Global Internet Threat and Attacks Report for September 13th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 13th

Unread post by mikeshinn »

Top 25 Attacks (level 6+)
Rule_ID Count
-----------------------------------------
5706 18374 SSH insecure connection attempt (scan).
336468 17769 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 16706 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
60910 6426 Very Slow Wordpress brute force login failures from same IP source.
4151 5323 Multiple Firewall drop events from same source.
3357 5311 Multiple rapid SASL authentication failures.
60159 5174 Wordpress brute force (fast) login failures
171303 5139 Known brute force attacker.
330701 4809 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
330131 4482 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5712 3861 SSHD brute force trying to get access to the system.
334009 3418 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
5720 3376 Multiple SSHD authentication failures.
300079 3099 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
390614 2850 Atomicorp.com WAF Rules: Invalid character in ARGS
340162 2393 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340095 1871 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
5551 1702 Multiple failed logins in a small period of time.
31102 1570 Possible DoS Consumption Attack
336460 1372 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340016 1342 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
60904 1301 Rapid SMTP password incorrect events from the same IP source.
11306 1293 FTP brute force (multiple failed logins).
341245 1180 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340006 1018 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS


Top 25 Web Attacks
Rule_ID Count
-----------------------------------------
336468 17769 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 16706 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
330701 4809 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
330131 4482 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
334009 3418 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
300079 3099 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
390614 2850 Atomicorp.com WAF Rules: Invalid character in ARGS
340162 2393 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340095 1871 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336460 1372 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340016 1342 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
341245 1180 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340006 1018 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300066 977 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
330034 972 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
303800 926 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
330094 805 Atomicorp.com WAF Rules: Fake User Agent String
390501 775 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
347008 728 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
340195 707 Atomicorp.com WAF Rules: Possible Base64 Encoded PHP function in Argument - this may be an attack.
330082 659 Atomicorp.com WAF Rules: Known Exploit User Agent
318811 589 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
336461 561 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
340361 381 Atomicorp.com WAF Rules: CONNECT method denied
340009 332 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS


Top 25 Non-Web Attacks
Rule_ID Count
-----------------------------------------
5706 18374 SSH insecure connection attempt (scan).
60910 6426 Very Slow Wordpress brute force login failures from same IP source.
4151 5323 Multiple Firewall drop events from same source.
3357 5311 Multiple rapid SASL authentication failures.
60159 5174 Wordpress brute force (fast) login failures
171303 5139 Known brute force attacker.
5712 3861 SSHD brute force trying to get access to the system.
5720 3376 Multiple SSHD authentication failures.
5551 1702 Multiple failed logins in a small period of time.
31102 1570 Possible DoS Consumption Attack
60904 1301 Rapid SMTP password incorrect events from the same IP source.
11306 1293 FTP brute force (multiple failed logins).
11254 960 Multiple attempts to login using a non-existent user..
5703 839 Possible breakin attempt (high number of reverse lookup errors).
60908 716 Very Slow Joomla brute force login failures from same IP source.
60156 550 Joomla brute force (fast) login failures
3912 456 Multiple failed logins, 6 failures in 60 seconds from the same IP.
3356 384 Multiple attempts to send e-mail from black-listed IP address (blocked).
3913 364 Multiple failed logins, 10 failures in 1 hour from the same IP.
9750 261 Dovecot Multiple Authentication Failures.
3351 241 Multiple relaying attempts of spam.
40111 202 Multiple authentication failures.
40114 190 Multiple authentication failures. (Slow Brute Force)
9952 188 Vpopmail brute force (email harvesting).
3352 139 Multiple attempts to send e-mail from a rejected sender IP (access).
Post Reply