Global Internet Threat and Attacks Report for August 19th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 19th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 18930 SSH insecure connection attempt (scan).
336468 12523 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 10679 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
60910 7826 Very Slow Wordpress brute force login failures from same IP source.
60159 7359 Wordpress brute force (fast) login failures
5712 7326 SSHD brute force trying to get access to the system.
393766 6825 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
171303 6157 Known brute force attacker.
3357 5799 Multiple rapid SASL authentication failures.
4151 4118 Multiple Firewall drop events from same source.
5720 3902 Multiple SSHD authentication failures.
5551 2460 Multiple failed logins in a small period of time.
330131 2331 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 2294 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 1907 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330701 1824 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
303800 1766 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
11306 1476 FTP brute force (multiple failed logins).
5703 1327 Possible breakin attempt (high number of reverse lookup errors).
31102 1293 Possible DoS Consumption Attack
3351 1292 Multiple relaying attempts of spam.
330082 1006 Atomicorp.com WAF Rules: Known Exploit User Agent
390501 980 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
11254 956 Multiple attempts to login using a non-existent user..
60904 920 Rapid SMTP password incorrect events from the same IP source.


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
336468 12523 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 10679 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 6825 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
330131 2331 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 2294 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 1907 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330701 1824 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
303800 1766 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
330082 1006 Atomicorp.com WAF Rules: Known Exploit User Agent
390501 980 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
340006 818 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
334009 714 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
336460 704 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340095 697 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
341245 675 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340016 665 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
300066 663 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
347008 590 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
300311 552 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
336461 538 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
340361 497 Atomicorp.com WAF Rules: CONNECT method denied
310098 476 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
340165 468 Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)
330034 423 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
390614 391 Atomicorp.com WAF Rules: Invalid character in ARGS


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 18930 SSH insecure connection attempt (scan).
60910 7826 Very Slow Wordpress brute force login failures from same IP source.
60159 7359 Wordpress brute force (fast) login failures
5712 7326 SSHD brute force trying to get access to the system.
171303 6157 Known brute force attacker.
3357 5799 Multiple rapid SASL authentication failures.
4151 4118 Multiple Firewall drop events from same source.
5720 3902 Multiple SSHD authentication failures.
5551 2460 Multiple failed logins in a small period of time.
11306 1476 FTP brute force (multiple failed logins).
5703 1327 Possible breakin attempt (high number of reverse lookup errors).
31102 1293 Possible DoS Consumption Attack
3351 1292 Multiple relaying attempts of spam.
11254 956 Multiple attempts to login using a non-existent user..
60904 920 Rapid SMTP password incorrect events from the same IP source.
3356 906 Multiple attempts to send e-mail from black-listed IP address (blocked).
3352 902 Multiple attempts to send e-mail from a rejected sender IP (access).
3355 790 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3912 785 Multiple failed logins, 6 failures in 60 seconds from the same IP.
40111 713 Multiple authentication failures.
60908 698 Very Slow Joomla brute force login failures from same IP source.
3359 664 Multiple SASL authentication failures.
40114 619 Multiple authentication failures. (Slow Brute Force)
9750 500 Dovecot Multiple Authentication Failures.
3913 388 Multiple failed logins, 10 failures in 1 hour from the same IP.
Post Reply