Global Internet Threat and Attacks Report for August 20th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 20th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
336468 43868 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
5706 18930 SSH insecure connection attempt (scan).
392301 16153 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
171303 10740 Known brute force attacker.
3357 6804 Multiple rapid SASL authentication failures.
393766 6566 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
5712 6455 SSHD brute force trying to get access to the system.
60910 5251 Very Slow Wordpress brute force login failures from same IP source.
4151 4775 Multiple Firewall drop events from same source.
60159 4573 Wordpress brute force (fast) login failures
5720 4145 Multiple SSHD authentication failures.
334009 3435 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
5551 2375 Multiple failed logins in a small period of time.
300079 2297 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 2283 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
31102 2009 Possible DoS Consumption Attack
330082 1845 Atomicorp.com WAF Rules: Known Exploit User Agent
330701 1804 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 1371 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
11306 1341 FTP brute force (multiple failed logins).
3912 996 Multiple failed logins, 6 failures in 60 seconds from the same IP.
390501 952 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
318812 923 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Joomla images directory
60904 920 Rapid SMTP password incorrect events from the same IP source.
5703 907 Possible breakin attempt (high number of reverse lookup errors).


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
336468 43868 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 16153 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 6566 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
334009 3435 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
300079 2297 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 2283 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
330082 1845 Atomicorp.com WAF Rules: Known Exploit User Agent
330701 1804 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 1371 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
390501 952 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
318812 923 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Joomla images directory
300066 826 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340006 737 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
341245 662 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340095 635 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336460 569 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
303800 500 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
390614 456 Atomicorp.com WAF Rules: Invalid character in ARGS
336461 437 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
330034 436 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
310098 410 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
300311 394 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
340016 384 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
330036 378 Atomicorp.com WAF Rules: Suspicious User agent detected. Disable this rule if you use indy library.
340165 365 Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 18930 SSH insecure connection attempt (scan).
171303 10740 Known brute force attacker.
3357 6804 Multiple rapid SASL authentication failures.
5712 6455 SSHD brute force trying to get access to the system.
60910 5251 Very Slow Wordpress brute force login failures from same IP source.
4151 4775 Multiple Firewall drop events from same source.
60159 4573 Wordpress brute force (fast) login failures
5720 4145 Multiple SSHD authentication failures.
5551 2375 Multiple failed logins in a small period of time.
31102 2009 Possible DoS Consumption Attack
11306 1341 FTP brute force (multiple failed logins).
3912 996 Multiple failed logins, 6 failures in 60 seconds from the same IP.
60904 920 Rapid SMTP password incorrect events from the same IP source.
5703 907 Possible breakin attempt (high number of reverse lookup errors).
3356 890 Multiple attempts to send e-mail from black-listed IP address (blocked).
11254 845 Multiple attempts to login using a non-existent user..
3351 837 Multiple relaying attempts of spam.
60908 626 Very Slow Joomla brute force login failures from same IP source.
3355 592 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3359 512 Multiple SASL authentication failures.
3352 510 Multiple attempts to send e-mail from a rejected sender IP (access).
9750 449 Dovecot Multiple Authentication Failures.
40114 412 Multiple authentication failures. (Slow Brute Force)
60156 356 Joomla brute force (fast) login failures
9952 260 Vpopmail brute force (email harvesting).
Post Reply