Nov  6 02:26:26 hurricane sshd[29215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.198.11.107  user=r.r
Nov  6 02:26:27 hurricane sshd[29215]: Failed password for r.r from 213.198.11.107 port 53512 ssh2
Nov  6 02:26:27 hurricane sshd[29215]: Received disconnect from 213.198.11.107 port 53512:11: Bye Bye [preauth]
Nov  6 02:26:27 hurricane sshd[29215]: Disconnected from 213.198.11.107 port 53512 [preauth]
Nov  6 02:48:06 hurricane sshd[29301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.198.11.107  user=r.r
Nov  6 02:48:08 hurricane sshd[29301]: Failed password for r.r from 213.198.11.107 port 47016 ssh2
Nov  6 02:48:08 hurricane sshd[29301]: Received disconnect from 213.198.11.107 port 47016:11: Bye Bye [preauth]
Nov  6 02:48:08 hurricane sshd[29301]: Disconnected from 213.198.11.107 port 47016 [preauth]
Nov  6 02:51:41 hurricane sshd[29312]: pam_unix(sshd:auth): authenticati........
-------------------------------

11/06/2019-18:42:44.509112 112.85.42.188 Protocol: 6 ET SCAN Potential SSH Scan

2019-11-06T23:42:25.457533host3.slimhost.com.ua dovecot[859034]: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=166.172.190.228, lip=207.180.241.50, TLS, session=
2019-11-06T23:42:32.329909host3.slimhost.com.ua dovecot[859034]: imap-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=166.172.190.228, lip=207.180.241.50, TLS, session=
2019-11-06T23:42:32.357796host3.slimhost.com.ua dovecot[859034]: imap-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=166.172.190.228, lip=207.180.241.50, TLS, session=
2019-11-06T23:42:44.697729host3.slimhost.com.ua dovecot[859034]: imap-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=166.172.190.228, lip=207.180.241.50, TLS, session
...

Nov  7 00:44:10 meumeu sshd[15394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.159.153.82 
Nov  7 00:44:12 meumeu sshd[15394]: Failed password for invalid user BOT from 211.159.153.82 port 44922 ssh2
Nov  7 00:48:15 meumeu sshd[16041]: Failed password for root from 211.159.153.82 port 53460 ssh2
...

Nov  7 00:36:35 meumeu sshd[13947]: Failed password for root from 61.19.22.162 port 60946 ssh2
Nov  7 00:41:26 meumeu sshd[15023]: Failed password for root from 61.19.22.162 port 41564 ssh2
...

Nov  6 23:46:27 game-panel sshd[19679]: Failed password for root from 112.85.42.195 port 44208 ssh2
Nov  6 23:48:14 game-panel sshd[19746]: Failed password for root from 112.85.42.195 port 49658 ssh2

Automatic report - Port Scan Attack

Nov  6 21:07:01 firewall sshd[16152]: Invalid user feet from 211.20.181.186
Nov  6 21:07:03 firewall sshd[16152]: Failed password for invalid user feet from 211.20.181.186 port 64198 ssh2
Nov  6 21:11:52 firewall sshd[16288]: Invalid user ftpuser from 211.20.181.186
...

Nov  7 00:25:51 pornomens sshd\[12064\]: Invalid user google from 188.166.159.148 port 39989
Nov  7 00:25:51 pornomens sshd\[12064\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.159.148
Nov  7 00:25:53 pornomens sshd\[12064\]: Failed password for invalid user google from 188.166.159.148 port 39989 ssh2
...

Nov  6 14:00:03 hpm sshd\[31297\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.99.172  user=root
Nov  6 14:00:05 hpm sshd\[31297\]: Failed password for root from 62.234.99.172 port 34625 ssh2
Nov  6 14:04:19 hpm sshd\[31630\]: Invalid user myftp from 62.234.99.172
Nov  6 14:04:19 hpm sshd\[31630\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.99.172
Nov  6 14:04:20 hpm sshd\[31630\]: Failed password for invalid user myftp from 62.234.99.172 port 53433 ssh2

Nov  5 12:01:59 fwservlet sshd[28211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.170.200  user=r.r
Nov  5 12:02:01 fwservlet sshd[28211]: Failed password for r.r from 51.91.170.200 port 59432 ssh2
Nov  5 12:02:01 fwservlet sshd[28211]: Received disconnect from 51.91.170.200 port 59432:11: Bye Bye [preauth]
Nov  5 12:02:01 fwservlet sshd[28211]: Disconnected from 51.91.170.200 port 59432 [preauth]
Nov  5 12:10:51 fwservlet sshd[28495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.170.200  user=r.r
Nov  5 12:10:52 fwservlet sshd[28495]: Failed password for r.r from 51.91.170.200 port 41348 ssh2
Nov  5 12:10:52 fwservlet sshd[28495]: Received disconnect from 51.91.170.200 port 41348:11: Bye Bye [preauth]
Nov  5 12:10:52 fwservlet sshd[28495]: Disconnected from 51.91.170.200 port 41348 [preauth]
Nov  5 12:14:40 fwservlet sshd[28597]: Invalid user testuser from 51.91.170.200
........
-------------------------------

11/06/2019-23:43:26.159142 51.83.2.148 Protocol: 6 ET POLICY Cleartext WordPress Login

Nov  7 02:06:56 www sshd\[33724\]: Invalid user zd from 122.51.76.234Nov  7 02:06:58 www sshd\[33724\]: Failed password for invalid user zd from 122.51.76.234 port 33642 ssh2Nov  7 02:11:25 www sshd\[33941\]: Failed password for root from 122.51.76.234 port 43302 ssh2
...

Nov  7 01:06:20 sd-53420 sshd\[26602\]: Invalid user test from 51.158.115.237
Nov  7 01:06:20 sd-53420 sshd\[26602\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.158.115.237
Nov  7 01:06:23 sd-53420 sshd\[26602\]: Failed password for invalid user test from 51.158.115.237 port 33202 ssh2
Nov  7 01:06:40 sd-53420 sshd\[26694\]: Invalid user test from 51.158.115.237
Nov  7 01:06:40 sd-53420 sshd\[26694\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.158.115.237
...

5x Failed Password