(sshd) Failed SSH login from 200.29.111.182 (CO/Colombia/industriasintegradas.emcali.net.co): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: May  3 05:47:05 amsweb01 sshd[17803]: Invalid user oper from 200.29.111.182 port 35034
May  3 05:47:07 amsweb01 sshd[17803]: Failed password for invalid user oper from 200.29.111.182 port 35034 ssh2
May  3 05:53:03 amsweb01 sshd[18448]: Invalid user zhanglei from 200.29.111.182 port 42028
May  3 05:53:05 amsweb01 sshd[18448]: Failed password for invalid user zhanglei from 200.29.111.182 port 42028 ssh2
May  3 05:55:43 amsweb01 sshd[18770]: Invalid user xiaowei from 200.29.111.182 port 55237

Apr 25 00:32:49 lukav-desktop sshd\[6906\]: Invalid user gernst from 200.29.111.182
Apr 25 00:32:49 lukav-desktop sshd\[6906\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182
Apr 25 00:32:51 lukav-desktop sshd\[6906\]: Failed password for invalid user gernst from 200.29.111.182 port 45373 ssh2
Apr 25 00:38:59 lukav-desktop sshd\[7152\]: Invalid user nscd from 200.29.111.182
Apr 25 00:38:59 lukav-desktop sshd\[7152\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182

2020-04-21T23:26:27.164502linuxbox-skyline sshd[309952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182  user=root
2020-04-21T23:26:29.529933linuxbox-skyline sshd[309952]: Failed password for root from 200.29.111.182 port 39721 ssh2
...

SSH Brute-Forcing (server1)

Apr 18 18:01:01 v22019038103785759 sshd\[1950\]: Invalid user yn from 200.29.111.182 port 54538
Apr 18 18:01:01 v22019038103785759 sshd\[1950\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182
Apr 18 18:01:03 v22019038103785759 sshd\[1950\]: Failed password for invalid user yn from 200.29.111.182 port 54538 ssh2
Apr 18 18:07:43 v22019038103785759 sshd\[2354\]: Invalid user xi from 200.29.111.182 port 60606
Apr 18 18:07:43 v22019038103785759 sshd\[2354\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182
...

Apr  4 13:18:52 Tower sshd[44373]: Connection from 200.29.111.182 port 33729 on 192.168.10.220 port 22 rdomain ""
Apr  4 13:18:52 Tower sshd[44373]: Failed password for root from 200.29.111.182 port 33729 ssh2
Apr  4 13:18:52 Tower sshd[44373]: Received disconnect from 200.29.111.182 port 33729:11: Bye Bye [preauth]
Apr  4 13:18:52 Tower sshd[44373]: Disconnected from authenticating user root 200.29.111.182 port 33729 [preauth]

Mar 29 19:17:26 tuxlinux sshd[22261]: Invalid user mkx from 200.29.111.182 port 43657
Mar 29 19:17:26 tuxlinux sshd[22261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182 
Mar 29 19:17:26 tuxlinux sshd[22261]: Invalid user mkx from 200.29.111.182 port 43657
Mar 29 19:17:26 tuxlinux sshd[22261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182 
Mar 29 19:17:26 tuxlinux sshd[22261]: Invalid user mkx from 200.29.111.182 port 43657
Mar 29 19:17:26 tuxlinux sshd[22261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182 
Mar 29 19:17:27 tuxlinux sshd[22261]: Failed password for invalid user mkx from 200.29.111.182 port 43657 ssh2
...

Mar 28 23:08:03 OPSO sshd\[26474\]: Invalid user jcv from 200.29.111.182 port 52123
Mar 28 23:08:03 OPSO sshd\[26474\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182
Mar 28 23:08:04 OPSO sshd\[26474\]: Failed password for invalid user jcv from 200.29.111.182 port 52123 ssh2
Mar 28 23:14:17 OPSO sshd\[27685\]: Invalid user ikg from 200.29.111.182 port 57379
Mar 28 23:14:17 OPSO sshd\[27685\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182

Lines containing failures of 200.29.111.182
Mar 25 12:38:55 penfold sshd[26331]: Invalid user jhon from 200.29.111.182 port 43618
Mar 25 12:38:55 penfold sshd[26331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182 
Mar 25 12:38:56 penfold sshd[26331]: Failed password for invalid user jhon from 200.29.111.182 port 43618 ssh2
Mar 25 12:38:57 penfold sshd[26331]: Received disconnect from 200.29.111.182 port 43618:11: Bye Bye [preauth]
Mar 25 12:38:57 penfold sshd[26331]: Disconnected from invalid user jhon 200.29.111.182 port 43618 [preauth]
Mar 25 12:56:47 penfold sshd[28099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182  user=uucp
Mar 25 12:56:49 penfold sshd[28099]: Failed password for uucp from 200.29.111.182 port 44187 ssh2
Mar 25 12:56:50 penfold sshd[28099]: Received disconnect from 200.29.111.182 port 44187:11: Bye Bye [preauth]
Mar 25 12:56:50 penfold s........
------------------------------

