Global Internet Threat and Attacks Report for September 9th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4133
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 9th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
392301 42441 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 41577 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
5706 19981 SSH insecure connection attempt (scan).
5712 7512 SSHD brute force trying to get access to the system.
171303 6152 Known brute force attacker.
60910 5963 Very Slow Wordpress brute force login failures from same IP source.
4151 5380 Multiple Firewall drop events from same source.
5720 4932 Multiple SSHD authentication failures.
60159 4653 Wordpress brute force (fast) login failures
3357 4116 Multiple rapid SASL authentication failures.
300079 3675 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 3463 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
3912 3325 Multiple failed logins, 6 failures in 60 seconds from the same IP.
390614 3304 Atomicorp.com WAF Rules: Invalid character in ARGS
5551 3082 Multiple failed logins in a small period of time.
340162 2447 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
11306 2341 FTP brute force (multiple failed logins).
334009 2297 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330082 2293 Atomicorp.com WAF Rules: Known Exploit User Agent
303800 2209 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
11254 1982 Multiple attempts to login using a non-existent user..
60904 1735 Rapid SMTP password incorrect events from the same IP source.
340006 1705 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
336460 1592 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
31102 1354 Possible DoS Consumption Attack


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 42441 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 41577 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
300079 3675 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 3463 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
390614 3304 Atomicorp.com WAF Rules: Invalid character in ARGS
340162 2447 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
334009 2297 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330082 2293 Atomicorp.com WAF Rules: Known Exploit User Agent
303800 2209 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340006 1705 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
336460 1592 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
300066 1340 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
318811 1124 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
330701 1042 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340016 946 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
341245 928 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340361 913 Atomicorp.com WAF Rules: CONNECT method denied
300311 705 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
330034 697 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
390501 616 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
340095 615 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336461 586 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
393766 441 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
318813 353 Atomicorp.com WAF Rules: Possible Fake Domain name used in URL, Possible Injection Attack
347008 337 Atomicorp.com WAF Rules: Suspicious deep path recursion denied


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19981 SSH insecure connection attempt (scan).
5712 7512 SSHD brute force trying to get access to the system.
171303 6152 Known brute force attacker.
60910 5963 Very Slow Wordpress brute force login failures from same IP source.
4151 5380 Multiple Firewall drop events from same source.
5720 4932 Multiple SSHD authentication failures.
60159 4653 Wordpress brute force (fast) login failures
3357 4116 Multiple rapid SASL authentication failures.
3912 3325 Multiple failed logins, 6 failures in 60 seconds from the same IP.
5551 3082 Multiple failed logins in a small period of time.
11306 2341 FTP brute force (multiple failed logins).
11254 1982 Multiple attempts to login using a non-existent user..
60904 1735 Rapid SMTP password incorrect events from the same IP source.
31102 1354 Possible DoS Consumption Attack
5703 1305 Possible breakin attempt (high number of reverse lookup errors).
40111 946 Multiple authentication failures.
3356 859 Multiple attempts to send e-mail from black-listed IP address (blocked).
3351 757 Multiple relaying attempts of spam.
3352 664 Multiple attempts to send e-mail from a rejected sender IP (access).
40114 548 Multiple authentication failures. (Slow Brute Force)
9952 441 Vpopmail brute force (email harvesting).
60908 435 Very Slow Joomla brute force login failures from same IP source.
60156 361 Joomla brute force (fast) login failures
9750 293 Dovecot Multiple Authentication Failures.
171005 274 Multiple rapid Exim authentication failures.
Post Reply