Global Internet Threat and Attacks Report for August 30th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 30th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
330701 25396 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
5706 19511 SSH insecure connection attempt (scan).
60910 7406 Very Slow Wordpress brute force login failures from same IP source.
392301 6906 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 6406 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
60159 6270 Wordpress brute force (fast) login failures
171303 5646 Known brute force attacker.
3357 5370 Multiple rapid SASL authentication failures.
4151 5308 Multiple Firewall drop events from same source.
5720 5125 Multiple SSHD authentication failures.
334009 3957 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
336468 3677 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
300079 3634 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 2601 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
11306 2409 FTP brute force (multiple failed logins).
5712 2275 SSHD brute force trying to get access to the system.
330131 2116 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5551 2083 Multiple failed logins in a small period of time.
11254 1937 Multiple attempts to login using a non-existent user..
340095 1753 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
340162 1715 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
300066 1363 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
318812 1244 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Joomla images directory
330082 1225 Atomicorp.com WAF Rules: Known Exploit User Agent
303800 1179 Atomicorp.com WAF Rules: Fake Googlebot webcrawler


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
330701 25396 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
392301 6906 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 6406 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
334009 3957 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
336468 3677 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
300079 3634 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 2601 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330131 2116 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340095 1753 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
340162 1715 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
300066 1363 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
318812 1244 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Joomla images directory
330082 1225 Atomicorp.com WAF Rules: Known Exploit User Agent
303800 1179 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
341245 904 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
336461 903 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
347008 876 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
336460 840 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
318811 786 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
340016 714 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
330034 663 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
390501 651 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
340361 492 Atomicorp.com WAF Rules: CONNECT method denied
340009 474 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
390614 466 Atomicorp.com WAF Rules: Invalid character in ARGS


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19511 SSH insecure connection attempt (scan).
60910 7406 Very Slow Wordpress brute force login failures from same IP source.
60159 6270 Wordpress brute force (fast) login failures
171303 5646 Known brute force attacker.
3357 5370 Multiple rapid SASL authentication failures.
4151 5308 Multiple Firewall drop events from same source.
5720 5125 Multiple SSHD authentication failures.
11306 2409 FTP brute force (multiple failed logins).
5712 2275 SSHD brute force trying to get access to the system.
5551 2083 Multiple failed logins in a small period of time.
11254 1937 Multiple attempts to login using a non-existent user..
60904 1047 Rapid SMTP password incorrect events from the same IP source.
3355 838 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
60908 730 Very Slow Joomla brute force login failures from same IP source.
31102 725 Possible DoS Consumption Attack
3912 591 Multiple failed logins, 6 failures in 60 seconds from the same IP.
5703 527 Possible breakin attempt (high number of reverse lookup errors).
3359 488 Multiple SASL authentication failures.
40114 449 Multiple authentication failures. (Slow Brute Force)
60156 388 Joomla brute force (fast) login failures
171005 359 Multiple rapid Exim authentication failures.
3356 316 Multiple attempts to send e-mail from black-listed IP address (blocked).
40111 307 Multiple authentication failures.
11255 240 Attempt to log in to a forbidden account.
9952 240 Vpopmail brute force (email harvesting).
Post Reply