Global Internet Threat and Attacks Report for August 25th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 25th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
392301 38488 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
5706 20461 SSH insecure connection attempt (scan).
171303 7120 Known brute force attacker.
393766 5817 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
5712 5624 SSHD brute force trying to get access to the system.
60910 5377 Very Slow Wordpress brute force login failures from same IP source.
4151 4774 Multiple Firewall drop events from same source.
60159 4395 Wordpress brute force (fast) login failures
5720 3962 Multiple SSHD authentication failures.
3357 3674 Multiple rapid SASL authentication failures.
390614 3409 Atomicorp.com WAF Rules: Invalid character in ARGS
5551 2540 Multiple failed logins in a small period of time.
11306 2472 FTP brute force (multiple failed logins).
300079 2459 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2297 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
334009 2217 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
11254 2133 Multiple attempts to login using a non-existent user..
330131 2093 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5703 1932 Possible breakin attempt (high number of reverse lookup errors).
336468 1914 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330701 1616 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340006 1391 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300066 1388 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
303801 1097 Atomicorp.com WAF Rules: Fake msnbot/bingbot webcrawler
60904 1073 Rapid SMTP password incorrect events from the same IP source.


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 38488 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 5817 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
390614 3409 Atomicorp.com WAF Rules: Invalid character in ARGS
300079 2459 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2297 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
334009 2217 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330131 2093 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
336468 1914 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330701 1616 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340006 1391 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300066 1388 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
303801 1097 Atomicorp.com WAF Rules: Fake msnbot/bingbot webcrawler
303800 913 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
330082 900 Atomicorp.com WAF Rules: Known Exploit User Agent
340095 882 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
341245 851 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
330034 625 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
390501 555 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
336460 506 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
300311 377 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
336461 373 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
318811 331 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
340165 305 Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)
340016 291 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
330061 286 Atomicorp.com WAF Rules: Spambot User agent detected


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 20461 SSH insecure connection attempt (scan).
171303 7120 Known brute force attacker.
5712 5624 SSHD brute force trying to get access to the system.
60910 5377 Very Slow Wordpress brute force login failures from same IP source.
4151 4774 Multiple Firewall drop events from same source.
60159 4395 Wordpress brute force (fast) login failures
5720 3962 Multiple SSHD authentication failures.
3357 3674 Multiple rapid SASL authentication failures.
5551 2540 Multiple failed logins in a small period of time.
11306 2472 FTP brute force (multiple failed logins).
11254 2133 Multiple attempts to login using a non-existent user..
5703 1932 Possible breakin attempt (high number of reverse lookup errors).
60904 1073 Rapid SMTP password incorrect events from the same IP source.
3351 971 Multiple relaying attempts of spam.
40114 815 Multiple authentication failures. (Slow Brute Force)
60908 658 Very Slow Joomla brute force login failures from same IP source.
31102 617 Possible DoS Consumption Attack
60156 505 Joomla brute force (fast) login failures
40111 465 Multiple authentication failures.
3912 409 Multiple failed logins, 6 failures in 60 seconds from the same IP.
171005 401 Multiple rapid Exim authentication failures.
3356 388 Multiple attempts to send e-mail from black-listed IP address (blocked).
9952 311 Vpopmail brute force (email harvesting).
9750 295 Dovecot Multiple Authentication Failures.
3359 221 Multiple SASL authentication failures.
Post Reply