Global Internet Threat and Attacks Report for August 23rd

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 23rd

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
392301 56325 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 20238 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
5706 19668 SSH insecure connection attempt (scan).
171303 7588 Known brute force attacker.
3357 6600 Multiple rapid SASL authentication failures.
5712 6329 SSHD brute force trying to get access to the system.
4151 4637 Multiple Firewall drop events from same source.
5720 4452 Multiple SSHD authentication failures.
60910 3734 Very Slow Wordpress brute force login failures from same IP source.
330131 3153 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
60159 3024 Wordpress brute force (fast) login failures
393766 2941 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
5551 2528 Multiple failed logins in a small period of time.
300079 2518 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
11306 2167 FTP brute force (multiple failed logins).
340162 2031 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
11254 1755 Multiple attempts to login using a non-existent user..
340095 1400 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
60904 1366 Rapid SMTP password incorrect events from the same IP source.
334009 1287 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
31102 1226 Possible DoS Consumption Attack
330082 1121 Atomicorp.com WAF Rules: Known Exploit User Agent
303800 1093 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
5703 1060 Possible breakin attempt (high number of reverse lookup errors).
3355 966 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 56325 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 20238 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330131 3153 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
393766 2941 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
300079 2518 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2031 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340095 1400 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
334009 1287 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330082 1121 Atomicorp.com WAF Rules: Known Exploit User Agent
303800 1093 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340006 862 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330701 815 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
330034 751 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
300066 745 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
336460 730 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340016 666 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
341245 564 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
390501 552 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
390614 545 Atomicorp.com WAF Rules: Invalid character in ARGS
381203 524 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Non Image Upload Attempt
340009 523 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
336461 443 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
347008 425 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
340361 396 Atomicorp.com WAF Rules: CONNECT method denied
303808 351 Atomicorp.com WAF Rules: Fake Yandex webcrawler.


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19668 SSH insecure connection attempt (scan).
171303 7588 Known brute force attacker.
3357 6600 Multiple rapid SASL authentication failures.
5712 6329 SSHD brute force trying to get access to the system.
4151 4637 Multiple Firewall drop events from same source.
5720 4452 Multiple SSHD authentication failures.
60910 3734 Very Slow Wordpress brute force login failures from same IP source.
60159 3024 Wordpress brute force (fast) login failures
5551 2528 Multiple failed logins in a small period of time.
11306 2167 FTP brute force (multiple failed logins).
11254 1755 Multiple attempts to login using a non-existent user..
60904 1366 Rapid SMTP password incorrect events from the same IP source.
31102 1226 Possible DoS Consumption Attack
5703 1060 Possible breakin attempt (high number of reverse lookup errors).
3355 966 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3912 825 Multiple failed logins, 6 failures in 60 seconds from the same IP.
60908 787 Very Slow Joomla brute force login failures from same IP source.
3359 704 Multiple SASL authentication failures.
40111 548 Multiple authentication failures.
60156 521 Joomla brute force (fast) login failures
3913 515 Multiple failed logins, 10 failures in 1 hour from the same IP.
40114 370 Multiple authentication failures. (Slow Brute Force)
3356 357 Multiple attempts to send e-mail from black-listed IP address (blocked).
9750 350 Dovecot Multiple Authentication Failures.
171005 334 Multiple rapid Exim authentication failures.
Post Reply