Global Internet Threat and Attacks Report for September 1st

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 1st

Unread post by mikeshinn »

Note: Count represents unique attackers performing an attack against a specific target. Multiple attacks from the same attacker on the same target are treated in the count as a single attack.

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 19071 SSH insecure connection attempt (scan).
392301 10956 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
330015 8273 Atomicorp.com WAF Rules: Bad User Agent: Exploit tool
393766 7466 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
171303 6218 Known brute force attacker.
60910 6160 Very Slow Wordpress brute force login failures from same IP source.
60159 4869 Wordpress brute force (fast) login failures
5720 4538 Multiple SSHD authentication failures.
3357 4479 Multiple rapid SASL authentication failures.
4151 4457 Multiple Firewall drop events from same source.
31102 4064 Possible DoS Consumption Attack
340006 3431 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
334009 3336 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
300079 3239 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
300311 2705 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
5712 2644 SSHD brute force trying to get access to the system.
330082 2416 Atomicorp.com WAF Rules: Known Exploit User Agent
11306 2407 FTP brute force (multiple failed logins).
330131 2360 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340162 2249 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
5551 2168 Multiple failed logins in a small period of time.
11254 2104 Multiple attempts to login using a non-existent user..
390614 2050 Atomicorp.com WAF Rules: Invalid character in ARGS
60904 1782 Rapid SMTP password incorrect events from the same IP source.
318811 1700 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 10956 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
330015 8273 Atomicorp.com WAF Rules: Bad User Agent: Exploit tool
393766 7466 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
340006 3431 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
334009 3336 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
300079 3239 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
300311 2705 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
330082 2416 Atomicorp.com WAF Rules: Known Exploit User Agent
330131 2360 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340162 2249 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
390614 2050 Atomicorp.com WAF Rules: Invalid character in ARGS
318811 1700 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
340095 1598 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
303800 1586 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
330701 1511 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
300066 1435 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
390501 1246 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
341245 1182 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
336461 947 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
340016 930 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
347008 927 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
340361 809 Atomicorp.com WAF Rules: CONNECT method denied
310098 634 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
336460 609 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
360000 397 Atomicorp.com Malware Blocklist: Malware Site detected in URL/Argument (AE)


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19071 SSH insecure connection attempt (scan).
171303 6218 Known brute force attacker.
60910 6160 Very Slow Wordpress brute force login failures from same IP source.
60159 4869 Wordpress brute force (fast) login failures
5720 4538 Multiple SSHD authentication failures.
3357 4479 Multiple rapid SASL authentication failures.
4151 4457 Multiple Firewall drop events from same source.
31102 4064 Possible DoS Consumption Attack
5712 2644 SSHD brute force trying to get access to the system.
11306 2407 FTP brute force (multiple failed logins).
5551 2168 Multiple failed logins in a small period of time.
11254 2104 Multiple attempts to login using a non-existent user..
60904 1782 Rapid SMTP password incorrect events from the same IP source.
60908 1152 Very Slow Joomla brute force login failures from same IP source.
5703 967 Possible breakin attempt (high number of reverse lookup errors).
3912 851 Multiple failed logins, 6 failures in 60 seconds from the same IP.
3355 822 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
40114 591 Multiple authentication failures. (Slow Brute Force)
40111 426 Multiple authentication failures.
3351 407 Multiple relaying attempts of spam.
3352 381 Multiple attempts to send e-mail from a rejected sender IP (access).
60156 333 Joomla brute force (fast) login failures
9750 330 Dovecot Multiple Authentication Failures.
3356 313 Multiple attempts to send e-mail from black-listed IP address (blocked).
3359 302 Multiple SASL authentication failures.
Post Reply