[Wed Jan 24 10:03:09.721807 2018] [:error] [pid 9089:tid 140448216942336] [clien

1. [Wed Jan 24 10:03:09.721807 2018] [:error] [pid 9089:tid 140448216942336] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: host found within ARGS:acf[field_588574a91201e][0][field_599d19d7fe0bc]: <p class=\\x22h2 black\\x22>We successfully fill over <span style=\\x22color: #005ba8;\\x22>1000 positions</span>\\xa0a year making us one of the most experienced agencies.</p>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.astonadvantage.com.au"] [uri "/wp/wp-admin/admin-ajax.php"] [unique_id "WmfpXYi4byyxbs4qLALYLAAAAAE"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit
2. [Wed Jan 24 10:03:09.722005 2018] [:error] [pid 9089:tid 140448216942336] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: host found within ARGS:acf[field_588574a91201e][2][field_599d1998fe0ba]: <p class=\\x22h2 black\\x22><span style=\\x22color: #005ba8;\\x22>86% of our clients</span>\\xa0and\\xa0<span style=\\x22color: #005ba8;\\x22>87% of our candidates</span> rate our quality of service as EXCELLENT.</p>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.astonadvantage.com.au"] [uri "/wp/wp-admin/admin-ajax.php"] [unique_id "WmfpXYi4byyxbs4qLALYLAAAAAE"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit
3. [Wed Jan 24 10:03:09.725342 2018] [:error] [pid 9089:tid 140448216942336] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:acf[field_588574a91201e][0][field_599d19d7fe0bc]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <p class=\\x22h2 black\\x22>We successfully fill over <span style= found within ARGS:acf[field_588574a91201e][0][field_599d19d7fe0bc]: <p class=\\x22h2 black\\x22>We successfully fill over <span style=\\x22color: #005ba8;\\x22>1000 positions</span>\\xa0a year making us one of the most experienced agencies.</p>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack- [hostname "www.astonadvantage.com.au"] [uri "/wp/wp-admin/admin-ajax.php"] [unique_id "WmfpXYi4byyxbs4qLALYLAAAAAE"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit
4. [Wed Jan 24 10:03:09.725714 2018] [:error] [pid 9089:tid 140448216942336] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:acf[field_588574a91201e][2][field_599d1998fe0ba]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <p class=\\x22h2 black\\x22><span style=\\x22color: #005ba8;\\x22>86% of our clients</span>\\xa0and\\xa0<span style= found within ARGS:acf[field_588574a91201e][2][field_599d1998fe0ba]: <p class=\\x22h2 black\\x22><span style=\\x22color: #005ba8;\\x22>86% of our clients</span>\\xa0and\\xa0<span style=\\x22color: #005ba8;\\x22>87% of our candidates</span> rate our quality of service as EXCELLENT.</p>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [t [hostname "www.astonadvantage.com.au"] [uri "/wp/wp-admin/admin-ajax.php"] [unique_id "WmfpXYi4byyxbs4qLALYLAAAAAE"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit
5. [Wed Jan 24 10:03:09.745891 2018] [:error] [pid 9089:tid 140448216942336] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.astonadvantage.com.au"] [uri "/wp/wp-admin/admin-ajax.php"] [unique_id "WmfpXYi4byyxbs4qLALYLAAAAAE"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit
6. [Wed Jan 24 10:03:10.072869 2018] [:error] [pid 9089:tid 140448039397120] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection"] [tag "event-correlation"] [hostname "www.astonadvantage.com.au"] [uri "/index.php"] [unique_id "WmfpXYi4byyxbs4qLALYLAAAAAE"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit
7. [Wed Jan 24 10:03:10.154646 2018] [:error] [pid 9089:tid 140448216942336] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: host found within ARGS:acf[field_588574a91201e][0][field_599d19d7fe0bc]: <p class=\\x22h2 black\\x22>We successfully fill over <span style=\\x22color: #005ba8;\\x22>1000 positions</span>\\xa0a year making us one of the most experienced agencies.</p>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.astonadvantage.com.au"] [uri "/wp/wp-admin/post.php"] [unique_id "WmfpXoi4byyxbs4qLALYLgAAAAM"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit
8. [Wed Jan 24 10:03:10.154766 2018] [:error] [pid 9089:tid 140448216942336] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: host found within ARGS:acf[field_588574a91201e][2][field_599d1998fe0ba]: <p class=\\x22h2 black\\x22><span style=\\x22color: #005ba8;\\x22>86% of our clients</span>\\xa0and\\xa0<span style=\\x22color: #005ba8;\\x22>87% of our candidates</span> rate our quality of service as EXCELLENT.</p>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.astonadvantage.com.au"] [uri "/wp/wp-admin/post.php"] [unique_id "WmfpXoi4byyxbs4qLALYLgAAAAM"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit
9. [Wed Jan 24 10:03:10.158349 2018] [:error] [pid 9089:tid 140448216942336] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:acf[field_588574a91201e][0][field_599d19d7fe0bc]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <p class=\\x22h2 black\\x22>We successfully fill over <span style= found within ARGS:acf[field_588574a91201e][0][field_599d19d7fe0bc]: <p class=\\x22h2 black\\x22>We successfully fill over <span style=\\x22color: #005ba8;\\x22>1000 positions</span>\\xa0a year making us one of the most experienced agencies.</p>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack- [hostname "www.astonadvantage.com.au"] [uri "/wp/wp-admin/post.php"] [unique_id "WmfpXoi4byyxbs4qLALYLgAAAAM"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit
10. [Wed Jan 24 10:03:10.158671 2018] [:error] [pid 9089:tid 140448216942336] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:acf[field_588574a91201e][2][field_599d1998fe0ba]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <p class=\\x22h2 black\\x22><span style=\\x22color: #005ba8;\\x22>86% of our clients</span>\\xa0and\\xa0<span style= found within ARGS:acf[field_588574a91201e][2][field_599d1998fe0ba]: <p class=\\x22h2 black\\x22><span style=\\x22color: #005ba8;\\x22>86% of our clients</span>\\xa0and\\xa0<span style=\\x22color: #005ba8;\\x22>87% of our candidates</span> rate our quality of service as EXCELLENT.</p>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [t [hostname "www.astonadvantage.com.au"] [uri "/wp/wp-admin/post.php"] [unique_id "WmfpXoi4byyxbs4qLALYLgAAAAM"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit
11. [Wed Jan 24 10:03:10.180517 2018] [:error] [pid 9089:tid 140448216942336] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.astonadvantage.com.au"] [uri "/wp/wp-admin/post.php"] [unique_id "WmfpXoi4byyxbs4qLALYLgAAAAM"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit
12.  
13. [Wed Jan 24 10:03:10.502306 2018] [:error] [pid 9089:tid 140448039397120] [client 49.255.218.222:20158] [client 49.255.218.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection"] [tag "event-correlation"] [hostname "www.astonadvantage.com.au"] [uri "/index.php"] [unique_id "WmfpXoi4byyxbs4qLALYLgAAAAM"], referer: https://www.astonadvantage.com.au/wp/wp-admin/post.php?post=463&action=edit