| 14.152.95.16 |
attack |
Mar 19 22:44:48 v22018076622670303 sshd\[19319\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.152.95.16 user=root
Mar 19 22:44:51 v22018076622670303 sshd\[19319\]: Failed password for root from 14.152.95.16 port 33924 ssh2
Mar 19 22:54:44 v22018076622670303 sshd\[19445\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.152.95.16 user=root
... |
2020-03-20 06:00:51 |
| 106.12.207.34 |
attackbotsspam |
Mar 19 22:52:42 sd-53420 sshd\[8999\]: Invalid user steam from 106.12.207.34
Mar 19 22:52:42 sd-53420 sshd\[8999\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.207.34
Mar 19 22:52:43 sd-53420 sshd\[8999\]: Failed password for invalid user steam from 106.12.207.34 port 36950 ssh2
Mar 19 22:54:49 sd-53420 sshd\[9619\]: User root from 106.12.207.34 not allowed because none of user's groups are listed in AllowGroups
Mar 19 22:54:49 sd-53420 sshd\[9619\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.207.34 user=root
... |
2020-03-20 05:58:59 |
| 212.129.26.136 |
attack |
WordPress login Brute force / Web App Attack on client site. |
2020-03-20 06:03:28 |
| 120.92.50.55 |
attack |
Mar 19 22:51:26 [host] sshd[12858]: pam_unix(sshd:
Mar 19 22:51:29 [host] sshd[12858]: Failed passwor
Mar 19 22:54:10 [host] sshd[12920]: pam_unix(sshd: |
2020-03-20 06:24:56 |
| 177.220.175.135 |
attackspambots |
Mar 19 22:53:53 andromeda sshd\[39881\]: Invalid user git from 177.220.175.135 port 6813
Mar 19 22:53:54 andromeda sshd\[39881\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.220.175.135
Mar 19 22:53:55 andromeda sshd\[39881\]: Failed password for invalid user git from 177.220.175.135 port 6813 ssh2 |
2020-03-20 06:30:18 |
| 14.169.172.106 |
attack |
2020-03-1922:52:231jF35R-0003vs-34\<=info@whatsup2013.chH=\(localhost\)[123.25.30.87]:48740P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3653id=0A0FB9EAE1351BA87471388044535516@whatsup2013.chT="iamChristina"forthomaseppler87@gmail.commarcusr0456@gmail.com2020-03-1922:54:231jF37P-00049q-9p\<=info@whatsup2013.chH=cpe.xe-2-1-1-800.aaanqe10.dk.customer.tdc.net\(localhost\)[2.109.111.130]:36891P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3692id=BBBE085B5084AA19C5C08931F5E2AF83@whatsup2013.chT="iamChristina"fordriesie83@gmail.comadam1z@hotmail.com2020-03-1922:53:291jF36W-00043a-Tq\<=info@whatsup2013.chH=\(localhost\)[123.20.187.163]:57951P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3597id=686DDB88835779CA16135AE226872822@whatsup2013.chT="iamChristina"forag2013762@gmail.comryanpfisher34@gmail.com2020-03-1922:53:111jF36F-00042D-BJ\<=info@whatsup2013.chH=\(localhost\)[14.169.17 |
2020-03-20 06:10:42 |
| 61.160.95.126 |
attackspam |
CMS (WordPress or Joomla) login attempt. |
2020-03-20 06:19:23 |
| 107.179.192.160 |
attackspambots |
CMS (WordPress or Joomla) login attempt. |
2020-03-20 06:28:47 |
| 173.211.31.234 |
attackspambots |
(From keithhoff@imail.party)
Hello,
I have not received an update regarding measures you're taking to combat COVID-19. I hope you'll assure us that you are following all recently released guidelines and taking every precaution to protect our community?
I'm very concerned that countless young people are not taking COVID-19 seriously (ex. the Spring Break beaches are still packed). I think the only way to combat this 'whatever attitude' is by sharing as much information as possible.
I hope you will add an alert banner with a link to the CDC's coronavirus page (https://www.cdc.gov/coronavirus/2019-ncov/index.html) or the WHO's page. More importantly, please consider copy & pasting this Creative Commons 4.0 (free to re-publish) article to your site (https://covidblog.info).
Without strict measures and an *educated community*, the number of cases will increase exponentially throughout the global population!
