Nov 27 17:33:44 server sshd\[25515\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=mangue.dqf.ufpe.br  user=root
Nov 27 17:33:46 server sshd\[25515\]: Failed password for root from 150.161.5.10 port 38254 ssh2
Nov 27 17:47:51 server sshd\[29115\]: Invalid user harijs from 150.161.5.10
Nov 27 17:47:51 server sshd\[29115\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=mangue.dqf.ufpe.br 
Nov 27 17:47:53 server sshd\[29115\]: Failed password for invalid user harijs from 150.161.5.10 port 34306 ssh2
...

UTC: 2019-11-26 port: 26/tcp

MultiHost/MultiPort Probe, Scan, Hack -

Nov 27 07:39:51 web1 sshd\[25491\]: Invalid user vp from 182.76.165.86
Nov 27 07:39:51 web1 sshd\[25491\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.76.165.86
Nov 27 07:39:53 web1 sshd\[25491\]: Failed password for invalid user vp from 182.76.165.86 port 34512 ssh2
Nov 27 07:48:04 web1 sshd\[26236\]: Invalid user caveclan from 182.76.165.86
Nov 27 07:48:04 web1 sshd\[26236\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.76.165.86

Nov 28 01:07:08 gw1 sshd[2759]: Failed password for root from 190.144.14.170 port 53754 ssh2
...

Nov 27 19:17:21 v22018076622670303 sshd\[19277\]: Invalid user john12345 from 122.152.250.89 port 58450
Nov 27 19:17:21 v22018076622670303 sshd\[19277\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.152.250.89
Nov 27 19:17:23 v22018076622670303 sshd\[19277\]: Failed password for invalid user john12345 from 122.152.250.89 port 58450 ssh2
...

2019-11-27T16:48:38.459915shield sshd\[17219\]: Invalid user roemer from 118.24.149.173 port 48650
2019-11-27T16:48:38.464176shield sshd\[17219\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.149.173
2019-11-27T16:48:40.308678shield sshd\[17219\]: Failed password for invalid user roemer from 118.24.149.173 port 48650 ssh2
2019-11-27T16:57:25.423801shield sshd\[18106\]: Invalid user tini from 118.24.149.173 port 55284
2019-11-27T16:57:25.428405shield sshd\[18106\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.149.173

MultiHost/MultiPort Probe, Scan, Hack -

MultiHost/MultiPort Probe, Scan, Hack -

Nov 27 13:55:45 vps46666688 sshd[31532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.46.142.80
Nov 27 13:55:47 vps46666688 sshd[31532]: Failed password for invalid user host from 36.46.142.80 port 53125 ssh2
...

Nov2715:46:06server2dovecot:imap-login:Abortedlogin\(authfailed\,1attemptsin2secs\):user=\\,method=PLAIN\,rip=62.167.15.204\,lip=81.17.25.230\,session=\Nov2715:46:12server2dovecot:imap-login:Abortedlogin\(authfailed\,1attemptsin6secs\):user=\\,method=PLAIN\,rip=62.167.15.204\,lip=81.17.25.230\,session=\Nov2715:46:18server2dovecot:imap-login:Abortedlogin\(authfailed\,1attemptsin6secs\):user=\\,method=PLAIN\,rip=62.167.15.204\,lip=81.17.25.230\,session=\Nov2715:46:24server2dovecot:imap-login:Abortedlogin\(authfailed\,1attemptsin6secs\):user=\\,method=PLAIN\,rip=62.167.15.204\,lip=81.17.25.230\,session=\< 2Y6D1WYNN8 pw/M\>Nov2715:46:24server2dovecot:imap-login:Abortedlogin\(authfailed\,1attemptsin6secs\):user=\\,method=PLAIN\,rip=62.167.15.204\,lip=81.17.25.230\,session=\Nov2715:4

Automatic report - Port Scan Attack

Telnet/23 MH Probe, BF, Hack -

UTC: 2019-11-26 pkts: 4 port: 81/tcp

Nov 27 09:41:55 eola postfix/smtpd[25609]: connect from unknown[178.128.148.147]
Nov 27 09:41:55 eola postfix/smtpd[25609]: NOQUEUE: reject: RCPT from unknown[178.128.148.147]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from=x@x helo=
Nov 27 09:41:55 eola postfix/smtpd[25609]: disconnect from unknown[178.128.148.147] ehlo=1 mail=1 rcpt=0/1 quhostname=1 commands=3/4
Nov 27 09:41:55 eola postfix/smtpd[25609]: connect from unknown[178.128.148.147]
Nov 27 09:41:55 eola postfix/smtpd[25609]: lost connection after AUTH from unknown[178.128.148.147]
Nov 27 09:41:55 eola postfix/smtpd[25609]: disconnect from unknown[178.128.148.147] ehlo=1 auth=0/1 commands=1/2
Nov 27 09:41:55 eola postfix/smtpd[25609]: connect from unknown[178.128.148.147]
Nov 27 09:41:55 eola postfix/smtpd[25609]: lost connection after AUTH from unknown[178.128.148.147]
Nov 27 09:41:55 eola postfix/smtpd[25609]: disconnect from unknown[178.128.148.147] ehlo=1 auth=0/1 comma........
-------------------------------