid 23310] [client 194.5.82.90:59111] File does not exist: /usr/local/apache/htdocs/suspended-page/init.php
[Thu Nov 27 07:29:33.663701 2025] [:error] [pid 23284:tid 23300] [client 194.5.82.90:59111] [client 194.5.82.90] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 194.5.82.90, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/user/wp-login.php"] [unique_id "aSeNXdpIaJjkLhs1bspxvwAAAYs"]
[Thu Nov 27 07:29:33.933514 2025] [:error] [pid 23284:tid 23295] [client 194.5.82.90:59111] [client 194.5.82.90] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/item.php"] [unique_id "aSeNXdpIaJjkLhs1bspxwgAAAYY"]
[Thu Nov 27 07:29:34.923759 2025] [:error] [pid 23443:tid 23448] [client 194.5.82.61:35777] File does not exist: /usr/local/apache/htdocs/suspended-page/adminfuns.php
[Thu Nov 27 07:29:35.161404 2025] [:error] [pid 23443:tid 23455] [client 194.5.82.61:35777] File does not exist: /usr/local/apache/htdocs/suspended-page/wp_wlx.php
[Thu Nov 27 07:29:35.541308 2025] [:error] [pid 23443:tid 23469] [client 194.5.82.61:35777] [client 194.5.82.61] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/assets/husky301.php"] [unique_id "aSeNX5v6DdxCC6LKNW-vSQAAAFY"]
[Thu Nov 27 07:29:35.772784 2025] [:error] [pid 23284:tid 23299] [client 194.5.82.59:43899] File does not exist: /usr/local/apache/htdocs/suspended-page/wp.php
[Thu Nov 27 07:29:36.250887 2025] [:error] [pid 23284:tid 23302] [client 194.5.82.59:43899] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-header.php
[Thu Nov 27 07:29:36.548737 2025] [:error] [pid 23284:tid 23300] [client 194.5.82.59:43899] File does not exist: /usr/local/apache/htdocs/suspended-page/Marvins.php
[Thu Nov 27 07:29:37.153521 2025] [:error] [pid 23284:tid 23311] [client 194.5.82.59:43899] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-class.php
[Thu Nov 27 07:29:37.270296 2025] [:error] [pid 23284:tid 23299] [client 194.5.82.59:43899] [client 194.5.82.59] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/images/smilies/index.php"] [unique_id "aSeNYdpIaJjkLhs1bspx2QAAAYo"]
[Thu Nov 27 07:29:37.479755 2025] [:error] [pid 23286:tid 23356] [client 194.5.82.87:37179] File does not exist: /usr/local/apache/htdocs/suspended-page/xx.php
[Thu Nov 27 07:29:37.600921 2025] [:error] [pid 23286:tid 23358] [client 194.5.82.87:37179] File does not exist: /usr/local/apache/htdocs/suspended-page/autoload_classmap.php
[Thu Nov 27 07:29:37.711112 2025] [:error] [pid 23286:tid 23359] [client 194.5.82.87:37179] [client 194.5.82.87] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/classwithtostring.php"] [unique_id "aSeNYbjFpFntvlKbXtX3XQAAAJA"]
[Thu Nov 27 07:29:38.126360 2025] [:error] [pid 23286:tid 23362] [client 194.5.82.81:25169] File does not exist: /usr/local/apache/htdocs/suspended-page/content.php
[Thu Nov 27 07:29:38.372723 2025] [:error] [pid 23286:tid 23365] [client 194.5.82.81:25169] [client 194.5.82.81] ModSecurity: Warning. Pattern match "/wp-login\\\\.php" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_Wordpress.conf"] [line "14"] [id "400003"] [msg "wp-login.php hit from 194.5.82.81, incrementing brute counter"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-admin/wp-login.php"] [unique_id "aSeNYrjFpFntvlKbXtX3YwAAAJY"]
[Thu Nov 27 07:29:38.517640 2025] [:error] [pid 23286:tid 23366] [client 194.5.82.81:25169] [client 194.5.82.81] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/rest-api/endpoints/index.php"] [unique_id "aSeNYrjFpFntvlKbXtX3ZAAAAJc"]
[Thu Nov 27 07:29:40.302767 2025] [:error] [pid 23443:tid 23465] [client 194.5.82.87:52489] File does not exist: /usr/local/apache/htdocs/suspended-page/web.php
[Thu Nov 27 07:29:41.664236 2025] [:error] [pid 23443:tid 23449] [client 194.5.82.87:52489] File does not exist: /usr/local/apache/htdocs/suspended-page/wp-trackback.php
[Thu Nov 27 07:29:41.767211 2025] [:error] [pid 23443:tid 23458] [client 194.5.82.87:52489] [client 194.5.82.87] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^/wp-includes/.*\\\\.php$" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/99_Custom_WebShells.conf"] [line "15"] [id "771001"] [msg "Blocked direct PHP under wp-includes"] [tag "wordpress"] [tag "hardening"] [hostname "www.randolphaircraft.com.au"] [uri "/wp-includes/style-engine/bypass.php"] [unique_id "aSeNZZv6DdxCC6LKNW-vcAAAAEs"]
[Thu Apr 16 01:43:30.165074 2026] [ssl:warn] [pid 4016:tid 4016] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 16 01:43:30.165102 2026] [ssl:warn] [pid 4016:tid 4016] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 16 03:29:40.749405 2026] [ssl:warn] [pid 52554:tid 52554] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 16 03:29:40.749433 2026] [ssl:warn] [pid 52554:tid 52554] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 16 03:29:42.722817 2026] [ssl:warn] [pid 52557:tid 52557] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 16 03:29:42.722843 2026] [ssl:warn] [pid 52557:tid 52557] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 16 03:30:07.782661 2026] [ssl:warn] [pid 52557:tid 52557] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 16 03:30:07.782689 2026] [ssl:warn] [pid 52557:tid 52557] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 16 03:30:22.895078 2026] [ssl:warn] [pid 52557:tid 52557] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 16 03:30:22.895105 2026] [ssl:warn] [pid 52557:tid 52557] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 16 03:30:29.852761 2026] [ssl:warn] [pid 53231:tid 53231] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 16 03:30:29.852802 2026] [ssl:warn] [pid 53231:tid 53231] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 16 03:30:31.930874 2026] [ssl:warn] [pid 53237:tid 53237] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 16 03:30:31.930902 2026] [ssl:warn] [pid 53237:tid 53237] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 16 03:41:22.550100 2026] [ssl:warn] [pid 26970:tid 26970] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 16 03:41:22.550129 2026] [ssl:warn] [pid 26970:tid 26970] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 16 03:41:24.552006 2026] [ssl:warn] [pid 26973:tid 26973] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 16 03:41:24.552032 2026] [ssl:warn] [pid 26973:tid 26973] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 16 03:47:58.682558 2026] [ssl:warn] [pid 57468:tid 57468] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 16 03:47:58.682618 2026] [ssl:warn] [pid 57468:tid 57468] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 16 03:48:00.734639 2026] [ssl:warn] [pid 57487:tid 57487] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 16 03:48:00.734669 2026] [ssl:warn] [pid 57487:tid 57487] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 17 00:03:16.718762 2026] [ssl:warn] [pid 57487:tid 57487] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 17 00:03:16.718792 2026] [ssl:warn] [pid 57487:tid 57487] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 17 03:21:40.977773 2026] [ssl:warn] [pid 5220:tid 5220] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 17 03:21:40.977799 2026] [ssl:warn] [pid 5220:tid 5220] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 17 03:21:43.032003 2026] [ssl:warn] [pid 5230:tid 5230] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 17 03:21:43.032043 2026] [ssl:warn] [pid 5230:tid 5230] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 17 03:21:53.245343 2026] [ssl:warn] [pid 5230:tid 5230] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 17 03:21:53.245380 2026] [ssl:warn] [pid 5230:tid 5230] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 17 03:22:02.129829 2026] [ssl:warn] [pid 5230:tid 5230] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 17 03:22:02.129856 2026] [ssl:warn] [pid 5230:tid 5230] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 17 03:22:12.947917 2026] [ssl:warn] [pid 5809:tid 5809] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 17 03:22:12.947944 2026] [ssl:warn] [pid 5809:tid 5809] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 17 03:22:14.950863 2026] [ssl:warn] [pid 5815:tid 5815] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 17 03:22:14.950889 2026] [ssl:warn] [pid 5815:tid 5815] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 17 03:32:45.830084 2026] [ssl:warn] [pid 43721:tid 43721] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 17 03:32:45.830099 2026] [ssl:warn] [pid 43721:tid 43721] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 17 03:32:47.844586 2026] [ssl:warn] [pid 43725:tid 43725] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 17 03:32:47.844613 2026] [ssl:warn] [pid 43725:tid 43725] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 17 03:39:46.549196 2026] [ssl:warn] [pid 9098:tid 9098] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 17 03:39:46.549227 2026] [ssl:warn] [pid 9098:tid 9098] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 17 03:39:48.612583 2026] [ssl:warn] [pid 9100:tid 9100] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 17 03:39:48.612609 2026] [ssl:warn] [pid 9100:tid 9100] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 18 00:02:18.135542 2026] [ssl:warn] [pid 9100:tid 9100] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 18 00:02:18.135583 2026] [ssl:warn] [pid 9100:tid 9100] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 18 03:15:41.412916 2026] [ssl:warn] [pid 6452:tid 6452] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 18 03:15:41.412944 2026] [ssl:warn] [pid 6452:tid 6452] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 18 03:15:43.448854 2026] [ssl:warn] [pid 6456:tid 6456] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 18 03:15:43.448880 2026] [ssl:warn] [pid 6456:tid 6456] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 18 03:15:55.863278 2026] [ssl:warn] [pid 6456:tid 6456] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 18 03:15:55.863306 2026] [ssl:warn] [pid 6456:tid 6456] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 18 03:16:04.799431 2026] [ssl:warn] [pid 6456:tid 6456] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 18 03:16:04.799458 2026] [ssl:warn] [pid 6456:tid 6456] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 18 03:16:13.595858 2026] [ssl:warn] [pid 7034:tid 7034] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 18 03:16:13.595885 2026] [ssl:warn] [pid 7034:tid 7034] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 18 03:16:15.603133 2026] [ssl:warn] [pid 7037:tid 7037] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 18 03:16:15.603159 2026] [ssl:warn] [pid 7037:tid 7037] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 18 03:26:31.538283 2026] [ssl:warn] [pid 44741:tid 44741] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 18 03:26:31.538310 2026] [ssl:warn] [pid 44741:tid 44741] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 18 03:26:33.541141 2026] [ssl:warn] [pid 44746:tid 44746] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 18 03:26:33.541168 2026] [ssl:warn] [pid 44746:tid 44746] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 18 03:32:55.770616 2026] [ssl:warn] [pid 9807:tid 9807] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 18 03:32:55.770643 2026] [ssl:warn] [pid 9807:tid 9807] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 18 03:32:57.802150 2026] [ssl:warn] [pid 9810:tid 9810] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 18 03:32:57.802188 2026] [ssl:warn] [pid 9810:tid 9810] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 19 00:02:31.198004 2026] [ssl:warn] [pid 9810:tid 9810] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 19 00:02:31.198032 2026] [ssl:warn] [pid 9810:tid 9810] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 19 03:46:49.879473 2026] [ssl:warn] [pid 39407:tid 39407] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 19 03:46:49.879502 2026] [ssl:warn] [pid 39407:tid 39407] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 19 03:46:51.982707 2026] [ssl:warn] [pid 39410:tid 39410] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 19 03:46:51.982735 2026] [ssl:warn] [pid 39410:tid 39410] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 19 03:47:07.443576 2026] [ssl:warn] [pid 39410:tid 39410] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 19 03:47:07.443603 2026] [ssl:warn] [pid 39410:tid 39410] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 19 03:47:17.359772 2026] [ssl:warn] [pid 39410:tid 39410] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 19 03:47:17.359799 2026] [ssl:warn] [pid 39410:tid 39410] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 19 03:47:28.210477 2026] [ssl:warn] [pid 40069:tid 40069] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 19 03:47:28.210510 2026] [ssl:warn] [pid 40069:tid 40069] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 19 03:47:30.281183 2026] [ssl:warn] [pid 40072:tid 40072] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 19 03:47:30.281219 2026] [ssl:warn] [pid 40072:tid 40072] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 19 04:04:07.692278 2026] [ssl:warn] [pid 17392:tid 17392] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 19 04:04:07.692320 2026] [ssl:warn] [pid 17392:tid 17392] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 19 04:04:09.740419 2026] [ssl:warn] [pid 17394:tid 17394] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 19 04:04:09.740447 2026] [ssl:warn] [pid 17394:tid 17394] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 19 04:10:44.795297 2026] [ssl:warn] [pid 47724:tid 47724] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 19 04:10:44.795345 2026] [ssl:warn] [pid 47724:tid 47724] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 19 04:10:46.850190 2026] [ssl:warn] [pid 47728:tid 47728] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 19 04:10:46.850220 2026] [ssl:warn] [pid 47728:tid 47728] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 20 03:12:51.798079 2026] [ssl:warn] [pid 61391:tid 61391] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 20 03:12:51.798111 2026] [ssl:warn] [pid 61391:tid 61391] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 20 03:12:54.245732 2026] [ssl:warn] [pid 61398:tid 61398] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 20 03:12:54.245761 2026] [ssl:warn] [pid 61398:tid 61398] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 20 03:13:11.017436 2026] [ssl:warn] [pid 61398:tid 61398] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 20 03:13:11.017462 2026] [ssl:warn] [pid 61398:tid 61398] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 20 03:13:20.406517 2026] [ssl:warn] [pid 61398:tid 61398] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 20 03:13:20.406542 2026] [ssl:warn] [pid 61398:tid 61398] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 20 03:13:29.285878 2026] [ssl:warn] [pid 62018:tid 62018] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 20 03:13:29.285906 2026] [ssl:warn] [pid 62018:tid 62018] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 20 03:13:31.279910 2026] [ssl:warn] [pid 