Global Internet Threat and Attacks Report for September 24th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 24th

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350053 34974 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
350052 30372 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
355501 13332 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
355503 10082 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
350051 4839 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
355504 4337 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
350054 3899 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
355500 3473 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
350055 1489 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 817 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 19043 SSH insecure connection attempt (scan).
392301 11857 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
31102 7342 Possible DoS Consumption Attack
60910 7135 Very Slow Wordpress brute force login failures from same IP source.
171303 6519 Known brute force attacker.
336468 6024 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
60159 5865 Wordpress brute force (fast) login failures
4151 5319 Multiple Firewall drop events from same source.
5712 5020 SSHD brute force trying to get access to the system.
330131 4281 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 4095 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
5720 3692 Multiple SSHD authentication failures.
3357 3595 Multiple rapid SASL authentication failures.
330701 3411 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 2810 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
390613 2689 Atomicorp.com WAF Rules: Invalid character in request or headers
334009 2461 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
340095 2402 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
5551 1641 Multiple failed logins in a small period of time.
340006 1604 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
3355 1553 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
5703 1518 Possible breakin attempt (high number of reverse lookup errors).
11306 1340 FTP brute force (multiple failed logins).
330082 1296 Atomicorp.com WAF Rules: Known Exploit User Agent
341245 1246 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 11857 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 6024 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330131 4281 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 4095 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330701 3411 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 2810 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
390613 2689 Atomicorp.com WAF Rules: Invalid character in request or headers
334009 2461 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
340095 2402 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
340006 1604 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330082 1296 Atomicorp.com WAF Rules: Known Exploit User Agent
341245 1246 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
300066 1127 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
347008 1012 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
340016 975 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
303800 912 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
336461 814 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
351000 736 Atomicorp.com Upload Malware Scanner: Malicious File upload attempt detected and blocked
336460 723 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340008 655 Atomicorp.com WAF Rules: Bogus Path denied
330036 596 Atomicorp.com WAF Rules: Suspicious User agent detected. Disable this rule if you use indy library.
390501 556 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
340361 553 Atomicorp.com WAF Rules: CONNECT method denied
330034 533 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
310098 494 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt


Top 25 HIDS Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 19043 SSH insecure connection attempt (scan).
31102 7342 Possible DoS Consumption Attack
60910 7135 Very Slow Wordpress brute force login failures from same IP source.
171303 6519 Known brute force attacker.
60159 5865 Wordpress brute force (fast) login failures
4151 5319 Multiple Firewall drop events from same source.
5712 5020 SSHD brute force trying to get access to the system.
5720 3692 Multiple SSHD authentication failures.
3357 3595 Multiple rapid SASL authentication failures.
5551 1641 Multiple failed logins in a small period of time.
3355 1553 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
5703 1518 Possible breakin attempt (high number of reverse lookup errors).
11306 1340 FTP brute force (multiple failed logins).
11254 1104 Multiple attempts to login using a non-existent user..
60904 884 Rapid SMTP password incorrect events from the same IP source.
40111 639 Multiple authentication failures.
3912 550 Multiple failed logins, 6 failures in 60 seconds from the same IP.
9750 519 Dovecot Multiple Authentication Failures.
3356 376 Multiple attempts to send e-mail from black-listed IP address (blocked).
60908 362 Very Slow Joomla brute force login failures from same IP source.
60156 308 Joomla brute force (fast) login failures
9952 292 Vpopmail brute force (email harvesting).
40114 253 Multiple authentication failures. (Slow Brute Force)
3913 196 Multiple failed logins, 10 failures in 1 hour from the same IP.
11255 164 Attempt to log in to a forbidden account.
Post Reply