Global Internet Threat and Attacks Report for September 27th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 27th

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350052 27240 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
350053 23125 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
355501 10313 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
350051 7234 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
355504 5075 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
350054 4479 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
355503 4272 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
355500 3674 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
350055 1631 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 466 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 19022 SSH insecure connection attempt (scan).
392301 13187 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
60910 7511 Very Slow Wordpress brute force login failures from same IP source.
60159 7364 Wordpress brute force (fast) login failures
3357 5797 Multiple rapid SASL authentication failures.
171303 5574 Known brute force attacker.
5712 5398 SSHD brute force trying to get access to the system.
4151 4997 Multiple Firewall drop events from same source.
5720 4627 Multiple SSHD authentication failures.
336468 4383 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
300079 4061 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 3543 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
330701 3197 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
334009 2646 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330034 2441 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
5551 1989 Multiple failed logins in a small period of time.
340162 1744 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330082 1535 Atomicorp.com WAF Rules: Known Exploit User Agent
340095 1507 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336460 1352 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340006 1333 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
3355 1108 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
60904 1070 Rapid SMTP password incorrect events from the same IP source.
340016 1055 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
347008 1040 Atomicorp.com WAF Rules: Suspicious deep path recursion denied


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 13187 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 4383 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
300079 4061 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 3543 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
330701 3197 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
334009 2646 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330034 2441 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
340162 1744 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330082 1535 Atomicorp.com WAF Rules: Known Exploit User Agent
340095 1507 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336460 1352 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340006 1333 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
340016 1055 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
347008 1040 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
303800 858 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
341245 854 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
300066 763 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
310098 759 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
336461 734 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
390501 666 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
381203 490 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Non Image Upload Attempt
340361 465 Atomicorp.com WAF Rules: CONNECT method denied
330036 386 Atomicorp.com WAF Rules: Suspicious User agent detected. Disable this rule if you use indy library.
318811 377 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
340148 345 Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Post Reply