May 28 12:40:03 rotator sshd\[16644\]: Address 186.64.120.89 maps to pastelerialacolonia.cl, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!May 28 12:40:03 rotator sshd\[16644\]: Invalid user ubnt from 186.64.120.89May 28 12:40:06 rotator sshd\[16644\]: Failed password for invalid user ubnt from 186.64.120.89 port 38396 ssh2May 28 12:44:42 rotator sshd\[17371\]: Address 186.64.120.89 maps to pastelerialacolonia.cl, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!May 28 12:44:43 rotator sshd\[17371\]: Failed password for root from 186.64.120.89 port 43064 ssh2May 28 12:49:06 rotator sshd\[18158\]: Address 186.64.120.89 maps to pastelerialacolonia.cl, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
...

2020-05-27T14:10:11.608426lavrinenko.info sshd[24250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.89
2020-05-27T14:10:11.600724lavrinenko.info sshd[24250]: Invalid user attach from 186.64.120.89 port 45376
2020-05-27T14:10:13.821651lavrinenko.info sshd[24250]: Failed password for invalid user attach from 186.64.120.89 port 45376 ssh2
2020-05-27T14:15:05.061523lavrinenko.info sshd[24413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.89  user=root
2020-05-27T14:15:07.304157lavrinenko.info sshd[24413]: Failed password for root from 186.64.120.89 port 51624 ssh2
...

Unauthorised connection attempt detected at AUO NODE 4. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)

Lines containing failures of 186.64.120.71
Jun  4 08:06:44 newdogma sshd[26283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.71  user=r.r
Jun  4 08:06:46 newdogma sshd[26283]: Failed password for r.r from 186.64.120.71 port 38178 ssh2
Jun  4 08:06:47 newdogma sshd[26283]: Received disconnect from 186.64.120.71 port 38178:11: Bye Bye [preauth]
Jun  4 08:06:47 newdogma sshd[26283]: Disconnected from authenticating user r.r 186.64.120.71 port 38178 [preauth]
Jun  4 08:11:58 newdogma sshd[26394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.71  user=r.r
Jun  4 08:12:00 newdogma sshd[26394]: Failed password for r.r from 186.64.120.71 port 40788 ssh2
Jun  4 08:12:01 newdogma sshd[26394]: Received disconnect from 186.64.120.71 port 40788:11: Bye Bye [preauth]
Jun  4 08:12:01 newdogma sshd[26394]: Disconnected from authenticating user r.r 186.64.120.71 port 40788 [preauth........
------------------------------

Aug 28 22:33:52 localhost sshd\[8998\]: Invalid user emf from 186.64.120.195 port 38590
Aug 28 22:33:52 localhost sshd\[8998\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195
Aug 28 22:33:54 localhost sshd\[8998\]: Failed password for invalid user emf from 186.64.120.195 port 38590 ssh2

Aug 28 07:50:18 hcbbdb sshd\[16868\]: Invalid user ftp-user from 186.64.120.195
Aug 28 07:50:18 hcbbdb sshd\[16868\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195
Aug 28 07:50:21 hcbbdb sshd\[16868\]: Failed password for invalid user ftp-user from 186.64.120.195 port 37379 ssh2
Aug 28 07:55:29 hcbbdb sshd\[17452\]: Invalid user andrea from 186.64.120.195
Aug 28 07:55:29 hcbbdb sshd\[17452\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195

Aug 27 02:02:41 itv-usvr-01 sshd[25825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195  user=root
Aug 27 02:02:43 itv-usvr-01 sshd[25825]: Failed password for root from 186.64.120.195 port 59243 ssh2
Aug 27 02:07:49 itv-usvr-01 sshd[26032]: Invalid user moodle from 186.64.120.195
Aug 27 02:07:49 itv-usvr-01 sshd[26032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195
Aug 27 02:07:49 itv-usvr-01 sshd[26032]: Invalid user moodle from 186.64.120.195
Aug 27 02:07:51 itv-usvr-01 sshd[26032]: Failed password for invalid user moodle from 186.64.120.195 port 53662 ssh2

Aug 22 06:30:14 aat-srv002 sshd[11893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195
Aug 22 06:30:16 aat-srv002 sshd[11893]: Failed password for invalid user mailtest from 186.64.120.195 port 42951 ssh2
Aug 22 06:35:27 aat-srv002 sshd[12031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195
Aug 22 06:35:29 aat-srv002 sshd[12031]: Failed password for invalid user bngara from 186.64.120.195 port 37079 ssh2
...

