[volosuz@web1 logs]$ grep x-lab.uz /usr/local/apache/logs/error_log | grep ModSecurity
[Thu Jul 26 19:32:38.390695 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:ascp_settings[box_share]: <!-- AddThis Button BEGIN -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook_like\\x22 fb:like:layout=\\x22button_count\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_youtube\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c
[Thu Jul 26 19:32:38.390824 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:ascp_settings[box_share_list]: <!-- AddThis Button BEGIN -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style \\x22\\x0d\\x0a\\x09addthis:url=\\x22{URL}\\x22\\x0d\\x0a\\x09addthis:title=\\x22{TITLE}\\x22\\x0d\\x0a\\x09addthis:description=\\x22{DESCRIPTION}\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c
[Thu Jul 26 19:32:38.391219 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Pattern match "(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)" at ARGS:ascp_settings[box_share]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "45"] [id "941110"][rev "2"] [msg "XSS Filter - Category 1: Script Tag Vector"] [data "Matched Data: <script async type=\\x22text/javascript\\x22 src=\\x22https://s7.addthis.com/js/250/addthis_widget.js\\x22> found within ARGS:ascp_settings[box_share]: <!-- AddThis Button BEGIN -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook_like\\x22 fb:like:layout=\\x22button_count\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_youtube\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_v..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CR [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c
[Thu Jul 26 19:32:38.391334 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Pattern match "(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)" at ARGS:ascp_settings[box_share_list]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "45"] [id "941110"] [rev "2"] [msg "XSS Filter - Category 1: Script Tag Vector"] [data "Matched Data: <script async type=\\x22text/javascript\\x22 src=\\x22https://s7.addthis.com/js/250/addthis_widget.js\\x22> found within ARGS:ascp_settings[box_share_list]: <!-- AddThis Button BEGIN -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style \\x22\\x0d\\x0a\\x09addthis:url=\\x22{URL}\\x22\\x0d\\x0a\\x09addthis:title=\\x22{TITLE}\\x22\\x0d\\x0a\\x09addthis:description=\\x22{DESCRIPTION}\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWA [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c
[Thu Jul 26 19:32:38.393655 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:ascp_settings[box_share]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <div class=\\x22addthis_toolbox addthis_default_style\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook_like\\x22 fb:like:layout=\\x22button_count\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_youtube\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_tweet\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_pinterest_pin [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c
[Thu Jul 26 19:32:38.393838 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:ascp_settings[box_share_list]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <div class=\\x22addthis_toolbox addthis_default_style \\x22\\x0d\\x0a\\x09addthis:url=\\x22{URL}\\x22\\x0d\\x0a\\x09addthis:title=\\x22{TITLE}\\x22\\x0d\\x0a\\x09addthis:description=\\x22{DESCRIPTION}\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_twitter\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_email\\x22></a>\\x0d\\x0a\\x09<a [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c
[Thu Jul 26 19:32:38.395449 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Matched phrase "<!--" at ARGS:ascp_settings[box_share]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "87"] [id "941180"] [rev "2"] [msg "Node-Validator Blacklist Keywords"] [data "Matched Data: <!-- found within ARGS:ascp_settings[box_share]: <!-- addthis button begin -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook_like\\x22 fb:like:layout=\\x22button_count\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_youtube\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWA [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c
[Thu Jul 26 19:32:38.395534 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Matched phrase "<!--" at ARGS:ascp_settings[box_share_list]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "87"] [id "941180"] [rev "2"] [msg "Node-Validator Blacklist Keywords"] [data "Matched Data: <!-- found within ARGS:ascp_settings[box_share_list]: <!-- addthis button begin -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style \\x22\\x0d\\x0a\\x09addthis:url=\\x22{url}\\x22\\x0d\\x0a\\x09addthis:title=\\x22{title}\\x22\\x0d\\x0a\\x09addthis:description=\\x22{description}\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_tw..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c
[Thu Jul 26 19:32:38.410410 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 40)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c