Stay safe,
Keith |
2020-03-20 06:15:50 |
| 45.40.143.13 |
attackspam |
[ThuMar1922:54:11.9945442020][:error][pid23230:tid47868506552064][client45.40.143.13:42166][client45.40.143.13]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\(\?:\$mozilla\^\|mozilla/[45]\\\\\\\\.[1-9]\|\^mozilla/4\\\\\\\\.0\$\)"atREQUEST_HEADERS:User-Agent.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"426"][id"330131"][rev"3"][msg"Atomicorp.comWAFRules:MaliciousBotBlocked\(FakeMozillaUserAgentStringDetected\)"][severity"CRITICAL"][hostname"wwlc.ch"][uri"/wp-load.php"][unique_id"XnPqA0vPV7rtHP0gxJm4BwAAAUc"]\,referer:wwlc.ch[ThuMar1922:54:13.1609842020][:error][pid8165:tid47868523362048][client45.40.143.13:57346][client45.40.143.13]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\(\?:\$mozilla\^\|mozilla/[45]\\\\\\\\.[1-9]\|\^mozilla/4\\\\\\\\.0\$\)"atREQUEST_HEADERS:User-Agent.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"426"][id"330131"][rev"3"][msg"Atomicorp.comWAFRules:MaliciousBotBlocked\(FakeMozillaUser |
2020-03-20 06:21:48 |
| 111.231.109.151 |
attackbotsspam |
Mar 19 22:47:22 Ubuntu-1404-trusty-64-minimal sshd\[19825\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.109.151 user=root
Mar 19 22:47:23 Ubuntu-1404-trusty-64-minimal sshd\[19825\]: Failed password for root from 111.231.109.151 port 47390 ssh2
Mar 19 22:51:59 Ubuntu-1404-trusty-64-minimal sshd\[23158\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.109.151 user=root
Mar 19 22:52:02 Ubuntu-1404-trusty-64-minimal sshd\[23158\]: Failed password for root from 111.231.109.151 port 59720 ssh2
Mar 19 22:54:03 Ubuntu-1404-trusty-64-minimal sshd\[24007\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.109.151 user=irc |
2020-03-20 06:28:16 |
| 141.98.10.127 |
attack |
[2020-03-19 17:54:42] NOTICE[1148] chan_sip.c: Registration from '' failed for '141.98.10.127:59582' - Wrong password
[2020-03-19 17:54:42] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-03-19T17:54:42.971-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="Lind",SessionID="0x7fd82c530768",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/141.98.10.127/59582",Challenge="5dd753a4",ReceivedChallenge="5dd753a4",ReceivedHash="28aed93faa5711038a04d90082fa1007"
[2020-03-19 17:54:44] NOTICE[1148] chan_sip.c: Registration from '' failed for '141.98.10.127:62998' - Wrong password
[2020-03-19 17:54:44] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-03-19T17:54:44.880-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="harley",SessionID="0x7fd82cdb8718",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/141.98.10
... |
2020-03-20 06:00:28 |
| 204.48.27.30 |
attack |
Mar 19 23:54:33 server2 sshd\[11294\]: User root from 204.48.27.30 not allowed because not listed in AllowUsers
Mar 19 23:54:34 server2 sshd\[11296\]: Invalid user admin from 204.48.27.30
Mar 19 23:54:35 server2 sshd\[11298\]: Invalid user admin from 204.48.27.30
Mar 19 23:54:36 server2 sshd\[11300\]: Invalid user user from 204.48.27.30
Mar 19 23:54:36 server2 sshd\[11302\]: Invalid user ubnt from 204.48.27.30
Mar 19 23:54:37 server2 sshd\[11304\]: Invalid user admin from 204.48.27.30 |
2020-03-20 06:04:37 |
| 51.75.52.127 |
attackspambots |
Mar 19 22:54:36 debian-2gb-nbg1-2 kernel: \[6913981.620139\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=51.75.52.127 DST=195.201.40.59 LEN=44 TOS=0x10 PREC=0x00 TTL=113 ID=9070 PROTO=TCP SPT=26200 DPT=8891 WINDOW=3530 RES=0x00 SYN URGP=0 |
2020-03-20 06:05:54 |
| 216.10.31.137 |
attack |
(From keithhoff@imail.party)
Hello,
I have not received an update regarding measures you're taking to combat COVID-19. I hope you'll assure us that you are following all recently released guidelines and taking every precaution to protect our community?
I'm very concerned that countless young people are not taking COVID-19 seriously (ex. the Spring Break beaches are still packed). I think the only way to combat this 'whatever attitude' is by sharing as much information as possible.
I hope you will add an alert banner with a link to the CDC's coronavirus page (https://www.cdc.gov/coronavirus/2019-ncov/index.html) or the WHO's page. More importantly, please consider copy & pasting this Creative Commons 4.0 (free to re-publish) article to your site (https://covidblog.info).
Without strict measures and an *educated community*, the number of cases will increase exponentially throughout the global population!
Stay safe,
Keith |
2020-03-20 06:20:07 |