62020:tid 62020] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 20 03:13:31.279936 2026] [ssl:warn] [pid 62020:tid 62020] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 20 03:24:13.877539 2026] [ssl:warn] [pid 34210:tid 34210] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 20 03:24:13.877567 2026] [ssl:warn] [pid 34210:tid 34210] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 20 03:24:15.903874 2026] [ssl:warn] [pid 34213:tid 34213] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 20 03:24:15.903901 2026] [ssl:warn] [pid 34213:tid 34213] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 20 03:30:48.410279 2026] [ssl:warn] [pid 64283:tid 64283] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 20 03:30:48.410307 2026] [ssl:warn] [pid 64283:tid 64283] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 20 03:30:50.474829 2026] [ssl:warn] [pid 64287:tid 64287] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 20 03:30:50.474856 2026] [ssl:warn] [pid 64287:tid 64287] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 20 10:09:52.144523 2026] [ssl:warn] [pid 64287:tid 64287] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 20 10:09:52.144554 2026] [ssl:warn] [pid 64287:tid 64287] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 21 03:16:53.115978 2026] [ssl:warn] [pid 31929:tid 31929] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 21 03:16:53.116032 2026] [ssl:warn] [pid 31929:tid 31929] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 21 03:16:55.524405 2026] [ssl:warn] [pid 31933:tid 31933] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 21 03:16:55.524433 2026] [ssl:warn] [pid 31933:tid 31933] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 21 03:17:10.710619 2026] [ssl:warn] [pid 31933:tid 31933] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 21 03:17:10.710647 2026] [ssl:warn] [pid 31933:tid 31933] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 21 03:17:20.598748 2026] [ssl:warn] [pid 31933:tid 31933] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 21 03:17:20.598776 2026] [ssl:warn] [pid 31933:tid 31933] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 21 03:17:26.542776 2026] [ssl:warn] [pid 32501:tid 32501] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 21 03:17:26.542803 2026] [ssl:warn] [pid 32501:tid 32501] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 21 03:17:28.626172 2026] [ssl:warn] [pid 32504:tid 32504] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 21 03:17:28.626199 2026] [ssl:warn] [pid 32504:tid 32504] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 21 03:28:46.845422 2026] [ssl:warn] [pid 4901:tid 4901] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 21 03:28:46.845451 2026] [ssl:warn] [pid 4901:tid 4901] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 21 03:28:48.908354 2026] [ssl:warn] [pid 4903:tid 4903] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 21 03:28:48.908380 2026] [ssl:warn] [pid 4903:tid 4903] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 21 03:36:05.255455 2026] [ssl:warn] [pid 35237:tid 35237] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 21 03:36:05.255499 2026] [ssl:warn] [pid 35237:tid 35237] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 21 03:36:07.389543 2026] [ssl:warn] [pid 35263:tid 35263] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 21 03:36:07.389571 2026] [ssl:warn] [pid 35263:tid 35263] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 22 03:06:45.248153 2026] [ssl:warn] [pid 17978:tid 17978] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 22 03:06:45.248186 2026] [ssl:warn] [pid 17978:tid 17978] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 22 03:06:47.738532 2026] [ssl:warn] [pid 17984:tid 17984] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 22 03:06:47.738559 2026] [ssl:warn] [pid 17984:tid 17984] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 22 03:07:02.983813 2026] [ssl:warn] [pid 17984:tid 17984] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 22 03:07:02.983844 2026] [ssl:warn] [pid 17984:tid 17984] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 22 03:07:12.529298 2026] [ssl:warn] [pid 17984:tid 17984] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 22 03:07:12.529325 2026] [ssl:warn] [pid 17984:tid 17984] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 22 03:07:19.445131 2026] [ssl:warn] [pid 18567:tid 18567] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 22 03:07:19.445228 2026] [ssl:warn] [pid 18567:tid 18567] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 22 03:07:21.541757 2026] [ssl:warn] [pid 18569:tid 18569] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 22 03:07:21.541785 2026] [ssl:warn] [pid 18569:tid 18569] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 22 03:19:30.883144 2026] [ssl:warn] [pid 56393:tid 56393] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 22 03:19:30.883179 2026] [ssl:warn] [pid 56393:tid 56393] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 22 03:19:32.970789 2026] [ssl:warn] [pid 56397:tid 56397] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 22 03:19:32.970816 2026] [ssl:warn] [pid 56397:tid 56397] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 22 03:26:03.066349 2026] [ssl:warn] [pid 21632:tid 21632] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 22 03:26:03.066377 2026] [ssl:warn] [pid 21632:tid 21632] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 22 03:26:05.142735 2026] [ssl:warn] [pid 21637:tid 21637] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 22 03:26:05.142762 2026] [ssl:warn] [pid 21637:tid 21637] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 22 13:25:48.701652 2026] [ssl:warn] [pid 21637:tid 21637] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 22 13:25:48.701706 2026] [ssl:warn] [pid 21637:tid 21637] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 23 03:10:44.193597 2026] [ssl:warn] [pid 39499:tid 39499] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 23 03:10:44.193625 2026] [ssl:warn] [pid 39499:tid 39499] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 23 03:10:46.469171 2026] [ssl:warn] [pid 39521:tid 39521] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 23 03:10:46.469200 2026] [ssl:warn] [pid 39521:tid 39521] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 23 03:11:03.819659 2026] [ssl:warn] [pid 39521:tid 39521] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 23 03:11:03.819705 2026] [ssl:warn] [pid 39521:tid 39521] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 23 03:11:13.117897 2026] [ssl:warn] [pid 39521:tid 39521] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 23 03:11:13.117923 2026] [ssl:warn] [pid 39521:tid 39521] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 23 03:11:27.132882 2026] [ssl:warn] [pid 40150:tid 40150] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 23 03:11:27.132910 2026] [ssl:warn] [pid 40150:tid 40150] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 23 03:11:29.169311 2026] [ssl:warn] [pid 40153:tid 40153] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 23 03:11:29.169336 2026] [ssl:warn] [pid 40153:tid 40153] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 23 03:22:41.606577 2026] [ssl:warn] [pid 12710:tid 12710] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 23 03:22:41.606604 2026] [ssl:warn] [pid 12710:tid 12710] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 23 03:22:43.633023 2026] [ssl:warn] [pid 12712:tid 12712] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 23 03:22:43.633051 2026] [ssl:warn] [pid 12712:tid 12712] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 23 03:29:19.469742 2026] [ssl:warn] [pid 42921:tid 42921] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 23 03:29:19.469780 2026] [ssl:warn] [pid 42921:tid 42921] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 23 03:29:21.451542 2026] [ssl:warn] [pid 42923:tid 42923] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 23 03:29:21.451571 2026] [ssl:warn] [pid 42923:tid 42923] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 03:34:44.897022 2026] [ssl:warn] [pid 14987:tid 14987] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 03:34:44.897053 2026] [ssl:warn] [pid 14987:tid 14987] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 03:34:47.341120 2026] [ssl:warn] [pid 14992:tid 14992] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 03:34:47.341152 2026] [ssl:warn] [pid 14992:tid 14992] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 03:34:59.423724 2026] [ssl:warn] [pid 14992:tid 14992] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 03:34:59.423753 2026] [ssl:warn] [pid 14992:tid 14992] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 03:35:09.190934 2026] [ssl:warn] [pid 14992:tid 14992] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 03:35:09.190971 2026] [ssl:warn] [pid 14992:tid 14992] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 03:35:15.176964 2026] [ssl:warn] [pid 15609:tid 15609] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 03:35:15.176993 2026] [ssl:warn] [pid 15609:tid 15609] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 03:35:17.243486 2026] [ssl:warn] [pid 15624:tid 15624] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 03:35:17.243515 2026] [ssl:warn] [pid 15624:tid 15624] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 03:47:36.581134 2026] [ssl:warn] [pid 53619:tid 53619] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 03:47:36.581164 2026] [ssl:warn] [pid 53619:tid 53619] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 03:47:38.681945 2026] [ssl:warn] [pid 53622:tid 53622] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 03:47:38.681973 2026] [ssl:warn] [pid 53622:tid 53622] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 03:54:33.907924 2026] [ssl:warn] [pid 19045:tid 19045] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 03:54:33.907969 2026] [ssl:warn] [pid 19045:tid 19045] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 03:54:35.994541 2026] [ssl:warn] [pid 19049:tid 19049] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 03:54:35.994571 2026] [ssl:warn] [pid 19049:tid 19049] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 10:13:09.565628 2026] [ssl:warn] [pid 19049:tid 19049] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 10:13:09.565659 2026] [ssl:warn] [pid 19049:tid 19049] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 10:13:38.942306 2026] [ssl:warn] [pid 19049:tid 19049] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 10:13:38.942332 2026] [ssl:warn] [pid 19049:tid 19049] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 10:14:56.739727 2026] [ssl:warn] [pid 19049:tid 19049] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 10:14:56.739761 2026] [ssl:warn] [pid 19049:tid 19049] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 10:15:03.594610 2026] [ssl:warn] [pid 19049:tid 19049] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 10:15:03.594648 2026] [ssl:warn] [pid 19049:tid 19049] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 10:15:14.931294 2026] [ssl:warn] [pid 19049:tid 19049] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 10:15:14.931321 2026] [ssl:warn] [pid 19049:tid 19049] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 10:15:40.777569 2026] [ssl:warn] [pid 19049:tid 19049] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 10:15:40.777619 2026] [ssl:warn] [pid 19049:tid 19049] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri Apr 24 10:16:05.216980 2026] [ssl:warn] [pid 19049:tid 19049] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 24 10:16:05.217021 2026] [ssl:warn] [pid 19049:tid 19049] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 00:01:48.788602 2026] [ssl:warn] [pid 19049:tid 19049] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 00:01:48.788632 2026] [ssl:warn] [pid 19049:tid 19049] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 03:25:48.130968 2026] [ssl:warn] [pid 40059:tid 40059] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 03:25:48.130998 2026] [ssl:warn] [pid 40059:tid 40059] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 03:25:50.274838 2026] [ssl:warn] [pid 40064:tid 40064] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 03:25:50.274869 2026] [ssl:warn] [pid 40064:tid 40064] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 03:26:05.496650 2026] [ssl:warn] [pid 40064:tid 40064] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 03:26:05.496679 2026] [ssl:warn] [pid 40064:tid 40064] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 03:26:14.796669 2026] [ssl:warn] [pid 40064:tid 40064] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 03:26:14.796711 2026] [ssl:warn] [pid 40064:tid 40064] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 03:26:28.667647 2026] [ssl:warn] [pid 40674:tid 40674] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 03:26:28.667675 2026] [ssl:warn] [pid 40674:tid 40674] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 03:26:30.664612 2026] [ssl:warn] [pid 40686:tid 40686] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 03:26:30.664639 2026] [ssl:warn] [pid 40686:tid 40686] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 03:38:01.858717 2026] [ssl:warn] [pid 13515:tid 13515] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 03:38:01.858744 2026] [ssl:warn] [pid 13515:tid 13515] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 03:38:03.953378 2026] [ssl:warn] [pid 13525:tid 13525] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 03:38:03.953423 2026] [ssl:warn] [pid 13525:tid 13525] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 03:44:46.853122 2026] [ssl:warn] [pid 44265:tid 44265] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 03:44:46.853153 2026] [ssl:warn] [pid 44265:tid 44265] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 03:44:48.932932 2026] [ssl:warn] [pid 44270:tid 44270] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 03:44:48.932960 2026] [ssl:warn] [pid 44270:tid 44270] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 17:02:13.932765 2026] [ssl:warn] [pid 44270:tid 44270] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 17:02:13.932795 2026] [ssl:warn] [pid 44270:tid 44270] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 18:02:17.511915 2026] [ssl:warn] [pid 44270:tid 44270] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 18:02:17.511945 2026] [ssl:warn] [pid 44270:tid 44270] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 20:11:11.489680 2026] [ssl:warn] [pid 44270:tid 44270] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 20:11:11.489722 2026] [ssl:warn] [pid 44270:tid 44270] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat Apr 25 20:11:34.625197 2026] [ssl:warn] [pid 44270:tid 44270] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Apr 25 20:11:34.625259 2026] [ssl:warn] [pid 44270:tid 44270] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 26 03:48:45.056519 2026] [ssl:warn] [pid 63345:tid 