Global Internet Threat and Attacks Report for August 15th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 15th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 20779 SSH insecure connection attempt (scan).
392301 14544 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 9943 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
393766 6894 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
5712 6471 SSHD brute force trying to get access to the system.
3357 6138 Multiple rapid SASL authentication failures.
60910 5815 Very Slow Wordpress brute force login failures from same IP source.
31102 5655 Possible DoS Consumption Attack
5720 5484 Multiple SSHD authentication failures.
171303 5301 Known brute force attacker.
60159 5139 Wordpress brute force (fast) login failures
4151 4506 Multiple Firewall drop events from same source.
330094 3973 Atomicorp.com WAF Rules: Fake User Agent String
330131 3019 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5551 2831 Multiple failed logins in a small period of time.
330082 2459 Atomicorp.com WAF Rules: Known Exploit User Agent
300079 2410 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 1872 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
3912 1719 Multiple failed logins, 6 failures in 60 seconds from the same IP.
5703 1426 Possible breakin attempt (high number of reverse lookup errors).
310717 1402 Atomicorp.com WAF Rules: Cross Site Scripting Attack
11306 1307 FTP brute force (multiple failed logins).
347008 1181 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
330701 1020 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340095 1007 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 14544 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 9943 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
393766 6894 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
330094 3973 Atomicorp.com WAF Rules: Fake User Agent String
330131 3019 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
330082 2459 Atomicorp.com WAF Rules: Known Exploit User Agent
300079 2410 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 1872 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
310717 1402 Atomicorp.com WAF Rules: Cross Site Scripting Attack
347008 1181 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
330701 1020 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340095 1007 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336461 994 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
300066 931 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
303800 918 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340006 889 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
340016 690 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
390614 662 Atomicorp.com WAF Rules: Invalid character in ARGS
341245 638 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
334009 551 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330034 461 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
336460 424 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
318811 396 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
300311 373 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
340148 372 Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 20779 SSH insecure connection attempt (scan).
5712 6471 SSHD brute force trying to get access to the system.
3357 6138 Multiple rapid SASL authentication failures.
60910 5815 Very Slow Wordpress brute force login failures from same IP source.
31102 5655 Possible DoS Consumption Attack
5720 5484 Multiple SSHD authentication failures.
171303 5301 Known brute force attacker.
60159 5139 Wordpress brute force (fast) login failures
4151 4506 Multiple Firewall drop events from same source.
5551 2831 Multiple failed logins in a small period of time.
3912 1719 Multiple failed logins, 6 failures in 60 seconds from the same IP.
5703 1426 Possible breakin attempt (high number of reverse lookup errors).
11306 1307 FTP brute force (multiple failed logins).
60904 805 Rapid SMTP password incorrect events from the same IP source.
11254 760 Multiple attempts to login using a non-existent user..
60908 494 Very Slow Joomla brute force login failures from same IP source.
3356 474 Multiple attempts to send e-mail from black-listed IP address (blocked).
3355 459 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3359 410 Multiple SASL authentication failures.
40114 339 Multiple authentication failures. (Slow Brute Force)
40111 311 Multiple authentication failures.
60156 258 Joomla brute force (fast) login failures
9750 253 Dovecot Multiple Authentication Failures.
3351 252 Multiple relaying attempts of spam.
3913 198 Multiple failed logins, 10 failures in 1 hour from the same IP.
Post Reply