142.4.4.229 - - [26/Sep/2020:14:56:57 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [26/Sep/2020:14:57:01 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [26/Sep/2020:14:57:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

142.4.4.229 - - [26/Sep/2020:04:24:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2548 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [26/Sep/2020:04:24:28 +0100] "POST /wp-login.php HTTP/1.1" 200 2529 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [26/Sep/2020:04:24:34 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

xmlrpc attack

142.4.4.229 - - [20/Sep/2020:03:30:36 +0100] "POST /wp-login.php HTTP/1.1" 200 2451 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [20/Sep/2020:03:30:44 +0100] "POST /wp-login.php HTTP/1.1" 200 2493 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [20/Sep/2020:03:30:48 +0100] "POST /wp-login.php HTTP/1.1" 200 2506 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

Sep 19 21:59:01 b-vps wordpress(www.rreb.cz)[1268]: Authentication attempt for unknown user barbora from 142.4.4.229
...

"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:

WordPress wp-login brute force :: 142.4.4.229 0.104 - [10/Sep/2020:07:14:05  0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 2414 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"

142.4.4.229 [09/Sep/2020:21:12:14 +0000] "GET /wp-login.php HTTP/1.1"
142.4.4.229 [09/Sep/2020:21:12:20 +0000] "GET /wp-login.php HTTP/1.1"

142.4.4.229 - - \[04/Sep/2020:17:23:57 +0200\] "POST /wp-login.php HTTP/1.0" 200 8744 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - \[04/Sep/2020:17:24:01 +0200\] "POST /wp-login.php HTTP/1.0" 200 8572 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - \[04/Sep/2020:17:24:06 +0200\] "POST /wp-login.php HTTP/1.0" 200 8570 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"

142.4.4.229 - - \[04/Sep/2020:13:59:58 +0200\] "POST /wp-login.php HTTP/1.1" 200 12843 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - \[04/Sep/2020:14:00:05 +0200\] "POST /wp-login.php HTTP/1.1" 200 12712 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
...

142.4.4.229 - - [20/Aug/2020:06:23:55 +0100] "POST /wp-login.php HTTP/1.1" 200 2046 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [20/Aug/2020:06:24:03 +0100] "POST /wp-login.php HTTP/1.1" 200 2020 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [20/Aug/2020:06:24:10 +0100] "POST /wp-login.php HTTP/1.1" 200 2019 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

Attempt to hack Wordpress Login, XMLRPC or other login

142.4.4.229 - - [25/Jul/2020:19:24:31 +0100] "POST /wp-login.php HTTP/1.1" 200 2018 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [25/Jul/2020:19:24:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2000 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [25/Jul/2020:19:24:43 +0100] "POST /wp-login.php HTTP/1.1" 200 1997 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

142.4.4.229 - - [17/Jul/2020:23:31:57 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [17/Jul/2020:23:31:59 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
142.4.4.229 - - [17/Jul/2020:23:32:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

142.4.4.229 - - [11/Jun/2020:18:03:21 -0600] "GET /wp/wp-login.php HTTP/1.1" 301 478 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

Aug 15 07:52:59 ns3033917 sshd[8463]: Failed password for root from 218.21.240.24 port 1989 ssh2
Aug 15 07:55:31 ns3033917 sshd[8486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.21.240.24  user=root
Aug 15 07:55:33 ns3033917 sshd[8486]: Failed password for root from 218.21.240.24 port 52108 ssh2
...

1597463514 - 08/15/2020 05:51:54 Host: 122.160.10.220/122.160.10.220 Port: 23 TCP Blocked
...

1597463498 - 08/15/2020 05:51:38 Host: 2.50.172.15/2.50.172.15 Port: 445 TCP Blocked

Aug 15 11:48:31 bacztwo sshd[3038]: Invalid user pi from 180.126.227.173 port 49286
Aug 15 11:48:36 bacztwo sshd[3565]: Invalid user pi from 180.126.227.173 port 51086
Aug 15 11:48:39 bacztwo sshd[3714]: Invalid user pi from 180.126.227.173 port 53569
Aug 15 11:48:44 bacztwo sshd[4086]: Invalid user osboxes from 180.126.227.173 port 55415
Aug 15 11:48:48 bacztwo sshd[4433]: Invalid user openhabian from 180.126.227.173 port 57150
Aug 15 11:48:52 bacztwo sshd[4723]: Invalid user NetLinx from 180.126.227.173 port 58787
Aug 15 11:48:55 bacztwo sshd[4989]: Invalid user nexthink from 180.126.227.173 port 60835
Aug 15 11:49:00 bacztwo sshd[5652]: Invalid user plexuser from 180.126.227.173 port 33926
Aug 15 11:49:04 bacztwo sshd[5965]: Invalid user osbash from 180.126.227.173 port 35931
Aug 15 11:52:02 bacztwo sshd[23209]: Invalid user admin from 180.126.227.173 port 58875
Aug 15 11:52:06 bacztwo sshd[23658]: Invalid user admin from 180.126.227.173 port 32822
Aug 15 11:52:08 bacztwo sshd[24289
...

