Global Internet Threat and Attacks Report for September 8th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 8th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
392301 47051 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 23186 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
5706 18106 SSH insecure connection attempt (scan).
171303 6225 Known brute force attacker.
4151 4874 Multiple Firewall drop events from same source.
3357 4080 Multiple rapid SASL authentication failures.
60910 3992 Very Slow Wordpress brute force login failures from same IP source.
5720 3838 Multiple SSHD authentication failures.
60159 3672 Wordpress brute force (fast) login failures
330131 3284 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5712 2954 SSHD brute force trying to get access to the system.
390614 2695 Atomicorp.com WAF Rules: Invalid character in ARGS
330082 2621 Atomicorp.com WAF Rules: Known Exploit User Agent
300079 2368 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
11306 2243 FTP brute force (multiple failed logins).
303800 2124 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340162 2119 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
334009 2094 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
5551 2013 Multiple failed logins in a small period of time.
3912 1945 Multiple failed logins, 6 failures in 60 seconds from the same IP.
60904 1811 Rapid SMTP password incorrect events from the same IP source.
11254 1695 Multiple attempts to login using a non-existent user..
336460 1534 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
341245 1229 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340006 1182 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 47051 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 23186 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330131 3284 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
390614 2695 Atomicorp.com WAF Rules: Invalid character in ARGS
330082 2621 Atomicorp.com WAF Rules: Known Exploit User Agent
300079 2368 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
303800 2124 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340162 2119 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
334009 2094 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
336460 1534 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
341245 1229 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340006 1182 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300066 1105 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340095 1100 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
340016 765 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
318811 764 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
336461 695 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
330701 587 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
347008 550 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
390501 387 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
393766 384 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
330205 318 Atomicorp.com WAF Rules: Joomla Exploit Bot
300311 315 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
318812 275 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Joomla images directory
360000 272 Atomicorp.com Malware Blocklist: Malware Site detected in URL/Argument (AE)


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 18106 SSH insecure connection attempt (scan).
171303 6225 Known brute force attacker.
4151 4874 Multiple Firewall drop events from same source.
3357 4080 Multiple rapid SASL authentication failures.
60910 3992 Very Slow Wordpress brute force login failures from same IP source.
5720 3838 Multiple SSHD authentication failures.
60159 3672 Wordpress brute force (fast) login failures
5712 2954 SSHD brute force trying to get access to the system.
11306 2243 FTP brute force (multiple failed logins).
5551 2013 Multiple failed logins in a small period of time.
3912 1945 Multiple failed logins, 6 failures in 60 seconds from the same IP.
60904 1811 Rapid SMTP password incorrect events from the same IP source.
11254 1695 Multiple attempts to login using a non-existent user..
3356 890 Multiple attempts to send e-mail from black-listed IP address (blocked).
3351 753 Multiple relaying attempts of spam.
31102 696 Possible DoS Consumption Attack
5703 669 Possible breakin attempt (high number of reverse lookup errors).
40111 514 Multiple authentication failures.
9952 497 Vpopmail brute force (email harvesting).
3352 400 Multiple attempts to send e-mail from a rejected sender IP (access).
40114 348 Multiple authentication failures. (Slow Brute Force)
60908 319 Very Slow Joomla brute force login failures from same IP source.
60156 295 Joomla brute force (fast) login failures
3913 257 Multiple failed logins, 10 failures in 1 hour from the same IP.
9750 249 Dovecot Multiple Authentication Failures.
Post Reply