Aug 26 04:37:53 shivevps sshd[19511]: Bad protocol version identification '\024' from 195.154.48.112 port 50299
Aug 26 04:37:57 shivevps sshd[19642]: Bad protocol version identification '\024' from 195.154.48.112 port 49655
Aug 26 04:43:58 shivevps sshd[30383]: Bad protocol version identification '\024' from 195.154.48.112 port 47666
Aug 26 04:44:18 shivevps sshd[31002]: Bad protocol version identification '\024' from 195.154.48.112 port 50700
...

Automatic report generated by Wazuh

195.154.48.39 - - [27/Aug/2020:20:16:16 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 4982 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 0.813
195.154.48.39 - - [27/Aug/2020:20:16:19 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 200 473 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 2.785
195.154.48.39 - - [28/Aug/2020:06:55:23 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 4989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 0.793
195.154.48.39 - - [28/Aug/2020:06:55:25 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 200 473 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 2.254
195.154.48.39 - - [29/Aug/2020:20:55:48 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 401 3593 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 3.113
...

195.154.48.117 - - [17/Aug/2020:09:13:47 +0200] "blog.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 4993 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 0.771
195.154.48.117 - - [17/Aug/2020:09:13:49 +0200] "blog.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 500 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 1.780
195.154.48.117 - - [17/Aug/2020:13:54:10 +0200] "blog.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 4993 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 0.728
195.154.48.117 - - [17/Aug/2020:13:54:12 +0200] "blog.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 500 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 1.805
195.154.48.117 - - [17/Aug/2020:17:13:37 +0200] "blog.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 4982 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 0.752
...

195.154.48.117 - - [31/Jul/2020:07:42:14 +0100] "POST /wp-login.php HTTP/1.1" 200 2213 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
195.154.48.117 - - [31/Jul/2020:07:42:15 +0100] "POST /wp-login.php HTTP/1.1" 200 2234 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
195.154.48.117 - - [31/Jul/2020:07:42:15 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

CMS (WordPress or Joomla) login attempt.

B: /wp-login.php attack

Dec 16 03:13:41 ms-srv sshd[45434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.48.111
Dec 16 03:13:43 ms-srv sshd[45434]: Failed password for invalid user apache from 195.154.48.111 port 44642 ssh2

Dec 17 00:30:19 ms-srv sshd[25718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.48.202  user=root
Dec 17 00:30:21 ms-srv sshd[25718]: Failed password for invalid user root from 195.154.48.202 port 32902 ssh2

\[2019-09-24 04:30:09\] NOTICE\[1970\] chan_sip.c: Registration from '\' failed for '195.154.48.30:54587' - Wrong password
\[2019-09-24 04:30:09\] SECURITY\[1978\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-24T04:30:09.674-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="515",SessionID="0x7f9b343e76c8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.48.30/54587",Challenge="741148e9",ReceivedChallenge="741148e9",ReceivedHash="805c67dcc119df70e417d959a9dca630"
\[2019-09-24 04:34:02\] NOTICE\[1970\] chan_sip.c: Registration from '\' failed for '195.154.48.30:53858' - Wrong password
\[2019-09-24 04:34:02\] SECURITY\[1978\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-24T04:34:02.828-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="2040",SessionID="0x7f9b341795c8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.48.

\[2019-09-23 18:26:26\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:64101' - Wrong password
\[2019-09-23 18:26:26\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-23T18:26:26.333-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="1001",SessionID="0x7fcd8c12cad8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.48.30/64101",Challenge="1b4fecc0",ReceivedChallenge="1b4fecc0",ReceivedHash="ac856a78d83d2c1dc6f85e1831272fcc"
\[2019-09-23 18:30:28\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:51608' - Wrong password
\[2019-09-23 18:30:28\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-23T18:30:28.388-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="69",SessionID="0x7fcd8c193c98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.48.30

\[2019-09-23 14:28:10\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:56913' - Wrong password
\[2019-09-23 14:28:10\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-23T14:28:10.177-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="5631",SessionID="0x7fcd8c57a408",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.48.30/56913",Challenge="4b8d5e97",ReceivedChallenge="4b8d5e97",ReceivedHash="3bb31c9339a617325c28fa769036a9f6"
\[2019-09-23 14:32:03\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:61551' - Wrong password
\[2019-09-23 14:32:03\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-23T14:32:03.072-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="22801",SessionID="0x7fcd8c12cad8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154

\[2019-09-23 04:55:39\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:54775' - Wrong password
\[2019-09-23 04:55:39\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-23T04:55:39.813-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="50000",SessionID="0x7fcd8c57a408",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.48.30/54775",Challenge="4a461f08",ReceivedChallenge="4a461f08",ReceivedHash="2b84409cf2da0d52868d710be43b5f93"
\[2019-09-23 04:59:22\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:53657' - Wrong password
\[2019-09-23 04:59:22\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-23T04:59:22.136-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="542",SessionID="0x7fcd8c57a408",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.4

