Global Internet Threat and Attacks Report for September 6th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 6th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 19250 SSH insecure connection attempt (scan).
392301 11487 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
171303 9068 Known brute force attacker.
3357 7019 Multiple rapid SASL authentication failures.
4151 5683 Multiple Firewall drop events from same source.
60910 5194 Very Slow Wordpress brute force login failures from same IP source.
334009 4755 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
5720 4565 Multiple SSHD authentication failures.
5712 4502 SSHD brute force trying to get access to the system.
60159 4498 Wordpress brute force (fast) login failures
330131 4036 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5551 3179 Multiple failed logins in a small period of time.
390614 3025 Atomicorp.com WAF Rules: Invalid character in ARGS
336460 2743 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
300079 2571 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 2429 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
303800 2319 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340162 2270 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
31102 1980 Possible DoS Consumption Attack
330034 1763 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
310717 1673 Atomicorp.com WAF Rules: Cross Site Scripting Attack
336468 1583 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
341245 1459 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340016 1406 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
300066 1352 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 11487 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
334009 4755 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330131 4036 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
390614 3025 Atomicorp.com WAF Rules: Invalid character in ARGS
336460 2743 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
300079 2571 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 2429 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
303800 2319 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340162 2270 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330034 1763 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
310717 1673 Atomicorp.com WAF Rules: Cross Site Scripting Attack
336468 1583 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
341245 1459 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340016 1406 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
300066 1352 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
330094 1056 Atomicorp.com WAF Rules: Fake User Agent String
340095 1000 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
347008 992 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
330082 979 Atomicorp.com WAF Rules: Known Exploit User Agent
336461 965 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
330205 800 Atomicorp.com WAF Rules: Joomla Exploit Bot
300311 655 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
390501 612 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
330701 553 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
318813 487 Atomicorp.com WAF Rules: Possible Fake Domain name used in URL, Possible Injection Attack


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19250 SSH insecure connection attempt (scan).
171303 9068 Known brute force attacker.
3357 7019 Multiple rapid SASL authentication failures.
4151 5683 Multiple Firewall drop events from same source.
60910 5194 Very Slow Wordpress brute force login failures from same IP source.
5720 4565 Multiple SSHD authentication failures.
5712 4502 SSHD brute force trying to get access to the system.
60159 4498 Wordpress brute force (fast) login failures
5551 3179 Multiple failed logins in a small period of time.
31102 1980 Possible DoS Consumption Attack
60904 1222 Rapid SMTP password incorrect events from the same IP source.
11306 1126 FTP brute force (multiple failed logins).
40111 1104 Multiple authentication failures.
5703 917 Possible breakin attempt (high number of reverse lookup errors).
11254 857 Multiple attempts to login using a non-existent user..
3912 757 Multiple failed logins, 6 failures in 60 seconds from the same IP.
60908 590 Very Slow Joomla brute force login failures from same IP source.
60156 419 Joomla brute force (fast) login failures
40114 385 Multiple authentication failures. (Slow Brute Force)
3356 352 Multiple attempts to send e-mail from black-listed IP address (blocked).
3913 330 Multiple failed logins, 10 failures in 1 hour from the same IP.
9750 258 Dovecot Multiple Authentication Failures.
3351 221 Multiple relaying attempts of spam.
11255 193 Attempt to log in to a forbidden account.
3359 167 Multiple SASL authentication failures.
Post Reply