Global Internet Threat and Attacks Report for September 7th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 7th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
392301 42348 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
5706 18854 SSH insecure connection attempt (scan).
336468 9816 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
171303 5812 Known brute force attacker.
4151 5399 Multiple Firewall drop events from same source.
330131 4963 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
3357 4558 Multiple rapid SASL authentication failures.
5720 4261 Multiple SSHD authentication failures.
5712 4179 SSHD brute force trying to get access to the system.
60910 4064 Very Slow Wordpress brute force login failures from same IP source.
60159 3844 Wordpress brute force (fast) login failures
390614 2588 Atomicorp.com WAF Rules: Invalid character in ARGS
303800 2440 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
5551 2281 Multiple failed logins in a small period of time.
334009 2007 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330082 1962 Atomicorp.com WAF Rules: Known Exploit User Agent
340162 1834 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
300079 1533 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
341245 1510 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340006 1488 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330034 1488 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
3352 1271 Multiple attempts to send e-mail from a rejected sender IP (access).
336460 1253 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
11306 1236 FTP brute force (multiple failed logins).
60904 1227 Rapid SMTP password incorrect events from the same IP source.


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 42348 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 9816 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330131 4963 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
390614 2588 Atomicorp.com WAF Rules: Invalid character in ARGS
303800 2440 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
334009 2007 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330082 1962 Atomicorp.com WAF Rules: Known Exploit User Agent
340162 1834 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
300079 1533 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
341245 1510 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340006 1488 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330034 1488 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
336460 1253 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340095 1145 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
300066 1144 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
300311 1042 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
330701 756 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
336461 721 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
347008 552 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
330205 505 Atomicorp.com WAF Rules: Joomla Exploit Bot
331028 447 Atomicorp.com WAF Rules: Possible Unauthorized SQL access to database Detected.
318812 411 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Joomla images directory
318811 399 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
393766 392 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
390501 382 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 18854 SSH insecure connection attempt (scan).
171303 5812 Known brute force attacker.
4151 5399 Multiple Firewall drop events from same source.
3357 4558 Multiple rapid SASL authentication failures.
5720 4261 Multiple SSHD authentication failures.
5712 4179 SSHD brute force trying to get access to the system.
60910 4064 Very Slow Wordpress brute force login failures from same IP source.
60159 3844 Wordpress brute force (fast) login failures
5551 2281 Multiple failed logins in a small period of time.
3352 1271 Multiple attempts to send e-mail from a rejected sender IP (access).
11306 1236 FTP brute force (multiple failed logins).
60904 1227 Rapid SMTP password incorrect events from the same IP source.
11254 1140 Multiple attempts to login using a non-existent user..
3912 653 Multiple failed logins, 6 failures in 60 seconds from the same IP.
5703 651 Possible breakin attempt (high number of reverse lookup errors).
31102 581 Possible DoS Consumption Attack
3356 453 Multiple attempts to send e-mail from black-listed IP address (blocked).
40111 453 Multiple authentication failures.
60908 425 Very Slow Joomla brute force login failures from same IP source.
60156 377 Joomla brute force (fast) login failures
40114 362 Multiple authentication failures. (Slow Brute Force)
9952 312 Vpopmail brute force (email harvesting).
3913 307 Multiple failed logins, 10 failures in 1 hour from the same IP.
3351 190 Multiple relaying attempts of spam.
3355 178 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
Post Reply