\[2019-09-22 17:01:35\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:63689' - Wrong password
\[2019-09-22 17:01:35\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-22T17:01:35.605-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="6663",SessionID="0x7fcd8c663828",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.48.30/63689",Challenge="3bac1cd1",ReceivedChallenge="3bac1cd1",ReceivedHash="520b3779977bf6e6554ff916512ffa03"
\[2019-09-22 17:05:29\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:51342' - Wrong password
\[2019-09-22 17:05:29\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-22T17:05:29.713-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="66691",SessionID="0x7fcd8c663828",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154

\[2019-09-22 16:46:27\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:52790' - Wrong password
\[2019-09-22 16:46:27\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-22T16:46:27.321-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="12300",SessionID="0x7fcd8c1c4788",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.48.30/52790",Challenge="15c9f95c",ReceivedChallenge="15c9f95c",ReceivedHash="e7269d8936a81586b6363417106f6397"
\[2019-09-22 16:50:11\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:52090' - Wrong password
\[2019-09-22 16:50:11\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-22T16:50:11.090-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="7727",SessionID="0x7fcd8ced4938",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154

\[2019-09-22 06:03:54\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:65432' - Wrong password
\[2019-09-22 06:03:54\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-22T06:03:54.352-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="8025",SessionID="0x7fcd8c57a408",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.48.30/65432",Challenge="733d2214",ReceivedChallenge="733d2214",ReceivedHash="a6e066a166588c91f9448ec2ae52e16a"
\[2019-09-22 06:07:34\] NOTICE\[2270\] chan_sip.c: Registration from '\' failed for '195.154.48.30:56877' - Wrong password
\[2019-09-22 06:07:34\] SECURITY\[2283\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-22T06:07:34.787-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="123",SessionID="0x7fcd8c57a408",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.48.

$f2bV_matches

Sep  1 08:08:45 MK-Soft-VM3 sshd\[4906\]: Invalid user mack from 104.42.25.12 port 6464
Sep  1 08:08:45 MK-Soft-VM3 sshd\[4906\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.25.12
Sep  1 08:08:47 MK-Soft-VM3 sshd\[4906\]: Failed password for invalid user mack from 104.42.25.12 port 6464 ssh2
...

(From DonaldThompson704@gmail.com) Hi!

Some issues on your website prevent potential clients from finding it while they're searching for products/services online. I'm an online marketing specialist who has made sites that have crawled their way up the rankings in the search results dominate the first page of Goggle and other major search engines. 

Would you like to generate more sales using your site? Having your website show up the top search results means that your business is more relevant and more trusted compared to others. This is the most effective way to attract clients. I can show you case studies about companies I've worked with in the past and how their business gained a boost when after the SEO work I did for them.

Let me know what you think. If you're interested, I'll give you a call at a time that works best for you so I can share some expert advice. All the helpful information I'll provide can benefit your business whether or not you choose to avail of my services. I look forward to sp

SSH Brute-Force reported by Fail2Ban

$f2bV_matches

DATE:2019-09-01 09:07:09, IP:88.129.208.44, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)

Automatic report - Banned IP Access

Sep  1 12:16:14 * sshd[21692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.164.48.202
Sep  1 12:16:16 * sshd[21692]: Failed password for invalid user jia from 202.164.48.202 port 37393 ssh2

19/9/1@07:24:40: FAIL: IoT-Telnet address from=60.19.183.95
...

Sep  1 11:12:28 minden010 sshd[30523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.112.237.228
Sep  1 11:12:30 minden010 sshd[30523]: Failed password for invalid user support from 202.112.237.228 port 48162 ssh2
Sep  1 11:14:43 minden010 sshd[31238]: Failed password for root from 202.112.237.228 port 39928 ssh2
...

Aug 29 16:35:29 itv-usvr-01 sshd[1472]: Invalid user admin from 111.93.58.18
Aug 29 16:35:30 itv-usvr-01 sshd[1472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.58.18
Aug 29 16:35:29 itv-usvr-01 sshd[1472]: Invalid user admin from 111.93.58.18
Aug 29 16:35:31 itv-usvr-01 sshd[1472]: Failed password for invalid user admin from 111.93.58.18 port 43236 ssh2

Sep  1 04:54:57 wbs sshd\[15703\]: Invalid user hand from 157.230.43.135
Sep  1 04:54:57 wbs sshd\[15703\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.43.135
Sep  1 04:54:58 wbs sshd\[15703\]: Failed password for invalid user hand from 157.230.43.135 port 33570 ssh2
Sep  1 04:59:48 wbs sshd\[16210\]: Invalid user kristin from 157.230.43.135
Sep  1 04:59:48 wbs sshd\[16210\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.43.135

<6 unauthorized SSH connections

09/01/2019-09:50:36.947589 185.176.27.26 Protocol: 6 ET SCAN NMAP -sS window 1024

Aug 31 21:04:50 web9 sshd\[30965\]: Invalid user l4d2server from 183.238.58.49
Aug 31 21:04:50 web9 sshd\[30965\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.238.58.49
Aug 31 21:04:51 web9 sshd\[30965\]: Failed password for invalid user l4d2server from 183.238.58.49 port 43202 ssh2
Aug 31 21:07:18 web9 sshd\[31417\]: Invalid user alex from 183.238.58.49
Aug 31 21:07:18 web9 sshd\[31417\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.238.58.49