Global Internet Threat and Attacks Report for August 26th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 26th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 22796 SSH insecure connection attempt (scan).
392301 7966 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 6165 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
5712 6014 SSHD brute force trying to get access to the system.
171303 5939 Known brute force attacker.
4151 5375 Multiple Firewall drop events from same source.
5720 5361 Multiple SSHD authentication failures.
60910 4742 Very Slow Wordpress brute force login failures from same IP source.
60159 3911 Wordpress brute force (fast) login failures
340162 3703 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
3357 2855 Multiple rapid SASL authentication failures.
31102 2789 Possible DoS Consumption Attack
334009 2725 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
300079 2618 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
5551 2590 Multiple failed logins in a small period of time.
303801 1942 Atomicorp.com WAF Rules: Fake msnbot/bingbot webcrawler
340095 1841 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
330131 1535 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300066 1522 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
40111 1336 Multiple authentication failures.
11306 1299 FTP brute force (multiple failed logins).
340006 1191 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
390614 1152 Atomicorp.com WAF Rules: Invalid character in ARGS
11254 1031 Multiple attempts to login using a non-existent user..
340361 1002 Atomicorp.com WAF Rules: CONNECT method denied


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 7966 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 6165 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
340162 3703 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
334009 2725 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
300079 2618 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
303801 1942 Atomicorp.com WAF Rules: Fake msnbot/bingbot webcrawler
340095 1841 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
330131 1535 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300066 1522 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340006 1191 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
390614 1152 Atomicorp.com WAF Rules: Invalid character in ARGS
340361 1002 Atomicorp.com WAF Rules: CONNECT method denied
336460 971 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
303800 805 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340016 804 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
330082 749 Atomicorp.com WAF Rules: Known Exploit User Agent
340009 745 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
341245 662 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
330701 596 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
300311 450 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
310098 406 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
330034 386 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
390145 373 Atomicorp.com WAF Rules: Rootkit attack: Generic Attempt to install shell
340155 323 Atomicorp.com WAF Rules: Generic SQL Injection protection
336461 314 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 22796 SSH insecure connection attempt (scan).
5712 6014 SSHD brute force trying to get access to the system.
171303 5939 Known brute force attacker.
4151 5375 Multiple Firewall drop events from same source.
5720 5361 Multiple SSHD authentication failures.
60910 4742 Very Slow Wordpress brute force login failures from same IP source.
60159 3911 Wordpress brute force (fast) login failures
3357 2855 Multiple rapid SASL authentication failures.
31102 2789 Possible DoS Consumption Attack
5551 2590 Multiple failed logins in a small period of time.
40111 1336 Multiple authentication failures.
11306 1299 FTP brute force (multiple failed logins).
11254 1031 Multiple attempts to login using a non-existent user..
5703 999 Possible breakin attempt (high number of reverse lookup errors).
3912 974 Multiple failed logins, 6 failures in 60 seconds from the same IP.
60904 918 Rapid SMTP password incorrect events from the same IP source.
60908 693 Very Slow Joomla brute force login failures from same IP source.
60156 532 Joomla brute force (fast) login failures
40114 501 Multiple authentication failures. (Slow Brute Force)
3351 456 Multiple relaying attempts of spam.
3356 334 Multiple attempts to send e-mail from black-listed IP address (blocked).
9750 271 Dovecot Multiple Authentication Failures.
9952 236 Vpopmail brute force (email harvesting).
3913 206 Multiple failed logins, 10 failures in 1 hour from the same IP.
11255 136 Attempt to log in to a forbidden account.
Post Reply