Dec 28 13:40:04 debian-2gb-nbg1-2 kernel: \[1189522.562714\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=92.246.76.244 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=13523 PROTO=TCP SPT=41602 DPT=11001 WINDOW=1024 RES=0x00 SYN URGP=0

Honeypot attack, port: 23, PTR: okvlon0102w-lp130-02-184-147-153-236.dsl.bell.ca.

Dec 27 10:08:39 server sshd\[14777\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.2.158.54  user=root
Dec 27 10:08:42 server sshd\[14777\]: Failed password for root from 221.2.158.54 port 40637 ssh2
Dec 28 09:00:41 server sshd\[5492\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.2.158.54  user=root
Dec 28 09:00:43 server sshd\[5492\]: Failed password for root from 221.2.158.54 port 51704 ssh2
Dec 28 09:20:49 server sshd\[9493\]: Invalid user lisa from 221.2.158.54
Dec 28 09:20:49 server sshd\[9493\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.2.158.54 
...

Honeypot attack, port: 23, PTR: c83-250-213-132.bredband.comhem.se.

Dec 28 14:02:35 MK-Soft-VM4 sshd[30361]: Failed password for root from 218.92.0.171 port 38348 ssh2
Dec 28 14:02:41 MK-Soft-VM4 sshd[30361]: Failed password for root from 218.92.0.171 port 38348 ssh2
...

Dec 28 08:09:56 vmd17057 sshd\[421\]: Invalid user natascha from 138.68.27.177 port 33864
Dec 28 08:09:56 vmd17057 sshd\[421\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.27.177
Dec 28 08:09:58 vmd17057 sshd\[421\]: Failed password for invalid user natascha from 138.68.27.177 port 33864 ssh2
...

Honeypot attack, port: 445, PTR: PTR record not found

Dec 28 09:36:04 mailserver dovecot: auth-worker(2290): sql([hidden],109.136.242.203,<+J8/gL+a+cVtiPLL>): unknown user
Dec 28 09:36:06 mailserver dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<[hidden]>, method=PLAIN, rip=109.136.242.203, lip=[hidden], TLS, session=<+J8/gL+a+cVtiPLL>
Dec 28 09:36:10 mailserver dovecot: auth-worker(2290): sql([hidden],109.136.242.203,): unknown user
Dec 28 09:36:14 mailserver dovecot: imap-login: Aborted login (auth failed, 1 attempts in 8 secs): user=<[hidden]>, method=PLAIN, rip=109.136.242.203, lip=[hidden], TLS, session=
Dec 28 09:36:18 mailserver dovecot: auth-worker(2290): sql([hidden],109.136.242.203,): unknown user
Dec 28 09:36:20 mailserver dovecot: imap-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<[hidden]>, method=PLAIN, rip=109.136.242.203, lip=[hidden], TLS, session=
Dec 28 13:36:00 mailserver dovecot: auth-worker(3824): sql([hidden],109.136.242

Dec 28 07:47:43 legacy sshd[2172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.156.236
Dec 28 07:47:45 legacy sshd[2172]: Failed password for invalid user margeson from 115.231.156.236 port 51834 ssh2
Dec 28 07:51:14 legacy sshd[2243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.156.236
...

2019-12-28T11:42:22.543053abusebot-2.cloudsearch.cf sshd[11335]: Invalid user ts3server from 206.189.47.166 port 57570
2019-12-28T11:42:22.548598abusebot-2.cloudsearch.cf sshd[11335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.47.166
2019-12-28T11:42:22.543053abusebot-2.cloudsearch.cf sshd[11335]: Invalid user ts3server from 206.189.47.166 port 57570
2019-12-28T11:42:24.694174abusebot-2.cloudsearch.cf sshd[11335]: Failed password for invalid user ts3server from 206.189.47.166 port 57570 ssh2
2019-12-28T11:45:53.400411abusebot-2.cloudsearch.cf sshd[11432]: Invalid user steger from 206.189.47.166 port 60178
2019-12-28T11:45:53.407680abusebot-2.cloudsearch.cf sshd[11432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.47.166
2019-12-28T11:45:53.400411abusebot-2.cloudsearch.cf sshd[11432]: Invalid user steger from 206.189.47.166 port 60178
2019-12-28T11:45:55.186874abusebot-2.cloudsearch.c
...

Unauthorized connection attempt from IP address 189.158.224.244 on Port 445(SMB)

Invalid user admin from 41.223.142.211 port 46839

Honeypot attack, port: 23, PTR: PTR record not found

...

Invalid user nexus from 51.38.129.20 port 44318