Global Internet Threat and Attacks Report for September 22nd

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 22nd

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350052 37819 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
350053 31083 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
355501 14563 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
355503 11259 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
355500 6534 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
355504 5462 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
350054 4901 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
350051 4481 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
350055 2125 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 1255 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 17130 SSH insecure connection attempt (scan).
392301 10696 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
60910 7906 Very Slow Wordpress brute force login failures from same IP source.
31102 5538 Possible DoS Consumption Attack
171303 5402 Known brute force attacker.
3357 5259 Multiple rapid SASL authentication failures.
60159 4881 Wordpress brute force (fast) login failures
4151 4562 Multiple Firewall drop events from same source.
5712 4324 SSHD brute force trying to get access to the system.
5720 3632 Multiple SSHD authentication failures.
300079 3603 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2789 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
336468 2556 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
11306 2446 FTP brute force (multiple failed logins).
330131 2440 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340095 2274 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
60904 2177 Rapid SMTP password incorrect events from the same IP source.
11254 2173 Multiple attempts to login using a non-existent user..
330082 1989 Atomicorp.com WAF Rules: Known Exploit User Agent
5551 1808 Multiple failed logins in a small period of time.
330701 1435 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340006 1111 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300066 995 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
334009 911 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
341245 899 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 10696 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
300079 3603 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2789 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
336468 2556 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330131 2440 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340095 2274 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
330082 1989 Atomicorp.com WAF Rules: Known Exploit User Agent
330701 1435 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340006 1111 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300066 995 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
334009 911 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
341245 899 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340016 792 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
340009 717 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
303800 690 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
390501 650 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
378491 645 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerablity
330034 636 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
341145 554 Atomicorp.com WAF Rules: Possible SQL injection probe
351000 516 Atomicorp.com Upload Malware Scanner: Malicious File upload attempt detected and blocked
336460 506 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
347008 505 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
336461 478 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
310098 414 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
318811 334 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
Post Reply