Global Internet Threat and Attacks Report for August 11th

Unread post by **mikeshinn** » Tue Aug 11, 2015 5:50 pm

Top 25 Attacks
Rule_ID #_of_attacks Description
-----------------------------------------
392301 99518 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 25648 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
5706 21159 SSH insecure connection attempt (scan).
171303 7254 Known brute force attacker.
393766 6907 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
333301 6632 Atomicorp.com WAF Rules: Acunetix Security Scanner Scanned the Site
5712 6015 SSHD brute force trying to get access to the system.
5720 5079 Multiple SSHD authentication failures.
3357 4795 Multiple rapid SASL authentication failures.
4151 4481 Multiple Firewall drop events from same source.
31102 4368 Possible DoS Consumption Attack
60910 4278 Very Slow Wordpress brute force login failures from same IP source.
5551 3876 Multiple failed logins in a small period of time.
60159 3466 Wordpress brute force (fast) login failures
340162 2497 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330131 1952 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
341245 1862 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
336461 1771 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
5703 1746 Possible breakin attempt (high number of reverse lookup errors).
300079 1629 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330034 1334 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
303800 1279 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
334009 1156 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
11306 1107 FTP brute force (multiple failed logins).
318811 902 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory

Top 25 Web Attacks
Rule_ID #_of_attacks Description
-----------------------------------------
392301 99518 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
336468 25648 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
393766 6907 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
333301 6632 Atomicorp.com WAF Rules: Acunetix Security Scanner Scanned the Site
340162 2497 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330131 1952 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
341245 1862 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
336461 1771 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
300079 1629 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330034 1334 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
303800 1279 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
334009 1156 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
318811 902 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
330701 855 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
340095 851 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
390614 844 Atomicorp.com WAF Rules: Invalid character in ARGS
300066 831 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340016 752 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
336460 670 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
340006 566 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
347008 457 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
300311 436 Atomicorp.com WAF AntiSpam Rules: Possible loan spam
330082 417 Atomicorp.com WAF Rules: Known Exploit User Agent
340148 401 Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
381203 360 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Non Image Upload Attempt

Top 25 Non-Web Attacks
Rule_ID #_of_attacks Description
-----------------------------------------
5706 21159 SSH insecure connection attempt (scan).
171303 7254 Known brute force attacker.
5712 6015 SSHD brute force trying to get access to the system.
5720 5079 Multiple SSHD authentication failures.
3357 4795 Multiple rapid SASL authentication failures.
4151 4481 Multiple Firewall drop events from same source.
31102 4368 Possible DoS Consumption Attack
60910 4278 Very Slow Wordpress brute force login failures from same IP source.
5551 3876 Multiple failed logins in a small period of time.
60159 3466 Wordpress brute force (fast) login failures
5703 1746 Possible breakin attempt (high number of reverse lookup errors).
11306 1107 FTP brute force (multiple failed logins).
60904 890 Rapid SMTP password incorrect events from the same IP source.
11254 752 Multiple attempts to login using a non-existent user..
3912 617 Multiple failed logins, 6 failures in 60 seconds from the same IP.
60908 557 Very Slow Joomla brute force login failures from same IP source.
40114 532 Multiple authentication failures. (Slow Brute Force)
3356 427 Multiple attempts to send e-mail from black-listed IP address (blocked).
3355 384 Multiple attempts to send e-mail to invalid recipient or from unknown sender domain.
60156 333 Joomla brute force (fast) login failures
3913 239 Multiple failed logins, 10 failures in 1 hour from the same IP.
40111 236 Multiple authentication failures.
9750 180 Dovecot Multiple Authentication Failures.
9952 171 Vpopmail brute force (email harvesting).
3351 170 Multiple relaying attempts of spam.