63345] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 26 03:48:45.056549 2026] [ssl:warn] [pid 63345:tid 63345] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 26 03:48:47.315386 2026] [ssl:warn] [pid 63351:tid 63351] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 26 03:48:47.315415 2026] [ssl:warn] [pid 63351:tid 63351] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 26 03:49:01.135386 2026] [ssl:warn] [pid 63351:tid 63351] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 26 03:49:01.135414 2026] [ssl:warn] [pid 63351:tid 63351] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 26 03:49:10.968153 2026] [ssl:warn] [pid 63351:tid 63351] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 26 03:49:10.968180 2026] [ssl:warn] [pid 63351:tid 63351] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 26 03:49:17.804137 2026] [ssl:warn] [pid 64047:tid 64047] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 26 03:49:17.804170 2026] [ssl:warn] [pid 64047:tid 64047] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 26 03:49:19.837931 2026] [ssl:warn] [pid 64050:tid 64050] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 26 03:49:19.837962 2026] [ssl:warn] [pid 64050:tid 64050] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 26 04:06:37.443310 2026] [ssl:warn] [pid 42994:tid 42994] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 26 04:06:37.443356 2026] [ssl:warn] [pid 42994:tid 42994] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 26 04:06:40.069306 2026] [ssl:warn] [pid 43001:tid 43001] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 26 04:06:40.069333 2026] [ssl:warn] [pid 43001:tid 43001] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 26 04:13:16.707993 2026] [ssl:warn] [pid 8334:tid 8334] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 26 04:13:16.708022 2026] [ssl:warn] [pid 8334:tid 8334] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun Apr 26 04:13:18.693827 2026] [ssl:warn] [pid 8338:tid 8338] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 26 04:13:18.693855 2026] [ssl:warn] [pid 8338:tid 8338] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 03:36:43.043695 2026] [ssl:warn] [pid 19503:tid 19503] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 03:36:43.043724 2026] [ssl:warn] [pid 19503:tid 19503] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 03:36:45.311738 2026] [ssl:warn] [pid 19506:tid 19506] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 03:36:45.311756 2026] [ssl:warn] [pid 19506:tid 19506] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 03:37:00.626481 2026] [ssl:warn] [pid 19506:tid 19506] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 03:37:00.626509 2026] [ssl:warn] [pid 19506:tid 19506] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 03:37:09.290502 2026] [ssl:warn] [pid 19506:tid 19506] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 03:37:09.290528 2026] [ssl:warn] [pid 19506:tid 19506] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 03:37:16.052817 2026] [ssl:warn] [pid 20092:tid 20092] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 03:37:16.052856 2026] [ssl:warn] [pid 20092:tid 20092] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 03:37:18.061859 2026] [ssl:warn] [pid 20096:tid 20096] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 03:37:18.061888 2026] [ssl:warn] [pid 20096:tid 20096] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 03:47:43.611847 2026] [ssl:warn] [pid 57619:tid 57619] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 03:47:43.611877 2026] [ssl:warn] [pid 57619:tid 57619] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 03:47:45.660022 2026] [ssl:warn] [pid 57624:tid 57624] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 03:47:45.660048 2026] [ssl:warn] [pid 57624:tid 57624] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 03:54:14.721843 2026] [ssl:warn] [pid 22590:tid 22590] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 03:54:14.721872 2026] [ssl:warn] [pid 22590:tid 22590] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 03:54:16.753676 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 03:54:16.753706 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 07:06:14.681363 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 07:06:14.681401 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 07:06:29.656912 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 07:06:29.656940 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 07:50:24.694945 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 07:50:24.694975 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 09:00:41.062250 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 09:00:41.062266 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 11:48:08.965566 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 11:48:08.965598 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 12:10:33.952693 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 12:10:33.952724 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 14:30:04.317680 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 14:30:04.317709 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 14:31:09.987813 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 14:31:09.987844 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 19:47:46.025601 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 19:47:46.025630 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 19:50:01.302867 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 19:50:01.302911 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 19:50:16.179508 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 19:50:16.179535 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 27 20:13:26.368968 2026] [ssl:warn] [pid 22593:tid 22593] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 27 20:13:26.368998 2026] [ssl:warn] [pid 22593:tid 22593] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 03:48:49.365610 2026] [ssl:warn] [pid 11313:tid 11313] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 03:48:49.365638 2026] [ssl:warn] [pid 11313:tid 11313] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 03:48:51.518289 2026] [ssl:warn] [pid 11320:tid 11320] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 03:48:51.518318 2026] [ssl:warn] [pid 11320:tid 11320] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 03:49:05.476029 2026] [ssl:warn] [pid 11320:tid 11320] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 03:49:05.476059 2026] [ssl:warn] [pid 11320:tid 11320] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 03:49:14.644605 2026] [ssl:warn] [pid 11320:tid 11320] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 03:49:14.644641 2026] [ssl:warn] [pid 11320:tid 11320] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 03:49:20.902494 2026] [ssl:warn] [pid 11875:tid 11875] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 03:49:20.902522 2026] [ssl:warn] [pid 11875:tid 11875] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 03:49:23.244585 2026] [ssl:warn] [pid 11880:tid 11880] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 03:49:23.244615 2026] [ssl:warn] [pid 11880:tid 11880] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 03:59:54.171893 2026] [ssl:warn] [pid 49430:tid 49430] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 03:59:54.171913 2026] [ssl:warn] [pid 49430:tid 49430] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 03:59:56.109320 2026] [ssl:warn] [pid 49433:tid 49433] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 03:59:56.109352 2026] [ssl:warn] [pid 49433:tid 49433] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 04:06:30.694158 2026] [ssl:warn] [pid 14505:tid 14505] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 04:06:30.694186 2026] [ssl:warn] [pid 14505:tid 14505] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 04:06:32.616247 2026] [ssl:warn] [pid 14523:tid 14523] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 04:06:32.616305 2026] [ssl:warn] [pid 14523:tid 14523] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 07:05:40.442780 2026] [ssl:warn] [pid 14523:tid 14523] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 07:05:40.442809 2026] [ssl:warn] [pid 14523:tid 14523] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 07:06:05.412641 2026] [ssl:warn] [pid 14523:tid 14523] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 07:06:05.412669 2026] [ssl:warn] [pid 14523:tid 14523] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 07:15:30.044611 2026] [ssl:warn] [pid 14523:tid 14523] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 07:15:30.044634 2026] [ssl:warn] [pid 14523:tid 14523] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue Apr 28 07:22:25.666848 2026] [ssl:warn] [pid 14523:tid 14523] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Apr 28 07:22:25.666879 2026] [ssl:warn] [pid 14523:tid 14523] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 03:31:45.972978 2026] [ssl:warn] [pid 53686:tid 53686] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 03:31:45.973010 2026] [ssl:warn] [pid 53686:tid 53686] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 03:31:48.149602 2026] [ssl:warn] [pid 53691:tid 53691] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 03:31:48.149633 2026] [ssl:warn] [pid 53691:tid 53691] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 03:31:56.984156 2026] [ssl:warn] [pid 53691:tid 53691] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 03:31:56.984184 2026] [ssl:warn] [pid 53691:tid 53691] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 03:32:06.281632 2026] [ssl:warn] [pid 53691:tid 53691] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 03:32:06.281660 2026] [ssl:warn] [pid 53691:tid 53691] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 03:32:14.058531 2026] [ssl:warn] [pid 54234:tid 54234] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 03:32:14.058573 2026] [ssl:warn] [pid 54234:tid 54234] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 03:32:16.028846 2026] [ssl:warn] [pid 54236:tid 54236] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 03:32:16.028882 2026] [ssl:warn] [pid 54236:tid 54236] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 03:42:39.718559 2026] [ssl:warn] [pid 26584:tid 26584] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 03:42:39.718603 2026] [ssl:warn] [pid 26584:tid 26584] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 03:42:41.663849 2026] [ssl:warn] [pid 26587:tid 26587] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 03:42:41.663874 2026] [ssl:warn] [pid 26587:tid 26587] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 03:49:16.720276 2026] [ssl:warn] [pid 56683:tid 56683] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 03:49:16.720305 2026] [ssl:warn] [pid 56683:tid 56683] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 03:49:18.696433 2026] [ssl:warn] [pid 56685:tid 56685] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 03:49:18.696460 2026] [ssl:warn] [pid 56685:tid 56685] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 08:37:11.883491 2026] [ssl:warn] [pid 56685:tid 56685] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 08:37:11.883521 2026] [ssl:warn] [pid 56685:tid 56685] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 08:38:04.288285 2026] [ssl:warn] [pid 56685:tid 56685] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 08:38:04.288313 2026] [ssl:warn] [pid 56685:tid 56685] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 09:49:16.499658 2026] [ssl:warn] [pid 56685:tid 56685] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 09:49:16.499687 2026] [ssl:warn] [pid 56685:tid 56685] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 10:16:50.844704 2026] [ssl:warn] [pid 56685:tid 56685] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 10:16:50.844735 2026] [ssl:warn] [pid 56685:tid 56685] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 19:54:11.286435 2026] [ssl:warn] [pid 56685:tid 56685] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 19:54:11.286534 2026] [ssl:warn] [pid 56685:tid 56685] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 19:54:24.477969 2026] [ssl:warn] [pid 56685:tid 56685] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 19:54:24.477998 2026] [ssl:warn] [pid 56685:tid 56685] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed Apr 29 19:54:36.820903 2026] [ssl:warn] [pid 56685:tid 56685] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Apr 29 19:54:36.820929 2026] [ssl:warn] [pid 56685:tid 56685] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 03:33:06.390927 2026] [ssl:warn] [pid 14108:tid 14108] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 03:33:06.390971 2026] [ssl:warn] [pid 14108:tid 14108] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 03:33:08.579149 2026] [ssl:warn] [pid 14113:tid 14113] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 03:33:08.579191 2026] [ssl:warn] [pid 14113:tid 14113] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 03:33:22.766917 2026] [ssl:warn] [pid 14113:tid 14113] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 03:33:22.766946 2026] [ssl:warn] [pid 14113:tid 14113] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 03:33:31.948370 2026] [ssl:warn] [pid 14113:tid 14113] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 03:33:31.948384 2026] [ssl:warn] [pid 14113:tid 14113] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 03:33:38.857311 2026] [ssl:warn] [pid 14745:tid 14745] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 03:33:38.857339 2026] [ssl:warn] [pid 14745:tid 14745] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 03:33:40.810453 2026] [ssl:warn] [pid 14747:tid 14747] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 03:33:40.810482 2026] [ssl:warn] [pid 14747:tid 14747] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 03:44:06.979752 2026] [ssl:warn] [pid 52781:tid 52781] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 03:44:06.979779 2026] [ssl:warn] [pid 52781:tid 52781] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 03:44:08.930528 2026] [ssl:warn] [pid 52785:tid 52785] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 03:44:08.930558 2026] [ssl:warn] [pid 52785:tid 52785] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 03:50:52.055360 2026] [ssl:warn] [pid 18059:tid 18059] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 03:50:52.055389 2026] [ssl:warn] [pid 18059:tid 18059] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 03:50:54.049733 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 03:50:54.049768 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 16:30:13.078331 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 16:30:13.078361 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 17:47:52.589981 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 17:47:52.590021 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 17:53:10.257416 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 