Signatures
2FA1 – Request blocked, missing 2 factor authentication
Request blocked, missing 2 factor authentication.
2FA2 – Request blocked, missing 2 factor authentication
Request blocked, missing 2 factor authentication.
2FA3 – Request blocked, missing 2 factor authentication
Request blocked, missing 2 factor authentication.
ANP230 – Non standard POST request – Bot initiated
Non standard POST request – Bot initiated
The HTTP POST method is not using a standard request and is suspicious.
BAK023 – Backdoor access denied
Backdoor access denied
It happens when there’s an attempt to access specific files that could be backdoors.
Ex: Trying to access any file within /images/stories on Joomla: /images/stories/food.php
BAK024 – Backdoor location denied
Backdoor location denied
It happens when the request is trying to access a specific directory known to contain backdoors.
BBOT65 – Brute force bot blocked
Brute force bot blocked
When Sucuri’s systems detects a specific bot trying to attack your site using a brute force technique.
BLACK02 – Blacklisted IP address
Blacklisted IP address
When the IP of the visitor is blacklisted and is not authorized to view the website.
BLKUNF1 – Unfiltered HTML not authorized
Unfiltered HTML not authorized
When Sucuri detects use of unfiltered HTML and it’s not authorized by personal settings.
BLKUP2 – Content (or upload) not authorized
Content (or upload) not authorized
When there’s an attempt to upload files to the website and it’s not authorized by personal settings.
BNP002 – Scanning tool blocked
Scanning tool blocked
The system detected the use of automated tools to scan your website.
BNP003 – Bad bot access denied
Bad bot access denied
Sucuri blocked access to malicious bots from reaching your website.
Ex.: Using a User Agent like this:
Mozilla/5.0 (compatible; MJ12bot/v1.4.5; http://www.majestic12.co.uk/bot.php?+)
or
Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)
BNP004 – Request blocked, aggressive bot filter
Request blocked, aggressive bot filter.
BNP005 – Request blocked, aggressive bot filter
Request blocked, aggressive bot filter.
BNP006 – Request blocked, aggressive bot filter
Request blocked, aggressive bot filter.
CMB055 – Spam comment or xmlrpc denied
Spam comment or xmlrpc denied
When Sucuri’s system detects and blocks spam content or when the use of xmlrpc is blocked by personal settings not allowing comments on the website.
CUST01 – Access to this URL is not allowed
Access to this URL is not allowed
You are not authorized by the site owner to access this website address.
DDOS21 – DDOS attempt blocked
DDOS attempt blocked
Sucuri blocked a DDoS (Distributed Denial of Service) attack on your website.
ddos22 – DDOS attempt blocked
A request that matched Sucuri’s anti DDoS rules was blocked.
DIR081 – Directory listing not authorized
Directory listing not authorized
Sucuri blocked an attempt to list your server’s directories.
EVA079 – Evasion attempt denied
Evasion attempt denied
Sucuri detected an attempt to evade security filters.
EVA080 – Evasion through obfuscation denied
Evasion through obfuscation denied
Sucuri detected an attempt to evade security filters using obfuscation techniques.
EVA120 – Evasion attempt denied
Evasion attempt denied
Sucuri detected an attempt to evade security filters.
Ex: /media/system/js/;this.setHeader(
/media/system/js/,domReady);document.addListener(
EXP034 – Exploit attempt denied
Exploit attempt denied
Sucuri detected an attempt to use an exploit on your website, trying to gain access through a vulnerability.
EXP035 – Timthumb exploit attempt denied
Timthumb exploit attempt denied
Sucuri detected an attempt to exploit your website due to the known Timthumb vulnerability.
Ex: Using a vulnerable file like this one, contained on inumerous themes: /wp-content/themes/telegraph/scripts/timthumb.php?src=http://img.youtube.com.internet3g.ro/gcc.php
EXP036 – DB exploit attempt
DB exploit attempt
Sucuri detected an attempt to exploit your database.
EXP037 – Exploit or backdoor access denied
Exploit or backdoor access denied
Sucuri blocked access to exploits and/or backdoors on your website.
EXPVH3 – Exploit blocked by virtual hardening
Exploit blocked by virtual hardening
An exploiting attempt was blocked by Virtual Hardening.
EXPVP1 – Exploit blocked by virtual patching
Exploit blocked by virtual patching
An exploiting attempt was blocked by Virtual Patching.
EXPVP16 – Exploit Blocked by Virtual Patching
Exploit Blocked by Virtual Patching
EXPVP2 – Exploit blocked by virtual patching
Exploit blocked by virtual patching
An exploiting attempt was blocked by Virtual Patching.
EXPVP3 – Exploit Blocked by Virtual Patching
Exploit Blocked by Virtual Patching
EXPVP5 – Exploit Blocked by Virtual Patching
Exploit Blocked by Virtual Patching
EXPVP9 – Exploit Blocked by Virtual Patching
Exploit Blocked by Virtual Patching
FBP006 – Fake bot access
Fake bot access
Sucuri detected and blocked access to your website by use of fake bots.
GEO01 – GeoIP Block
GeoIP Block
This block happens when a specific country is blocked from viewing the site’s content.
GEO02 – GeoIP Block
GeoIP Block
This block happens when a specific country is blocked from posting on the website.
INA154 – HTTP protocol anomaly – Missing user agent
HTTP protocol anomaly – Missing user agent
Sucuri detected an anomaly on a request with no specification of user agents.
IPB17 – IP Address not whitelisted
IP Address not whitelisted
Sucuri blocked access on your administration panel due to access by an IP address not whitelisted.
