2604:a880:2:d0::4c81:c001 - - [07/Oct/2020:02:12:56 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 3433 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 3.349
2604:a880:2:d0::4c81:c001 - - [07/Oct/2020:02:13:00 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 200 192 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 3.406
2604:a880:2:d0::4c81:c001 - - [09/Oct/2020:08:41:37 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 3432 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 2.687
2604:a880:2:d0::4c81:c001 - - [09/Oct/2020:08:41:45 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 200 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 8.006
2604:a880:2:d0::4c81:c001 - - [10/Oct/2020:22:43:14 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 3433 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:6
...

2604:a880:2:d0::4c81:c001 - - [07/Oct/2020:02:12:56 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 3433 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 3.349
2604:a880:2:d0::4c81:c001 - - [07/Oct/2020:02:13:00 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 200 192 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 3.406
2604:a880:2:d0::4c81:c001 - - [09/Oct/2020:08:41:37 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 3432 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 2.687
2604:a880:2:d0::4c81:c001 - - [09/Oct/2020:08:41:45 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 200 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 8.006
2604:a880:2:d0::4c81:c001 - - [10/Oct/2020:22:43:14 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 3433 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:6
...

2604:a880:2:d0::4c81:c001 - - [07/Aug/2020:13:06:30 +0100] "POST /wp-login.php HTTP/1.1" 200 2345 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
2604:a880:2:d0::4c81:c001 - - [07/Aug/2020:13:06:37 +0100] "POST /wp-login.php HTTP/1.1" 200 2329 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
2604:a880:2:d0::4c81:c001 - - [07/Aug/2020:13:06:37 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

2604:a880:2:d0::4c81:c001 - - [24/Jul/2020:12:09:47 +0100] "POST /wp-login.php HTTP/1.1" 200 2345 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
2604:a880:2:d0::4c81:c001 - - [24/Jul/2020:12:09:53 +0100] "POST /wp-login.php HTTP/1.1" 200 2329 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
2604:a880:2:d0::4c81:c001 - - [24/Jul/2020:12:09:54 +0100] "POST /wp-login.php HTTP/1.1" 200 2329 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

Jul  8 07:57:36 wordpress wordpress(www.ruhnke.cloud)[17342]: XML-RPC authentication attempt for unknown user [login] from 2604:a880:2:d0::4c81:c001

Jun 19 14:14:39 10.23.102.230 wordpress(blog.ruhnke.cloud)[74097]: XML-RPC authentication attempt for unknown user [login] from 2604:a880:2:d0::4c81:c001
...

WordPress login Brute force / Web App Attack on client site.

Aug 31 02:46:26 vtv3 sshd\[31213\]: Invalid user nikolas from 187.101.38.44 port 57132
Aug 31 02:46:26 vtv3 sshd\[31213\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.101.38.44
Aug 31 02:46:28 vtv3 sshd\[31213\]: Failed password for invalid user nikolas from 187.101.38.44 port 57132 ssh2
Aug 31 02:52:13 vtv3 sshd\[1673\]: Invalid user newuser from 187.101.38.44 port 39008
Aug 31 02:52:13 vtv3 sshd\[1673\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.101.38.44
Aug 31 03:09:14 vtv3 sshd\[10118\]: Invalid user odol from 187.101.38.44 port 41080
Aug 31 03:09:14 vtv3 sshd\[10118\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.101.38.44
Aug 31 03:09:17 vtv3 sshd\[10118\]: Failed password for invalid user odol from 187.101.38.44 port 41080 ssh2
Aug 31 03:15:01 vtv3 sshd\[12822\]: Invalid user minecraft from 187.101.38.44 port 51186
Aug 31 03:15:01 vtv3 sshd\[12822\]:

Fail2Ban - FTP Abuse Attempt

$f2bV_matches_ltvn

Aug 31 03:35:59 cp sshd[601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.28
Aug 31 03:35:59 cp sshd[601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.28

Aug3102:52:08server2dovecot:imap-login:Disconnected\(authfailed\,1attemptsin8secs\):user=\\,method=PLAIN\,rip=196.218.89.88\,lip=81.17.25.230\,TLS\,session=\Aug3103:27:14server2dovecot:imap-login:Disconnected\(authfailed\,1attemptsin6secs\):user=\\,method=PLAIN\,rip=177.19.185.235\,lip=81.17.25.230\,TLS\,session=\Aug3102:38:44server2dovecot:imap-login:Disconnected\(authfailed\,1attemptsin6secs\):user=\\,method=PLAIN\,rip=121.28.40.179\,lip=81.17.25.230\,TLS:Connectionclosed\,session=\Aug3103:35:25server2dovecot:imap-login:Disconnected\(authfailed\,1attemptsin5secs\):user=\\,method=PLAIN\,rip=218.28.164.218\,lip=81.17.25.230\,TLS:Connectionclosed\,session=\<6I1vwF R6OzaHKTa\>Aug3103:16:30server2dovecot:imap-login:Disconnected\(authfailed\,1attemptsin14secs\):user=\\,method=PLAIN\,rip=112.91.58.238\,lip=81.17.25.230\,

Invalid user chimistry from 159.203.77.51 port 51376

Invalid user gregory from 51.75.248.241 port 56158

Invalid user redmap from 209.97.161.104 port 45159

Aug 30 18:44:04 sachi sshd\[29236\]: Invalid user server from 128.199.83.29
Aug 30 18:44:04 sachi sshd\[29236\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.83.29
Aug 30 18:44:06 sachi sshd\[29236\]: Failed password for invalid user server from 128.199.83.29 port 33792 ssh2
Aug 30 18:49:20 sachi sshd\[29670\]: Invalid user sshusr from 128.199.83.29
Aug 30 18:49:20 sachi sshd\[29670\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.83.29

Aug 31 01:00:32 plusreed sshd[25625]: Invalid user musikbot from 106.12.116.237
...

Aug 31 01:38:21 **** sshd[31253]: User root from 43.228.117.222 not allowed because not listed in AllowUsers

Aug 31 07:04:24 vps647732 sshd[31321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.76.70.46
Aug 31 07:04:26 vps647732 sshd[31321]: Failed password for invalid user zq from 201.76.70.46 port 43292 ssh2
...

Spam mails sent to address hacked/leaked from Nexus Mods in July 2013

Aug 31 07:46:29 webserver postfix/smtpd\[2725\]: warning: unknown\[80.82.77.18\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 31 07:47:04 webserver postfix/smtpd\[2725\]: warning: unknown\[80.82.77.18\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 31 07:47:41 webserver postfix/smtpd\[2546\]: warning: unknown\[80.82.77.18\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 31 07:48:18 webserver postfix/smtpd\[2546\]: warning: unknown\[80.82.77.18\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 31 07:48:55 webserver postfix/smtpd\[2725\]: warning: unknown\[80.82.77.18\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
...

Aug 31 07:00:30 dedicated sshd[4577]: Invalid user asl from 111.21.99.227 port 41256