Global Internet Threat and Attacks Report for August 18th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 18th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 18705 SSH insecure connection attempt (scan).
392301 10844 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
5712 7467 SSHD brute force trying to get access to the system.
336468 6797 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
60910 6262 Very Slow Wordpress brute force login failures from same IP source.
393766 6015 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
60159 5983 Wordpress brute force (fast) login failures
171303 5196 Known brute force attacker.
3357 4977 Multiple rapid SASL authentication failures.
4151 4730 Multiple Firewall drop events from same source.
5720 4644 Multiple SSHD authentication failures.
5551 2908 Multiple failed logins in a small period of time.
330131 2471 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 2373 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
31102 2023 Possible DoS Consumption Attack
330094 1713 Atomicorp.com WAF Rules: Fake User Agent String
303800 1624 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
11306 1430 FTP brute force (multiple failed logins).
330701 1426 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 1392 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340095 1291 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
60908 1225 Very Slow Joomla brute force login failures from same IP source.
340006 1192 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
5703 1173 Possible breakin attempt (high number of reverse lookup errors).
60904 1006 Rapid SMTP password incorrect events from the same IP source.


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 10844 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 6797 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
393766 6015 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
330131 2471 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 2373 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330094 1713 Atomicorp.com WAF Rules: Fake User Agent String
303800 1624 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
330701 1426 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 1392 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340095 1291 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
340006 1192 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
336460 933 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
300066 891 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
330082 828 Atomicorp.com WAF Rules: Known Exploit User Agent
340016 765 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
334009 750 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
390501 738 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
347008 726 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
330034 712 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
341245 687 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
330791 586 Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.
336461 510 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
390614 498 Atomicorp.com WAF Rules: Invalid character in ARGS
330061 396 Atomicorp.com WAF Rules: Spambot User agent detected
340165 388 Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 18705 SSH insecure connection attempt (scan).
5712 7467 SSHD brute force trying to get access to the system.
60910 6262 Very Slow Wordpress brute force login failures from same IP source.
60159 5983 Wordpress brute force (fast) login failures
171303 5196 Known brute force attacker.
3357 4977 Multiple rapid SASL authentication failures.
4151 4730 Multiple Firewall drop events from same source.
5720 4644 Multiple SSHD authentication failures.
5551 2908 Multiple failed logins in a small period of time.
31102 2023 Possible DoS Consumption Attack
11306 1430 FTP brute force (multiple failed logins).
60908 1225 Very Slow Joomla brute force login failures from same IP source.
5703 1173 Possible breakin attempt (high number of reverse lookup errors).
60904 1006 Rapid SMTP password incorrect events from the same IP source.
3912 977 Multiple failed logins, 6 failures in 60 seconds from the same IP.
11254 923 Multiple attempts to login using a non-existent user..
60156 758 Joomla brute force (fast) login failures
3356 733 Multiple attempts to send e-mail from black-listed IP address (blocked).
40111 654 Multiple authentication failures.
3359 649 Multiple SASL authentication failures.
3355 504 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3351 486 Multiple relaying attempts of spam.
40114 440 Multiple authentication failures. (Slow Brute Force)
9750 426 Dovecot Multiple Authentication Failures.
3913 280 Multiple failed logins, 10 failures in 1 hour from the same IP.
Post Reply