Global Internet Threat and Attacks Report for September 30th

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 30th

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350052 22106 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
350053 11948 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
355501 11632 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
350051 8555 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
355503 7967 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
355500 3038 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
350054 2863 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
355504 2807 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
350055 1794 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 780 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
336468 140068 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
5706 18600 SSH insecure connection attempt (scan).
392301 10999 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
60910 10121 Very Slow Wordpress brute force login failures from same IP source.
60159 9206 Wordpress brute force (fast) login failures
330131 6102 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5712 6019 SSHD brute force trying to get access to the system.
171303 5753 Known brute force attacker.
4151 5671 Multiple Firewall drop events from same source.
330701 5432 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
3357 4438 Multiple rapid SASL authentication failures.
5720 4255 Multiple SSHD authentication failures.
300079 3893 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2636 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340006 2351 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
334009 2188 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
390613 2165 Atomicorp.com WAF Rules: Invalid character in request or headers
60904 2161 Rapid SMTP password incorrect events from the same IP source.
5551 1717 Multiple failed logins in a small period of time.
390614 1461 Atomicorp.com WAF Rules: Invalid character in ARGS
330034 1241 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
303800 1204 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340095 1128 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
3356 1047 Multiple attempts to send e-mail from black-listed IP address (blocked).
3355 1016 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
336468 140068 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
392301 10999 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
330131 6102 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
330701 5432 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
300079 3893 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 2636 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
340006 2351 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
334009 2188 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
390613 2165 Atomicorp.com WAF Rules: Invalid character in request or headers
390614 1461 Atomicorp.com WAF Rules: Invalid character in ARGS
330034 1241 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
303800 1204 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340095 1128 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
330082 995 Atomicorp.com WAF Rules: Known Exploit User Agent
340361 964 Atomicorp.com WAF Rules: CONNECT method denied
347008 866 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
336461 808 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
341245 790 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
300066 712 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340016 688 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
340009 652 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
300311 625 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
390501 612 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
340195 454 Atomicorp.com WAF Rules: Possible Base64 Encoded PHP function in Argument - this may be an attack.
330036 375 Atomicorp.com WAF Rules: Suspicious User agent detected. Disable this rule if you use indy library.
Post Reply