Global Internet Threat and Attacks Report for August 22nd

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 22nd

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
392301 97964 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
5706 31571 SSH insecure connection attempt (scan).
336468 24117 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
171303 12503 Known brute force attacker.
3357 12212 Multiple rapid SASL authentication failures.
5712 10045 SSHD brute force trying to get access to the system.
60910 7946 Very Slow Wordpress brute force login failures from same IP source.
4151 7806 Multiple Firewall drop events from same source.
5720 7557 Multiple SSHD authentication failures.
330131 7410 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
60159 6796 Wordpress brute force (fast) login failures
393766 5646 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
5551 4504 Multiple failed logins in a small period of time.
300079 3956 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
31102 3836 Possible DoS Consumption Attack
11306 3561 FTP brute force (multiple failed logins).
340162 3260 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
40114 3203 Multiple authentication failures. (Slow Brute Force)
11254 3117 Multiple attempts to login using a non-existent user..
60904 2920 Rapid SMTP password incorrect events from the same IP source.
334009 2349 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330082 2144 Atomicorp.com WAF Rules: Known Exploit User Agent
5703 1841 Possible breakin attempt (high number of reverse lookup errors).
340095 1659 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
303800 1591 Atomicorp.com WAF Rules: Fake Googlebot webcrawler


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 97964 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 24117 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330131 7410 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
393766 5646 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
300079 3956 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 3260 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
334009 2349 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330082 2144 Atomicorp.com WAF Rules: Known Exploit User Agent
340095 1659 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
303800 1591 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
300066 1452 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340006 1321 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330034 1316 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
330701 1164 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
341245 971 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
390501 941 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
340016 904 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
390614 788 Atomicorp.com WAF Rules: Invalid character in ARGS
381203 764 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Non Image Upload Attempt
340361 686 Atomicorp.com WAF Rules: CONNECT method denied
336461 684 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
336460 631 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340009 559 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
347008 549 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
330056 537 Atomicorp.com WAF Rules: Email Harvester Spambot User agent detected


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 31571 SSH insecure connection attempt (scan).
171303 12503 Known brute force attacker.
3357 12212 Multiple rapid SASL authentication failures.
5712 10045 SSHD brute force trying to get access to the system.
60910 7946 Very Slow Wordpress brute force login failures from same IP source.
4151 7806 Multiple Firewall drop events from same source.
5720 7557 Multiple SSHD authentication failures.
60159 6796 Wordpress brute force (fast) login failures
5551 4504 Multiple failed logins in a small period of time.
31102 3836 Possible DoS Consumption Attack
11306 3561 FTP brute force (multiple failed logins).
40114 3203 Multiple authentication failures. (Slow Brute Force)
11254 3117 Multiple attempts to login using a non-existent user..
60904 2920 Rapid SMTP password incorrect events from the same IP source.
5703 1841 Possible breakin attempt (high number of reverse lookup errors).
60908 1303 Very Slow Joomla brute force login failures from same IP source.
3355 1126 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3359 1024 Multiple SASL authentication failures.
3912 955 Multiple failed logins, 6 failures in 60 seconds from the same IP.
3913 768 Multiple failed logins, 10 failures in 1 hour from the same IP.
9750 763 Dovecot Multiple Authentication Failures.
60156 753 Joomla brute force (fast) login failures
40111 749 Multiple authentication failures.
3356 678 Multiple attempts to send e-mail from black-listed IP address (blocked).
171005 647 Multiple rapid Exim authentication failures.
Post Reply