Global Internet Threat and Attacks Report for September 2nd

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 2nd

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 20184 SSH insecure connection attempt (scan).
392301 9700 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
171303 7858 Known brute force attacker.
3357 6374 Multiple rapid SASL authentication failures.
393766 5465 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
5720 5059 Multiple SSHD authentication failures.
60910 4774 Very Slow Wordpress brute force login failures from same IP source.
4151 4590 Multiple Firewall drop events from same source.
60159 4354 Wordpress brute force (fast) login failures
5712 3912 SSHD brute force trying to get access to the system.
340006 3253 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300079 3063 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
390614 2899 Atomicorp.com WAF Rules: Invalid character in ARGS
334009 2736 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
303800 2592 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
330082 2410 Atomicorp.com WAF Rules: Known Exploit User Agent
340162 2210 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330131 2143 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5551 2087 Multiple failed logins in a small period of time.
11306 1837 FTP brute force (multiple failed logins).
60904 1783 Rapid SMTP password incorrect events from the same IP source.
11254 1664 Multiple attempts to login using a non-existent user..
300066 1524 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
341245 1438 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340361 1412 Atomicorp.com WAF Rules: CONNECT method denied


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 9700 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 5465 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
340006 3253 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300079 3063 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
390614 2899 Atomicorp.com WAF Rules: Invalid character in ARGS
334009 2736 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
303800 2592 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
330082 2410 Atomicorp.com WAF Rules: Known Exploit User Agent
340162 2210 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330131 2143 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300066 1524 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
341245 1438 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340361 1412 Atomicorp.com WAF Rules: CONNECT method denied
340095 1191 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336460 1180 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
318811 1008 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
336461 995 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
347008 975 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
330701 971 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340016 777 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
330056 672 Atomicorp.com WAF Rules: Email Harvester Spambot User agent detected
390501 576 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
336468 338 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
300311 322 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
310098 311 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 20184 SSH insecure connection attempt (scan).
171303 7858 Known brute force attacker.
3357 6374 Multiple rapid SASL authentication failures.
5720 5059 Multiple SSHD authentication failures.
60910 4774 Very Slow Wordpress brute force login failures from same IP source.
4151 4590 Multiple Firewall drop events from same source.
60159 4354 Wordpress brute force (fast) login failures
5712 3912 SSHD brute force trying to get access to the system.
5551 2087 Multiple failed logins in a small period of time.
11306 1837 FTP brute force (multiple failed logins).
60904 1783 Rapid SMTP password incorrect events from the same IP source.
11254 1664 Multiple attempts to login using a non-existent user..
31102 1165 Possible DoS Consumption Attack
60908 1020 Very Slow Joomla brute force login failures from same IP source.
3356 918 Multiple attempts to send e-mail from black-listed IP address (blocked).
5703 837 Possible breakin attempt (high number of reverse lookup errors).
40114 749 Multiple authentication failures. (Slow Brute Force)
3359 742 Multiple SASL authentication failures.
3912 618 Multiple failed logins, 6 failures in 60 seconds from the same IP.
3351 570 Multiple relaying attempts of spam.
40111 493 Multiple authentication failures.
60156 458 Joomla brute force (fast) login failures
3355 440 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
9750 419 Dovecot Multiple Authentication Failures.
3352 414 Multiple attempts to send e-mail from a rejected sender IP (access).
Post Reply