Global Internet Threat and Attacks Report for September 11th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 11th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
336468 72283 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 33145 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
5706 19173 SSH insecure connection attempt (scan).
330094 6569 Atomicorp.com WAF Rules: Fake User Agent String
60910 6430 Very Slow Wordpress brute force login failures from same IP source.
171303 6132 Known brute force attacker.
3357 6068 Multiple rapid SASL authentication failures.
4151 5974 Multiple Firewall drop events from same source.
60159 5378 Wordpress brute force (fast) login failures
5712 4774 SSHD brute force trying to get access to the system.
330131 4030 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
31102 3652 Possible DoS Consumption Attack
5720 3257 Multiple SSHD authentication failures.
390614 2857 Atomicorp.com WAF Rules: Invalid character in ARGS
300079 2698 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
3912 2379 Multiple failed logins, 6 failures in 60 seconds from the same IP.
340162 2231 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
11306 2133 FTP brute force (multiple failed logins).
60904 2095 Rapid SMTP password incorrect events from the same IP source.
330082 2035 Atomicorp.com WAF Rules: Known Exploit User Agent
5551 2009 Multiple failed logins in a small period of time.
334009 2000 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
340006 1972 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
11254 1723 Multiple attempts to login using a non-existent user..
340095 1488 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
336468 72283 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 33145 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
330094 6569 Atomicorp.com WAF Rules: Fake User Agent String
330131 4030 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
390614 2857 Atomicorp.com WAF Rules: Invalid character in ARGS
300079 2698 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2231 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330082 2035 Atomicorp.com WAF Rules: Known Exploit User Agent
334009 2000 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
340006 1972 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
340095 1488 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
330701 1383 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
300066 1323 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
336460 1137 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
303800 914 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340016 910 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
341245 866 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
330034 794 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
390501 764 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
393766 608 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
336461 531 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
318811 439 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
330205 358 Atomicorp.com WAF Rules: Joomla Exploit Bot
318813 316 Atomicorp.com WAF Rules: Possible Fake Domain name used in URL, Possible Injection Attack
347008 308 Atomicorp.com WAF Rules: Suspicious deep path recursion denied


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19173 SSH insecure connection attempt (scan).
60910 6430 Very Slow Wordpress brute force login failures from same IP source.
171303 6132 Known brute force attacker.
3357 6068 Multiple rapid SASL authentication failures.
4151 5974 Multiple Firewall drop events from same source.
60159 5378 Wordpress brute force (fast) login failures
5712 4774 SSHD brute force trying to get access to the system.
31102 3652 Possible DoS Consumption Attack
5720 3257 Multiple SSHD authentication failures.
3912 2379 Multiple failed logins, 6 failures in 60 seconds from the same IP.
11306 2133 FTP brute force (multiple failed logins).
60904 2095 Rapid SMTP password incorrect events from the same IP source.
5551 2009 Multiple failed logins in a small period of time.
11254 1723 Multiple attempts to login using a non-existent user..
40111 1303 Multiple authentication failures.
3355 1185 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
3356 1050 Multiple attempts to send e-mail from black-listed IP address (blocked).
5703 778 Possible breakin attempt (high number of reverse lookup errors).
60908 529 Very Slow Joomla brute force login failures from same IP source.
3351 487 Multiple relaying attempts of spam.
40114 457 Multiple authentication failures. (Slow Brute Force)
9952 445 Vpopmail brute force (email harvesting).
3352 444 Multiple attempts to send e-mail from a rejected sender IP (access).
3353 406 Multiple attempts to send e-mail from invalid/unknown sender domain.
60156 347 Joomla brute force (fast) login failures
Post Reply