Global Internet Threat and Attacks Report for September 25th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 25th

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350052 30144 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
350053 24245 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
355501 11780 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
355503 10836 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
350051 5784 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
350054 4025 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
355504 3869 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
355500 3289 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
350055 766 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 734 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 18598 SSH insecure connection attempt (scan).
392301 13102 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
340006 12837 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
60910 7734 Very Slow Wordpress brute force login failures from same IP source.
60159 6450 Wordpress brute force (fast) login failures
171303 5557 Known brute force attacker.
4151 5450 Multiple Firewall drop events from same source.
5712 4952 SSHD brute force trying to get access to the system.
330131 4700 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 3984 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
5720 3716 Multiple SSHD authentication failures.
340095 3651 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336468 2703 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330701 2389 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
3357 2260 Multiple rapid SASL authentication failures.
340162 1950 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330082 1931 Atomicorp.com WAF Rules: Known Exploit User Agent
347008 1888 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
5551 1554 Multiple failed logins in a small period of time.
340195 1546 Atomicorp.com WAF Rules: Possible Base64 Encoded PHP function in Argument - this may be an attack.
3355 1472 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
334009 1434 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
341245 1411 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
300066 1409 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
11306 1276 FTP brute force (multiple failed logins).


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 13102 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
340006 12837 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
330131 4700 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 3984 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340095 3651 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336468 2703 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330701 2389 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 1950 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330082 1931 Atomicorp.com WAF Rules: Known Exploit User Agent
347008 1888 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
340195 1546 Atomicorp.com WAF Rules: Possible Base64 Encoded PHP function in Argument - this may be an attack.
334009 1434 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
341245 1411 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
300066 1409 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
390613 1149 Atomicorp.com WAF Rules: Invalid character in request or headers
330034 1097 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
336461 1075 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
303800 741 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
390501 686 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
340008 646 Atomicorp.com WAF Rules: Bogus Path denied
330205 611 Atomicorp.com WAF Rules: Joomla Exploit Bot
340016 563 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
336460 548 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
351000 515 Atomicorp.com Upload Malware Scanner: Malicious File upload attempt detected and blocked
330791 507 Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.
Post Reply