Global Internet Threat and Attacks Report for September 21st

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 21st

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350052 34322 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
350053 28616 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
350051 20275 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
355501 13688 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
355503 10212 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
355500 7234 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
350054 5565 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
355504 3448 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
350055 1694 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 948 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 17006 SSH insecure connection attempt (scan).
392301 11368 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
31102 8987 Possible DoS Consumption Attack
3357 7850 Multiple rapid SASL authentication failures.
60910 7193 Very Slow Wordpress brute force login failures from same IP source.
171303 7160 Known brute force attacker.
60159 5851 Wordpress brute force (fast) login failures
336468 5042 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
4151 5014 Multiple Firewall drop events from same source.
5720 3617 Multiple SSHD authentication failures.
300079 3405 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
60904 2898 Rapid SMTP password incorrect events from the same IP source.
5712 2755 SSHD brute force trying to get access to the system.
330701 2635 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 2058 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
5551 2019 Multiple failed logins in a small period of time.
330082 1926 Atomicorp.com WAF Rules: Known Exploit User Agent
11306 1880 FTP brute force (multiple failed logins).
330131 1880 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
11254 1850 Multiple attempts to login using a non-existent user..
340095 1560 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
60908 1265 Very Slow Joomla brute force login failures from same IP source.
334009 1248 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
390614 1178 Atomicorp.com WAF Rules: Invalid character in ARGS
310717 1173 Atomicorp.com WAF Rules: Cross Site Scripting Attack


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 11368 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 5042 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
300079 3405 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330701 2635 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 2058 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330082 1926 Atomicorp.com WAF Rules: Known Exploit User Agent
330131 1880 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340095 1560 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
334009 1248 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
390614 1178 Atomicorp.com WAF Rules: Invalid character in ARGS
310717 1173 Atomicorp.com WAF Rules: Cross Site Scripting Attack
340006 1170 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330034 1132 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
340016 1103 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
300066 1071 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
341245 985 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
330205 797 Atomicorp.com WAF Rules: Joomla Exploit Bot
390613 786 Atomicorp.com WAF Rules: Invalid character in request or headers
347008 744 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
303800 711 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
390501 632 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
336460 603 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
336461 514 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
330791 432 Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.
318812 397 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Joomla images directory
Post Reply