Global Internet Threat and Attacks Report for August 24th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 24th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
336468 36308 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 30503 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
5706 19241 SSH insecure connection attempt (scan).
171303 7888 Known brute force attacker.
5712 7379 SSHD brute force trying to get access to the system.
5720 5452 Multiple SSHD authentication failures.
393766 5418 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
3357 5309 Multiple rapid SASL authentication failures.
4151 4692 Multiple Firewall drop events from same source.
60910 3638 Very Slow Wordpress brute force login failures from same IP source.
5551 3093 Multiple failed logins in a small period of time.
11306 3083 FTP brute force (multiple failed logins).
300079 2841 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
60159 2788 Wordpress brute force (fast) login failures
11254 2372 Multiple attempts to login using a non-existent user..
330131 2319 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340162 2085 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
390614 2073 Atomicorp.com WAF Rules: Invalid character in ARGS
334009 2016 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
60904 1870 Rapid SMTP password incorrect events from the same IP source.
5703 1519 Possible breakin attempt (high number of reverse lookup errors).
300066 1060 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
31102 1058 Possible DoS Consumption Attack
330082 1005 Atomicorp.com WAF Rules: Known Exploit User Agent
340006 949 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
336468 36308 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 30503 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 5418 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
300079 2841 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 2319 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340162 2085 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
390614 2073 Atomicorp.com WAF Rules: Invalid character in ARGS
334009 2016 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
300066 1060 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
330082 1005 Atomicorp.com WAF Rules: Known Exploit User Agent
340006 949 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
340016 909 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
341245 867 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340095 801 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
303800 786 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
336461 661 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
330034 555 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
310098 542 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
330701 502 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
390501 494 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
340165 437 Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)
336460 336 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340361 332 Atomicorp.com WAF Rules: CONNECT method denied
330061 326 Atomicorp.com WAF Rules: Spambot User agent detected
300311 288 Atomicorp.com WAF AntiSpam Rules: Possible loan spam


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19241 SSH insecure connection attempt (scan).
171303 7888 Known brute force attacker.
5712 7379 SSHD brute force trying to get access to the system.
5720 5452 Multiple SSHD authentication failures.
3357 5309 Multiple rapid SASL authentication failures.
4151 4692 Multiple Firewall drop events from same source.
60910 3638 Very Slow Wordpress brute force login failures from same IP source.
5551 3093 Multiple failed logins in a small period of time.
11306 3083 FTP brute force (multiple failed logins).
60159 2788 Wordpress brute force (fast) login failures
11254 2372 Multiple attempts to login using a non-existent user..
60904 1870 Rapid SMTP password incorrect events from the same IP source.
5703 1519 Possible breakin attempt (high number of reverse lookup errors).
31102 1058 Possible DoS Consumption Attack
40111 935 Multiple authentication failures.
3355 746 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3912 710 Multiple failed logins, 6 failures in 60 seconds from the same IP.
3359 683 Multiple SASL authentication failures.
60908 622 Very Slow Joomla brute force login failures from same IP source.
60156 480 Joomla brute force (fast) login failures
171005 480 Multiple rapid Exim authentication failures.
40114 448 Multiple authentication failures. (Slow Brute Force)
3351 339 Multiple relaying attempts of spam.
9750 297 Dovecot Multiple Authentication Failures.
11255 284 Attempt to log in to a forbidden account.
Post Reply