[Tue May 17 06:25:02.

000145 2022] [mpm_prefork:notice] [pid 3721] AH00163:

Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Tue May 17 06:25:02.000236 2022] [core:notice] [pid 3721] AH00094: Command line:
'/usr/sbin/apache2'
[Tue May 17 06:34:54.736828 2022] [:error] [pid 29611] [client
62.197.136.223:49386] script '/var/www/biblioteca.unicordoba.edu.co/fw.php' not
found or unable to stat, referer: www.google.com
[Tue May 17 06:35:05.413644 2022] [:error] [pid 29612] [client
62.197.136.223:57608] script '/var/www/biblioteca.unicordoba.edu.co/fw.php' not
found or unable to stat, referer: www.google.com
[Tue May 17 06:35:12.931606 2022] [:error] [pid 29596] [client
62.197.136.223:59807] script '/var/www/biblioteca.unicordoba.edu.co/ffAA531.php'
not found or unable to stat, referer: www.google.com
[Tue May 17 06:40:40.558176 2022] [spamhaus:crit] [pid 29611] [client
172.16.14.50:40720] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 06:50:32.903792 2022] [spamhaus:crit] [pid 29612] [client
172.16.14.50:38096] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 07:42:23.965809 2022] [spamhaus:crit] [pid 29841] [client
172.16.14.50:38130] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 07:51:39.627205 2022] [spamhaus:crit] [pid 29605] [client
172.16.14.50:38132] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 08:41:48.590437 2022] [spamhaus:crit] [pid 29610] [client
172.16.14.50:38172] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 08:50:29.547815 2022] [spamhaus:crit] [pid 29840] [client
172.16.14.50:40806] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 09:18:11.488168 2022] [:error] [pid 30282] [client 106.53.133.247]
ModSecurity: XML parser error: XML: Failed parsing document. [hostname
"biblioteca.unicordoba.edu.co"] [uri "/xmlrpc.php"] [unique_id
"YoOuo6wQDjIAAHZKGLgAAAAl"]
[Tue May 17 09:18:11.488298 2022] [:error] [pid 30282] [client 106.53.133.247]
ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against
"REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "60"]
[id "200002"] [msg "Failed to parse request body."] [data "XML parser error: XML:
Failed parsing document."] [severity "CRITICAL"] [hostname
"biblioteca.unicordoba.edu.co"] [uri "/xmlrpc.php"] [unique_id
"YoOuo6wQDjIAAHZKGLgAAAAl"]
[Tue May 17 09:18:12.229497 2022] [spamhaus:crit] [pid 30359] [client
106.53.133.247:45542] mod_spamhaus: address 106.53.133.247 is blacklisted but it's
not in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP
address will not get filtered, referer:
http://biblioteca.unicordoba.edu.co/xmlrpc.php
[Tue May 17 09:18:12.230036 2022] [:error] [pid 30359] [client 106.53.133.247]
ModSecurity: XML parser error: XML: Failed parsing document. [hostname
"biblioteca.unicordoba.edu.co"] [uri "/xmlrpc.php"] [unique_id
"YoOupKwQDjIAAHaXZnIAAAAz"]
[Tue May 17 09:18:12.230116 2022] [:error] [pid 30359] [client 106.53.133.247]
ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against
"REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "60"]
[id "200002"] [msg "Failed to parse request body."] [data "XML parser error: XML:
Failed parsing document."] [severity "CRITICAL"] [hostname
"biblioteca.unicordoba.edu.co"] [uri "/xmlrpc.php"] [unique_id
"YoOupKwQDjIAAHaXZnIAAAAz"]
[Tue May 17 09:18:12.860838 2022] [:error] [pid 30357] [client 106.53.133.247]
ModSecurity: XML parser error: XML: Failed parsing document. [hostname
"biblioteca.unicordoba.edu.co"] [uri "/xmlrpc.php"] [unique_id
"YoOupKwQDjIAAHaVBdMAAAAx"]
[Tue May 17 09:18:12.860985 2022] [:error] [pid 30357] [client 106.53.133.247]
ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against
"REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "60"]
[id "200002"] [msg "Failed to parse request body."] [data "XML parser error: XML:
Failed parsing document."] [severity "CRITICAL"] [hostname
"biblioteca.unicordoba.edu.co"] [uri "/xmlrpc.php"] [unique_id
"YoOupKwQDjIAAHaVBdMAAAAx"]
body.xml:2: parser error : XML declaration allowed only at the start of the
document
<?xml version="1.0" encoding="iso-8859-1"?>
^
body.xml:2: parser error : XML declaration allowed only at the start of the
document
<?xml version="1.0" encoding="iso-8859-1"?>
^
[Tue May 17 09:37:49.858641 2022] [spamhaus:crit] [pid 30497] [client
172.16.14.50:38352] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 09:40:54.664043 2022] [spamhaus:crit] [pid 31314] [client
172.16.14.50:38358] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 09:50:42.497539 2022] [spamhaus:crit] [pid 31316] [client
172.16.14.50:38370] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 10:05:36.882526 2022] [:error] [pid 31317] [client 143.131.209.125]
ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at
REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/activated_rules/REQUEST-930-
APPLICATION-ATTACK-LFI.conf"] [line "128"] [id "930130"] [msg "Restricted File
Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"]
[severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag
