Global Internet Threat and Attacks Report for August 29th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 29th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 19035 SSH insecure connection attempt (scan).
330701 12107 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
392301 8327 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
3357 6322 Multiple rapid SASL authentication failures.
60910 6187 Very Slow Wordpress brute force login failures from same IP source.
171303 6063 Known brute force attacker.
393766 5936 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
4151 5216 Multiple Firewall drop events from same source.
60159 5063 Wordpress brute force (fast) login failures
5720 5051 Multiple SSHD authentication failures.
334009 3799 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
5712 3533 SSHD brute force trying to get access to the system.
340006 3458 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300079 3298 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
318812 2994 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Joomla images directory
5551 2692 Multiple failed logins in a small period of time.
330131 2518 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
11306 2473 FTP brute force (multiple failed logins).
11254 2126 Multiple attempts to login using a non-existent user..
5703 2023 Possible breakin attempt (high number of reverse lookup errors).
60904 1826 Rapid SMTP password incorrect events from the same IP source.
340162 1745 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340095 1556 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336468 1490 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
300066 1477 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
330701 12107 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
392301 8327 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 5936 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
334009 3799 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
340006 3458 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300079 3298 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
318812 2994 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Joomla images directory
330131 2518 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340162 1745 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340095 1556 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336468 1490 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
300066 1477 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
341245 1465 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
347008 1337 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
336461 1254 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
340016 1204 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
390501 937 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
303800 915 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
336460 699 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
330082 685 Atomicorp.com WAF Rules: Known Exploit User Agent
300311 528 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
330205 475 Atomicorp.com WAF Rules: Joomla Exploit Bot
340361 337 Atomicorp.com WAF Rules: CONNECT method denied
310098 334 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
390614 301 Atomicorp.com WAF Rules: Invalid character in ARGS


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19035 SSH insecure connection attempt (scan).
3357 6322 Multiple rapid SASL authentication failures.
60910 6187 Very Slow Wordpress brute force login failures from same IP source.
171303 6063 Known brute force attacker.
4151 5216 Multiple Firewall drop events from same source.
60159 5063 Wordpress brute force (fast) login failures
5720 5051 Multiple SSHD authentication failures.
5712 3533 SSHD brute force trying to get access to the system.
5551 2692 Multiple failed logins in a small period of time.
11306 2473 FTP brute force (multiple failed logins).
11254 2126 Multiple attempts to login using a non-existent user..
5703 2023 Possible breakin attempt (high number of reverse lookup errors).
60904 1826 Rapid SMTP password incorrect events from the same IP source.
31102 1292 Possible DoS Consumption Attack
3355 1152 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
60908 776 Very Slow Joomla brute force login failures from same IP source.
3359 644 Multiple SASL authentication failures.
3356 499 Multiple attempts to send e-mail from black-listed IP address (blocked).
3912 478 Multiple failed logins, 6 failures in 60 seconds from the same IP.
40114 400 Multiple authentication failures. (Slow Brute Force)
60156 363 Joomla brute force (fast) login failures
171005 347 Multiple rapid Exim authentication failures.
9952 258 Vpopmail brute force (email harvesting).
3913 249 Multiple failed logins, 10 failures in 1 hour from the same IP.
9750 246 Dovecot Multiple Authentication Failures.
Post Reply