[Thu Jul 26 19:32:38.466628 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 40 - SQLI=0,XSS=40,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Node-Validator Blacklist Keywords"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c
[Thu Jul 26 19:32:38.467460 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c
[Fri Jul 27 13:18:32.457758 2018] [:error] [pid 46544:tid 140696434317056] [client 83.221.170.59:57623] [client 83.221.170.59] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:welcome_module[1][description][3]: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style=\\x22font-size: x-large;\\x22><strong><em>\\x1f>G5<C 2K =5 >1;KA55B5, A>E@0=8B5 8 C:@5?8B5 A2>8 2>;>AK, E>BO 35=5B8G5A:8 2 20A 70;>65=>>1@0B=>5</em></strong></span></p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\x12K 70<5B8;8, GB> =0 @0AG5A:5, ?>4CH:5 2>;>A >AB05BAO 2A5 1>;LH5, 0 =0 3>;>25 2A5 <5=LH5? \\x12AQ B@C4=55 A:@K20BL ?;5H8? \\x12 :0:>9-B> <><5=B 2K 3..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVWE0JrVNnDvPaFbK90QAAAEs"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=5a4f04f7e783aa85452f48c338391519
[Fri Jul 27 13:18:32.462312 2018] [:error] [pid 46544:tid 140696434317056] [client 83.221.170.59:57623] [client 83.221.170.59] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:welcome_module[1][description][3]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style= found within ARGS:welcome_module[1][description][3]: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style=\\x22font-size: x-large;\\x22><strong><em>\\x1f>G5<C 2K =5 >1;KA55B5, A>E@0=8B5 8 C:@5?8B5 A2>8 2>;>AK, E>BO 35=5B8G5A:8 2 20A 70;>65=> >1@0B=>5</em></strong></span></p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\x12K 70<5B8;8, GB> =0 @0AG5A:5, ?>4CH:5 2>; [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVWE0JrVNnDvPaFbK90QAAAEs"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=5a4f04f7e783aa85452f48c338391519
[Fri Jul 27 13:18:32.562761 2018] [:error] [pid 46544:tid 140696434317056] [client 83.221.170.59:57623] [client 83.221.170.59] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVWE0JrVNnDvPaFbK90QAAAEs"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=5a4f04f7e783aa85452f48c338391519
[Fri Jul 27 13:18:33.129115 2018] [:error] [pid 46544:tid 140696434317056] [client 83.221.170.59:57623] [client 83.221.170.59] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1rVWE0JrVNnDvPaFbK90QAAAEs"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=5a4f04f7e783aa85452f48c338391519
[Fri Jul 27 13:18:33.129724 2018] [:error] [pid 46544:tid 140696434317056] [client 83.221.170.59:57623] [client 83.221.170.59] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1rVWE0JrVNnDvPaFbK90QAAAEs"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=5a4f04f7e783aa85452f48c338391519
[Fri Jul 27 13:19:32.773683 2018] [:error] [pid 46545:tid 140696409138944] [client 83.221.170.59:57767] [client 83.221.170.59] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:welcome_module[1][description][3]: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style=\\x22font-size: x-large;\\x22><strong><em>\\x1f>G5<C 2K =5 >1;KA55B5, A>E@0=8B5 8 C:@5?8B5 A2>8 2>;>AK, E>BO 35=5B8G5A:8 2 20A 70;>65=>>1@0B=>5</em></strong></span></p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\x12K 70<5B8;8, GB> =0 @0AG5A:5, ?>4CH:5 2>;>A >AB05BAO 2A5 1>;LH5, 0 =0 3>;>25 2A5 <5=LH5? \\x12AQ B@C4=55 A:@K20BL ?;5H8? \\x12 :0:>9-B> <><5=B 2K 3..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVlCpUPBLq54fcn-p9RwAAAQ4"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=0834aa91e16a1787e3ec88b9bd0485a8
[Fri Jul 27 13:19:32.778285 2018] [:error] [pid 46545:tid 140696409138944] [client 83.221.170.59:57767] [client 83.221.170.59] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:welcome_module[1][description][3]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style= found within ARGS:welcome_module[1][description][3]: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style=\\x22font-size: x-large;\\x22><strong><em>\\x1f>G5<C 2K =5 >1;KA55B5, A>E@0=8B5 8 C:@5?8B5 A2>8 2>;>AK, E>BO 35=5B8G5A:8 2 20A 70;>65=> >1@0B=>5</em></strong></span></p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\x12K 70<5B8;8, GB> =0 @0AG5A:5, ?>4CH:5 2>; [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVlCpUPBLq54fcn-p9RwAAAQ4"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=0834aa91e16a1787e3ec88b9bd0485a8
[Fri Jul 27 13:19:32.879720 2018] [:error] [pid 46545:tid 140696409138944] [client 83.221.170.59:57767] [client 83.221.170.59] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVlCpUPBLq54fcn-p9RwAAAQ4"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=0834aa91e16a1787e3ec88b9bd0485a8
[Fri Jul 27 13:19:32.910276 2018] [:error] [pid 46545:tid 140696409138944] [client 83.221.170.59:57767] [client 83.221.170.59] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1rVlCpUPBLq54fcn-p9RwAAAQ4"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=0834aa91e16a1787e3ec88b9bd0485a8