(smtpauth) Failed SMTP AUTH login from 43.246.142.91 (IN/India/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-08-15 08:22:02 plain authenticator failed for ([43.246.142.91]) [43.246.142.91]: 535 Incorrect authentication data (set_id=nasr@partsafhe.com)

[Thu Aug 06 03:49:30 2020] - DDoS Attack From IP: 192.241.239.189 Port: 54114

(From eric@talkwithwebvisitor.com) Hey there, I just found your site, quick question…

My name’s Eric, I found decubellisfamilychiropractic.com after doing a quick search – you showed up near the top of the rankings, so whatever you’re doing for SEO, looks like it’s working well.

So here’s my question – what happens AFTER someone lands on your site?  Anything?

Research tells us at least 70% of the people who find your site, after a quick once-over, they disappear… forever.

That means that all the work and effort you put into getting them to show up, goes down the tubes.

Why would you want all that good work – and the great site you’ve built – go to waste?

Because the odds are they’ll just skip over calling or even grabbing their phone, leaving you high and dry.

But here’s a thought… what if you could make it super-simple for someone to raise their hand, say, “okay, let’s talk” without requiring them to even pull their cell phone from their pocket?
  
You can – thanks to revolutionary new

Brute force attempt

[2020-08-15 05:35:02] NOTICE[1185][C-000026e8] chan_sip.c: Call from '' (77.247.109.88:58322) to extension '9011442037699492' rejected because extension not found in context 'public'.
[2020-08-15 05:35:02] SECURITY[1203] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-15T05:35:02.852-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9011442037699492",SessionID="0x7f10c43e3a48",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/77.247.109.88/58322",ACLName="no_extension_match"
[2020-08-15 05:35:03] NOTICE[1185][C-000026e9] chan_sip.c: Call from '' (77.247.109.88:62247) to extension '9011442037699492' rejected because extension not found in context 'public'.
[2020-08-15 05:35:03] SECURITY[1203] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-15T05:35:03.845-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9011442037699492",SessionID="0x7f10c4320288",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/
...

(sshd) Failed SSH login from 180.76.96.55 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Aug 15 11:00:59 amsweb01 sshd[26461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.55  user=root
Aug 15 11:01:01 amsweb01 sshd[26461]: Failed password for root from 180.76.96.55 port 48946 ssh2
Aug 15 11:04:03 amsweb01 sshd[27090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.55  user=root
Aug 15 11:04:04 amsweb01 sshd[27090]: Failed password for root from 180.76.96.55 port 52156 ssh2
Aug 15 11:06:14 amsweb01 sshd[27415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.55  user=root

 TCP (SYN) 36.250.229.115:47139 -> port 5774, len 44

Aug 14 23:57:25 mail.srvfarm.net postfix/smtpd[738028]: warning: unknown[103.129.64.182]: SASL PLAIN authentication failed: 
Aug 14 23:57:25 mail.srvfarm.net postfix/smtpd[738028]: lost connection after AUTH from unknown[103.129.64.182]
Aug 15 00:01:20 mail.srvfarm.net postfix/smtps/smtpd[740203]: warning: unknown[103.129.64.182]: SASL PLAIN authentication failed: 
Aug 15 00:01:20 mail.srvfarm.net postfix/smtps/smtpd[740203]: lost connection after AUTH from unknown[103.129.64.182]
Aug 15 00:02:43 mail.srvfarm.net postfix/smtps/smtpd[739406]: warning: unknown[103.129.64.182]: SASL PLAIN authentication failed:

Aug 15 09:43:34 piServer sshd[31173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.226.189.248 
Aug 15 09:43:36 piServer sshd[31173]: Failed password for invalid user adminabc123 from 129.226.189.248 port 32982 ssh2
Aug 15 09:46:57 piServer sshd[31480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.226.189.248 
...

(From eric@talkwithwebvisitor.com) Hey there, I just found your site, quick question…

My name’s Eric, I found norburgchiro.com after doing a quick search – you showed up near the top of the rankings, so whatever you’re doing for SEO, looks like it’s working well.

So here’s my question – what happens AFTER someone lands on your site?  Anything?

Research tells us at least 70% of the people who find your site, after a quick once-over, they disappear… forever.

That means that all the work and effort you put into getting them to show up, goes down the tubes.

Why would you want all that good work – and the great site you’ve built – go to waste?

Because the odds are they’ll just skip over calling or even grabbing their phone, leaving you high and dry.

But here’s a thought… what if you could make it super-simple for someone to raise their hand, say, “okay, let’s talk” without requiring them to even pull their cell phone from their pocket?
  
You can – thanks to revolutionary new software that c

Aug 15 00:09:23 mail.srvfarm.net postfix/smtps/smtpd[740202]: warning: unknown[41.78.223.104]: SASL PLAIN authentication failed: 
Aug 15 00:09:23 mail.srvfarm.net postfix/smtps/smtpd[740202]: lost connection after AUTH from unknown[41.78.223.104]
Aug 15 00:11:57 mail.srvfarm.net postfix/smtps/smtpd[738590]: warning: unknown[41.78.223.104]: SASL PLAIN authentication failed: 
Aug 15 00:11:57 mail.srvfarm.net postfix/smtps/smtpd[738590]: lost connection after AUTH from unknown[41.78.223.104]
Aug 15 00:12:21 mail.srvfarm.net postfix/smtps/smtpd[893718]: warning: unknown[41.78.223.104]: SASL PLAIN authentication failed: