Sep 20 09:26:20 lumpi kernel: INPUT:DROP:SPAMHAUS_EDROP:IN=eth0 OUT= MAC=52:54:a2:01:a5:04:d2:74:7f:6e:37:e3:08:00 SRC=185.143.221.103 DST=172.31.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=19068 PROTO=TCP SPT=40001 DPT=13391 WINDOW=1024 RES=0x00 SYN URGP=0 
...

Sep 20 10:03:26 dedicated sshd[9430]: Invalid user ek from 167.114.47.81 port 40897

SSH authentication failure x 6 reported by Fail2Ban
...

Sep 20 15:30:21 itv-usvr-02 sshd[16726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.42.117  user=root
Sep 20 15:30:23 itv-usvr-02 sshd[16726]: Failed password for root from 222.186.42.117 port 53344 ssh2

Chat Spam

Sep 19 20:34:52 tdfoods sshd\[28136\]: Invalid user user from 101.224.58.215
Sep 19 20:34:52 tdfoods sshd\[28136\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.224.58.215
Sep 19 20:34:54 tdfoods sshd\[28136\]: Failed password for invalid user user from 101.224.58.215 port 38424 ssh2
Sep 19 20:34:56 tdfoods sshd\[28136\]: Failed password for invalid user user from 101.224.58.215 port 38424 ssh2
Sep 19 20:34:59 tdfoods sshd\[28136\]: Failed password for invalid user user from 101.224.58.215 port 38424 ssh2

Sep 20 01:16:49 *** sshd[32158]: Invalid user ubuntu from 62.234.74.29

09/20/2019-02:57:14.246323 185.153.198.196 Protocol: 6 ET SCAN NMAP -sS window 1024

Sep 20 09:45:41 relay dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.78.85, lip=176.9.177.164, session=\<92ikQfeSVLhQUk5V\>
Sep 20 09:48:56 relay dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.78.85, lip=176.9.177.164, session=\
Sep 20 09:50:16 relay dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.78.85, lip=176.9.177.164, session=\<1ggOUveSsKZQUk5V\>
Sep 20 09:54:22 relay dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.78.85, lip=176.9.177.164, session=\
Sep 20 09:56:08 relay dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.78.85, lip=176.9.177.164
...

SSH-bruteforce attempts

Sep 20 03:41:38 venus sshd\[11100\]: Invalid user goldenbrown from 94.177.163.133 port 35836
Sep 20 03:41:38 venus sshd\[11100\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.163.133
Sep 20 03:41:41 venus sshd\[11100\]: Failed password for invalid user goldenbrown from 94.177.163.133 port 35836 ssh2
...

SSHScan

Reported by AbuseIPDB proxy server.

Sep 20 00:14:37 XXXXXX sshd[64832]: Invalid user xg from 51.255.171.51 port 46683

Sep 20 03:31:05 aat-srv002 sshd[5077]: Failed password for root from 222.186.175.8 port 51364 ssh2
Sep 20 03:31:21 aat-srv002 sshd[5077]: error: maximum authentication attempts exceeded for root from 222.186.175.8 port 51364 ssh2 [preauth]
Sep 20 03:31:38 aat-srv002 sshd[5087]: Failed password for root from 222.186.175.8 port 62236 ssh2
Sep 20 03:31:59 aat-srv002 sshd[5087]: Failed password for root from 222.186.175.8 port 62236 ssh2
Sep 20 03:31:59 aat-srv002 sshd[5087]: error: maximum authentication attempts exceeded for root from 222.186.175.8 port 62236 ssh2 [preauth]
...