[Fri Jul 27 13:19:32.910910 2018] [:error] [pid 46545:tid 140696409138944] [client 83.221.170.59:57767] [client 83.221.170.59] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1rVlCpUPBLq54fcn-p9RwAAAQ4"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=0834aa91e16a1787e3ec88b9bd0485a8
[Fri Jul 27 16:15:51.204657 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:58522] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1r@59mjLv3QEJpp2pZgvAAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:15:51.206204 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:58522] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1r@59mjLv3QEJpp2pZgvAAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:15:51.254059 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:58522] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1r@59mjLv3QEJpp2pZgvAAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:15:51.254547 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:58522] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1r@59mjLv3QEJpp2pZgvAAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:35:12.374596 2018] [:error] [pid 373130:tid 140696526636800] [client 213.230.93.194:52306] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sDcNmjLv3QEJpp2pZhYQAAAAA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:35:12.381028 2018] [:error] [pid 373130:tid 140696526636800] [client 213.230.93.194:52306] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sDcNmjLv3QEJpp2pZhYQAAAAA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:35:13.082205 2018] [:error] [pid 373130:tid 140696526636800] [client 213.230.93.194:52306] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sDcNmjLv3QEJpp2pZhYQAAAAA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:35:13.082695 2018] [:error] [pid 373130:tid 140696526636800] [client 213.230.93.194:52306] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sDcNmjLv3QEJpp2pZhYQAAAAA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:45:16.154136 2018] [:error] [pid 373344:tid 140696325211904] [client 213.230.93.194:29904] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sFzA1TjRqw0VbHDL2uogAAAVg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:45:16.155712 2018] [:error] [pid 373344:tid 140696325211904] [client 213.230.93.194:29904] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sFzA1TjRqw0VbHDL2uogAAAVg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:45:16.219376 2018] [:error] [pid 373344:tid 140696325211904] [client 213.230.93.194:29904] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sFzA1TjRqw0VbHDL2uogAAAVg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:45:16.219888 2018] [:error] [pid 373344:tid 140696325211904] [client 213.230.93.194:29904] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sFzA1TjRqw0VbHDL2uogAAAVg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:47:08.165614 2018] [:error] [pid 373343:tid 140696375568128] [client 213.230.93.194:44789] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09@825B ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sGPHCFKoS7yqQNPNRO7AAAANI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:47:08.167295 2018] [:error] [pid 373343:tid 140696375568128] [client 213.230.93.194:44789] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sGPHCFKoS7yqQNPNRO7AAAANI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:47:08.234858 2018] [:error] [pid 373343:tid 140696375568128] [client 213.230.93.194:44789] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sGPHCFKoS7yqQNPNRO7AAAANI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 16:47:08.235395 2018] [:error] [pid 373343:tid 140696375568128] [client 213.230.93.194:44789] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sGPHCFKoS7yqQNPNRO7AAAANI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479
[Fri Jul 27 17:08:36.543457 2018] [:error] [pid 373130:tid 140696493065984] [client 213.230.93.194:56455] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sLRNmjLv3QEJpp2pZlrAAAAAQ"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:08:36.545072 2018] [:error] [pid 373130:tid 140696493065984] [client 213.230.93.194:56455] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sLRNmjLv3QEJpp2pZlrAAAAAQ"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:08:36.551351 2018] [:error] [pid 373130:tid 140696493065984] [client 213.230.93.194:56455] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sLRNmjLv3QEJpp2pZlrAAAAAQ"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:08:36.551831 2018] [:error] [pid 373130:tid 140696493065984] [client 213.230.93.194:56455] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sLRNmjLv3QEJpp2pZlrAAAAAQ"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:09:09.066708 2018] [:error] [pid 373093:tid 140696501458688] [client 213.230.93.194:13451] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sLZfr-27kSUAVZAb-PiwAAAEM"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:09:09.068307 2018] [:error] [pid 373093:tid 140696501458688] [client 213.230.93.194:13451] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sLZfr-27kSUAVZAb-PiwAAAEM"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:09:09.139623 