Global Internet Threat and Attacks Report for September 28th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4124
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 28th

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350053 24404 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
350052 23152 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
350051 11764 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
355501 9930 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
355503 8471 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
350054 4720 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
355504 4169 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
355500 3863 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
350055 1328 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 892 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
336468 23266 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
5706 18828 SSH insecure connection attempt (scan).
392301 13218 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
60910 7447 Very Slow Wordpress brute force login failures from same IP source.
340006 7050 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
60159 6797 Wordpress brute force (fast) login failures
5712 6072 SSHD brute force trying to get access to the system.
4151 5812 Multiple Firewall drop events from same source.
171303 5356 Known brute force attacker.
3357 4986 Multiple rapid SASL authentication failures.
5720 4804 Multiple SSHD authentication failures.
300079 4147 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 4035 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
330701 3210 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 2093 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
5551 2041 Multiple failed logins in a small period of time.
334009 1903 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330034 1786 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
330082 1757 Atomicorp.com WAF Rules: Known Exploit User Agent
60904 1557 Rapid SMTP password incorrect events from the same IP source.
340095 1421 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
340009 1204 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
5703 1175 Possible breakin attempt (high number of reverse lookup errors).
390614 1165 Atomicorp.com WAF Rules: Invalid character in ARGS
40111 1148 Multiple authentication failures.


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
336468 23266 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 13218 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
340006 7050 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300079 4147 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 4035 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
330701 3210 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340162 2093 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
334009 1903 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330034 1786 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
330082 1757 Atomicorp.com WAF Rules: Known Exploit User Agent
340095 1421 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
340009 1204 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
390614 1165 Atomicorp.com WAF Rules: Invalid character in ARGS
300066 1097 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
303800 883 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
347008 842 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
341245 773 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
390613 744 Atomicorp.com WAF Rules: Invalid character in request or headers
390501 726 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
340016 662 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
330036 658 Atomicorp.com WAF Rules: Suspicious User agent detected. Disable this rule if you use indy library.
336461 579 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
351000 505 Atomicorp.com Upload Malware Scanner: Malicious File upload attempt detected and blocked
330094 471 Atomicorp.com WAF Rules: Fake User Agent String
340195 464 Atomicorp.com WAF Rules: Possible Base64 Encoded PHP function in Argument - this may be an attack.
Post Reply