Global Internet Threat and Attacks Report for August 17th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 17th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 20960 SSH insecure connection attempt (scan).
336468 17943 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 17864 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
171303 8902 Known brute force attacker.
5712 8603 SSHD brute force trying to get access to the system.
393766 6669 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
60910 6030 Very Slow Wordpress brute force login failures from same IP source.
5720 5676 Multiple SSHD authentication failures.
3357 5127 Multiple rapid SASL authentication failures.
4151 4512 Multiple Firewall drop events from same source.
60159 4322 Wordpress brute force (fast) login failures
5551 3095 Multiple failed logins in a small period of time.
300079 2598 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
31102 2281 Possible DoS Consumption Attack
340162 2281 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
5703 1770 Possible breakin attempt (high number of reverse lookup errors).
330131 1725 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
330082 1567 Atomicorp.com WAF Rules: Known Exploit User Agent
11306 1553 FTP brute force (multiple failed logins).
334009 1462 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
340095 1441 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
330034 1304 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
300066 1043 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
3912 942 Multiple failed logins, 6 failures in 60 seconds from the same IP.
303800 877 Atomicorp.com WAF Rules: Fake Googlebot webcrawler


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
336468 17943 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 17864 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 6669 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
300079 2598 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2281 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330131 1725 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
330082 1567 Atomicorp.com WAF Rules: Known Exploit User Agent
334009 1462 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
340095 1441 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
330034 1304 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
300066 1043 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
303800 877 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
336461 841 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
340006 785 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
347008 740 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
390614 666 Atomicorp.com WAF Rules: Invalid character in ARGS
341245 663 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
336460 506 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340148 483 Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
340016 471 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
330036 470 Atomicorp.com WAF Rules: Suspicious User agent detected. Disable this rule if you use indy library.
340361 407 Atomicorp.com WAF Rules: CONNECT method denied
340009 399 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
330701 384 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340165 380 Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 20960 SSH insecure connection attempt (scan).
171303 8902 Known brute force attacker.
5712 8603 SSHD brute force trying to get access to the system.
60910 6030 Very Slow Wordpress brute force login failures from same IP source.
5720 5676 Multiple SSHD authentication failures.
3357 5127 Multiple rapid SASL authentication failures.
4151 4512 Multiple Firewall drop events from same source.
60159 4322 Wordpress brute force (fast) login failures
5551 3095 Multiple failed logins in a small period of time.
31102 2281 Possible DoS Consumption Attack
5703 1770 Possible breakin attempt (high number of reverse lookup errors).
11306 1553 FTP brute force (multiple failed logins).
3912 942 Multiple failed logins, 6 failures in 60 seconds from the same IP.
11254 807 Multiple attempts to login using a non-existent user..
3356 755 Multiple attempts to send e-mail from black-listed IP address (blocked).
60904 710 Rapid SMTP password incorrect events from the same IP source.
3351 636 Multiple relaying attempts of spam.
3352 573 Multiple attempts to send e-mail from a rejected sender IP (access).
60908 561 Very Slow Joomla brute force login failures from same IP source.
3353 537 Multiple attempts to send e-mail from invalid/unknown sender domain.
40114 419 Multiple authentication failures. (Slow Brute Force)
60156 358 Joomla brute force (fast) login failures
9750 320 Dovecot Multiple Authentication Failures.
40111 298 Multiple authentication failures.
3355 268 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
Post Reply