Global Internet Threat and Attacks Report for September 3rd

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 3rd

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 19081 SSH insecure connection attempt (scan).
392301 8144 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
171303 7118 Known brute force attacker.
5712 6541 SSHD brute force trying to get access to the system.
5720 5653 Multiple SSHD authentication failures.
3357 5423 Multiple rapid SASL authentication failures.
4151 5334 Multiple Firewall drop events from same source.
60910 5173 Very Slow Wordpress brute force login failures from same IP source.
60159 4966 Wordpress brute force (fast) login failures
393766 4291 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
334009 3936 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
390614 2859 Atomicorp.com WAF Rules: Invalid character in ARGS
303800 2749 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
5551 2749 Multiple failed logins in a small period of time.
340162 2493 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
300079 2422 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 2410 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330131 2344 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
11306 1600 FTP brute force (multiple failed logins).
336460 1549 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
60904 1544 Rapid SMTP password incorrect events from the same IP source.
3356 1510 Multiple attempts to send e-mail from black-listed IP address (blocked).
330011 1478 Atomicorp.com WAF Rules: Bad User Agent: Known Exploit Tool Detected
40111 1397 Multiple authentication failures.
300066 1375 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 8144 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
393766 4291 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
334009 3936 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
390614 2859 Atomicorp.com WAF Rules: Invalid character in ARGS
303800 2749 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340162 2493 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
300079 2422 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 2410 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330131 2344 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
336460 1549 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
330011 1478 Atomicorp.com WAF Rules: Bad User Agent: Known Exploit Tool Detected
300066 1375 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
341245 1289 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340095 1120 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
330082 1028 Atomicorp.com WAF Rules: Known Exploit User Agent
347008 903 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
330791 886 Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.
300311 884 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
336461 869 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
318811 813 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
330701 797 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340016 640 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
330034 633 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
390501 554 Atomicorp.com Malware Script Blacklist: Known Malware filename detected in Request Filename
381203 392 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Non Image Upload Attempt


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19081 SSH insecure connection attempt (scan).
171303 7118 Known brute force attacker.
5712 6541 SSHD brute force trying to get access to the system.
5720 5653 Multiple SSHD authentication failures.
3357 5423 Multiple rapid SASL authentication failures.
4151 5334 Multiple Firewall drop events from same source.
60910 5173 Very Slow Wordpress brute force login failures from same IP source.
60159 4966 Wordpress brute force (fast) login failures
5551 2749 Multiple failed logins in a small period of time.
11306 1600 FTP brute force (multiple failed logins).
60904 1544 Rapid SMTP password incorrect events from the same IP source.
3356 1510 Multiple attempts to send e-mail from black-listed IP address (blocked).
40111 1397 Multiple authentication failures.
31102 1300 Possible DoS Consumption Attack
11254 1203 Multiple attempts to login using a non-existent user..
3351 1070 Multiple relaying attempts of spam.
5703 908 Possible breakin attempt (high number of reverse lookup errors).
60908 888 Very Slow Joomla brute force login failures from same IP source.
3912 772 Multiple failed logins, 6 failures in 60 seconds from the same IP.
40114 688 Multiple authentication failures. (Slow Brute Force)
3359 676 Multiple SASL authentication failures.
3352 594 Multiple attempts to send e-mail from a rejected sender IP (access).
60156 491 Joomla brute force (fast) login failures
9750 406 Dovecot Multiple Authentication Failures.
5701 311 Possible attack on the ssh server (or version gathering).
Post Reply