Lines containing failures of 200.29.111.182
Mar 25 12:38:55 penfold sshd[26331]: Invalid user jhon from 200.29.111.182 port 43618
Mar 25 12:38:55 penfold sshd[26331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182 
Mar 25 12:38:56 penfold sshd[26331]: Failed password for invalid user jhon from 200.29.111.182 port 43618 ssh2
Mar 25 12:38:57 penfold sshd[26331]: Received disconnect from 200.29.111.182 port 43618:11: Bye Bye [preauth]
Mar 25 12:38:57 penfold sshd[26331]: Disconnected from invalid user jhon 200.29.111.182 port 43618 [preauth]
Mar 25 12:56:47 penfold sshd[28099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182  user=uucp
Mar 25 12:56:49 penfold sshd[28099]: Failed password for uucp from 200.29.111.182 port 44187 ssh2
Mar 25 12:56:50 penfold sshd[28099]: Received disconnect from 200.29.111.182 port 44187:11: Bye Bye [preauth]
Mar 25 12:56:50 penfold s........
------------------------------

Feb 21 20:02:33 hanapaa sshd\[18432\]: Invalid user pi from 77.20.217.64
Feb 21 20:02:33 hanapaa sshd\[18434\]: Invalid user pi from 77.20.217.64
Feb 21 20:02:33 hanapaa sshd\[18432\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip4d14d940.dynamic.kabel-deutschland.de
Feb 21 20:02:33 hanapaa sshd\[18434\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip4d14d940.dynamic.kabel-deutschland.de
Feb 21 20:02:36 hanapaa sshd\[18432\]: Failed password for invalid user pi from 77.20.217.64 port 36348 ssh2

SSH login attempts brute force.

Feb 21 23:01:47 hpm sshd\[14767\]: Invalid user hrm from 201.48.192.60
Feb 21 23:01:47 hpm sshd\[14767\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.192.60
Feb 21 23:01:50 hpm sshd\[14767\]: Failed password for invalid user hrm from 201.48.192.60 port 45366 ssh2
Feb 21 23:05:07 hpm sshd\[15110\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.192.60  user=root
Feb 21 23:05:09 hpm sshd\[15110\]: Failed password for root from 201.48.192.60 port 59416 ssh2

2020-02-22T09:00:55.368164shield sshd\[7801\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.63.194.11  user=root
2020-02-22T09:00:58.041130shield sshd\[7801\]: Failed password for root from 92.63.194.11 port 37633 ssh2
2020-02-22T09:02:56.902625shield sshd\[8118\]: Invalid user guest from 92.63.194.11 port 35945
2020-02-22T09:02:56.907907shield sshd\[8118\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.63.194.11
2020-02-22T09:02:58.858267shield sshd\[8118\]: Failed password for invalid user guest from 92.63.194.11 port 35945 ssh2

Brute force SMTP login attempted.
...

DATE:2020-02-22 05:48:02, IP:211.229.0.151, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)

2020-02-21 22:47:03 H=(extraordinarychrisa.com) [63.82.51.196]:25015 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS)
2020-02-21 22:47:40 H=(extraordinarychrisa.com) [63.82.51.196]:30067 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS)
2020-02-21 22:48:03 H=(extraordinarychrisa.com) [63.82.51.196]:20191 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS)
...

Feb 22 10:31:09 dcd-gentoo sshd[20479]: User root from 218.92.0.199 not allowed because none of user's groups are listed in AllowGroups
Feb 22 10:31:13 dcd-gentoo sshd[20479]: error: PAM: Authentication failure for illegal user root from 218.92.0.199
Feb 22 10:31:09 dcd-gentoo sshd[20479]: User root from 218.92.0.199 not allowed because none of user's groups are listed in AllowGroups
Feb 22 10:31:13 dcd-gentoo sshd[20479]: error: PAM: Authentication failure for illegal user root from 218.92.0.199
Feb 22 10:31:09 dcd-gentoo sshd[20479]: User root from 218.92.0.199 not allowed because none of user's groups are listed in AllowGroups
Feb 22 10:31:13 dcd-gentoo sshd[20479]: error: PAM: Authentication failure for illegal user root from 218.92.0.199
Feb 22 10:31:13 dcd-gentoo sshd[20479]: Failed keyboard-interactive/pam for invalid user root from 218.92.0.199 port 50029 ssh2
...

Feb 22 09:30:05 debian-2gb-nbg1-2 kernel: \[4619411.387031\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=83.97.20.49 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=58014 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0

Invalid user emp from 193.248.216.19 port 36666

Feb 22 10:17:24 tuotantolaitos sshd[13627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.236.119.100
Feb 22 10:17:26 tuotantolaitos sshd[13627]: Failed password for invalid user chang from 156.236.119.100 port 52750 ssh2
...

Automatic report - Port Scan Attack

Invalid user adam from 125.227.223.41 port 54570

Feb 21 19:00:15 wbs sshd\[27229\]: Invalid user red from 223.111.144.153
Feb 21 19:00:15 wbs sshd\[27229\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.111.144.153
Feb 21 19:00:17 wbs sshd\[27229\]: Failed password for invalid user red from 223.111.144.153 port 60994 ssh2
Feb 21 19:04:40 wbs sshd\[27579\]: Invalid user cpanelphpmyadmin from 223.111.144.153
Feb 21 19:04:40 wbs sshd\[27579\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.111.144.153

Feb 22 07:13:49 MK-Soft-VM5 sshd[32029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.33.253.60 
Feb 22 07:13:50 MK-Soft-VM5 sshd[32029]: Failed password for invalid user svnuser from 112.33.253.60 port 47048 ssh2
...