Aug 21 17:55:29 OPSO sshd\[1248\]: Invalid user sk from 186.64.120.195 port 33947
Aug 21 17:55:29 OPSO sshd\[1248\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195
Aug 21 17:55:31 OPSO sshd\[1248\]: Failed password for invalid user sk from 186.64.120.195 port 33947 ssh2
Aug 21 18:01:09 OPSO sshd\[2171\]: Invalid user sponsors from 186.64.120.195 port 57010
Aug 21 18:01:09 OPSO sshd\[2171\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195

Aug 15 04:43:00 server sshd\[17869\]: Invalid user diane from 186.64.120.195 port 47275
Aug 15 04:43:00 server sshd\[17869\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195
Aug 15 04:43:03 server sshd\[17869\]: Failed password for invalid user diane from 186.64.120.195 port 47275 ssh2
Aug 15 04:48:42 server sshd\[5629\]: User root from 186.64.120.195 not allowed because listed in DenyUsers
Aug 15 04:48:42 server sshd\[5629\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195  user=root

Aug 13 19:57:12 vps200512 sshd\[13180\]: Invalid user pentagon from 186.64.120.195
Aug 13 19:57:12 vps200512 sshd\[13180\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195
Aug 13 19:57:14 vps200512 sshd\[13180\]: Failed password for invalid user pentagon from 186.64.120.195 port 42181 ssh2
Aug 13 20:03:39 vps200512 sshd\[13287\]: Invalid user it1 from 186.64.120.195
Aug 13 20:03:39 vps200512 sshd\[13287\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195

Jul 22 15:56:06 mail sshd\[24730\]: Invalid user yu from 186.64.120.96 port 33160
Jul 22 15:56:06 mail sshd\[24730\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.96
Jul 22 15:56:08 mail sshd\[24730\]: Failed password for invalid user yu from 186.64.120.96 port 33160 ssh2
Jul 22 16:02:14 mail sshd\[26045\]: Invalid user cat from 186.64.120.96 port 56984
Jul 22 16:02:14 mail sshd\[26045\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.96

Jul 22 07:42:28 mail sshd\[10197\]: Invalid user ed from 186.64.120.96 port 60652
Jul 22 07:42:28 mail sshd\[10197\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.96
Jul 22 07:42:30 mail sshd\[10197\]: Failed password for invalid user ed from 186.64.120.96 port 60652 ssh2
Jul 22 07:48:46 mail sshd\[11173\]: Invalid user kong from 186.64.120.96 port 56238
Jul 22 07:48:46 mail sshd\[11173\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.96

2019-07-10T21:30:02.912979matrix.arvenenaske.de sshd[11381]: Invalid user administrateur from 186.64.120.96 port 34624
2019-07-10T21:30:02.916443matrix.arvenenaske.de sshd[11381]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.96 user=administrateur
2019-07-10T21:30:02.917131matrix.arvenenaske.de sshd[11381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.96
2019-07-10T21:30:02.912979matrix.arvenenaske.de sshd[11381]: Invalid user administrateur from 186.64.120.96 port 34624
2019-07-10T21:30:05.078431matrix.arvenenaske.de sshd[11381]: Failed password for invalid user administrateur from 186.64.120.96 port 34624 ssh2
2019-07-10T21:33:08.110446matrix.arvenenaske.de sshd[11390]: Invalid user og from 186.64.120.96 port 33082
2019-07-10T21:33:08.113824matrix.arvenenaske.de sshd[11390]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186........
------------------------------

2019-07-10T21:30:02.912979matrix.arvenenaske.de sshd[11381]: Invalid user administrateur from 186.64.120.96 port 34624
2019-07-10T21:30:02.916443matrix.arvenenaske.de sshd[11381]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.96 user=administrateur
2019-07-10T21:30:02.917131matrix.arvenenaske.de sshd[11381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.96
2019-07-10T21:30:02.912979matrix.arvenenaske.de sshd[11381]: Invalid user administrateur from 186.64.120.96 port 34624
2019-07-10T21:30:05.078431matrix.arvenenaske.de sshd[11381]: Failed password for invalid user administrateur from 186.64.120.96 port 34624 ssh2
2019-07-10T21:33:08.110446matrix.arvenenaske.de sshd[11390]: Invalid user og from 186.64.120.96 port 33082
2019-07-10T21:33:08.113824matrix.arvenenaske.de sshd[11390]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186........
------------------------------

