Global Internet Threat and Attacks Report for September 17

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 17

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350053 42836 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
350052 27505 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
355501 14389 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
355503 13147 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
350051 12205 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
355500 7817 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
355504 4842 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
350054 3842 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
350055 1436 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 1273 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 17142 SSH insecure connection attempt (scan).
392301 12232 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
31102 8902 Possible DoS Consumption Attack
171303 7411 Known brute force attacker.
60910 6510 Very Slow Wordpress brute force login failures from same IP source.
4151 5855 Multiple Firewall drop events from same source.
60159 5666 Wordpress brute force (fast) login failures
3357 5539 Multiple rapid SASL authentication failures.
5720 4820 Multiple SSHD authentication failures.
330131 4455 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5712 3601 SSHD brute force trying to get access to the system.
300079 3407 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
11306 2589 FTP brute force (multiple failed logins).
340162 2518 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
5551 2232 Multiple failed logins in a small period of time.
11254 1998 Multiple attempts to login using a non-existent user..
330082 1572 Atomicorp.com WAF Rules: Known Exploit User Agent
336468 1430 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
340095 1231 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336460 1227 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
3351 1129 Multiple relaying attempts of spam.
340006 1052 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
3912 1015 Multiple failed logins, 6 failures in 60 seconds from the same IP.
60904 1005 Rapid SMTP password incorrect events from the same IP source.
3355 1005 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 12232 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
330131 4455 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 3407 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2518 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330082 1572 Atomicorp.com WAF Rules: Known Exploit User Agent
336468 1430 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
340095 1231 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336460 1227 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340006 1052 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
390614 964 Atomicorp.com WAF Rules: Invalid character in ARGS
300066 847 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
341245 845 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
334009 721 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330701 610 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
330034 583 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
347008 575 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
390501 542 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
303800 513 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
310098 479 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
336461 464 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
330791 437 Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.
340016 428 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
340361 387 Atomicorp.com WAF Rules: CONNECT method denied
318811 373 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
380023 325 Atomicorp.com WAF Rules: Generic SQL Injection protection
Post Reply