Ex: Each time someone access /wp-admin on WordPress or /administrator on Joomla without being whitelisted.
MET043 – HTTP method not allowed
HTTP method not allowed
This block happens when a specific HTTP method (GET, POST, etc) is not authorized.
NONE – Other
Other
Any other category not specified previously.
OBF080 – Obfuscated attack payload detected
Obfuscated attack payload detected
Sucuri blocked an attack using a known obfuscated payload.
PAR010 – Access denied – Site in lock down
Access denied – Site in lock down
The site is in lockdown mode and no access is allowed.
PBI009 – Blacklisted IP
Blacklisted IP
When the IP of the visitor is blacklisted and is not authorized to view the website.
PHPi20 – PHP injection blocked
PHP injection blocked
Sucuri detected an injection of suspicious PHP code on your website.
PTA134 – HTTP protocol anomaly detected
HTTP protocol anomaly detected
When specific requests are coming with anomaly on HTTP protocol.
PTA155 – HTTP protocol anomaly detected
HTTP protocol anomaly detected
When specific requests are coming with anomaly on HTTP protocol.
PTA157 – HTTP protocol anomaly detected
HTTP protocol anomaly detected
When specific requests are coming with anomaly on HTTP protocol.
rce001 – Remote command execution blocked
A malicious request was sent to your site trying to make it remotely execute commands.
rce002 – Remote command execution blocked
A malicious request was sent to your site trying to make it remotely execute commands.
rfi001 – RFI/LFI attempt
R = Remote, L = Local, FI = File Inclusion
A malicious request was sent to your site to make it load a local/remote file.
rfi002 – An attempted RFI/LFI was detected and blocked.
R = Remote, L = Local, FI = File Inclusion
A malicious request was sent to your site to make it load a local/remote file.
RFI008 – RFI/LFI attempt
RFI/LFI attempt
Sucuri detected malicious actions using Remote File Inclusions (RFI) or Local FIle Inclusions (LFI) attacking techniques.
RFI009 – RFI/LFI attempt
RFI/LFI attempt
Sucuri detected malicious actions using Remote File Inclusions (RFI) or Local FIle Inclusions (LFI) attacking techniques.
RFI010 – RFI/LFI attempt
RFI/LFI attempt
Sucuri detected malicious actions using Remote File Inclusions (RFI) or Local FIle Inclusions (LFI) attacking techniques.
rpcbot01 – XMLRPC bot was blocked.
XMLRPC bot was blocked.
SCO135 – Malicious cookie payload blocked
Malicious cookie payload blocked
Sucuri blocked cookies infected with malicious payload.
SFD004 – Access to restricted folder
Access to restricted folder
When a visitor is not authorized to access a blocked folder (for security reasons).
Example:
/phpmyadmin
SFD005 – Access to restricted folder
Access to restricted folder
When a visitor is not authorized to access a blocked folder (for security reasons).
Example:
/phpmyadmin
SPAM33 – Spam request blocked
Spam request blocked
Sucuri blocked a request with spam content.
sqli01 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli02 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
SQLi14 – SQL injection attempt
SQL injection attempt
Sucuri blocked an attempt to use of SQL injection attack on your website.
SQLi15 – SQL injection payload detected
SQL injection payload detected
Sucuri blocked an attempt to use a known payload of a SQL injection attack.
SQLi16 – SQL injection payload detected
SQL injection payload detected
Sucuri blocked an attempt to use a known payload of a SQL injection attack.
SQLi17 – SQL injection payload detected
SQL injection payload detected
Sucuri blocked an attempt to use a known payload of a SQL injection attack.
SQLi18 – SQL injection payload detected
SQL injection payload detected
Sucuri blocked an attempt to use a known payload of a SQL injection attack.
sqli20 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli21 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli22 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli23 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli24 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli25 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli26 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli27 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli28 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli29 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli30 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli31 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli32 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli40 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli70 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
sqli71 – SQL injection was detected and blocked.
An SQL injection was detected and blocked.
SSI017 – SSI injection blocked
SSI injection blocked
Sucuri blocked an attempt to use a Server-Side Includes Injection attack.
SUR003 – Suspicious URL
Suspicious URL
Sucuri blocked access to a suspicious URL.
TMP021 – Blocked by IDS
Blocked by IDS
This temporary block happens when our Intrusion Detection System (IDS) detects suspicious actions and blocks a visitor’s IP for a 30 minutes period.
UAi029 – User Agent injection blocked
User Agent injection blocked
Sucuri blocked an attack using a technique of User Agent Injection.
UAT007 – Request not authorized
Request not authorized
A specific kind of request is not authorized.
xss001 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
XSS012 – XSS attempt
XSS attempt
Sucuri blocked an attempt to use a Cross-site Scripting (XSS) attack.
XSS013 – XSS payload detected
XSS payload detected
Sucuri blocked a well known payload used on Cross-site Scripting (XSS) attacks.
XSS014 – XSS payload detected
XSS payload detected
Sucuri blocked a well known payload used on Cross-site Scripting (XSS) attacks.
xss020 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
xss021 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
xss022 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
xss023 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
xss024 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
xss025 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
xss026 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
xss027 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
xss028 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
xss029 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
xss030 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
xss031 – An attempted XSS (Cross site scripting) was detected and blocked.
An attempted XSS (Cross site scripting) was detected and blocked.
0
0
Related Articles
- Signatures
- Signatures
- Protected Page
- Block User-agents
- Block HTTP Referers
- Block HTTP Cookies
- Country Blocking