A Romanian IP, 84.239.54.49, was detected pushing a variety of web application attacks and network trojan attempts against our web front. These were primarily Suricata/Snort signature 1:2016982:5 auto_prepend_file PHP config option in uri. We have no evidence that these attacks were successful. Total malicious attempts captured was 54.
Provider "ACEVILLE PTELTD" from blocks 43.156.0.0/16, 43.134.0.0/15, 43.134.0.0/17 was detected trying to bruteforce our network with a distributed attack network. We are blocking these networks for malicious attempts in the hundreds.
24.144.93.118/32 was detected using a network scanner against our external address. Total volume was 55 -- this action repeated on 2023-11-18 at 08:40Z.
46.101.38.229/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SSH attacks -- total volume was 48.
5.181.86.78/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection methods and cross-site scripting. Total attack volume was 184.