www.goldgier.de 2400:6180:0:d1::50e:2001 [30/Apr/2020:22:52:52 +0200] "POST /wp-login.php HTTP/1.1" 200 6530 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
www.goldgier.de 2400:6180:0:d1::50e:2001 [30/Apr/2020:22:52:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4334 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

2400:6180:0:d1::50e:2001 - - [08/Mar/2020:01:07:28 +0300] "POST /wp-login.php HTTP/1.1" 200 2790 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

xmlrpc attack

fail2ban honeypot

Jun 30 06:13:17 mail sshd\[30099\]: Failed password for invalid user chris from 83.3.245.132 port 44604 ssh2
Jun 30 06:30:13 mail sshd\[30391\]: Invalid user shekhar from 83.3.245.132 port 41496
Jun 30 06:30:13 mail sshd\[30391\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.3.245.132
...

SSH-BRUTEFORCE

firewall-block, port(s): 8083/tcp

2019-06-29 22:29:15 H=(internet.G5.maxwifi.com.br) [177.73.20.189]:51833 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in zen.spamhaus.org (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/sbl/query/SBLCSS)
2019-06-29 22:29:16 H=(internet.G5.maxwifi.com.br) [177.73.20.189]:51833 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in zen.spamhaus.org (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/sbl/query/SBLCSS)
2019-06-29 22:29:16 H=(internet.G5.maxwifi.com.br) [177.73.20.189]:51833 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in zen.spamhaus.org (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/sbl/query/SBLCSS)
...

Honeypot attack, port: 23, PTR: PTR record not found

Jun 30 15:28:58 localhost sshd\[11842\]: Invalid user gozone from 35.137.135.252 port 57372
Jun 30 15:28:58 localhost sshd\[11842\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.137.135.252
Jun 30 15:29:00 localhost sshd\[11842\]: Failed password for invalid user gozone from 35.137.135.252 port 57372 ssh2

Jun 30 13:28:22 localhost sshd\[125030\]: Invalid user ooo from 45.55.222.162 port 34290
Jun 30 13:28:22 localhost sshd\[125030\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.222.162
Jun 30 13:28:25 localhost sshd\[125030\]: Failed password for invalid user ooo from 45.55.222.162 port 34290 ssh2
Jun 30 13:29:56 localhost sshd\[125087\]: Invalid user harvard from 45.55.222.162 port 51408
Jun 30 13:29:56 localhost sshd\[125087\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.222.162
...

Honeypot attack, port: 445, PTR: PTR record not found

Jun 30 15:29:12 core01 sshd\[23383\]: Invalid user controller from 137.59.162.169 port 43285
Jun 30 15:29:12 core01 sshd\[23383\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.59.162.169
...

Chat Spam

Invalid user admin from 87.240.201.167 port 48394

Tried sshing with brute force.

SSH Brute Force, server-1 sshd[8989]: Failed password for invalid user molisoft from 24.7.159.76 port 44582 ssh2

Honeypot attack, port: 23, PTR: PTR record not found