Jul 26 09:53:06 mail.srvfarm.net postfix/smtpd[1125432]: warning: vps-eb8cf374.vps.ovh.net[51.77.202.154]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 26 09:53:06 mail.srvfarm.net postfix/smtpd[1125432]: lost connection after AUTH from vps-eb8cf374.vps.ovh.net[51.77.202.154]
Jul 26 10:00:47 mail.srvfarm.net postfix/smtpd[1125433]: warning: vps-eb8cf374.vps.ovh.net[51.77.202.154]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 26 10:00:47 mail.srvfarm.net postfix/smtpd[1125433]: lost connection after AUTH from vps-eb8cf374.vps.ovh.net[51.77.202.154]
Jul 26 10:00:55 mail.srvfarm.net postfix/smtpd[1132537]: warning: vps-eb8cf374.vps.ovh.net[51.77.202.154]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

Invalid user geiger from 217.61.108.147 port 52360

Jul 26 10:57:58 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.65.187, lip=185.118.197.126, session=
Jul 26 10:58:35 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.65.187, lip=185.118.197.126, session=
Jul 26 10:58:45 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=80.82.65.187, lip=185.118.197.126, session=
Jul 26 10:59:13 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.65.187, lip=185.118.197.126, session=
Jul 26 10:59:35 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82

Jul 26 05:37:59 mail.srvfarm.net postfix/smtpd[1029334]: warning: unknown[178.239.157.208]: SASL PLAIN authentication failed: 
Jul 26 05:37:59 mail.srvfarm.net postfix/smtpd[1029334]: lost connection after AUTH from unknown[178.239.157.208]
Jul 26 05:38:42 mail.srvfarm.net postfix/smtpd[1029334]: warning: unknown[178.239.157.208]: SASL PLAIN authentication failed: 
Jul 26 05:38:42 mail.srvfarm.net postfix/smtpd[1029334]: lost connection after AUTH from unknown[178.239.157.208]
Jul 26 05:46:48 mail.srvfarm.net postfix/smtpd[1029330]: warning: unknown[178.239.157.208]: SASL PLAIN authentication failed:

Jul 26 11:22:27 vps647732 sshd[4965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.231.161
Jul 26 11:22:29 vps647732 sshd[4965]: Failed password for invalid user ladev from 51.77.231.161 port 56188 ssh2
...

DATE:2020-07-26 05:52:54, IP:72.186.152.188, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)

SSH Brute Force

Automatic report - Port Scan Attack

<6 unauthorized SSH connections

2020-07-26T05:20:39.719357vps2034 sshd[20232]: Failed password for root from 222.186.173.183 port 18940 ssh2
2020-07-26T05:20:42.631671vps2034 sshd[20232]: Failed password for root from 222.186.173.183 port 18940 ssh2
2020-07-26T05:20:45.624802vps2034 sshd[20232]: Failed password for root from 222.186.173.183 port 18940 ssh2
2020-07-26T05:20:45.625451vps2034 sshd[20232]: error: maximum authentication attempts exceeded for root from 222.186.173.183 port 18940 ssh2 [preauth]
2020-07-26T05:20:45.625476vps2034 sshd[20232]: Disconnecting: Too many authentication failures [preauth]
...

Jul 26 08:30:20 vps639187 sshd\[13884\]: Invalid user support from 119.254.155.187 port 5862
Jul 26 08:30:20 vps639187 sshd\[13884\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.254.155.187
Jul 26 08:30:22 vps639187 sshd\[13884\]: Failed password for invalid user support from 119.254.155.187 port 5862 ssh2
...

Fail2Ban

Jul 26 05:47:51 mail.srvfarm.net postfix/smtps/smtpd[1027769]: warning: unknown[91.245.30.147]: SASL PLAIN authentication failed: 
Jul 26 05:47:51 mail.srvfarm.net postfix/smtps/smtpd[1027769]: lost connection after AUTH from unknown[91.245.30.147]
Jul 26 05:50:19 mail.srvfarm.net postfix/smtps/smtpd[1031887]: warning: unknown[91.245.30.147]: SASL PLAIN authentication failed: 
Jul 26 05:50:19 mail.srvfarm.net postfix/smtps/smtpd[1031887]: lost connection after AUTH from unknown[91.245.30.147]
Jul 26 05:52:29 mail.srvfarm.net postfix/smtps/smtpd[1032031]: warning: unknown[91.245.30.147]: SASL PLAIN authentication failed:

Jul 26 10:41:39 eventyay sshd[12255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.247.140.89
Jul 26 10:41:41 eventyay sshd[12255]: Failed password for invalid user vnc from 223.247.140.89 port 46496 ssh2
Jul 26 10:44:59 eventyay sshd[12352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.247.140.89
...

Attempted Brute Force (dovecot)