Global Internet Threat and Attacks Report for August 16th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 16th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
336468 57208 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
5706 21409 SSH insecure connection attempt (scan).
330094 14903 Atomicorp.com WAF Rules: Fake User Agent String
392301 13469 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
60159 8644 Wordpress brute force (fast) login failures
60910 8478 Very Slow Wordpress brute force login failures from same IP source.
3357 7365 Multiple rapid SASL authentication failures.
31102 6939 Possible DoS Consumption Attack
393766 6895 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
5712 6853 SSHD brute force trying to get access to the system.
5720 6050 Multiple SSHD authentication failures.
171303 5504 Known brute force attacker.
4151 4359 Multiple Firewall drop events from same source.
330082 3664 Atomicorp.com WAF Rules: Known Exploit User Agent
330131 3097 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5551 2940 Multiple failed logins in a small period of time.
300079 2369 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 1709 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
5703 1587 Possible breakin attempt (high number of reverse lookup errors).
303800 1528 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
11306 1263 FTP brute force (multiple failed logins).
40114 1108 Multiple authentication failures. (Slow Brute Force)
60904 1060 Rapid SMTP password incorrect events from the same IP source.
300066 1026 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
3359 1015 Multiple SASL authentication failures.


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
336468 57208 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330094 14903 Atomicorp.com WAF Rules: Fake User Agent String
392301 13469 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 6895 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
330082 3664 Atomicorp.com WAF Rules: Known Exploit User Agent
330131 3097 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 2369 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 1709 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
303800 1528 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
300066 1026 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
330205 901 Atomicorp.com WAF Rules: Joomla Exploit Bot
340006 900 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
347008 846 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
334009 760 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330034 743 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
336461 732 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
340016 618 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
318812 601 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Joomla images directory
340095 599 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
341245 554 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340361 501 Atomicorp.com WAF Rules: CONNECT method denied
340148 474 Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
390614 453 Atomicorp.com WAF Rules: Invalid character in ARGS
381203 439 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Non Image Upload Attempt
330791 425 Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 21409 SSH insecure connection attempt (scan).
60159 8644 Wordpress brute force (fast) login failures
60910 8478 Very Slow Wordpress brute force login failures from same IP source.
3357 7365 Multiple rapid SASL authentication failures.
31102 6939 Possible DoS Consumption Attack
5712 6853 SSHD brute force trying to get access to the system.
5720 6050 Multiple SSHD authentication failures.
171303 5504 Known brute force attacker.
4151 4359 Multiple Firewall drop events from same source.
5551 2940 Multiple failed logins in a small period of time.
5703 1587 Possible breakin attempt (high number of reverse lookup errors).
11306 1263 FTP brute force (multiple failed logins).
40114 1108 Multiple authentication failures. (Slow Brute Force)
60904 1060 Rapid SMTP password incorrect events from the same IP source.
3359 1015 Multiple SASL authentication failures.
11254 965 Multiple attempts to login using a non-existent user..
3912 854 Multiple failed logins, 6 failures in 60 seconds from the same IP.
60908 721 Very Slow Joomla brute force login failures from same IP source.
3355 583 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3913 411 Multiple failed logins, 10 failures in 1 hour from the same IP.
3356 307 Multiple attempts to send e-mail from black-listed IP address (blocked).
40111 300 Multiple authentication failures.
60156 277 Joomla brute force (fast) login failures
9750 227 Dovecot Multiple Authentication Failures.
11255 185 Attempt to log in to a forbidden account.
Post Reply