2018] [:error] [pid 373093:tid 140696501458688] [client 213.230.93.194:13451] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sLZfr-27kSUAVZAb-PiwAAAEM"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:09:09.140105 2018] [:error] [pid 373093:tid 140696501458688] [client 213.230.93.194:13451] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sLZfr-27kSUAVZAb-PiwAAAEM"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:19:43.305448 2018] [:error] [pid 373343:tid 140696459495168] [client 213.230.93.194:37384] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: = ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09@825BONB= ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sN33CFKoS7yqQNPNRQigAAAMg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:19:43.307089 2018] [:error] [pid 373343:tid 140696459495168] [client 213.230.93.194:37384] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sN33CFKoS7yqQNPNRQigAAAMg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:19:43.348425 2018] [:error] [pid 373343:tid 140696459495168] [client 213.230.93.194:37384] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sN33CFKoS7yqQNPNRQigAAAMg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:19:43.348927 2018] [:error] [pid 373343:tid 140696459495168] [client 213.230.93.194:37384] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sN33CFKoS7yqQNPNRQigAAAMg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:19:54.976725 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:50760] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sN6g1TjRqw0VbHDL2xAQAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:19:54.978241 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:50760] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sN6g1TjRqw0VbHDL2xAQAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:19:55.002562 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:50760] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sN6g1TjRqw0VbHDL2xAQAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:19:55.003049 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:50760] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sN6g1TjRqw0VbHDL2xAQAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:20:52.391894 2018] [:error] [pid 373344:tid 140696383960832] [client 213.230.93.194:37070] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB= =>=@@@=@=@</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sOJA1TjRqw0VbHDL2xGQAAAVE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:20:52.393570 2018] [:error] [pid 373344:tid 140696383960832] [client 213.230.93.194:37070] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sOJA1TjRqw0VbHDL2xGQAAAVE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:20:52.419143 2018] [:error] [pid 373344:tid 140696383960832] [client 213.230.93.194:37070] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sOJA1TjRqw0VbHDL2xGQAAAVE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:20:52.419634 2018] [:error] [pid 373344:tid 140696383960832] [client 213.230.93.194:37070] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sOJA1TjRqw0VbHDL2xGQAAAVE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:21:55.933730 2018] [:error] [pid 373093:tid 140696526636800] [client 213.230.93.194:20974] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sOY-r-27kSUAVZAb-QvwAAAEA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:21:55.935380 2018] [:error] [pid 373093:tid 140696526636800] [client 213.230.93.194:20974] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sOY-r-27kSUAVZAb-QvwAAAEA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:21:55.971317 2018] [:error] [pid 373093:tid 140696526636800] [client 213.230.93.194:20974] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sOY-r-27kSUAVZAb-QvwAAAEA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:21:55.971835 2018] [:error] [pid 373093:tid 140696526636800] [client 213.230.93.194:20974] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sOY-r-27kSUAVZAb-QvwAAAEA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:28:13.996360 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:61932] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sP3Q1TjRqw0VbHDL2xzwAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:28:13.997961 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:61932] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sP3Q1TjRqw0VbHDL2xzwAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:28:14.032399 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:61932] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sP3Q1TjRqw0VbHDL2xzwAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:28:14.032894 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:61932] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sP3Q1TjRqw0VbHDL2xzwAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:32:47.923648 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:41713] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sQ7-r-27kSUAVZAb-RYgAAAEg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:32:47.925206 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:41713] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sQ7-r-27kSUAVZAb-RYgAAAEg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:32:47.958587 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:41713] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sQ7-r-27kSUAVZAb-RYgAAAEg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:32:47.959109 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:41713] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sQ7-r-27kSUAVZAb-RYgAAAEg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356
