Sep  2 13:59:54 buvik sshd[12628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.227.112
Sep  2 13:59:56 buvik sshd[12628]: Failed password for invalid user uftp from 134.175.227.112 port 54782 ssh2
Sep  2 14:03:15 buvik sshd[13553]: Invalid user memcached from 134.175.227.112
...

 TCP (SYN) 45.92.126.90:58278 -> port 80, len 40

 TCP (SYN) 92.118.160.5:61255 -> port 7547, len 44

Unauthorized connection attempt detected from IP address 202.107.190.246 to port 1433 [T]

 TCP (SYN) 178.19.154.204:24923 -> port 7547, len 44

Dovecot Invalid User Login Attempt.

 TCP (SYN) 178.19.166.228:3754 -> port 23, len 44

xmlrpc attack

Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "root" at 2020-09-02T12:04:08Z

firewall-block, port(s): 11211/tcp

208.109.53.185 - - [02/Sep/2020:13:20:49 +0200] "GET /wp-login.php HTTP/1.1" 200 8537 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
208.109.53.185 - - [02/Sep/2020:13:20:51 +0200] "POST /wp-login.php HTTP/1.1" 200 8788 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
208.109.53.185 - - [02/Sep/2020:13:20:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

1598978956 - 09/01/2020 18:49:16 Host: 37.129.241.145/37.129.241.145 Port: 445 TCP Blocked

 TCP (SYN) 176.88.228.142:58101 -> port 139, len 44

Brute force attack stopped by firewall

Unauthorized connection attempt detected from IP address 164.52.24.166 to port 7547 [T]