Global Internet Threat and Attacks Report for September 15

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 15

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350052 26164 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
350051 24158 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
355501 14445 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
350053 11775 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
355500 8632 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
355503 4521 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
355504 4213 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
350054 3735 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
350055 1689 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 1153 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 18326 SSH insecure connection attempt (scan).
392301 12942 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
330701 9808 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
60910 8541 Very Slow Wordpress brute force login failures from same IP source.
60159 6295 Wordpress brute force (fast) login failures
171303 6295 Known brute force attacker.
3357 6011 Multiple rapid SASL authentication failures.
4151 5794 Multiple Firewall drop events from same source.
5712 3919 SSHD brute force trying to get access to the system.
31102 3631 Possible DoS Consumption Attack
5720 3553 Multiple SSHD authentication failures.
300079 3281 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 2816 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
336468 2765 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
11306 2459 FTP brute force (multiple failed logins).
340162 2346 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
390614 2238 Atomicorp.com WAF Rules: Invalid character in ARGS
5551 2202 Multiple failed logins in a small period of time.
11254 2031 Multiple attempts to login using a non-existent user..
334009 1844 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
340095 1527 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
60904 1454 Rapid SMTP password incorrect events from the same IP source.
341245 1130 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
330082 1127 Atomicorp.com WAF Rules: Known Exploit User Agent
330034 1078 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 12942 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
330701 9808 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
300079 3281 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 2816 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
336468 2765 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
340162 2346 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
390614 2238 Atomicorp.com WAF Rules: Invalid character in ARGS
334009 1844 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
340095 1527 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
341245 1130 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
330082 1127 Atomicorp.com WAF Rules: Known Exploit User Agent
330034 1078 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
340016 992 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
340006 899 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300066 890 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
336460 837 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
303800 784 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340195 617 Atomicorp.com WAF Rules: Possible Base64 Encoded PHP function in Argument - this may be an attack.
390501 586 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
330036 451 Atomicorp.com WAF Rules: Suspicious User agent detected. Disable this rule if you use indy library.
318813 413 Atomicorp.com WAF Rules: Possible Fake Domain name used in URL, Possible Injection Attack
336461 396 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
330094 374 Atomicorp.com WAF Rules: Fake User Agent String
318811 373 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
347008 345 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
Post Reply