[Fri Jul 27 17:43:17.562716 2018] [:error] [pid 373130:tid 140696383960832] [client 213.230.93.194:41519] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sTZdmjLv3QEJpp2pZoWwAAABE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:43:17.564389 2018] [:error] [pid 373130:tid 140696383960832] [client 213.230.93.194:41519] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sTZdmjLv3QEJpp2pZoWwAAABE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:43:17.564662 2018] [:error] [pid 373130:tid 140696383960832] [client 213.230.93.194:41519] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sTZdmjLv3QEJpp2pZoWwAAABE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:43:17.565092 2018] [:error] [pid 373130:tid 140696383960832] [client 213.230.93.194:41519] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sTZdmjLv3QEJpp2pZoWwAAABE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:43:58.678290 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:29045] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sTjg1TjRqw0VbHDL2y4wAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:43:58.679793 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:29045] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sTjg1TjRqw0VbHDL2y4wAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:43:58.680061 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:29045] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sTjg1TjRqw0VbHDL2y4wAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:43:58.680500 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:29045] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sTjg1TjRqw0VbHDL2y4wAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:45:53.386278 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:54523] [client 213.230.93.194] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09<font style=\\x22vertical-align: inherit;\\x22><font style=\\x22vertical-align: inherit;\\x22>ONB=</font></font></p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUAdmjLv3QEJpp2pZobQAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:45:53.386732 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:54523] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <p>\\x0d\\x0a\\x09<font style=\\x22vertical-align: inherit;\\x22><fontstyle= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09<font style=\\x22vertical-align: inherit;\\x22><font style=\\x22vertical-align: inherit;\\x22>ONB=</font></font></p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8 [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUAdmjLv3QEJpp2pZobQAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:45:53.388461 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:54523] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUAdmjLv3QEJpp2pZobQAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:45:53.388822 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:54523] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUAdmjLv3QEJpp2pZobQAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:45:53.389347 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:54523] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUAdmjLv3QEJpp2pZobQAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:47:13.879675 2018] [:error] [pid 373093:tid 140696383960832] [client 213.230.93.194:14891] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUUfr-27kSUAVZAb-S9AAAAFE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:47:13.881185 2018] [:error] [pid 373093:tid 140696383960832] [client 213.230.93.194:14891] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sUUfr-27kSUAVZAb-S9AAAAFE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:47:13.881416 2018] [:error] [pid 373093:tid 140696383960832] [client 213.230.93.194:14891] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sUUfr-27kSUAVZAb-S9AAAAFE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:47:13.881812 2018] [:error] [pid 373093:tid 140696383960832] [client 213.230.93.194:14891] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sUUfr-27kSUAVZAb-S9AAAAFE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:52:08.598176 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sVeA1TjRqw0VbHDL2zaAAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:52:08.599650 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sVeA1TjRqw0VbHDL2zaAAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:52:08.599924 