Global Internet Threat and Attacks Report for September 10th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 10th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
392301 35720 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 25368 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
5706 18213 SSH insecure connection attempt (scan).
5712 8284 SSHD brute force trying to get access to the system.
171303 7151 Known brute force attacker.
60910 5845 Very Slow Wordpress brute force login failures from same IP source.
3357 5721 Multiple rapid SASL authentication failures.
4151 5648 Multiple Firewall drop events from same source.
303800 5163 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
60159 4959 Wordpress brute force (fast) login failures
330131 3596 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5720 3431 Multiple SSHD authentication failures.
3912 3108 Multiple failed logins, 6 failures in 60 seconds from the same IP.
390614 3092 Atomicorp.com WAF Rules: Invalid character in ARGS
5551 3010 Multiple failed logins in a small period of time.
31102 2958 Possible DoS Consumption Attack
300079 2916 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
60904 2456 Rapid SMTP password incorrect events from the same IP source.
11306 2447 FTP brute force (multiple failed logins).
340162 2212 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330094 2142 Atomicorp.com WAF Rules: Fake User Agent String
11254 1810 Multiple attempts to login using a non-existent user..
340095 1758 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
3356 1662 Multiple attempts to send e-mail from black-listed IP address (blocked).
5703 1613 Possible breakin attempt (high number of reverse lookup errors).


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
392301 35720 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 25368 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
303800 5163 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
330131 3596 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
390614 3092 Atomicorp.com WAF Rules: Invalid character in ARGS
300079 2916 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2212 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330094 2142 Atomicorp.com WAF Rules: Fake User Agent String
340095 1758 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
340006 1499 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300066 1411 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
334009 1406 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
336460 1385 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
330082 1374 Atomicorp.com WAF Rules: Known Exploit User Agent
340016 1374 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
341245 1118 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
390501 1071 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
330034 782 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
330701 686 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
393766 649 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
347008 592 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
340112 541 Atomicorp.com WAF Rules: cross site scripting attempt to execute Javascript code
336461 533 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
318811 513 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
390712 443 Atomicorp.com WAF Rules: Possible HTTP Response Splitting Attack


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 18213 SSH insecure connection attempt (scan).
5712 8284 SSHD brute force trying to get access to the system.
171303 7151 Known brute force attacker.
60910 5845 Very Slow Wordpress brute force login failures from same IP source.
3357 5721 Multiple rapid SASL authentication failures.
4151 5648 Multiple Firewall drop events from same source.
60159 4959 Wordpress brute force (fast) login failures
5720 3431 Multiple SSHD authentication failures.
3912 3108 Multiple failed logins, 6 failures in 60 seconds from the same IP.
5551 3010 Multiple failed logins in a small period of time.
31102 2958 Possible DoS Consumption Attack
60904 2456 Rapid SMTP password incorrect events from the same IP source.
11306 2447 FTP brute force (multiple failed logins).
11254 1810 Multiple attempts to login using a non-existent user..
3356 1662 Multiple attempts to send e-mail from black-listed IP address (blocked).
5703 1613 Possible breakin attempt (high number of reverse lookup errors).
40111 1567 Multiple authentication failures.
60908 1312 Very Slow Joomla brute force login failures from same IP source.
3355 1101 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3351 930 Multiple relaying attempts of spam.
3352 820 Multiple attempts to send e-mail from a rejected sender IP (access).
60156 631 Joomla brute force (fast) login failures
40114 614 Multiple authentication failures. (Slow Brute Force)
9952 366 Vpopmail brute force (email harvesting).
9750 281 Dovecot Multiple Authentication Failures.
Post Reply