Global Internet Threat and Attacks Report for September 5th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4122
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 5th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 18609 SSH insecure connection attempt (scan).
300311 13536 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
60910 9637 Very Slow Wordpress brute force login failures from same IP source.
171303 9263 Known brute force attacker.
392301 8857 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
3357 7353 Multiple rapid SASL authentication failures.
60159 6167 Wordpress brute force (fast) login failures
5720 5639 Multiple SSHD authentication failures.
4151 5364 Multiple Firewall drop events from same source.
334009 4759 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
5712 4380 SSHD brute force trying to get access to the system.
303800 4247 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
336468 3728 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
390614 3119 Atomicorp.com WAF Rules: Invalid character in ARGS
340162 3113 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330131 3032 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5551 2953 Multiple failed logins in a small period of time.
300079 2393 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
341245 1994 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340006 1918 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
40111 1642 Multiple authentication failures.
336460 1616 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
300066 1479 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
11306 1198 FTP brute force (multiple failed logins).
340095 1098 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
300311 13536 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
392301 8857 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
334009 4759 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
303800 4247 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
336468 3728 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
390614 3119 Atomicorp.com WAF Rules: Invalid character in ARGS
340162 3113 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330131 3032 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 2393 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
341245 1994 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340006 1918 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
336460 1616 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
300066 1479 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340095 1098 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
340016 844 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
336461 803 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
310098 797 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
347008 784 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
330082 760 Atomicorp.com WAF Rules: Known Exploit User Agent
318813 643 Atomicorp.com WAF Rules: Possible Fake Domain name used in URL, Possible Injection Attack
393766 535 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
330701 508 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
390501 462 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
330034 441 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
318811 401 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 18609 SSH insecure connection attempt (scan).
60910 9637 Very Slow Wordpress brute force login failures from same IP source.
171303 9263 Known brute force attacker.
3357 7353 Multiple rapid SASL authentication failures.
60159 6167 Wordpress brute force (fast) login failures
5720 5639 Multiple SSHD authentication failures.
4151 5364 Multiple Firewall drop events from same source.
5712 4380 SSHD brute force trying to get access to the system.
5551 2953 Multiple failed logins in a small period of time.
40111 1642 Multiple authentication failures.
11306 1198 FTP brute force (multiple failed logins).
60904 1028 Rapid SMTP password incorrect events from the same IP source.
3912 1028 Multiple failed logins, 6 failures in 60 seconds from the same IP.
5703 955 Possible breakin attempt (high number of reverse lookup errors).
11254 941 Multiple attempts to login using a non-existent user..
31102 816 Possible DoS Consumption Attack
40114 467 Multiple authentication failures. (Slow Brute Force)
3356 445 Multiple attempts to send e-mail from black-listed IP address (blocked).
3913 421 Multiple failed logins, 10 failures in 1 hour from the same IP.
3359 374 Multiple SASL authentication failures.
9750 345 Dovecot Multiple Authentication Failures.
60908 320 Very Slow Joomla brute force login failures from same IP source.
60156 298 Joomla brute force (fast) login failures
3351 223 Multiple relaying attempts of spam.
9952 182 Vpopmail brute force (email harvesting).
Post Reply