Global Internet Threat and Attacks Report for August 28th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 28th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 20097 SSH insecure connection attempt (scan).
60910 8494 Very Slow Wordpress brute force login failures from same IP source.
171303 8260 Known brute force attacker.
392301 8091 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
3357 6946 Multiple rapid SASL authentication failures.
393766 6753 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
60159 6648 Wordpress brute force (fast) login failures
4151 5561 Multiple Firewall drop events from same source.
5720 4567 Multiple SSHD authentication failures.
5712 4293 SSHD brute force trying to get access to the system.
334009 3195 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
300079 3044 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
11306 2926 FTP brute force (multiple failed logins).
5551 2673 Multiple failed logins in a small period of time.
11254 2626 Multiple attempts to login using a non-existent user..
340006 2529 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
60904 2505 Rapid SMTP password incorrect events from the same IP source.
330131 2205 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
31102 1905 Possible DoS Consumption Attack
340162 1446 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
341245 1431 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
5703 1353 Possible breakin attempt (high number of reverse lookup errors).
300066 1353 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340095 1252 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
340016 1139 Atomicorp.com WAF Rules: Possible SQL injection attempt detected


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 8091 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 6753 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
334009 3195 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
300079 3044 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 2529 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330131 2205 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340162 1446 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
341245 1431 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
300066 1353 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340095 1252 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
340016 1139 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
336461 1057 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
303800 895 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
347008 876 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
336460 735 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
330082 565 Atomicorp.com WAF Rules: Known Exploit User Agent
300311 561 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
310098 541 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
390501 496 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
390614 391 Atomicorp.com WAF Rules: Invalid character in ARGS
330701 351 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340148 330 Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
331217 316 Atomicorp.com WAF Rules: Possible DOS Attack Dropped
318811 264 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
340361 263 Atomicorp.com WAF Rules: CONNECT method denied


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 20097 SSH insecure connection attempt (scan).
60910 8494 Very Slow Wordpress brute force login failures from same IP source.
171303 8260 Known brute force attacker.
3357 6946 Multiple rapid SASL authentication failures.
60159 6648 Wordpress brute force (fast) login failures
4151 5561 Multiple Firewall drop events from same source.
5720 4567 Multiple SSHD authentication failures.
5712 4293 SSHD brute force trying to get access to the system.
11306 2926 FTP brute force (multiple failed logins).
5551 2673 Multiple failed logins in a small period of time.
11254 2626 Multiple attempts to login using a non-existent user..
60904 2505 Rapid SMTP password incorrect events from the same IP source.
31102 1905 Possible DoS Consumption Attack
5703 1353 Possible breakin attempt (high number of reverse lookup errors).
3355 1089 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3912 830 Multiple failed logins, 6 failures in 60 seconds from the same IP.
60908 722 Very Slow Joomla brute force login failures from same IP source.
40111 609 Multiple authentication failures.
40114 591 Multiple authentication failures. (Slow Brute Force)
3359 540 Multiple SASL authentication failures.
9952 506 Vpopmail brute force (email harvesting).
3356 466 Multiple attempts to send e-mail from black-listed IP address (blocked).
60156 425 Joomla brute force (fast) login failures
171005 413 Multiple rapid Exim authentication failures.
9750 362 Dovecot Multiple Authentication Failures.
Post Reply