17:53:10.257460 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 17:54:01.798080 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 17:54:01.798121 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 17:55:50.567850 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 17:55:50.567879 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 17:56:35.094444 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 17:56:35.094474 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 18:01:00.075410 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 18:01:00.075442 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 18:01:35.767176 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 18:01:35.767203 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 18:03:32.240735 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 18:03:32.240775 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 18:04:02.528203 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 18:04:02.528231 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 18:05:34.321515 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 18:05:34.321543 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu Apr 30 18:06:02.785739 2026] [ssl:warn] [pid 18062:tid 18062] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 30 18:06:02.785764 2026] [ssl:warn] [pid 18062:tid 18062] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 03:36:51.281334 2026] [ssl:warn] [pid 11075:tid 11075] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 03:36:51.281366 2026] [ssl:warn] [pid 11075:tid 11075] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 03:36:53.451357 2026] [ssl:warn] [pid 11081:tid 11081] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 03:36:53.451402 2026] [ssl:warn] [pid 11081:tid 11081] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 03:37:06.663042 2026] [ssl:warn] [pid 11081:tid 11081] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 03:37:06.663073 2026] [ssl:warn] [pid 11081:tid 11081] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 03:37:15.818404 2026] [ssl:warn] [pid 11081:tid 11081] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 03:37:15.818433 2026] [ssl:warn] [pid 11081:tid 11081] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 03:37:28.742784 2026] [ssl:warn] [pid 11656:tid 11656] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 03:37:28.742814 2026] [ssl:warn] [pid 11656:tid 11656] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 03:37:30.760500 2026] [ssl:warn] [pid 11658:tid 11658] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 03:37:30.760528 2026] [ssl:warn] [pid 11658:tid 11658] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 04:32:16.343372 2026] [ssl:warn] [pid 7543:tid 7543] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 04:32:16.343416 2026] [ssl:warn] [pid 7543:tid 7543] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 04:32:19.153673 2026] [ssl:warn] [pid 7549:tid 7549] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 04:32:19.153709 2026] [ssl:warn] [pid 7549:tid 7549] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 04:39:03.298359 2026] [ssl:warn] [pid 37959:tid 37959] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 04:39:03.298367 2026] [ssl:warn] [pid 37959:tid 37959] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 04:39:05.274896 2026] [ssl:warn] [pid 37964:tid 37964] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 04:39:05.274924 2026] [ssl:warn] [pid 37964:tid 37964] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 10:29:07.127471 2026] [ssl:warn] [pid 37964:tid 37964] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 10:29:07.127504 2026] [ssl:warn] [pid 37964:tid 37964] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 10:32:16.683392 2026] [ssl:warn] [pid 37964:tid 37964] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 01 10:32:16.683424 2026] [ssl:warn] [pid 37964:tid 37964] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 02 03:12:49.315673 2026] [ssl:warn] [pid 55782:tid 55782] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 02 03:12:49.315700 2026] [ssl:warn] [pid 55782:tid 55782] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 02 03:12:51.426840 2026] [ssl:warn] [pid 55786:tid 55786] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 02 03:12:51.426868 2026] [ssl:warn] [pid 55786:tid 55786] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 02 03:13:08.790517 2026] [ssl:warn] [pid 55786:tid 55786] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 02 03:13:08.790544 2026] [ssl:warn] [pid 55786:tid 55786] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 02 03:13:17.810107 2026] [ssl:warn] [pid 55786:tid 55786] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 02 03:13:17.810133 2026] [ssl:warn] [pid 55786:tid 55786] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 02 03:13:25.713797 2026] [ssl:warn] [pid 56401:tid 56401] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 02 03:13:25.713825 2026] [ssl:warn] [pid 56401:tid 56401] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 02 03:13:27.603366 2026] [ssl:warn] [pid 56404:tid 56404] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 02 03:13:27.603394 2026] [ssl:warn] [pid 56404:tid 56404] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 02 03:18:44.223523 2026] [ssl:warn] [pid 22691:tid 22691] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 02 03:18:44.223551 2026] [ssl:warn] [pid 22691:tid 22691] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 02 03:18:46.133900 2026] [ssl:warn] [pid 22694:tid 22694] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 02 03:18:46.133927 2026] [ssl:warn] [pid 22694:tid 22694] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 02 03:25:04.573745 2026] [ssl:warn] [pid 53374:tid 53374] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 02 03:25:04.573774 2026] [ssl:warn] [pid 53374:tid 53374] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 02 03:25:06.497780 2026] [ssl:warn] [pid 53383:tid 53383] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 02 03:25:06.497810 2026] [ssl:warn] [pid 53383:tid 53383] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 03 03:28:54.384955 2026] [ssl:warn] [pid 31819:tid 31819] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 03 03:28:54.384985 2026] [ssl:warn] [pid 31819:tid 31819] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 03 03:28:56.699879 2026] [ssl:warn] [pid 31822:tid 31822] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 03 03:28:56.699907 2026] [ssl:warn] [pid 31822:tid 31822] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 03 03:29:04.583353 2026] [ssl:warn] [pid 31822:tid 31822] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 03 03:29:04.583395 2026] [ssl:warn] [pid 31822:tid 31822] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 03 03:29:14.023985 2026] [ssl:warn] [pid 31822:tid 31822] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 03 03:29:14.024013 2026] [ssl:warn] [pid 31822:tid 31822] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 03 03:29:28.026412 2026] [ssl:warn] [pid 32490:tid 32490] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 03 03:29:28.026442 2026] [ssl:warn] [pid 32490:tid 32490] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 03 03:29:30.025711 2026] [ssl:warn] [pid 32493:tid 32493] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 03 03:29:30.025737 2026] [ssl:warn] [pid 32493:tid 32493] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 03 03:44:25.191090 2026] [ssl:warn] [pid 10238:tid 10238] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 03 03:44:25.191118 2026] [ssl:warn] [pid 10238:tid 10238] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 03 03:44:27.193868 2026] [ssl:warn] [pid 10241:tid 10241] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 03 03:44:27.193897 2026] [ssl:warn] [pid 10241:tid 10241] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 03 03:51:00.457099 2026] [ssl:warn] [pid 40572:tid 40572] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 03 03:51:00.457130 2026] [ssl:warn] [pid 40572:tid 40572] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 03 03:51:02.479815 2026] [ssl:warn] [pid 40577:tid 40577] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 03 03:51:02.479841 2026] [ssl:warn] [pid 40577:tid 40577] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 03 05:59:22.730803 2026] [ssl:warn] [pid 40577:tid 40577] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 03 05:59:22.730830 2026] [ssl:warn] [pid 40577:tid 40577] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 03:09:53.303998 2026] [ssl:warn] [pid 54722:tid 54722] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 03:09:53.304028 2026] [ssl:warn] [pid 54722:tid 54722] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 03:09:55.584294 2026] [ssl:warn] [pid 54725:tid 54725] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 03:09:55.584321 2026] [ssl:warn] [pid 54725:tid 54725] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 03:10:18.506656 2026] [ssl:warn] [pid 54725:tid 54725] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 03:10:18.506682 2026] [ssl:warn] [pid 54725:tid 54725] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 03:10:27.712655 2026] [ssl:warn] [pid 54725:tid 54725] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 03:10:27.712685 2026] [ssl:warn] [pid 54725:tid 54725] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 03:10:41.486357 2026] [ssl:warn] [pid 55407:tid 55407] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 03:10:41.486384 2026] [ssl:warn] [pid 55407:tid 55407] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 03:10:43.394686 2026] [ssl:warn] [pid 55411:tid 55411] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 03:10:43.394713 2026] [ssl:warn] [pid 55411:tid 55411] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 03:19:31.804994 2026] [ssl:warn] [pid 26733:tid 26733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 03:19:31.805020 2026] [ssl:warn] [pid 26733:tid 26733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 03:19:33.711669 2026] [ssl:warn] [pid 26736:tid 26736] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 03:19:33.711699 2026] [ssl:warn] [pid 26736:tid 26736] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 03:25:55.553607 2026] [ssl:warn] [pid 56998:tid 56998] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 03:25:55.553634 2026] [ssl:warn] [pid 56998:tid 56998] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 03:25:57.465851 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 03:25:57.465879 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 07:24:47.098672 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 07:24:47.098701 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 07:25:18.396914 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 07:25:18.396945 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 07:25:39.986130 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 07:25:39.986156 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 07:26:02.037727 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 07:26:02.037758 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 14:17:59.465567 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 14:17:59.465619 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 14:19:15.082076 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 14:19:15.082107 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 14:19:38.452478 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 14:19:38.452507 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 14:21:23.748003 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 14:21:23.748031 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 14:21:40.141954 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 14:21:40.141982 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 14:21:50.966410 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 14:21:50.966437 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 14:31:04.170540 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 14:31:04.170763 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 14:31:12.908547 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 14:31:12.908575 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 14:35:49.376809 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 14:35:49.376843 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 15:03:40.112151 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 15:03:40.112190 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 04 15:03:49.115529 2026] [ssl:warn] [pid 57002:tid 57002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 04 15:03:49.115556 2026] [ssl:warn] [pid 57002:tid 57002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 05 03:47:51.993177 2026] [ssl:warn] [pid 36255:tid 36255] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 05 03:47:51.993205 2026] [ssl:warn] [pid 36255:tid 36255] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 05 03:47:54.217113 2026] [ssl:warn] [pid 36260:tid 36260] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 05 03:47:54.217153 2026] [ssl:warn] [pid 36260:tid 36260] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 05 03:48:16.456372 2026] [ssl:warn] [pid 36260:tid 36260] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 05 03:48:16.456401 2026] [ssl:warn] [pid 36260:tid 36260] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 05 03:48:25.575177 2026] [ssl:warn] [pid 36260:tid 36260] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 05 03:48:25.575203 2026] [ssl:warn] [pid 36260:tid 36260] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 05 03:48:32.605364 2026] [ssl:warn] [pid 36940:tid 36940] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 05 03:48:32.605399 2026] [ssl:warn] [pid 36940:tid 36940] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 05 03:48:34.677994 2026] [ssl:warn] [pid 36957:tid 36957] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 05 03:48:34.678021 2026] [ssl:warn] [pid 36957:tid 36957] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 05 03:57:41.368145 2026] [ssl:warn] [pid 8527:tid 8527] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 05 03:57:41.368173 2026] [ssl:warn] [pid 8527:tid 8527] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 05 03:57:43.288574 2026] [ssl:warn] [pid 8533:tid 8533] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 05 03:57:43.288603 2026] [ssl:warn] [pid 8533:tid 8533] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 05 04:04:31.716049 2026] [ssl:warn] [pid 39013:tid 39013] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 05 04:04:31.716078 2026] [ssl:warn] [pid 39013:tid 39013] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 05 04:04:33.598321 2026] [ssl:warn] [pid 39015:tid 39015] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 05 04:04:33.598348 2026] [ssl:warn] [pid 39015:tid 39015] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 05 10:11:44.522779 2026] [ssl:warn] [pid 