sahostking

Well-Known Member
May 15, 2012
349
6
68
Cape Town, South Africa
cPanel Access Level
Root Administrator
[Tue Nov 19 11:50:13.329949 2019] [:error] [pid 206583:tid 47276449986304] [client 35.243.115.20:57622] [client 35.243.115.20] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Attack Detected via libinjection"] [tag "event-correlation"] [hostname "www.sitedomain.com"] [uri "/index.php"] [unique_id "XdO61TVLl3ZTUBSeVvkGagAAAUw"]

[Tue Nov 19 11:51:07.093268 2019] [:error] [pid 206683:tid 47276456290048] [client 35.243.115.20:35058] [client 35.243.115.20] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: <?xml version found within ARGS_NAMES:<?xml version: <?xml version"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.sitedomain.com"] [uri "/xmlrpc.php"] [unique_id "[email protected]@@N87oYyMoiLcoQAAAY8"]


Are these googlebout blocks? from modsecurity
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,421
689
263
Houston
cPanel Access Level
DataCenter Provider
The IP is owned by google but it is NOT a official google IP it's clearly stated in the whois that these are IP's in use by Google Cloud Customers:

Code:
NetRange:       35.208.0.0 - 35.247.255.255
CIDR:           35.208.0.0/12, 35.224.0.0/12, 35.240.0.0/13
NetName:        GOOGLE-CLOUD
NetHandle:      NET-35-208-0-0-1
Parent:         NET35 (NET-35-0-0-0-0)
NetType:        Direct Allocation
OriginAS:
Organization:   Google LLC (GOOGL-2)
RegDate:        2017-09-29
Updated:        2018-01-24
Comment:        [B]* The IP addresses under this Org-ID are in use by Google Cloud customers *[/B]
Comment:
Comment:        Direct all copyright and legal complaints to
Comment:        https://support.google.com/legal/go/report
Comment:
Comment:        Direct all spam and abuse complaints to
Comment:        https://support.google.com/code/go/gce_abuse_report
Comment:
Comment:        For fastest response, use the relevant forms above.
Comment:
Comment:        Complaints can also be sent to the GC Abuse desk
Comment:        ([email protected])
Comment:        but may have longer turnaround times.
Ref:            https://rdap.arin.net/registry/ip/35.208.0.0