Jul  5 20:17:44 ip-172-31-1-72 sshd\[2231\]: Invalid user aj from 186.64.120.131
Jul  5 20:17:44 ip-172-31-1-72 sshd\[2231\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.131
Jul  5 20:17:46 ip-172-31-1-72 sshd\[2231\]: Failed password for invalid user aj from 186.64.120.131 port 42038 ssh2
Jul  5 20:23:05 ip-172-31-1-72 sshd\[2297\]: Invalid user gozone from 186.64.120.131
Jul  5 20:23:05 ip-172-31-1-72 sshd\[2297\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.131

Jul  4 21:04:35 vps200512 sshd\[19258\]: Invalid user dylan from 186.64.120.131
Jul  4 21:04:35 vps200512 sshd\[19258\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.131
Jul  4 21:04:37 vps200512 sshd\[19258\]: Failed password for invalid user dylan from 186.64.120.131 port 60208 ssh2
Jul  4 21:07:29 vps200512 sshd\[19291\]: Invalid user deploy from 186.64.120.131
Jul  4 21:07:29 vps200512 sshd\[19291\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.131

Jun 29 11:56:29 work-partkepr sshd\[5171\]: Invalid user install from 186.64.120.131 port 45649
Jun 29 11:56:29 work-partkepr sshd\[5171\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.131
...

212.119.47.244 - - [20/Oct/2019:08:00:52 -0400] "GET /?page=../../../../../../../etc/passwd%00&action=view&manufacturerID=12&productID=973&linkID=15902 HTTP/1.1" 200 16396 "https://newportbrassfaucets.com/?page=../../../../../../../etc/passwd%00&action=view&manufacturerID=12&productID=973&linkID=15902" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
...

Portscan or hack attempt detected by psad/fwsnort

Oct 20 15:52:26 dedicated sshd[8346]: Invalid user kvamme from 137.74.115.225 port 43326

" "

SSH bruteforce (Triggered fail2ban)

SSH Bruteforce attempt

port scan and connect, tcp 23 (telnet)

2019-10-20T17:16:07.431037+02:00 lumpi kernel: [1406971.382862] INPUT:DROP:SPAMHAUS_EDROP:IN=eth0 OUT= MAC=52:54:a2:01:a5:04:d2:74:7f:6e:37:e3:08:00 SRC=203.156.197.28 DST=172.31.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=27532 PROTO=TCP SPT=50146 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 
...

Unauthorized connection attempt from IP address 182.74.232.218 on Port 445(SMB)

Port scan on 1 port(s): 53

Oct 20 03:28:10 php1 sshd\[9933\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.196.66  user=root
Oct 20 03:28:13 php1 sshd\[9933\]: Failed password for root from 140.143.196.66 port 52348 ssh2
Oct 20 03:34:03 php1 sshd\[10749\]: Invalid user webmaster from 140.143.196.66
Oct 20 03:34:03 php1 sshd\[10749\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.196.66
Oct 20 03:34:05 php1 sshd\[10749\]: Failed password for invalid user webmaster from 140.143.196.66 port 59936 ssh2

Oct 20 17:51:19 OPSO sshd\[23071\]: Invalid user tim from 81.183.253.86 port 59480
Oct 20 17:51:19 OPSO sshd\[23071\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.183.253.86
Oct 20 17:51:22 OPSO sshd\[23071\]: Failed password for invalid user tim from 81.183.253.86 port 59480 ssh2
Oct 20 17:56:26 OPSO sshd\[23998\]: Invalid user !Q@W3e4rg from 81.183.253.86 port 22590
Oct 20 17:56:26 OPSO sshd\[23998\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.183.253.86

postfix (unknown user, SPF fail or relay access denied)

2019-10-20T10:46:03.7879101495-001 sshd\[28582\]: Failed password for invalid user pecheurs from 104.131.37.34 port 55372 ssh2
2019-10-20T11:47:33.9768201495-001 sshd\[31059\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=virgo.accion-sa.cl  user=root
2019-10-20T11:47:36.1702151495-001 sshd\[31059\]: Failed password for root from 104.131.37.34 port 54797 ssh2
2019-10-20T11:52:18.6212051495-001 sshd\[31237\]: Invalid user ubnt from 104.131.37.34 port 46057
2019-10-20T11:52:18.6241441495-001 sshd\[31237\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=virgo.accion-sa.cl
2019-10-20T11:52:21.2780061495-001 sshd\[31237\]: Failed password for invalid user ubnt from 104.131.37.34 port 46057 ssh2
...

Oct 20 18:31:49 herz-der-gamer sshd[30375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.105.134.45  user=ts3
Oct 20 18:31:51 herz-der-gamer sshd[30375]: Failed password for ts3 from 193.105.134.45 port 62955 ssh2
...