39015:tid 39015] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 05 10:11:44.522821 2026] [ssl:warn] [pid 39015:tid 39015] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 03:19:43.151907 2026] [ssl:warn] [pid 46843:tid 46843] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 03:19:43.151934 2026] [ssl:warn] [pid 46843:tid 46843] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 03:19:45.239430 2026] [ssl:warn] [pid 46847:tid 46847] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 03:19:45.239471 2026] [ssl:warn] [pid 46847:tid 46847] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 03:20:03.412846 2026] [ssl:warn] [pid 46847:tid 46847] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 03:20:03.412872 2026] [ssl:warn] [pid 46847:tid 46847] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 03:20:12.034401 2026] [ssl:warn] [pid 46847:tid 46847] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 03:20:12.034427 2026] [ssl:warn] [pid 46847:tid 46847] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 03:20:16.957231 2026] [ssl:warn] [pid 47514:tid 47514] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 03:20:16.957290 2026] [ssl:warn] [pid 47514:tid 47514] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 03:20:18.834493 2026] [ssl:warn] [pid 47519:tid 47519] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 03:20:18.834520 2026] [ssl:warn] [pid 47519:tid 47519] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 03:28:59.799146 2026] [ssl:warn] [pid 18766:tid 18766] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 03:28:59.799173 2026] [ssl:warn] [pid 18766:tid 18766] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 03:29:01.722371 2026] [ssl:warn] [pid 18769:tid 18769] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 03:29:01.722400 2026] [ssl:warn] [pid 18769:tid 18769] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 03:35:47.004990 2026] [ssl:warn] [pid 48704:tid 48704] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 03:35:47.005021 2026] [ssl:warn] [pid 48704:tid 48704] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 03:35:48.925573 2026] [ssl:warn] [pid 48707:tid 48707] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 03:35:48.925603 2026] [ssl:warn] [pid 48707:tid 48707] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 07:19:29.548555 2026] [ssl:warn] [pid 48707:tid 48707] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 07:19:29.548588 2026] [ssl:warn] [pid 48707:tid 48707] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 07:20:18.723410 2026] [ssl:warn] [pid 48707:tid 48707] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 07:20:18.723441 2026] [ssl:warn] [pid 48707:tid 48707] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 07:29:26.265069 2026] [ssl:warn] [pid 48707:tid 48707] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 07:29:26.265098 2026] [ssl:warn] [pid 48707:tid 48707] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 06 07:30:07.016403 2026] [ssl:warn] [pid 48707:tid 48707] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 06 07:30:07.016431 2026] [ssl:warn] [pid 48707:tid 48707] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 03:43:51.815532 2026] [ssl:warn] [pid 25963:tid 25963] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 03:43:51.815559 2026] [ssl:warn] [pid 25963:tid 25963] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 03:43:53.962444 2026] [ssl:warn] [pid 25984:tid 25984] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 03:43:53.962472 2026] [ssl:warn] [pid 25984:tid 25984] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 03:44:09.235142 2026] [ssl:warn] [pid 25984:tid 25984] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 03:44:09.235170 2026] [ssl:warn] [pid 25984:tid 25984] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 03:44:18.218818 2026] [ssl:warn] [pid 25984:tid 25984] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 03:44:18.218844 2026] [ssl:warn] [pid 25984:tid 25984] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 03:44:25.921888 2026] [ssl:warn] [pid 26549:tid 26549] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 03:44:25.921915 2026] [ssl:warn] [pid 26549:tid 26549] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 03:44:27.818528 2026] [ssl:warn] [pid 26552:tid 26552] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 03:44:27.818555 2026] [ssl:warn] [pid 26552:tid 26552] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 03:53:52.727653 2026] [ssl:warn] [pid 64508:tid 64508] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 03:53:52.727686 2026] [ssl:warn] [pid 64508:tid 64508] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 03:53:54.658922 2026] [ssl:warn] [pid 64526:tid 64526] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 03:53:54.658951 2026] [ssl:warn] [pid 64526:tid 64526] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 04:00:48.533807 2026] [ssl:warn] [pid 29552:tid 29552] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 04:00:48.533835 2026] [ssl:warn] [pid 29552:tid 29552] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 04:00:50.436994 2026] [ssl:warn] [pid 29556:tid 29556] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 04:00:50.437020 2026] [ssl:warn] [pid 29556:tid 29556] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 08:28:34.841426 2026] [ssl:warn] [pid 29556:tid 29556] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 08:28:34.841481 2026] [ssl:warn] [pid 29556:tid 29556] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 08:28:43.392287 2026] [ssl:warn] [pid 29556:tid 29556] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 08:28:43.392313 2026] [ssl:warn] [pid 29556:tid 29556] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 08:28:53.413290 2026] [ssl:warn] [pid 29556:tid 29556] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 08:28:53.413318 2026] [ssl:warn] [pid 29556:tid 29556] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 08:31:58.312405 2026] [ssl:warn] [pid 29556:tid 29556] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 08:31:58.312433 2026] [ssl:warn] [pid 29556:tid 29556] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 07 14:14:10.670362 2026] [ssl:warn] [pid 29556:tid 29556] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 07 14:14:10.670391 2026] [ssl:warn] [pid 29556:tid 29556] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 08 03:20:37.565645 2026] [ssl:warn] [pid 48740:tid 48740] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 08 03:20:37.565691 2026] [ssl:warn] [pid 48740:tid 48740] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 08 03:20:39.633757 2026] [ssl:warn] [pid 48745:tid 48745] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 08 03:20:39.633783 2026] [ssl:warn] [pid 48745:tid 48745] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 08 03:20:53.719689 2026] [ssl:warn] [pid 48745:tid 48745] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 08 03:20:53.719727 2026] [ssl:warn] [pid 48745:tid 48745] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 08 03:21:03.518286 2026] [ssl:warn] [pid 48745:tid 48745] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 08 03:21:03.518313 2026] [ssl:warn] [pid 48745:tid 48745] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 08 03:21:10.188862 2026] [ssl:warn] [pid 49348:tid 49348] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 08 03:21:10.188888 2026] [ssl:warn] [pid 49348:tid 49348] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 08 03:21:12.132833 2026] [ssl:warn] [pid 49350:tid 49350] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 08 03:21:12.132860 2026] [ssl:warn] [pid 49350:tid 49350] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 08 03:29:58.909311 2026] [ssl:warn] [pid 20828:tid 20828] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 08 03:29:58.909340 2026] [ssl:warn] [pid 20828:tid 20828] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 08 03:30:00.800178 2026] [ssl:warn] [pid 20830:tid 20830] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 08 03:30:00.800215 2026] [ssl:warn] [pid 20830:tid 20830] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 08 03:36:57.852300 2026] [ssl:warn] [pid 50948:tid 50948] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 08 03:36:57.852328 2026] [ssl:warn] [pid 50948:tid 50948] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 08 03:37:00.142501 2026] [ssl:warn] [pid 50952:tid 50952] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 08 03:37:00.142530 2026] [ssl:warn] [pid 50952:tid 50952] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:24:39.466405 2026] [ssl:warn] [pid 6602:tid 6602] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:24:39.466437 2026] [ssl:warn] [pid 6602:tid 6602] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:24:41.875623 2026] [ssl:warn] [pid 6608:tid 6608] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:24:41.875650 2026] [ssl:warn] [pid 6608:tid 6608] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:25:00.295466 2026] [ssl:warn] [pid 6608:tid 6608] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:25:00.295493 2026] [ssl:warn] [pid 6608:tid 6608] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:25:09.539069 2026] [ssl:warn] [pid 6608:tid 6608] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:25:09.539098 2026] [ssl:warn] [pid 6608:tid 6608] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:25:23.259335 2026] [ssl:warn] [pid 7314:tid 7314] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:25:23.259363 2026] [ssl:warn] [pid 7314:tid 7314] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:25:25.161597 2026] [ssl:warn] [pid 7321:tid 7321] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:25:25.161637 2026] [ssl:warn] [pid 7321:tid 7321] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:34:48.367753 2026] [ssl:warn] [pid 44184:tid 44184] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:34:48.367784 2026] [ssl:warn] [pid 44184:tid 44184] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:34:50.314849 2026] [ssl:warn] [pid 44186:tid 44186] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:34:50.314876 2026] [ssl:warn] [pid 44186:tid 44186] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:41:48.699132 2026] [ssl:warn] [pid 9346:tid 9346] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:41:48.699174 2026] [ssl:warn] [pid 9346:tid 9346] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:41:50.640363 2026] [ssl:warn] [pid 9349:tid 9349] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:41:50.640389 2026] [ssl:warn] [pid 9349:tid 9349] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:50:39.543972 2026] [ssl:warn] [pid 36125:tid 36125] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:50:39.543998 2026] [ssl:warn] [pid 36125:tid 36125] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:50:41.446720 2026] [ssl:warn] [pid 36127:tid 36127] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:50:41.446748 2026] [ssl:warn] [pid 36127:tid 36127] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:59:43.671175 2026] [ssl:warn] [pid 9099:tid 9099] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:59:43.671206 2026] [ssl:warn] [pid 9099:tid 9099] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 03:59:45.587630 2026] [ssl:warn] [pid 9102:tid 9102] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 03:59:45.587655 2026] [ssl:warn] [pid 9102:tid 9102] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 20:02:34.346660 2026] [ssl:warn] [pid 9102:tid 9102] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 20:02:34.346707 2026] [ssl:warn] [pid 9102:tid 9102] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 09 20:02:38.530268 2026] [ssl:warn] [pid 9102:tid 9102] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 09 20:02:38.530312 2026] [ssl:warn] [pid 9102:tid 9102] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 03:24:49.066187 2026] [ssl:warn] [pid 52728:tid 52728] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 03:24:49.066215 2026] [ssl:warn] [pid 52728:tid 52728] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 03:24:50.950568 2026] [ssl:warn] [pid 52732:tid 52732] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 03:24:50.950596 2026] [ssl:warn] [pid 52732:tid 52732] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 03:25:03.977472 2026] [ssl:warn] [pid 52732:tid 52732] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 03:25:03.977498 2026] [ssl:warn] [pid 52732:tid 52732] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 03:25:14.868199 2026] [ssl:warn] [pid 52732:tid 52732] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 03:25:14.868226 2026] [ssl:warn] [pid 52732:tid 52732] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 03:25:21.351209 2026] [ssl:warn] [pid 54248:tid 54248] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 03:25:21.351268 2026] [ssl:warn] [pid 54248:tid 54248] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 03:25:23.230395 2026] [ssl:warn] [pid 54251:tid 54251] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 03:25:23.230427 2026] [ssl:warn] [pid 54251:tid 54251] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 03:38:39.516517 2026] [ssl:warn] [pid 31242:tid 31242] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 03:38:39.516545 2026] [ssl:warn] [pid 31242:tid 31242] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 03:38:41.450041 2026] [ssl:warn] [pid 31270:tid 31270] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 03:38:41.450068 2026] [ssl:warn] [pid 31270:tid 31270] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 03:45:35.021085 2026] [ssl:warn] [pid 62745:tid 62745] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 03:45:35.021116 2026] [ssl:warn] [pid 62745:tid 62745] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 03:45:36.982841 2026] [ssl:warn] [pid 62748:tid 62748] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 03:45:36.982866 2026] [ssl:warn] [pid 62748:tid 62748] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 07:27:54.524456 2026] [ssl:warn] [pid 62748:tid 62748] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 07:27:54.524487 2026] [ssl:warn] [pid 62748:tid 62748] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 17:01:50.636078 2026] [ssl:warn] [pid 62748:tid 62748] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 17:01:50.636108 2026] [ssl:warn] [pid 62748:tid 62748] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 17:02:01.068304 2026] [ssl:warn] [pid 62748:tid 62748] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 17:02:01.068334 2026] [ssl:warn] [pid 62748:tid 62748] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 17:06:19.266640 2026] [ssl:warn] [pid 62748:tid 62748] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 17:06:19.266668 2026] [ssl:warn] [pid 62748:tid 62748] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 17:09:19.838145 2026] [ssl:warn] [pid 62748:tid 62748] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 17:09:19.838188 