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sVeA1TjRqw0VbHDL2zaAAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:52:08.600332 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sVeA1TjRqw0VbHDL2zaAAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:52:15.027608 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=0</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag"OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sVfw1TjRqw0VbHDL2zagAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:52:15.029101 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sVfw1TjRqw0VbHDL2zagAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:52:15.029356 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sVfw1TjRqw0VbHDL2zagAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 17:52:15.029768 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sVfw1TjRqw0VbHDL2zagAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72
[Fri Jul 27 18:04:57.936271 2018] [:error] [pid 373343:tid 140696509851392] [client 213.230.93.194:64259] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09=@@=@=@=bhghghghgghgh ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sYeXCFKoS7yqQNPNRU2QAAAMI"],referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0
[Fri Jul 27 18:04:57.937626 2018] [:error] [pid 373343:tid 140696509851392] [client 213.230.93.194:64259] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sYeXCFKoS7yqQNPNRU2QAAAMI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0
[Fri Jul 27 18:04:57.937944 2018] [:error] [pid 373343:tid 140696509851392] [client 213.230.93.194:64259] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sYeXCFKoS7yqQNPNRU2QAAAMI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0
[Fri Jul 27 18:04:57.938353 2018] [:error] [pid 373343:tid 140696509851392] [client 213.230.93.194:64259] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sYeXCFKoS7yqQNPNRU2QAAAMI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0
[Fri Jul 27 18:05:11.154919 2018] [:error] [pid 373112:tid 140696476280576] [client 213.230.93.194:25355] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09=@@=@=@=bhghghghgghgh ONB= @=@@==@</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sYh0XLN-ozM67BhZT0pwAAAQY"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0
[Fri Jul 27 18:05:11.156255 2018] [:error] [pid 373112:tid 140696476280576] [client 213.230.93.194:25355] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sYh0XLN-ozM67BhZT0pwAAAQY"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0
[Fri Jul 27 18:05:11.156535 2018] [:error] [pid 373112:tid 140696476280576] [client 213.230.93.194:25355] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sYh0XLN-ozM67BhZT0pwAAAQY"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0
[Fri Jul 27 18:05:11.157013 2018] [:error] [pid 373112:tid 140696476280576] [client 213.230.93.194:25355] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sYh0XLN-ozM67BhZT0pwAAAQY"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0
[Fri Jul 27 18:47:18.596775 2018] [:error] [pid 373130:tid 140696333604608] [client 213.230.93.194:11527] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1siZtmjLv3QEJpp2pZsZgAAABc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=7344c87e82bf8c96121f804c87dfb3a4
[Fri Jul 27 18:47:18.598539 2018] [:error] [pid 373130:tid 140696333604608] [client 213.230.93.194:11527] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1siZtmjLv3QEJpp2pZsZgAAABc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=7344c87e82bf8c96121f804c87dfb3a4
[Fri Jul 27 18:47:18.598821 2018] [:error] [pid 373130:tid 140696333604608] [client 213.230.93.194:11527] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1siZtmjLv3QEJpp2pZsZgAAABc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=7344c87e82bf8c96121f804c87dfb3a4
[Fri Jul 27 18:47:18.599254 2018] [:error] [pid 373130:tid 140696333604608] [client 213.230.93.194:11527] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1siZtmjLv3QEJpp2pZsZgAAABc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=7344c87e82bf8c96121f804c87dfb3a4
[Fri Jul 27 18:52:22.994925 2018] [:error] [pid 373130:tid 140696425924352] [client 213.230.93.194:18690] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28O A>3;0H5=8O ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sjltmjLv3QEJpp2pZs7gAAAAw"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 18:52:22.998149 2018] [:error] [pid 373130:tid 140696425924352] [client 213.230.93.194:18690] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sjltmjLv3QEJpp2pZs7gAAAAw"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 18:52:22.998429 2018] [:error] [pid 373130:tid 140696425924352] [client 213.230.93.194:18690] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sjltmjLv3QEJpp2pZs7gAAAAw"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 18:52:22.998859 2018] [:error] [pid 373130:tid 140696425924352] [client 213.230.93.194:18690] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sjltmjLv3QEJpp2pZs7gAAAAw"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:04:25.202430 