Scribd
Upload
60 views5 pages

Waf Logs

The document contains log data from a web server. It shows GET requests made to a WordPress site from two IP addresses, with the requests blocked and returning HTTP status code 406 due to patterns detected that aimed to prevent PHP files from executing or restrict access to xmlrpc.php to POST only.

Uploaded by

Klayton Pires
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
60 views5 pages

Waf Logs

The document contains log data from a web server. It shows GET requests made to a WordPress site from two IP addresses, with the requests blocked and returning HTTP status code 406 due to patterns detected that aimed to prevent PHP files from executing or restrict access to xmlrpc.php to POST only.

Uploaded by

Klayton Pires
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Sheet1

ID IP HTTP METHOD HTTP VERSION


430034 141.147.45.186 GET HTTP/1.1

430034 141.147.45.186 GET HTTP/1.1

430034 141.147.45.186 GET HTTP/1.1

430034 141.147.45.186 GET HTTP/1.1

430034 141.147.45.186 GET HTTP/1.1

430027 141.147.45.186 GET HTTP/1.1

430017 141.147.45.186 GET HTTP/1.1

430017 141.147.45.186 GET HTTP/1.1

430034 141.147.45.186 GET HTTP/1.1

430034 141.147.45.186 GET HTTP/1.1

430034 141.147.45.186 GET HTTP/1.1

430034 141.147.45.186 GET HTTP/1.1

430034 141.147.45.186 GET HTTP/1.1

580004 92.118.36.208 GET HTTP/1.1

Page 1
Sheet1

REASON
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - request_uri: Wordpress - prevent PHP files from executing

Malware.Expert - Wordpress - xmlrpc.php accept only POST requests

Page 2
Sheet1

JUSTIFICATION
Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.

Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.

Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.

Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.

Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.

Pattern match "/wp-admin/css/.*\\.php" at REQUEST_URI.

Pattern match "/wp-content/uploads/.*\\.php" at REQUEST_URI.

Pattern match "/wp-content/uploads/.*\\.php" at REQUEST_URI.

Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.

Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.

Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.

Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.

Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.

String match "xmlrpc.php" at REQUEST_URI.

Page 3
Sheet1

HOSTNAME URI HTTP STATUS


nanucloud.com /wp-admin/includes/class-wp-me
406

nanucloud.com /wp-admin/includes/maint/repai406

nanucloud.com /wp-admin/includes/edit-tag-m 406

nanucloud.com /wp-admin/includes/tablepress_406

nanucloud.com /wp-admin/includes/block-line.p406

nanucloud.com /wp-admin/css/modern/colors.c406

nanucloud.com /wp-content/uploads/readindex 406

nanucloud.com /wp-content/uploads/small.php 406

nanucloud.com /wp-admin/includes/mar.php 406

nanucloud.com /wp-admin/includes/readindex. 406

nanucloud.com /wp-admin/includes/maint/wp-r 406

nanucloud.com /wp-admin/includes/maint/wp-c 406

nanucloud.com /wp-admin/includes/media-site. 406

nanucloud.com /ul8zr2/xmlrpc.php 406

Page 4
Sheet1

ACTION TIME
Access denied with code 406 (phase 2) 2022-06-11 19:26:39

Access denied with code 406 (phase 2) 2022-06-11 19:26:39

Access denied with code 406 (phase 2) 2022-06-11 19:26:39

Access denied with code 406 (phase 2) 2022-06-11 19:26:39

Access denied with code 406 (phase 2) 2022-06-11 19:26:39

Access denied with code 406 (phase 2) 2022-06-11 19:26:39

Access denied with code 406 (phase 2) 2022-06-11 19:26:38

Access denied with code 406 (phase 2) 2022-06-11 19:26:38

Access denied with code 406 (phase 2) 2022-06-11 19:26:38

Access denied with code 406 (phase 2) 2022-06-11 19:26:38

Access denied with code 406 (phase 2) 2022-06-11 19:26:38

Access denied with code 406 (phase 2) 2022-06-11 19:26:38

Access denied with code 406 (phase 2) 2022-06-11 19:26:38

Access denied with code 406 (phase 2) 2022-04-22 00:04:57

Page 5

You might also like