2026] [ssl:warn] [pid 62748:tid 62748] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 17:26:32.337962 2026] [ssl:warn] [pid 62748:tid 62748] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 17:26:32.338025 2026] [ssl:warn] [pid 62748:tid 62748] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 17:49:13.374818 2026] [ssl:warn] [pid 62748:tid 62748] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 17:49:13.374852 2026] [ssl:warn] [pid 62748:tid 62748] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 10 18:06:02.520873 2026] [ssl:warn] [pid 62748:tid 62748] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 10 18:06:02.520901 2026] [ssl:warn] [pid 62748:tid 62748] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 03:31:50.527689 2026] [ssl:warn] [pid 61206:tid 61206] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 03:31:50.527720 2026] [ssl:warn] [pid 61206:tid 61206] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 03:31:52.798875 2026] [ssl:warn] [pid 61209:tid 61209] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 03:31:52.798902 2026] [ssl:warn] [pid 61209:tid 61209] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 03:32:08.319763 2026] [ssl:warn] [pid 61209:tid 61209] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 03:32:08.319791 2026] [ssl:warn] [pid 61209:tid 61209] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 03:32:16.994482 2026] [ssl:warn] [pid 61209:tid 61209] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 03:32:16.994509 2026] [ssl:warn] [pid 61209:tid 61209] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 03:32:30.750380 2026] [ssl:warn] [pid 61774:tid 61774] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 03:32:30.750410 2026] [ssl:warn] [pid 61774:tid 61774] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 03:32:32.628741 2026] [ssl:warn] [pid 61780:tid 61780] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 03:32:32.628766 2026] [ssl:warn] [pid 61780:tid 61780] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 03:41:05.249431 2026] [ssl:warn] [pid 34333:tid 34333] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 03:41:05.249463 2026] [ssl:warn] [pid 34333:tid 34333] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 03:41:07.125491 2026] [ssl:warn] [pid 34335:tid 34335] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 03:41:07.125519 2026] [ssl:warn] [pid 34335:tid 34335] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 03:47:50.023890 2026] [ssl:warn] [pid 65201:tid 65201] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 03:47:50.023922 2026] [ssl:warn] [pid 65201:tid 65201] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 03:47:51.929655 2026] [ssl:warn] [pid 65203:tid 65203] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 03:47:51.929681 2026] [ssl:warn] [pid 65203:tid 65203] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 14:08:05.209877 2026] [ssl:warn] [pid 65203:tid 65203] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 14:08:05.209907 2026] [ssl:warn] [pid 65203:tid 65203] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 14:10:36.037602 2026] [ssl:warn] [pid 65203:tid 65203] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 11 14:10:36.037624 2026] [ssl:warn] [pid 65203:tid 65203] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 12 03:11:42.244097 2026] [ssl:warn] [pid 36232:tid 36232] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 12 03:11:42.244140 2026] [ssl:warn] [pid 36232:tid 36232] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 12 03:11:44.433015 2026] [ssl:warn] [pid 36244:tid 36244] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 12 03:11:44.433045 2026] [ssl:warn] [pid 36244:tid 36244] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 12 03:11:58.836786 2026] [ssl:warn] [pid 36244:tid 36244] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 12 03:11:58.836811 2026] [ssl:warn] [pid 36244:tid 36244] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 12 03:12:07.765922 2026] [ssl:warn] [pid 36244:tid 36244] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 12 03:12:07.765949 2026] [ssl:warn] [pid 36244:tid 36244] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 12 03:12:14.476608 2026] [ssl:warn] [pid 36816:tid 36816] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 12 03:12:14.476634 2026] [ssl:warn] [pid 36816:tid 36816] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 12 03:12:16.263291 2026] [ssl:warn] [pid 36820:tid 36820] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 12 03:12:16.263309 2026] [ssl:warn] [pid 36820:tid 36820] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 12 03:20:39.513172 2026] [ssl:warn] [pid 9322:tid 9322] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 12 03:20:39.513201 2026] [ssl:warn] [pid 9322:tid 9322] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 12 03:20:41.336156 2026] [ssl:warn] [pid 9328:tid 9328] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 12 03:20:41.336185 2026] [ssl:warn] [pid 9328:tid 9328] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 12 03:27:03.371556 2026] [ssl:warn] [pid 39898:tid 39898] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 12 03:27:03.371596 2026] [ssl:warn] [pid 39898:tid 39898] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 12 03:27:05.197759 2026] [ssl:warn] [pid 39904:tid 39904] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 12 03:27:05.197786 2026] [ssl:warn] [pid 39904:tid 39904] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 03:47:42.176294 2026] [ssl:warn] [pid 19773:tid 19773] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 03:47:42.176322 2026] [ssl:warn] [pid 19773:tid 19773] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 03:47:44.538364 2026] [ssl:warn] [pid 19777:tid 19777] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 03:47:44.538392 2026] [ssl:warn] [pid 19777:tid 19777] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 03:47:56.575387 2026] [ssl:warn] [pid 19777:tid 19777] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 03:47:56.575429 2026] [ssl:warn] [pid 19777:tid 19777] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 03:48:05.789884 2026] [ssl:warn] [pid 19777:tid 19777] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 03:48:05.789910 2026] [ssl:warn] [pid 19777:tid 19777] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 03:48:13.530635 2026] [ssl:warn] [pid 20341:tid 20341] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 03:48:13.530661 2026] [ssl:warn] [pid 20341:tid 20341] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 03:48:15.405883 2026] [ssl:warn] [pid 20343:tid 20343] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 03:48:15.405919 2026] [ssl:warn] [pid 20343:tid 20343] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 03:57:04.307640 2026] [ssl:warn] [pid 57956:tid 57956] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 03:57:04.307670 2026] [ssl:warn] [pid 57956:tid 57956] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 03:57:06.196648 2026] [ssl:warn] [pid 57959:tid 57959] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 03:57:06.196675 2026] [ssl:warn] [pid 57959:tid 57959] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 04:03:56.923933 2026] [ssl:warn] [pid 23733:tid 23733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 04:03:56.923963 2026] [ssl:warn] [pid 23733:tid 23733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 04:03:58.811726 2026] [ssl:warn] [pid 23735:tid 23735] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 04:03:58.811756 2026] [ssl:warn] [pid 23735:tid 23735] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 20:46:04.696918 2026] [ssl:warn] [pid 23735:tid 23735] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 20:46:04.696946 2026] [ssl:warn] [pid 23735:tid 23735] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 20:46:17.979930 2026] [ssl:warn] [pid 23735:tid 23735] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 20:46:17.979958 2026] [ssl:warn] [pid 23735:tid 23735] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 20:46:37.763339 2026] [ssl:warn] [pid 23735:tid 23735] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 20:46:37.763366 2026] [ssl:warn] [pid 23735:tid 23735] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 13 20:49:53.215415 2026] [ssl:warn] [pid 23735:tid 23735] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 20:49:53.215443 2026] [ssl:warn] [pid 23735:tid 23735] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 14 03:32:50.257050 2026] [ssl:warn] [pid 7356:tid 7356] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 14 03:32:50.257087 2026] [ssl:warn] [pid 7356:tid 7356] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 14 03:32:52.497505 2026] [ssl:warn] [pid 7359:tid 7359] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 14 03:32:52.497520 2026] [ssl:warn] [pid 7359:tid 7359] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 14 03:33:08.506327 2026] [ssl:warn] [pid 7359:tid 7359] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 14 03:33:08.506358 2026] [ssl:warn] [pid 7359:tid 7359] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 14 03:33:18.026404 2026] [ssl:warn] [pid 7359:tid 7359] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 14 03:33:18.026434 2026] [ssl:warn] [pid 7359:tid 7359] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 14 03:33:31.766339 2026] [ssl:warn] [pid 7942:tid 7942] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 14 03:33:31.766367 2026] [ssl:warn] [pid 7942:tid 7942] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 14 03:33:33.654661 2026] [ssl:warn] [pid 7947:tid 7947] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 14 03:33:33.654690 2026] [ssl:warn] [pid 7947:tid 7947] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 14 03:42:43.093924 2026] [ssl:warn] [pid 45735:tid 45735] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 14 03:42:43.093953 2026] [ssl:warn] [pid 45735:tid 45735] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 14 03:42:44.926296 2026] [ssl:warn] [pid 45740:tid 45740] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 14 03:42:44.926338 2026] [ssl:warn] [pid 45740:tid 45740] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 14 03:49:53.339717 2026] [ssl:warn] [pid 11534:tid 11534] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 14 03:49:53.339747 2026] [ssl:warn] [pid 11534:tid 11534] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 14 03:49:55.176833 2026] [ssl:warn] [pid 11536:tid 11536] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 14 03:49:55.176863 2026] [ssl:warn] [pid 11536:tid 11536] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 03:35:51.594896 2026] [ssl:warn] [pid 62684:tid 62684] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 03:35:51.594938 2026] [ssl:warn] [pid 62684:tid 62684] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 03:35:53.861362 2026] [ssl:warn] [pid 62688:tid 62688] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 03:35:53.861389 2026] [ssl:warn] [pid 62688:tid 62688] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 03:36:09.220191 2026] [ssl:warn] [pid 62688:tid 62688] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 03:36:09.220248 2026] [ssl:warn] [pid 62688:tid 62688] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 03:36:18.259414 2026] [ssl:warn] [pid 62688:tid 62688] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 03:36:18.259441 2026] [ssl:warn] [pid 62688:tid 62688] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 03:36:29.017479 2026] [ssl:warn] [pid 63259:tid 63259] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 03:36:29.017513 2026] [ssl:warn] [pid 63259:tid 63259] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 03:36:30.891629 2026] [ssl:warn] [pid 63261:tid 63261] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 03:36:30.891657 2026] [ssl:warn] [pid 63261:tid 63261] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 03:39:43.840818 2026] [ssl:warn] [pid 63261:tid 63261] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 03:39:43.840849 2026] [ssl:warn] [pid 63261:tid 63261] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 03:45:42.129958 2026] [ssl:warn] [pid 35750:tid 35750] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 03:45:42.129988 2026] [ssl:warn] [pid 35750:tid 35750] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 03:45:43.984188 2026] [ssl:warn] [pid 35753:tid 35753] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 03:45:43.984216 2026] [ssl:warn] [pid 35753:tid 35753] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 03:52:27.072466 2026] [ssl:warn] [pid 1135:tid 1135] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 03:52:27.072494 2026] [ssl:warn] [pid 1135:tid 1135] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 03:52:28.921770 2026] [ssl:warn] [pid 1138:tid 1138] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 03:52:28.921798 2026] [ssl:warn] [pid 1138:tid 1138] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 12:42:00.866377 2026] [ssl:warn] [pid 1138:tid 1138] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 12:42:00.866416 2026] [ssl:warn] [pid 1138:tid 1138] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 15 12:42:04.887599 2026] [ssl:warn] [pid 1138:tid 1138] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 15 12:42:04.887627 2026] [ssl:warn] [pid 1138:tid 1138] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 16 03:13:45.912908 2026] [ssl:warn] [pid 20134:tid 20134] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 16 03:13:45.912968 2026] [ssl:warn] [pid 20134:tid 20134] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 16 03:13:48.161821 2026] [ssl:warn] [pid 20140:tid 20140] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 16 03:13:48.161850 2026] [ssl:warn] [pid 20140:tid 20140] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 16 03:14:03.992859 2026] [ssl:warn] [pid 20140:tid 20140] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 16 03:14:03.992898 2026] [ssl:warn] [pid 20140:tid 20140] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 16 03:14:12.594432 2026] [ssl:warn] [pid 20140:tid 20140] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 16 03:14:12.594472 2026] [ssl:warn] [pid 20140:tid 20140] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 16 03:14:18.324144 2026] [ssl:warn] [pid 20707:tid 20707] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 16 03:14:18.324171 2026] [ssl:warn] [pid 20707:tid 20707] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 16 03:14:20.164308 2026] [ssl:warn] [pid 20712:tid 20712] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 16 03:14:20.164317 2026] [ssl:warn] [pid 20712:tid 20712] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 16 03:23:10.476624 2026] [ssl:warn] [pid 58568:tid 58568] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 16 03:23:10.476655 2026] [ssl:warn] [pid 58568:tid 58568] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 16 03:23:12.318565 2026] [ssl:warn] [pid 