Mar 31 06:39:12 haigwepa sshd[31927]: Failed password for mysql from 175.24.72.144 port 58818 ssh2
...

SSH brute force attempt

port

Mar 31 07:27:42 mail.srvfarm.net postfix/smtpd[403581]: warning: unknown[45.95.168.159]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Mar 31 07:27:42 mail.srvfarm.net postfix/smtpd[403581]: lost connection after UNKNOWN from unknown[45.95.168.159]
Mar 31 07:27:53 mail.srvfarm.net postfix/smtpd[406444]: warning: unknown[45.95.168.159]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Mar 31 07:27:53 mail.srvfarm.net postfix/smtpd[406444]: lost connection after UNKNOWN from unknown[45.95.168.159]
Mar 31 07:28:55 mail.srvfarm.net postfix/smtpd[425640]: warning: unknown[45.95.168.159]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Mar 31 07:28:55 mail.srvfarm.net postfix/smtpd[425640]: lost connection after UNKNOWN from unknown[45.95.168.159]

SSH bruteforce (Triggered fail2ban)

Mar 31 00:42:03 NPSTNNYC01T sshd[24348]: Failed password for root from 125.132.73.14 port 49700 ssh2
Mar 31 00:46:03 NPSTNNYC01T sshd[24611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.73.14
Mar 31 00:46:05 NPSTNNYC01T sshd[24611]: Failed password for invalid user shen from 125.132.73.14 port 55956 ssh2
...

[2020-03-31 01:00:19] NOTICE[1148][C-00019528] chan_sip.c: Call from '' (63.143.57.30:5073) to extension '011972599362540' rejected because extension not found in context 'public'.
[2020-03-31 01:00:19] SECURITY[1163] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-03-31T01:00:19.251-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="011972599362540",SessionID="0x7fd82cdb8718",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/63.143.57.30/5073",ACLName="no_extension_match"
[2020-03-31 01:08:38] NOTICE[1148][C-00019533] chan_sip.c: Call from '' (63.143.57.30:5106) to extension '011972599362540' rejected because extension not found in context 'public'.
[2020-03-31 01:08:38] SECURITY[1163] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-03-31T01:08:38.101-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="011972599362540",SessionID="0x7fd82cdb8718",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/63.143
...

port

2020-03-31T07:26:40.355146ns386461 sshd\[29558\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.175.50.124  user=root
2020-03-31T07:26:43.102573ns386461 sshd\[29558\]: Failed password for root from 210.175.50.124 port 32672 ssh2
2020-03-31T07:33:42.086737ns386461 sshd\[3412\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.175.50.124  user=root
2020-03-31T07:33:44.102434ns386461 sshd\[3412\]: Failed password for root from 210.175.50.124 port 17932 ssh2
2020-03-31T07:37:10.201772ns386461 sshd\[6492\]: Invalid user kh from 210.175.50.124 port 16887
2020-03-31T07:37:10.206358ns386461 sshd\[6492\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.175.50.124
...

Mar 31 05:41:49 mail.srvfarm.net postfix/smtpd[380628]: NOQUEUE: reject: RCPT from unknown[217.112.142.173]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo=
Mar 31 05:46:05 mail.srvfarm.net postfix/smtpd[380628]: NOQUEUE: reject: RCPT from unknown[217.112.142.173]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo=
Mar 31 05:46:13 mail.srvfarm.net postfix/smtpd[381531]: NOQUEUE: reject: RCPT from unknown[217.112.142.173]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo=
Mar 31 05:47:51 mail.srvfarm.net postfix/smtpd[382811]: NOQUEUE: reject: RCPT from unknown[217.112.142.173

03/31/2020-00:00:38.680466 129.28.188.115 Protocol: 6 ET SCAN Potential SSH Scan

Unauthorized connection attempt detected from IP address 121.227.110.212 to port 1433

3x Failed Password

Mar 30 19:19:53 web1 sshd\[1424\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.108.106.1  user=root
Mar 30 19:19:55 web1 sshd\[1424\]: Failed password for root from 211.108.106.1 port 59200 ssh2
Mar 30 19:23:29 web1 sshd\[1821\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.108.106.1  user=root
Mar 30 19:23:30 web1 sshd\[1821\]: Failed password for root from 211.108.106.1 port 50682 ssh2
Mar 30 19:27:18 web1 sshd\[2220\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.108.106.1  user=root

221.228.97.218 was recorded 13 times by 1 hosts attempting to connect to the following ports: 53413. Incident counter (4h, 24h, all-time): 13, 52, 1839