--fecb387d-A--
[27/Sep/2011:01:04:14 +0100] ToES-dXlfQYAAGD-UgsAAAAn 209.172.61.41 58098 109.75.170.170 80
--fecb387d-B--
POST /xmlrpc.php HTTP/1.0
User-Agent: The Incutio XML-RPC PHP Library -- WordPress/3.2.1
Host:
www.domainname.co.uk
Accept: */*
Content-Type: text/xml
Accept-Encoding: deflate;q=1.0, compress;q=0.5
Content-Length: 359
--fecb387d-C--
<?xml version="1.0"?>
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param><value><string>http://www.domain.com/relationships/relationships-weddings/trinkets-perfect-presents-for-a-wedding/</string></value></param>
<param><value><string>http://www.domainname.co.uk/wedding-shoes-sale</string></value></param>
</params></methodCall>
--fecb387d-F--
HTTP/1.1 404 Not Found
X-Powered-By: PHP/5.2.17
X-Pingback:
http://www.domainname.co.uk/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Tue, 27 Sep 2011 00:04:14 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
--fecb387d-H--
Message: Access denied with code 406 (phase 2). Match of "rx (^application/x-www-form-urlencoded|^multipart/form-data
![Wink Smilie](https://www.unix.com/images/smilies/wink.gif)
.*$" against "REQUEST_HEADERS:Content-Type" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "14"]
[id "90111"]
Action: Intercepted (phase 2)
Stopwatch: 1317081853500200 736240 (2276* 2408 -)
Producer: ModSecurity for Apache/2.5.13 (
ModSecurity: Open Source Web Application Firewall).
--f42e2544-A--
[26/Sep/2011:16:03:13 +0100] ToCUMdXlTpYAACTqNMsAAAAO 80.33.86.223 53424 91.186.30.249 80
--f42e2544-B--
GET /im/qs_menu.php?text=Contact%20Us&bt_img=bt_contact HTTP/1.1
Accept: */*
Referer:
http://www.domainname.com/
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.1)
Accept-Encoding: gzip, deflate
Host:
www.domainname.com
Connection: Keep-Alive
Cookie: PHPSESSID=f933fb642e1c3e258b7c9787b49d2408; lang=en
--f42e2544-F--
HTTP/1.1 406 Not Acceptable
Content-Length: 384
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
--f42e2544-H--
Message: Access denied with code 406 (phase 2). Pattern match "_img|amature-big-titties|amature-big-titties|avril-laveign-porn|breast-touch-video|gingers-having-sex|naked-indian-models" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "109"]
[id "950013"] [msg "PHP/FTP Injection Attack. Matched signature <_img>"] [severity "CRITICAL"]
Apache-Error: [file "core.c"] [line 3650] [level 3] File does not exist: /home/costadel/domains/domainname.com/public_html/406.shtml, referer: http://www.
domainname.com/
Action: Intercepted (phase 2)
Stopwatch: 1317049393646593 1950 (402 1648 -)
Producer: ModSecurity for Apache/2.5.13 (http://www.modsecurity.org/).