"language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag
"OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag
"OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "167.249.42.248"] [uri "/.env"]
[unique_id "YoO5wKwQDjIAAHpVDiwAAAAJ"]
[Tue May 17 10:05:37.861524 2022] [spamhaus:crit] [pid 30042] [client
143.131.209.125:38016] mod_spamhaus: address 143.131.209.125 is blacklisted but
it's not in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP
address will not get filtered
[Tue May 17 10:17:12.972853 2022] [:error] [pid 30026] [client 149.3.170.199:57778]
PHP Notice: Use of undefined constant ABSPATH - assumed 'ABSPATH' in
/var/www/biblioteca.unicordoba.edu.co/wp-includes/class-wp-http.php on line 11,
referer: binance.com
[Tue May 17 10:17:12.973005 2022] [:error] [pid 30026] [client 149.3.170.199:57778]
PHP Notice: Use of undefined constant WPINC - assumed 'WPINC' in
/var/www/biblioteca.unicordoba.edu.co/wp-includes/class-wp-http.php on line 11,
referer: binance.com
[Tue May 17 10:17:12.973135 2022] [:error] [pid 30026] [client 149.3.170.199:57778]
PHP Warning: require(ABSPATHWPINC/class-requests.php): failed to open stream: No
such file or directory in /var/www/biblioteca.unicordoba.edu.co/wp-includes/class-
wp-http.php on line 11, referer: binance.com
[Tue May 17 10:17:12.973157 2022] [:error] [pid 30026] [client 149.3.170.199:57778]
PHP Fatal error: require(): Failed opening required 'ABSPATHWPINC/class-
requests.php' (include_path='.:/usr/share/php') in
/var/www/biblioteca.unicordoba.edu.co/wp-includes/class-wp-http.php on line 11,
referer: binance.com
[Tue May 17 10:17:26.652124 2022] [:error] [pid 30053] [client 149.3.170.199:58522]
PHP Fatal error: Uncaught Error: Call to undefined function
get_the_block_template_html() in /var/www/biblioteca.unicordoba.edu.co/wp-
includes/template-canvas.php:12\nStack trace:\n#0 {main}\n thrown in
/var/www/biblioteca.unicordoba.edu.co/wp-includes/template-canvas.php on line 12,
referer: binance.com
[Tue May 17 10:17:52.919764 2022] [:error] [pid 31500] [client 149.3.170.199:60122]
PHP Notice: Use of undefined constant ABSPATH - assumed 'ABSPATH' in
/var/www/biblioteca.unicordoba.edu.co/wp-includes/blocks/index.php on line 9,
referer: binance.com
[Tue May 17 10:17:52.922508 2022] [:error] [pid 31500] [client 149.3.170.199:60122]
PHP Notice: Use of undefined constant WPINC - assumed 'WPINC' in
/var/www/biblioteca.unicordoba.edu.co/wp-includes/blocks/index.php on line 9,
referer: binance.com
[Tue May 17 10:17:52.922683 2022] [:error] [pid 31500] [client 149.3.170.199:60122]
PHP Warning: require(ABSPATHWPINC/blocks/archives.php): failed to open stream: No
such file or directory in
/var/www/biblioteca.unicordoba.edu.co/wp-includes/blocks/index.php on line 9,
referer: binance.com
[Tue May 17 10:17:52.922701 2022] [:error] [pid 31500] [client 149.3.170.199:60122]
PHP Fatal error: require(): Failed opening required
'ABSPATHWPINC/blocks/archives.php' (include_path='.:/usr/share/php') in
/var/www/biblioteca.unicordoba.edu.co/wp-includes/blocks/index.php on line 9,
referer: binance.com
[Tue May 17 10:18:08.584353 2022] [:error] [pid 31501] [client 149.3.170.199:61007]
PHP Fatal error: Class 'WP_Widget' not found in
/var/www/biblioteca.unicordoba.edu.co/wp-includes/widgets/class-wp-widget-block.php
on line 17, referer: binance.com
[Tue May 17 10:38:24.447996 2022] [spamhaus:crit] [pid 30042] [client
172.16.14.50:38404] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 10:40:45.859525 2022] [spamhaus:crit] [pid 31959] [client
172.16.14.50:38406] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 10:50:31.531180 2022] [spamhaus:crit] [pid 31959] [client
172.16.14.50:41034] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
[Tue May 17 11:00:21.745610 2022] [spamhaus:crit] [pid 30301] [client
193.106.191.48:42434] mod_spamhaus: address 193.106.191.48 is blacklisted but it's
not in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP
address will not get filtered
[Tue May 17 11:00:21.746855 2022] [:error] [pid 30301] [client 193.106.191.48]
ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:<\\\\?(?!
xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS_NAMES:<?. [file
"/usr/share/modsecurity-crs/activated_rules/REQUEST-933-APPLICATION-ATTACK-
PHP.conf"] [line "68"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag
Found"] [data "Matched Data: <? found within ARGS_NAMES:<?: <?"] [severity
"CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-php"]
[tag "platform-multi"] [tag "attack-injection-php"] [tag
"OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname
"167.249.42.248"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"]
[unique_id "YoPGlawQDjIAAHZdC-cAAAAb"]
[Tue May 17 11:47:14.224784 2022] [spamhaus:crit] [pid 31959] [client
172.16.14.50:38412] mod_spamhaus: address 172.16.14.50 is blacklisted but it's not
in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address
will not get filtered
sendmail: fatal: open /etc/postfix/main.cf: No such file or directory