45.119.212.93 - - [10/Aug/2020:15:19:54 +0100] "POST /wp-login.php HTTP/1.1" 200 1956 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
45.119.212.93 - - [10/Aug/2020:15:19:57 +0100] "POST /wp-login.php HTTP/1.1" 200 1953 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
45.119.212.93 - - [10/Aug/2020:15:19:58 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

Aug 10 13:54:30 mxgate1 postfix/postscreen[6092]: CONNECT from [139.255.181.180]:28992 to [176.31.12.44]:25
Aug 10 13:54:30 mxgate1 postfix/dnsblog[6112]: addr 139.255.181.180 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2
Aug 10 13:54:30 mxgate1 postfix/dnsblog[6115]: addr 139.255.181.180 listed by domain zen.spamhaus.org as 127.0.0.4
Aug 10 13:54:30 mxgate1 postfix/dnsblog[6112]: addr 139.255.181.180 listed by domain cbl.abuseat.org as 127.0.0.2
Aug 10 13:54:30 mxgate1 postfix/dnsblog[6115]: addr 139.255.181.180 listed by domain zen.spamhaus.org as 127.0.0.11
Aug 10 13:54:30 mxgate1 postfix/dnsblog[6113]: addr 139.255.181.180 listed by domain b.barracudacentral.org as 127.0.0.2
Aug 10 13:54:36 mxgate1 postfix/postscreen[6092]: DNSBL rank 5 for [139.255.181.180]:28992
Aug x@x


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=139.255.181.180

Aug 10 13:22:51 WHD8 dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.65.187, lip=10.64.89.208, session=\<0Je6LISs4P5QUkG7\>
Aug 10 13:28:16 WHD8 dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.65.187, lip=10.64.89.208, session=\
Aug 10 13:33:43 WHD8 dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.65.187, lip=10.64.89.208, session=\
Aug 10 13:39:09 WHD8 dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.65.187, lip=10.64.89.208, session=\
Aug 10 13:44:35 WHD8 dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.65.187, lip=10.64.89.208,
...

Bruteforce detected by fail2ban

Aug 10 13:53:52 mail.srvfarm.net postfix/smtpd[1653886]: warning: unknown[109.164.5.222]: SASL PLAIN authentication failed: 
Aug 10 13:53:52 mail.srvfarm.net postfix/smtpd[1653886]: lost connection after AUTH from unknown[109.164.5.222]
Aug 10 13:56:57 mail.srvfarm.net postfix/smtps/smtpd[1652474]: warning: unknown[109.164.5.222]: SASL PLAIN authentication failed: 
Aug 10 13:56:57 mail.srvfarm.net postfix/smtps/smtpd[1652474]: lost connection after AUTH from unknown[109.164.5.222]
Aug 10 14:01:41 mail.srvfarm.net postfix/smtps/smtpd[1657860]: warning: unknown[109.164.5.222]: SASL PLAIN authentication failed:

Port probing on unauthorized port 23

$f2bV_matches

Automatic report - Port Scan Attack

Banned for a week because repeated abuses, for example SSH, but not only

2020-08-10T19:24:48.274223afi-git.jinr.ru sshd[22350]: Failed password for root from 222.186.175.154 port 15902 ssh2
2020-08-10T19:24:51.848987afi-git.jinr.ru sshd[22350]: Failed password for root from 222.186.175.154 port 15902 ssh2
2020-08-10T19:24:54.971952afi-git.jinr.ru sshd[22350]: Failed password for root from 222.186.175.154 port 15902 ssh2
2020-08-10T19:24:54.972084afi-git.jinr.ru sshd[22350]: error: maximum authentication attempts exceeded for root from 222.186.175.154 port 15902 ssh2 [preauth]
2020-08-10T19:24:54.972098afi-git.jinr.ru sshd[22350]: Disconnecting: Too many authentication failures [preauth]
...

Aug 10 16:42:28 prox sshd[32517]: Failed password for root from 175.207.29.235 port 43470 ssh2

Aug 10 18:03:33 vps sshd[724914]: Failed password for root from 49.88.112.69 port 56143 ssh2
Aug 10 18:03:36 vps sshd[724914]: Failed password for root from 49.88.112.69 port 56143 ssh2
Aug 10 18:04:53 vps sshd[731578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.69  user=root
Aug 10 18:04:55 vps sshd[731578]: Failed password for root from 49.88.112.69 port 11752 ssh2
Aug 10 18:04:57 vps sshd[731578]: Failed password for root from 49.88.112.69 port 11752 ssh2
...

[10/Aug/2020 x@x
[10/Aug/2020 x@x
[10/Aug/2020 x@x


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=41.62.210.230

Automatic report - Port Scan Attack

Bruteforce detected by fail2ban