2018] [:error] [pid 373344:tid 140696526636800] [client 213.230.93.194:19500] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8O</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1smaQ1TjRqw0VbHDL28EAAAAUA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:04:25.205692 2018] [:error] [pid 373344:tid 140696526636800] [client 213.230.93.194:19500] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1smaQ1TjRqw0VbHDL28EAAAAUA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:04:26.271536 2018] [:error] [pid 373344:tid 140696526636800] [client 213.230.93.194:19500] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1smaQ1TjRqw0VbHDL28EAAAAUA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:04:26.272063 2018] [:error] [pid 373344:tid 140696526636800] [client 213.230.93.194:19500] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1smaQ1TjRqw0VbHDL28EAAAAUA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:06:28.427050 2018] [:error] [pid 373093:tid 140696509851392] [client 213.230.93.194:26557] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8O</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sm5Pr-27kSUAVZAb-ZHQAAAEI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:06:28.430310 2018] [:error] [pid 373093:tid 140696509851392] [client 213.230.93.194:26557] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sm5Pr-27kSUAVZAb-ZHQAAAEI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:06:28.456378 2018] [:error] [pid 373093:tid 140696509851392] [client 213.230.93.194:26557] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sm5Pr-27kSUAVZAb-ZHQAAAEI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:06:28.456910 2018] [:error] [pid 373093:tid 140696509851392] [client 213.230.93.194:26557] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sm5Pr-27kSUAVZAb-ZHQAAAEI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:07:04.347314 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:24712] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8O</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1snCNmjLv3QEJpp2pZuJwAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:07:04.350575 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:24712] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1snCNmjLv3QEJpp2pZuJwAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:07:04.846468 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:24712] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1snCNmjLv3QEJpp2pZuJwAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:07:04.846971 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:24712] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1snCNmjLv3QEJpp2pZuJwAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:08:49.404178 2018] [:error] [pid 373112:tid 140696333604608] [client 213.230.93.194:44360] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8O</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sncUXLN-ozM67BhZT6BgAAARc"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:08:49.407522 2018] [:error] [pid 373112:tid 140696333604608] [client 213.230.93.194:44360] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sncUXLN-ozM67BhZT6BgAAARc"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:08:49.799632 2018] [:error] [pid 373112:tid 140696333604608] [client 213.230.93.194:44360] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sncUXLN-ozM67BhZT6BgAAARc"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:08:49.800169 2018] [:error] [pid 373112:tid 140696333604608] [client 213.230.93.194:44360] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sncUXLN-ozM67BhZT6BgAAARc"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:13:25.030183 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:50910] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8Okiki</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=kiki</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag"WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sohfr-27kSUAVZAb-aBwAAAEg"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:13:25.033731 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:50910] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sohfr-27kSUAVZAb-aBwAAAEg"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:13:25.596649 2018] [:error] [pid 373112:tid 140696375568128] [client 213.230.93.194:44953] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8Okiki</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=kiki</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag"WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sohUXLN-ozM67BhZT6cAAAARI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:13:25.600145 2018] [:error] [pid 373112:tid 140696375568128] [client 213.230.93.194:44953] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sohUXLN-ozM67BhZT6cAAAARI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:13:26.034873 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:50910] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sohfr-27kSUAVZAb-aBwAAAEg"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:13:26.035404 