58570:tid 58570] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 16 03:23:12.318605 2026] [ssl:warn] [pid 58570:tid 58570] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 16 03:30:03.313362 2026] [ssl:warn] [pid 24538:tid 24538] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 16 03:30:03.313366 2026] [ssl:warn] [pid 24538:tid 24538] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 16 03:30:05.146844 2026] [ssl:warn] [pid 24822:tid 24822] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 16 03:30:05.146870 2026] [ssl:warn] [pid 24822:tid 24822] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 17 03:13:41.176665 2026] [ssl:warn] [pid 50040:tid 50040] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 17 03:13:41.176697 2026] [ssl:warn] [pid 50040:tid 50040] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 17 03:13:43.413022 2026] [ssl:warn] [pid 50043:tid 50043] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 17 03:13:43.413049 2026] [ssl:warn] [pid 50043:tid 50043] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 17 03:13:58.018901 2026] [ssl:warn] [pid 50043:tid 50043] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 17 03:13:58.018928 2026] [ssl:warn] [pid 50043:tid 50043] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 17 03:14:08.845502 2026] [ssl:warn] [pid 50043:tid 50043] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 17 03:14:08.845535 2026] [ssl:warn] [pid 50043:tid 50043] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 17 03:14:14.579127 2026] [ssl:warn] [pid 50916:tid 50916] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 17 03:14:14.579163 2026] [ssl:warn] [pid 50916:tid 50916] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 17 03:14:16.380722 2026] [ssl:warn] [pid 50918:tid 50918] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 17 03:14:16.380750 2026] [ssl:warn] [pid 50918:tid 50918] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 17 03:25:28.814019 2026] [ssl:warn] [pid 28339:tid 28339] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 17 03:25:28.814047 2026] [ssl:warn] [pid 28339:tid 28339] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 17 03:25:30.562284 2026] [ssl:warn] [pid 28342:tid 28342] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 17 03:25:30.562311 2026] [ssl:warn] [pid 28342:tid 28342] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 17 03:31:49.313924 2026] [ssl:warn] [pid 59002:tid 59002] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 17 03:31:49.313952 2026] [ssl:warn] [pid 59002:tid 59002] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 17 03:31:51.159656 2026] [ssl:warn] [pid 59010:tid 59010] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 17 03:31:51.159684 2026] [ssl:warn] [pid 59010:tid 59010] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 03:27:42.302846 2026] [ssl:warn] [pid 16759:tid 16759] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 03:27:42.302875 2026] [ssl:warn] [pid 16759:tid 16759] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 03:27:44.505068 2026] [ssl:warn] [pid 16763:tid 16763] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 03:27:44.505096 2026] [ssl:warn] [pid 16763:tid 16763] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 03:27:57.573618 2026] [ssl:warn] [pid 16763:tid 16763] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 03:27:57.573646 2026] [ssl:warn] [pid 16763:tid 16763] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 03:28:06.269082 2026] [ssl:warn] [pid 16763:tid 16763] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 03:28:06.269111 2026] [ssl:warn] [pid 16763:tid 16763] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 03:28:13.900778 2026] [ssl:warn] [pid 17332:tid 17332] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 03:28:13.900809 2026] [ssl:warn] [pid 17332:tid 17332] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 03:28:15.687032 2026] [ssl:warn] [pid 17334:tid 17334] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 03:28:15.687061 2026] [ssl:warn] [pid 17334:tid 17334] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 03:37:10.168526 2026] [ssl:warn] [pid 55108:tid 55108] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 03:37:10.168556 2026] [ssl:warn] [pid 55108:tid 55108] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 03:37:12.005446 2026] [ssl:warn] [pid 55110:tid 55110] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 03:37:12.005475 2026] [ssl:warn] [pid 55110:tid 55110] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 03:43:55.875806 2026] [ssl:warn] [pid 20730:tid 20730] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 03:43:55.875835 2026] [ssl:warn] [pid 20730:tid 20730] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 03:43:57.680078 2026] [ssl:warn] [pid 20733:tid 20733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 03:43:57.680106 2026] [ssl:warn] [pid 20733:tid 20733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 08:36:38.826081 2026] [ssl:warn] [pid 20733:tid 20733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 08:36:38.826163 2026] [ssl:warn] [pid 20733:tid 20733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 08:37:19.339058 2026] [ssl:warn] [pid 20733:tid 20733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 08:37:19.339089 2026] [ssl:warn] [pid 20733:tid 20733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 08:40:26.940731 2026] [ssl:warn] [pid 20733:tid 20733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 08:40:26.940759 2026] [ssl:warn] [pid 20733:tid 20733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 08:41:04.283757 2026] [ssl:warn] [pid 20733:tid 20733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 08:41:04.283796 2026] [ssl:warn] [pid 20733:tid 20733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 08:41:32.634347 2026] [ssl:warn] [pid 20733:tid 20733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 08:41:32.634373 2026] [ssl:warn] [pid 20733:tid 20733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 08:42:02.316166 2026] [ssl:warn] [pid 20733:tid 20733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 08:42:02.316195 2026] [ssl:warn] [pid 20733:tid 20733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 08:43:10.346581 2026] [ssl:warn] [pid 20733:tid 20733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 08:43:10.346610 2026] [ssl:warn] [pid 20733:tid 20733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 08:43:47.420959 2026] [ssl:warn] [pid 20733:tid 20733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 08:43:47.420991 2026] [ssl:warn] [pid 20733:tid 20733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 08:44:33.242900 2026] [ssl:warn] [pid 20733:tid 20733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 08:44:33.242932 2026] [ssl:warn] [pid 20733:tid 20733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 18 08:46:19.604221 2026] [ssl:warn] [pid 20733:tid 20733] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 18 08:46:19.604282 2026] [ssl:warn] [pid 20733:tid 20733] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 19 03:48:41.670568 2026] [ssl:warn] [pid 33962:tid 33962] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 19 03:48:41.670597 2026] [ssl:warn] [pid 33962:tid 33962] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 19 03:48:43.857784 2026] [ssl:warn] [pid 33967:tid 33967] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 19 03:48:43.857812 2026] [ssl:warn] [pid 33967:tid 33967] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 19 03:48:59.485336 2026] [ssl:warn] [pid 33967:tid 33967] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 19 03:48:59.485377 2026] [ssl:warn] [pid 33967:tid 33967] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 19 03:49:09.722973 2026] [ssl:warn] [pid 33967:tid 33967] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 19 03:49:09.723001 2026] [ssl:warn] [pid 33967:tid 33967] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 19 03:49:20.491332 2026] [ssl:warn] [pid 34537:tid 34537] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 19 03:49:20.491332 2026] [ssl:warn] [pid 34537:tid 34537] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 19 03:49:22.335913 2026] [ssl:warn] [pid 34546:tid 34546] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 19 03:49:22.335942 2026] [ssl:warn] [pid 34546:tid 34546] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 19 03:58:28.229853 2026] [ssl:warn] [pid 7132:tid 7132] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 19 03:58:28.229881 2026] [ssl:warn] [pid 7132:tid 7132] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 19 03:58:30.072190 2026] [ssl:warn] [pid 7138:tid 7138] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 19 03:58:30.072217 2026] [ssl:warn] [pid 7138:tid 7138] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 19 04:05:28.154783 2026] [ssl:warn] [pid 38651:tid 38651] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 19 04:05:28.154813 2026] [ssl:warn] [pid 38651:tid 38651] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 19 04:05:29.959427 2026] [ssl:warn] [pid 38653:tid 38653] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 19 04:05:29.959455 2026] [ssl:warn] [pid 38653:tid 38653] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 03:27:56.417823 2026] [ssl:warn] [pid 53855:tid 53855] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 03:27:56.417890 2026] [ssl:warn] [pid 53855:tid 53855] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 03:27:58.613360 2026] [ssl:warn] [pid 53858:tid 53858] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 03:27:58.613388 2026] [ssl:warn] [pid 53858:tid 53858] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 03:28:50.002473 2026] [ssl:warn] [pid 53858:tid 53858] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 03:28:50.002503 2026] [ssl:warn] [pid 53858:tid 53858] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 03:29:04.115996 2026] [ssl:warn] [pid 53858:tid 53858] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 03:29:04.116046 2026] [ssl:warn] [pid 53858:tid 53858] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 03:29:17.890377 2026] [ssl:warn] [pid 54586:tid 54586] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 03:29:17.890404 2026] [ssl:warn] [pid 54586:tid 54586] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 03:29:19.712876 2026] [ssl:warn] [pid 54590:tid 54590] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 03:29:19.712903 2026] [ssl:warn] [pid 54590:tid 54590] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 03:29:22.550339 2026] [ssl:warn] [pid 54590:tid 54590] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 03:29:22.550367 2026] [ssl:warn] [pid 54590:tid 54590] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 03:38:55.347274 2026] [ssl:warn] [pid 27687:tid 27687] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 03:38:55.347303 2026] [ssl:warn] [pid 27687:tid 27687] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 03:38:57.156941 2026] [ssl:warn] [pid 27691:tid 27691] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 03:38:57.156969 2026] [ssl:warn] [pid 27691:tid 27691] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 03:45:44.793795 2026] [ssl:warn] [pid 59180:tid 59180] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 03:45:44.793824 2026] [ssl:warn] [pid 59180:tid 59180] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 03:45:46.637226 2026] [ssl:warn] [pid 59187:tid 59187] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 03:45:46.637283 2026] [ssl:warn] [pid 59187:tid 59187] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Wed May 20 07:54:38.278197 2026] [ssl:warn] [pid 59187:tid 59187] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 20 07:54:38.278225 2026] [ssl:warn] [pid 59187:tid 59187] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 21 03:43:05.297180 2026] [ssl:warn] [pid 44370:tid 44370] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 21 03:43:05.297278 2026] [ssl:warn] [pid 44370:tid 44370] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 21 03:43:10.858816 2026] [ssl:warn] [pid 44380:tid 44380] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 21 03:43:10.858843 2026] [ssl:warn] [pid 44380:tid 44380] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 21 03:44:52.172955 2026] [ssl:warn] [pid 44380:tid 44380] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 21 03:44:52.172982 2026] [ssl:warn] [pid 44380:tid 44380] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 21 03:45:03.122006 2026] [ssl:warn] [pid 44380:tid 44380] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 21 03:45:03.122032 2026] [ssl:warn] [pid 44380:tid 44380] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 21 03:45:09.880160 2026] [ssl:warn] [pid 46101:tid 46101] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 21 03:45:09.880188 2026] [ssl:warn] [pid 46101:tid 46101] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 21 03:45:11.654208 2026] [ssl:warn] [pid 46103:tid 46103] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 21 03:45:11.654235 2026] [ssl:warn] [pid 46103:tid 46103] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 21 03:56:53.973897 2026] [ssl:warn] [pid 19080:tid 19080] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 21 03:56:53.973927 2026] [ssl:warn] [pid 19080:tid 19080] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 21 03:56:56.071178 2026] [ssl:warn] [pid 19104:tid 19104] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 21 03:56:56.071205 2026] [ssl:warn] [pid 19104:tid 19104] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 21 04:03:28.841646 2026] [ssl:warn] [pid 49834:tid 49834] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 21 04:03:28.841674 2026] [ssl:warn] [pid 49834:tid 49834] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Thu May 21 04:03:30.612174 2026] [ssl:warn] [pid 49837:tid 49837] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 21 04:03:30.612201 2026] [ssl:warn] [pid 49837:tid 49837] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 03:45:52.591452 2026] [ssl:warn] [pid 10225:tid 10225] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 22 03:45:52.591486 2026] [ssl:warn] [pid 10225:tid 10225] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 03:45:58.253542 2026] [ssl:warn] [pid 10235:tid 10235] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 22 03:45:58.253570 2026] [ssl:warn] [pid 10235:tid 10235] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 03:47:12.632648 2026] [ssl:warn] [pid 10235:tid 10235] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 22 03:47:12.632648 2026] [ssl:warn] [pid 10235:tid 10235] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 03:47:26.073175 2026] [ssl:warn] [pid 10235:tid 10235] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 22 03:47:26.073199 2026] [ssl:warn] [pid 10235:tid 10235] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 03:47:31.998431 2026] [ssl:warn] [pid 11104:tid 11104] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 