20 attempts against mh-misbehave-ban on cedar

2019-12-03T12:45:35.562832abusebot-4.cloudsearch.cf sshd\[24289\]: Invalid user nearftp from 61.161.236.202 port 63945

Dec  3 08:06:53 linuxvps sshd\[46574\]: Invalid user P@\$\$WORD2019 from 122.224.66.162
Dec  3 08:06:53 linuxvps sshd\[46574\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.224.66.162
Dec  3 08:06:55 linuxvps sshd\[46574\]: Failed password for invalid user P@\$\$WORD2019 from 122.224.66.162 port 52054 ssh2
Dec  3 08:15:54 linuxvps sshd\[52030\]: Invalid user default from 122.224.66.162
Dec  3 08:15:54 linuxvps sshd\[52030\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.224.66.162

2019-12-03T06:23:25.361080abusebot-5.cloudsearch.cf sshd\[6788\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.171.32.66  user=root

MultiHost/MultiPort Probe, Scan, Hack -

SSH auth scanning - multiple failed logins

3389BruteforceFW22

SSH bruteforce (Triggered fail2ban)

Automatic report - Port Scan Attack

Dec  3 13:55:18 server sshd\[452\]: Invalid user comrade from 206.81.11.216
Dec  3 13:55:18 server sshd\[452\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.11.216 
Dec  3 13:55:20 server sshd\[452\]: Failed password for invalid user comrade from 206.81.11.216 port 46914 ssh2
Dec  3 14:01:17 server sshd\[1789\]: Invalid user jnoakes from 206.81.11.216
Dec  3 14:01:17 server sshd\[1789\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.11.216 
...

Dec  3 13:58:09 OPSO sshd\[29204\]: Invalid user com\#2010\?01 from 218.94.140.106 port 2122
Dec  3 13:58:09 OPSO sshd\[29204\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.94.140.106
Dec  3 13:58:11 OPSO sshd\[29204\]: Failed password for invalid user com\#2010\?01 from 218.94.140.106 port 2122 ssh2
Dec  3 14:07:11 OPSO sshd\[31004\]: Invalid user cocacola from 218.94.140.106 port 2124
Dec  3 14:07:11 OPSO sshd\[31004\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.94.140.106

" "

Dec  3 11:06:31 *** sshd[17182]: Invalid user hokland from 89.208.246.240

Dec  2 22:06:15 penfold sshd[14335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.212.41.114  user=r.r
Dec  2 22:06:17 penfold sshd[14335]: Failed password for r.r from 201.212.41.114 port 49482 ssh2
Dec  2 22:06:17 penfold sshd[14335]: Received disconnect from 201.212.41.114 port 49482:11: Bye Bye [preauth]
Dec  2 22:06:17 penfold sshd[14335]: Disconnected from 201.212.41.114 port 49482 [preauth]
Dec  2 22:22:16 penfold sshd[15209]: Invalid user info from 201.212.41.114 port 59944
Dec  2 22:22:16 penfold sshd[15209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.212.41.114 
Dec  2 22:22:19 penfold sshd[15209]: Failed password for invalid user info from 201.212.41.114 port 59944 ssh2
Dec  2 22:22:19 penfold sshd[15209]: Received disconnect from 201.212.41.114 port 59944:11: Bye Bye [preauth]
Dec  2 22:22:19 penfold sshd[15209]: Disconnected from 201.212.41.114 port 59944 [preaut........
-------------------------------

Telnetd brute force attack detected by fail2ban

\[2019-12-03 07:58:02\] NOTICE\[2754\] chan_sip.c: Registration from '"1000" \' failed for '75.102.27.106:5065' - Wrong password
\[2019-12-03 07:58:02\] SECURITY\[2765\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-12-03T07:58:02.668-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="1000",SessionID="0x7f26c4a08808",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/75.102.27.106/5065",Challenge="35083298",ReceivedChallenge="35083298",ReceivedHash="fdca3bebcd7e4dfd937b5be606766c9b"
\[2019-12-03 08:07:49\] NOTICE\[2754\] chan_sip.c: Registration from '"1000" \' failed for '75.102.27.106:5102' - Wrong password
\[2019-12-03 08:07:49\] SECURITY\[2765\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-12-03T08:07:49.789-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="1000",SessionID="0x7f26c4840358",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UD