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:50910] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sohfr-27kSUAVZAb-aBwAAAEg"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:13:26.052491 2018] [:error] [pid 373112:tid 140696375568128] [client 213.230.93.194:44953] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sohUXLN-ozM67BhZT6cAAAARI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:13:26.052970 2018] [:error] [pid 373112:tid 140696375568128] [client 213.230.93.194:44953] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sohUXLN-ozM67BhZT6cAAAARI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:14:48.340234 2018] [:error] [pid 373112:tid 140696493065984] [client 213.230.93.194:57271] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8Okiki</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=kiki</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag"WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1so2EXLN-ozM67BhZT6uQAAAQQ"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:14:48.343597 2018] [:error] [pid 373112:tid 140696493065984] [client 213.230.93.194:57271] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1so2EXLN-ozM67BhZT6uQAAAQQ"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:14:49.376676 2018] [:error] [pid 373112:tid 140696493065984] [client 213.230.93.194:57271] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1so2EXLN-ozM67BhZT6uQAAAQQ"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:14:49.377239 2018] [:error] [pid 373112:tid 140696493065984] [client 213.230.93.194:57271] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1so2EXLN-ozM67BhZT6uQAAAQQ"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:17:19.924053 2018] [:error] [pid 373343:tid 140696526636800] [client 213.230.93.194:24743] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8Okiki</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=kiki</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag"WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1spb3CFKoS7yqQNPNRbgQAAAMA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:17:19.927339 2018] [:error] [pid 373343:tid 140696526636800] [client 213.230.93.194:24743] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1spb3CFKoS7yqQNPNRbgQAAAMA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:17:20.963039 2018] [:error] [pid 373343:tid 140696526636800] [client 213.230.93.194:24743] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1spb3CFKoS7yqQNPNRbgQAAAMA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:17:20.963578 2018] [:error] [pid 373343:tid 140696526636800] [client 213.230.93.194:24743] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1spb3CFKoS7yqQNPNRbgQAAAMA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5
[Fri Jul 27 19:19:07.012545 2018] [:error] [pid 373112:tid 140696518244096] [client 213.230.93.194:57688] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09\\x18=D>@<0F8O > 4>AB02:5jjONB=\\xa0</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\xa0</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sp20XLN-ozM67BhZT6-QAAAQE"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6
[Fri Jul 27 19:19:07.016112 2018] [:error] [pid 373112:tid 140696518244096] [client 213.230.93.194:57688] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sp20XLN-ozM67BhZT6-QAAAQE"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6
[Fri Jul 27 19:19:07.553236 2018] [:error] [pid 373112:tid 140696518244096] [client 213.230.93.194:57688] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sp20XLN-ozM67BhZT6-QAAAQE"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6
[Fri Jul 27 19:19:07.553748 2018] [:error] [pid 373112:tid 140696518244096] [client 213.230.93.194:57688] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sp20XLN-ozM67BhZT6-QAAAQE"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6
[Fri Jul 27 19:19:27.126760 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:31238] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09\\x18=D>@<0F8O > 4>AB02:5jjONB=\\xa0</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\xa0</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sp79mjLv3QEJpp2pZvLgAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6
[Fri Jul 27 19:19:27.130117 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:31238] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sp79mjLv3QEJpp2pZvLgAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6
[Fri Jul 27 19:19:27.154466 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:31238] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sp79mjLv3QEJpp2pZvLgAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6
[Fri Jul 27 19:19:27.155012 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:31238] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sp79mjLv3QEJpp2pZvLgAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6
Похоже ты прав на 100 %
Попробую отключить правила http://kb.bodhost.com/why-and-how-to-disable-mod_security/