Global Internet Threat and Attacks Report for September 4th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 4th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 19623 SSH insecure connection attempt (scan).
300311 15288 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
392301 8399 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
5712 6936 SSHD brute force trying to get access to the system.
3357 6815 Multiple rapid SASL authentication failures.
60910 6291 Very Slow Wordpress brute force login failures from same IP source.
171303 6169 Known brute force attacker.
4151 5072 Multiple Firewall drop events from same source.
60159 4977 Wordpress brute force (fast) login failures
5720 4924 Multiple SSHD authentication failures.
334009 3899 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330131 3886 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
303800 3307 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
5551 3085 Multiple failed logins in a small period of time.
390614 2727 Atomicorp.com WAF Rules: Invalid character in ARGS
340162 2370 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
300079 2119 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 1914 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
336460 1671 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
330791 1670 Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.
40111 1601 Multiple authentication failures.
341245 1584 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
330701 1513 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
11306 1509 FTP brute force (multiple failed logins).
340095 1494 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
300311 15288 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
392301 8399 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
334009 3899 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330131 3886 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
303800 3307 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
390614 2727 Atomicorp.com WAF Rules: Invalid character in ARGS
340162 2370 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
300079 2119 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 1914 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
336460 1671 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
330791 1670 Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.
341245 1584 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
330701 1513 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340095 1494 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
300066 1418 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
393766 1336 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
336461 1099 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
347008 1070 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
340016 829 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
330082 764 Atomicorp.com WAF Rules: Known Exploit User Agent
310098 699 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
330034 568 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
318811 558 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
340009 354 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
336468 315 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19623 SSH insecure connection attempt (scan).
5712 6936 SSHD brute force trying to get access to the system.
3357 6815 Multiple rapid SASL authentication failures.
60910 6291 Very Slow Wordpress brute force login failures from same IP source.
171303 6169 Known brute force attacker.
4151 5072 Multiple Firewall drop events from same source.
60159 4977 Wordpress brute force (fast) login failures
5720 4924 Multiple SSHD authentication failures.
5551 3085 Multiple failed logins in a small period of time.
40111 1601 Multiple authentication failures.
11306 1509 FTP brute force (multiple failed logins).
31102 1368 Possible DoS Consumption Attack
5703 1240 Possible breakin attempt (high number of reverse lookup errors).
60904 1206 Rapid SMTP password incorrect events from the same IP source.
3356 1179 Multiple attempts to send e-mail from black-listed IP address (blocked).
11254 1095 Multiple attempts to login using a non-existent user..
3351 952 Multiple relaying attempts of spam.
3912 752 Multiple failed logins, 6 failures in 60 seconds from the same IP.
40114 650 Multiple authentication failures. (Slow Brute Force)
60908 634 Very Slow Joomla brute force login failures from same IP source.
3352 596 Multiple attempts to send e-mail from a rejected sender IP (access).
3359 567 Multiple SASL authentication failures.
60156 343 Joomla brute force (fast) login failures
9750 278 Dovecot Multiple Authentication Failures.
9952 239 Vpopmail brute force (email harvesting).
Post Reply