Global Internet Threat and Attacks Report for August 31st

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for August 31st

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 19222 SSH insecure connection attempt (scan).
60910 8340 Very Slow Wordpress brute force login failures from same IP source.
392301 7826 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 7345 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
60159 6957 Wordpress brute force (fast) login failures
171303 6379 Known brute force attacker.
5720 5676 Multiple SSHD authentication failures.
4151 4628 Multiple Firewall drop events from same source.
3357 4371 Multiple rapid SASL authentication failures.
330701 3750 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
300079 3559 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
5712 2731 SSHD brute force trying to get access to the system.
340006 2671 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
303800 2583 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
334009 2456 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
5551 2361 Multiple failed logins in a small period of time.
11306 2311 FTP brute force (multiple failed logins).
330131 2280 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340162 2153 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340095 1922 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
11254 1810 Multiple attempts to login using a non-existent user..
336468 1764 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
390614 1754 Atomicorp.com WAF Rules: Invalid character in ARGS
60904 1714 Rapid SMTP password incorrect events from the same IP source.
300311 1677 Atomicorp.com WAF AntiSpam Rules: Possible loan spam


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 7826 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 7345 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
330701 3750 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
300079 3559 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 2671 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
303800 2583 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
334009 2456 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330131 2280 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340162 2153 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340095 1922 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336468 1764 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
390614 1754 Atomicorp.com WAF Rules: Invalid character in ARGS
300311 1677 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
340016 1411 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
300066 1410 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
341245 1289 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
336460 1287 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
330082 1016 Atomicorp.com WAF Rules: Known Exploit User Agent
318811 998 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
336461 888 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
347008 547 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
330034 421 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
340195 408 Atomicorp.com WAF Rules: Possible Base64 Encoded PHP function in Argument - this may be an attack.
340155 396 Atomicorp.com WAF Rules: Generic SQL Injection protection
340009 395 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19222 SSH insecure connection attempt (scan).
60910 8340 Very Slow Wordpress brute force login failures from same IP source.
60159 6957 Wordpress brute force (fast) login failures
171303 6379 Known brute force attacker.
5720 5676 Multiple SSHD authentication failures.
4151 4628 Multiple Firewall drop events from same source.
3357 4371 Multiple rapid SASL authentication failures.
5712 2731 SSHD brute force trying to get access to the system.
5551 2361 Multiple failed logins in a small period of time.
11306 2311 FTP brute force (multiple failed logins).
11254 1810 Multiple attempts to login using a non-existent user..
60904 1714 Rapid SMTP password incorrect events from the same IP source.
3912 1303 Multiple failed logins, 6 failures in 60 seconds from the same IP.
31102 1143 Possible DoS Consumption Attack
60908 906 Very Slow Joomla brute force login failures from same IP source.
5703 873 Possible breakin attempt (high number of reverse lookup errors).
3351 805 Multiple relaying attempts of spam.
3355 759 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3359 582 Multiple SASL authentication failures.
40114 533 Multiple authentication failures. (Slow Brute Force)
40111 441 Multiple authentication failures.
3356 406 Multiple attempts to send e-mail from black-listed IP address (blocked).
3352 386 Multiple attempts to send e-mail from a rejected sender IP (access).
60156 352 Joomla brute force (fast) login failures
171005 278 Multiple rapid Exim authentication failures.
Post Reply