Global Internet Threat and Attacks Report for September 18th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 18th

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350053 36295 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
350051 36211 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
350052 34066 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
355501 16039 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
355503 13063 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
355500 7755 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
350054 4414 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
355504 4221 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
350055 1869 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 1241 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 18171 SSH insecure connection attempt (scan).
392301 12667 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
171303 7005 Known brute force attacker.
60910 6262 Very Slow Wordpress brute force login failures from same IP source.
4151 5759 Multiple Firewall drop events from same source.
60159 5460 Wordpress brute force (fast) login failures
5720 4429 Multiple SSHD authentication failures.
31102 4390 Possible DoS Consumption Attack
3357 4243 Multiple rapid SASL authentication failures.
300079 3898 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
5712 3203 SSHD brute force trying to get access to the system.
330131 2801 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340162 2499 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330082 1879 Atomicorp.com WAF Rules: Known Exploit User Agent
5551 1876 Multiple failed logins in a small period of time.
11306 1628 FTP brute force (multiple failed logins).
340095 1447 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
11254 1290 Multiple attempts to login using a non-existent user..
336460 1194 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
341245 1133 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
60156 1115 Joomla brute force (fast) login failures
300066 1085 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
60908 1059 Very Slow Joomla brute force login failures from same IP source.
3351 1047 Multiple relaying attempts of spam.
340016 902 Atomicorp.com WAF Rules: Possible SQL injection attempt detected


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 12667 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
300079 3898 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 2801 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340162 2499 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330082 1879 Atomicorp.com WAF Rules: Known Exploit User Agent
340095 1447 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336460 1194 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
341245 1133 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
300066 1085 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340016 902 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
390501 844 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
334009 802 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
340006 798 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330034 761 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
336468 695 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
390614 631 Atomicorp.com WAF Rules: Invalid character in ARGS
303800 539 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
310098 476 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
336461 448 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
390613 403 Atomicorp.com WAF Rules: Invalid character in request or headers
347008 389 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
340165 360 Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)
351000 323 Atomicorp.com Upload Malware Scanner: Malicious File upload attempt detected and blocked
340148 321 Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
318813 319 Atomicorp.com WAF Rules: Possible Fake Domain name used in URL, Possible Injection Attack
Post Reply