Global Internet Threat and Attacks Report for September 12th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 12th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
336468 58949 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
5706 19086 SSH insecure connection attempt (scan).
392301 18102 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
330094 6117 Atomicorp.com WAF Rules: Fake User Agent String
31102 6057 Possible DoS Consumption Attack
3357 5406 Multiple rapid SASL authentication failures.
60910 5364 Very Slow Wordpress brute force login failures from same IP source.
171303 5361 Known brute force attacker.
60159 5271 Wordpress brute force (fast) login failures
4151 4956 Multiple Firewall drop events from same source.
5712 4319 SSHD brute force trying to get access to the system.
330131 3742 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5720 3194 Multiple SSHD authentication failures.
300079 2905 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
390614 2828 Atomicorp.com WAF Rules: Invalid character in ARGS
334009 2548 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
11306 2182 FTP brute force (multiple failed logins).
330701 2177 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 2155 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
11254 1872 Multiple attempts to login using a non-existent user..
5551 1847 Multiple failed logins in a small period of time.
340095 1538 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
330082 1422 Atomicorp.com WAF Rules: Known Exploit User Agent
303800 1336 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
60904 1328 Rapid SMTP password incorrect events from the same IP source.


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
336468 58949 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 18102 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
330094 6117 Atomicorp.com WAF Rules: Fake User Agent String
330131 3742 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 2905 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
390614 2828 Atomicorp.com WAF Rules: Invalid character in ARGS
334009 2548 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330701 2177 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 2155 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340095 1538 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
330082 1422 Atomicorp.com WAF Rules: Known Exploit User Agent
303800 1336 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340006 1180 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330034 1131 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
300066 1109 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
341245 1070 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
390501 789 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
340016 787 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
336460 777 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
318811 519 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
336461 503 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
347008 466 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
310098 403 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
330205 394 Atomicorp.com WAF Rules: Joomla Exploit Bot
318813 360 Atomicorp.com WAF Rules: Possible Fake Domain name used in URL, Possible Injection Attack


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 19086 SSH insecure connection attempt (scan).
31102 6057 Possible DoS Consumption Attack
3357 5406 Multiple rapid SASL authentication failures.
60910 5364 Very Slow Wordpress brute force login failures from same IP source.
171303 5361 Known brute force attacker.
60159 5271 Wordpress brute force (fast) login failures
4151 4956 Multiple Firewall drop events from same source.
5712 4319 SSHD brute force trying to get access to the system.
5720 3194 Multiple SSHD authentication failures.
11306 2182 FTP brute force (multiple failed logins).
11254 1872 Multiple attempts to login using a non-existent user..
5551 1847 Multiple failed logins in a small period of time.
60904 1328 Rapid SMTP password incorrect events from the same IP source.
5703 789 Possible breakin attempt (high number of reverse lookup errors).
60908 560 Very Slow Joomla brute force login failures from same IP source.
40111 475 Multiple authentication failures.
3356 470 Multiple attempts to send e-mail from black-listed IP address (blocked).
60156 321 Joomla brute force (fast) login failures
9750 289 Dovecot Multiple Authentication Failures.
171005 287 Multiple rapid Exim authentication failures.
3912 264 Multiple failed logins, 6 failures in 60 seconds from the same IP.
9952 178 Vpopmail brute force (email harvesting).
3359 173 Multiple SASL authentication failures.
40114 147 Multiple authentication failures. (Slow Brute Force)
60160 139 Wordpress brute force (slow) login failures
Post Reply