Global Internet Threat and Attacks Report for October 1st

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for October 1st

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350052 17734 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
350051 16862 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
355501 9332 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
350053 9264 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
355503 6064 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
350054 4774 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
355504 3051 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
355500 2385 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
350055 1565 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 858 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 16424 SSH insecure connection attempt (scan).
60910 12600 Very Slow Wordpress brute force login failures from same IP source.
392301 12084 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
60159 11096 Wordpress brute force (fast) login failures
336468 7211 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330701 5455 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
4151 5370 Multiple Firewall drop events from same source.
5720 5057 Multiple SSHD authentication failures.
171303 5001 Known brute force attacker.
330131 4752 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
5712 4592 SSHD brute force trying to get access to the system.
3357 4237 Multiple rapid SASL authentication failures.
300079 4049 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 3174 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
60904 3159 Rapid SMTP password incorrect events from the same IP source.
390613 2825 Atomicorp.com WAF Rules: Invalid character in request or headers
334009 1986 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330082 1946 Atomicorp.com WAF Rules: Known Exploit User Agent
340162 1939 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
5551 1538 Multiple failed logins in a small period of time.
336460 1392 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
5703 1284 Possible breakin attempt (high number of reverse lookup errors).
390614 1240 Atomicorp.com WAF Rules: Invalid character in ARGS
303800 1239 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
390501 1136 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 12084 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 7211 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330701 5455 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
330131 4752 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
300079 4049 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340006 3174 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
390613 2825 Atomicorp.com WAF Rules: Invalid character in request or headers
334009 1986 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
330082 1946 Atomicorp.com WAF Rules: Known Exploit User Agent
340162 1939 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
336460 1392 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
390614 1240 Atomicorp.com WAF Rules: Invalid character in ARGS
303800 1239 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
390501 1136 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
310098 1129 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
347008 1064 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
340009 948 Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
340016 882 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
341245 773 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
336461 686 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
300066 577 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
310717 548 Atomicorp.com WAF Rules: Cross Site Scripting Attack
340095 467 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
300311 447 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
340361 396 Atomicorp.com WAF Rules: CONNECT method denied


Top 25 HIDS Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 16424 SSH insecure connection attempt (scan).
60910 12600 Very Slow Wordpress brute force login failures from same IP source.
60159 11096 Wordpress brute force (fast) login failures
4151 5370 Multiple Firewall drop events from same source.
5720 5057 Multiple SSHD authentication failures.
171303 5001 Known brute force attacker.
5712 4592 SSHD brute force trying to get access to the system.
3357 4237 Multiple rapid SASL authentication failures.
60904 3159 Rapid SMTP password incorrect events from the same IP source.
5551 1538 Multiple failed logins in a small period of time.
5703 1284 Possible breakin attempt (high number of reverse lookup errors).
3355 1087 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
11306 889 FTP brute force (multiple failed logins).
60908 831 Very Slow Joomla brute force login failures from same IP source.
3351 790 Multiple relaying attempts of spam.
11254 713 Multiple attempts to login using a non-existent user..
3912 677 Multiple failed logins, 6 failures in 60 seconds from the same IP.
3356 619 Multiple attempts to send e-mail from black-listed IP address (blocked).
171005 602 Multiple rapid Exim authentication failures.
60156 452 Joomla brute force (fast) login failures
31102 384 Possible DoS Consumption Attack
9952 350 Vpopmail brute force (email harvesting).
9750 325 Dovecot Multiple Authentication Failures.
40114 288 Multiple authentication failures. (Slow Brute Force)
3359 274 Multiple SASL authentication failures.
Post Reply