[-]:80 2604:a880:cad:d0::54f:c001 - - [05/Sep/2020:18:42:36 +0200] "GET /wp-login.php HTTP/1.1" 301 456 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

[-]:80 2604:a880:cad:d0::54f:c001 - - [05/Sep/2020:18:42:36 +0200] "GET /wp-login.php HTTP/1.1" 301 456 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

Jun  1 05:49:48 wordpress wordpress(www.ruhnke.cloud)[19367]: XML-RPC authentication attempt for unknown user [login] from 2604:a880:cad:d0::54f:c001

xmlrpc attack

xmlrpc attack

C1,WP GET /nelson/wp-login.php

WordPress login Brute force / Web App Attack on client site.

Wordpress attack

webserver:443 [09/Feb/2020]  "GET /wp-login.php HTTP/1.1" 404 4101 "http://_mta-sts.asunledevles.duckdns.org/wp-login.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

WordPress login Brute force / Web App Attack on client site.

WordPress wp-login brute force :: 2604:a880:cad:d0::54f:c001 0.088 BYPASS [03/Nov/2019:05:49:49  0000] www.[censored_4] "POST /wp-login.php HTTP/1.1" 200 1524 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

Dec 12 00:03:51 auw2 sshd\[20330\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.173.180  user=root
Dec 12 00:03:53 auw2 sshd\[20330\]: Failed password for root from 222.186.173.180 port 33594 ssh2
Dec 12 00:04:02 auw2 sshd\[20330\]: Failed password for root from 222.186.173.180 port 33594 ssh2
Dec 12 00:04:05 auw2 sshd\[20330\]: Failed password for root from 222.186.173.180 port 33594 ssh2
Dec 12 00:04:09 auw2 sshd\[20372\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.173.180  user=root

Dec 12 08:27:56 l02a sshd[5469]: Invalid user fauzi from 175.182.91.104
Dec 12 08:27:56 l02a sshd[5469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.182.91.104 
Dec 12 08:27:56 l02a sshd[5469]: Invalid user fauzi from 175.182.91.104
Dec 12 08:27:58 l02a sshd[5469]: Failed password for invalid user fauzi from 175.182.91.104 port 47892 ssh2

Helo

Unauthorized connection attempt detected from IP address 80.82.65.60 to port 445

2019-12-12 00:25:45 dovecot_login authenticator failed for (sienawx.net) [111.75.149.221]:51300 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=nologin@lerctr.org)
2019-12-12 00:26:15 dovecot_login authenticator failed for (sienawx.net) [111.75.149.221]:52686 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=alex@lerctr.org)
2019-12-12 00:26:40 dovecot_login authenticator failed for (sienawx.net) [111.75.149.221]:54536 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=alex@lerctr.org)
...

Dec 12 10:00:24 zeus sshd[28491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.75.24.68 
Dec 12 10:00:27 zeus sshd[28491]: Failed password for invalid user hank from 119.75.24.68 port 55032 ssh2
Dec 12 10:06:39 zeus sshd[28686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.75.24.68 
Dec 12 10:06:41 zeus sshd[28686]: Failed password for invalid user luthra from 119.75.24.68 port 37108 ssh2

[portscan] tcp/3389 [MS RDP]
[scan/connect: 2 time(s)]
*(RWIN=1024)(12121149)

SSH Bruteforce attempt

Dec 12 10:43:17 OPSO sshd\[30060\]: Invalid user courtadm from 106.12.102.143 port 58020
Dec 12 10:43:17 OPSO sshd\[30060\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.102.143
Dec 12 10:43:19 OPSO sshd\[30060\]: Failed password for invalid user courtadm from 106.12.102.143 port 58020 ssh2
Dec 12 10:50:21 OPSO sshd\[31633\]: Invalid user cheng from 106.12.102.143 port 39772
Dec 12 10:50:21 OPSO sshd\[31633\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.102.143

(From eric@talkwithcustomer.com) Hello knutsonchiropractic.com,

People ask, “why does TalkWithCustomer work so well?”

It’s simple.

TalkWithCustomer enables you to connect with a prospective customer at EXACTLY the Perfect Time.

- NOT one week, two weeks, three weeks after they’ve checked out your website knutsonchiropractic.com.
- NOT with a form letter style email that looks like it was written by a bot.
- NOT with a robocall that could come at any time out of the blue.

TalkWithCustomer connects you to that person within seconds of THEM asking to hear from YOU.

They kick off the conversation.

They take that first step.

They ask to hear from you regarding what you have to offer and how it can make their life better. 

And it happens almost immediately. In real time. While they’re still looking over your website knutsonchiropractic.com, trying to make up their mind whether you are right for them.

When you connect with them at that very moment it’s the ultimate in Perfect Timing –

SSH Brute Force, server-1 sshd[4834]: Failed password for invalid user tchangid from 210.71.232.236 port 33798 ssh2

Automatic report - Port Scan Attack

Cluster member 192.168.0.31 (-) said, DENY 41.236.106.45, Reason:[(imapd) Failed IMAP login from 41.236.106.45 (EG/Egypt/host-41.236.106.45.tedata.net): 1 in the last 3600 secs]

sshd jail - ssh hack attempt

Dec 11 23:32:11 php1 sshd\[616\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.13.129.34  user=root
Dec 11 23:32:13 php1 sshd\[616\]: Failed password for root from 190.13.129.34 port 35590 ssh2
Dec 11 23:39:21 php1 sshd\[1535\]: Invalid user toponce from 190.13.129.34
Dec 11 23:39:21 php1 sshd\[1535\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.13.129.34
Dec 11 23:39:22 php1 sshd\[1535\]: Failed password for invalid user toponce from 190.13.129.34 port 46262 ssh2