22 03:47:31.998471 2026] [ssl:warn] [pid 11104:tid 11104] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 03:47:33.781081 2026] [ssl:warn] [pid 11110:tid 11110] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 22 03:47:33.781109 2026] [ssl:warn] [pid 11110:tid 11110] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 03:50:37.205974 2026] [ssl:warn] [pid 11110:tid 11110] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 22 03:50:37.206026 2026] [ssl:warn] [pid 11110:tid 11110] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 03:59:01.404178 2026] [ssl:warn] [pid 49374:tid 49374] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 22 03:59:01.404209 2026] [ssl:warn] [pid 49374:tid 49374] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 03:59:03.182096 2026] [ssl:warn] [pid 49376:tid 49376] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 22 03:59:03.182124 2026] [ssl:warn] [pid 49376:tid 49376] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 04:05:49.408195 2026] [ssl:warn] [pid 15542:tid 15542] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 22 04:05:49.408269 2026] [ssl:warn] [pid 15542:tid 15542] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 04:05:51.162942 2026] [ssl:warn] [pid 15544:tid 15544] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri May 22 04:05:51.162971 2026] [ssl:warn] [pid 15544:tid 15544] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:33:51.498082 2026] [ssl:warn] [pid 25505:tid 25505] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:33:51.498116 2026] [ssl:warn] [pid 25505:tid 25505] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:33:54.240424 2026] [ssl:warn] [pid 25511:tid 25511] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:33:54.240467 2026] [ssl:warn] [pid 25511:tid 25511] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:35:02.283198 2026] [ssl:warn] [pid 25511:tid 25511] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:35:02.283227 2026] [ssl:warn] [pid 25511:tid 25511] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:35:14.798043 2026] [ssl:warn] [pid 25511:tid 25511] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:35:14.798080 2026] [ssl:warn] [pid 25511:tid 25511] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:35:21.165971 2026] [ssl:warn] [pid 26970:tid 26970] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:35:21.165997 2026] [ssl:warn] [pid 26970:tid 26970] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:35:22.909177 2026] [ssl:warn] [pid 26972:tid 26972] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:35:22.909203 2026] [ssl:warn] [pid 26972:tid 26972] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:38:42.913453 2026] [ssl:warn] [pid 26972:tid 26972] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:38:42.913482 2026] [ssl:warn] [pid 26972:tid 26972] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:39:38.718152 2026] [ssl:warn] [pid 26972:tid 26972] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:39:38.718192 2026] [ssl:warn] [pid 26972:tid 26972] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:47:32.012098 2026] [ssl:warn] [pid 65386:tid 65386] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:47:32.012124 2026] [ssl:warn] [pid 65386:tid 65386] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:47:33.730560 2026] [ssl:warn] [pid 65429:tid 65429] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:47:33.730586 2026] [ssl:warn] [pid 65429:tid 65429] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:53:49.761001 2026] [ssl:warn] [pid 30894:tid 30894] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:53:49.761037 2026] [ssl:warn] [pid 30894:tid 30894] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sat May 23 03:53:51.511032 2026] [ssl:warn] [pid 30899:tid 30899] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat May 23 03:53:51.511059 2026] [ssl:warn] [pid 30899:tid 30899] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:27:54.876957 2026] [ssl:warn] [pid 40681:tid 40681] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:27:54.876988 2026] [ssl:warn] [pid 40681:tid 40681] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:27:58.433990 2026] [ssl:warn] [pid 40687:tid 40687] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:27:58.434025 2026] [ssl:warn] [pid 40687:tid 40687] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:29:16.120113 2026] [ssl:warn] [pid 40687:tid 40687] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:29:16.120145 2026] [ssl:warn] [pid 40687:tid 40687] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:29:38.568093 2026] [ssl:warn] [pid 40687:tid 40687] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:29:38.568119 2026] [ssl:warn] [pid 40687:tid 40687] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:29:52.394355 2026] [ssl:warn] [pid 41969:tid 41969] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:29:52.394393 2026] [ssl:warn] [pid 41969:tid 41969] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:29:54.127169 2026] [ssl:warn] [pid 41976:tid 41976] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:29:54.127198 2026] [ssl:warn] [pid 41976:tid 41976] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:35:08.051204 2026] [ssl:warn] [pid 41976:tid 41976] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:35:08.051263 2026] [ssl:warn] [pid 41976:tid 41976] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:36:29.657267 2026] [ssl:warn] [pid 41976:tid 41976] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:36:29.657295 2026] [ssl:warn] [pid 41976:tid 41976] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:45:12.395611 2026] [ssl:warn] [pid 20279:tid 20279] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:45:12.395639 2026] [ssl:warn] [pid 20279:tid 20279] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:45:14.138414 2026] [ssl:warn] [pid 20283:tid 20283] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:45:14.138445 2026] [ssl:warn] [pid 20283:tid 20283] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:51:28.644391 2026] [ssl:warn] [pid 50821:tid 50821] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:51:28.644418 2026] [ssl:warn] [pid 50821:tid 50821] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 03:51:30.410366 2026] [ssl:warn] [pid 50827:tid 50827] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 03:51:30.410403 2026] [ssl:warn] [pid 50827:tid 50827] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 09:08:42.420491 2026] [ssl:warn] [pid 50827:tid 50827] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 09:08:42.420532 2026] [ssl:warn] [pid 50827:tid 50827] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 09:08:44.580457 2026] [ssl:warn] [pid 50827:tid 50827] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 09:08:44.580486 2026] [ssl:warn] [pid 50827:tid 50827] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 09:08:49.293879 2026] [ssl:warn] [pid 50827:tid 50827] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 09:08:49.293905 2026] [ssl:warn] [pid 50827:tid 50827] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 09:08:50.853070 2026] [ssl:warn] [pid 50827:tid 50827] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 09:08:50.853097 2026] [ssl:warn] [pid 50827:tid 50827] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 09:08:53.291817 2026] [ssl:warn] [pid 50827:tid 50827] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 09:08:53.291843 2026] [ssl:warn] [pid 50827:tid 50827] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 20:31:40.657400 2026] [ssl:warn] [pid 50827:tid 50827] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 20:31:40.657442 2026] [ssl:warn] [pid 50827:tid 50827] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 20:31:42.913116 2026] [ssl:warn] [pid 50827:tid 50827] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 20:31:42.913160 2026] [ssl:warn] [pid 50827:tid 50827] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 20:31:45.191660 2026] [ssl:warn] [pid 50827:tid 50827] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 20:31:45.191685 2026] [ssl:warn] [pid 50827:tid 50827] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Sun May 24 20:31:47.614030 2026] [ssl:warn] [pid 50827:tid 50827] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun May 24 20:31:47.614055 2026] [ssl:warn] [pid 50827:tid 50827] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:07:51.212996 2026] [ssl:warn] [pid 2860:tid 2860] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:07:51.213026 2026] [ssl:warn] [pid 2860:tid 2860] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:07:52.976134 2026] [ssl:warn] [pid 2865:tid 2865] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:07:52.976160 2026] [ssl:warn] [pid 2865:tid 2865] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:09:29.165895 2026] [ssl:warn] [pid 2865:tid 2865] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:09:29.165924 2026] [ssl:warn] [pid 2865:tid 2865] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:09:44.371686 2026] [ssl:warn] [pid 2865:tid 2865] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:09:44.371713 2026] [ssl:warn] [pid 2865:tid 2865] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:09:57.386677 2026] [ssl:warn] [pid 3900:tid 3900] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:09:57.386714 2026] [ssl:warn] [pid 3900:tid 3900] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:09:59.220943 2026] [ssl:warn] [pid 3903:tid 3903] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:09:59.220970 2026] [ssl:warn] [pid 3903:tid 3903] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:13:46.022218 2026] [ssl:warn] [pid 3903:tid 3903] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:13:46.022289 2026] [ssl:warn] [pid 3903:tid 3903] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:15:06.480562 2026] [ssl:warn] [pid 3903:tid 3903] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:15:06.480592 2026] [ssl:warn] [pid 3903:tid 3903] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:15:31.178379 2026] [ssl:warn] [pid 3903:tid 3903] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:15:31.178394 2026] [ssl:warn] [pid 3903:tid 3903] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:22:54.451221 2026] [ssl:warn] [pid 43697:tid 43697] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:22:54.451278 2026] [ssl:warn] [pid 43697:tid 43697] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:22:56.211163 2026] [ssl:warn] [pid 43703:tid 43703] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:22:56.211190 2026] [ssl:warn] [pid 43703:tid 43703] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:29:03.162501 2026] [ssl:warn] [pid 9257:tid 9257] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:29:03.162528 2026] [ssl:warn] [pid 9257:tid 9257] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 03:29:04.880043 2026] [ssl:warn] [pid 9263:tid 9263] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 03:29:04.880098 2026] [ssl:warn] [pid 9263:tid 9263] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 07:35:14.980295 2026] [ssl:warn] [pid 9263:tid 9263] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 07:35:14.980324 2026] [ssl:warn] [pid 9263:tid 9263] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 07:35:21.060944 2026] [ssl:warn] [pid 9263:tid 9263] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 07:35:21.060971 2026] [ssl:warn] [pid 9263:tid 9263] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 07:36:52.529739 2026] [ssl:warn] [pid 9263:tid 9263] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 07:36:52.529768 2026] [ssl:warn] [pid 9263:tid 9263] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 25 07:36:57.902654 2026] [ssl:warn] [pid 9263:tid 9263] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon May 25 07:36:57.902681 2026] [ssl:warn] [pid 9263:tid 9263] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 03:08:47.174261 2026] [ssl:warn] [pid 13712:tid 13712] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 03:08:47.174315 2026] [ssl:warn] [pid 13712:tid 13712] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 03:08:51.033620 2026] [ssl:warn] [pid 13721:tid 13721] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 03:08:51.033646 2026] [ssl:warn] [pid 13721:tid 13721] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 03:10:12.463114 2026] [ssl:warn] [pid 13721:tid 13721] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 03:10:12.463154 2026] [ssl:warn] [pid 13721:tid 13721] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 03:10:31.370556 2026] [ssl:warn] [pid 13721:tid 13721] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 03:10:31.370584 2026] [ssl:warn] [pid 13721:tid 13721] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 03:10:43.536877 2026] [ssl:warn] [pid 15299:tid 15299] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 03:10:43.536933 2026] [ssl:warn] [pid 15299:tid 15299] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 03:10:45.288135 2026] [ssl:warn] [pid 15303:tid 15303] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 03:10:45.288162 2026] [ssl:warn] [pid 15303:tid 15303] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 03:13:50.135252 2026] [ssl:warn] [pid 15303:tid 15303] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 03:13:50.135270 2026] [ssl:warn] [pid 15303:tid 15303] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 03:22:48.763188 2026] [ssl:warn] [pid 54349:tid 54349] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 03:22:48.763215 2026] [ssl:warn] [pid 54349:tid 54349] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 03:22:50.504017 2026] [ssl:warn] [pid 54367:tid 54367] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 03:22:50.504044 2026] [ssl:warn] [pid 54367:tid 54367] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 03:29:08.595636 2026] [ssl:warn] [pid 19990:tid 19990] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 03:29:08.595665 2026] [ssl:warn] [pid 19990:tid 19990] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 03:29:10.343986 2026] [ssl:warn] [pid 19995:tid 19995] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 03:29:10.344024 2026] [ssl:warn] [pid 19995:tid 19995] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 17:26:00.232481 2026] [ssl:warn] [pid 19995:tid 19995] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 17:26:00.232588 2026] [ssl:warn] [pid 19995:tid 19995] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 17:27:06.906887 2026] [ssl:warn] [pid 19995:tid 19995] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 17:27:06.906926 2026] [ssl:warn] [pid 19995:tid 19995] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name
[Tue May 26 17:27:41.320901 2026] [ssl:warn] [pid 19995:tid 19995] AH01906: randolphaircraft.com.au:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 26 17:27:41.320930 2026] [ssl:warn] [pid 19995:tid 19995] AH01909: randolphaircraft.com.au:443:0 server certificate does NOT include an ID which matches the server name