| 116.62.147.109 |
attackspambots |
(mod_security) mod_security (id:920350) triggered by 116.62.147.109 (CN/-/-): 1 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/10 05:53:10 [error] 445087#0: *59085 [client 116.62.147.109] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159703159028.686758"] [ref "o0,17v21,17"], client: 116.62.147.109, [redacted] request: "GET / HTTP/1.1" [redacted] |
2020-08-10 15:16:42 |
| 191.241.160.83 |
attackbotsspam |
Aug 10 05:02:56 mail.srvfarm.net postfix/smtps/smtpd[1295937]: warning: unknown[191.241.160.83]: SASL PLAIN authentication failed:
Aug 10 05:02:56 mail.srvfarm.net postfix/smtps/smtpd[1295937]: lost connection after AUTH from unknown[191.241.160.83]
Aug 10 05:07:44 mail.srvfarm.net postfix/smtps/smtpd[1295934]: warning: unknown[191.241.160.83]: SASL PLAIN authentication failed:
Aug 10 05:07:44 mail.srvfarm.net postfix/smtps/smtpd[1295934]: lost connection after AUTH from unknown[191.241.160.83]
Aug 10 05:11:11 mail.srvfarm.net postfix/smtps/smtpd[1295937]: warning: unknown[191.241.160.83]: SASL PLAIN authentication failed: |
2020-08-10 15:43:11 |
| 112.85.42.186 |
attackspam |
Aug 10 09:10:00 piServer sshd[787]: Failed password for root from 112.85.42.186 port 14416 ssh2
Aug 10 09:10:03 piServer sshd[787]: Failed password for root from 112.85.42.186 port 14416 ssh2
Aug 10 09:10:06 piServer sshd[787]: Failed password for root from 112.85.42.186 port 14416 ssh2
... |
2020-08-10 15:21:47 |
| 198.27.80.123 |
attackbots |
198.27.80.123 - - [10/Aug/2020:08:56:09 +0200] "POST /wp-login.php HTTP/1.1" 200 5379 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
198.27.80.123 - - [10/Aug/2020:08:56:10 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
198.27.80.123 - - [10/Aug/2020:08:56:17 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
198.27.80.123 - - [10/Aug/2020:08:56:25 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
198.27.80.123 - - [10/Aug/2020:08:56:27 +0200] "POST /wp-login.php HTTP/1.1" 200 5379 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safar
... |
2020-08-10 15:19:09 |
| 139.186.69.133 |
attackspam |
Aug 10 08:13:52 vm0 sshd[19814]: Failed password for root from 139.186.69.133 port 46364 ssh2
... |
2020-08-10 15:30:25 |
| 168.245.23.182 |
attackspam |
Aug 10 05:03:38 mail.srvfarm.net postfix/smtpd[1293369]: lost connection after RCPT from xvfrktbs.outbound-mail.sendgrid.net[168.245.23.182]
Aug 10 05:04:14 mail.srvfarm.net postfix/smtpd[1293367]: lost connection after RCPT from xvfrktbs.outbound-mail.sendgrid.net[168.245.23.182]
Aug 10 05:05:29 mail.srvfarm.net postfix/smtpd[1310341]: lost connection after RCPT from xvfrktbs.outbound-mail.sendgrid.net[168.245.23.182]
Aug 10 05:07:05 mail.srvfarm.net postfix/smtpd[1310405]: lost connection after RCPT from xvfrktbs.outbound-mail.sendgrid.net[168.245.23.182]
Aug 10 05:09:10 mail.srvfarm.net postfix/smtpd[1310407]: lost connection after RCPT from xvfrktbs.outbound-mail.sendgrid.net[168.245.23.182] |
2020-08-10 15:48:56 |
| 41.216.180.184 |
attackspam |
Email rejected due to spam filtering |
2020-08-10 15:25:47 |
| 170.233.69.70 |
attackbotsspam |
Aug 10 05:39:55 mail.srvfarm.net postfix/smtpd[1313880]: warning: unknown[170.233.69.70]: SASL PLAIN authentication failed:
Aug 10 05:39:56 mail.srvfarm.net postfix/smtpd[1313880]: lost connection after AUTH from unknown[170.233.69.70]
Aug 10 05:40:29 mail.srvfarm.net postfix/smtps/smtpd[1313846]: warning: unknown[170.233.69.70]: SASL PLAIN authentication failed:
Aug 10 05:40:29 mail.srvfarm.net postfix/smtps/smtpd[1313846]: lost connection after AUTH from unknown[170.233.69.70]
Aug 10 05:43:07 mail.srvfarm.net postfix/smtpd[1313892]: warning: unknown[170.233.69.70]: SASL PLAIN authentication failed: |
2020-08-10 15:35:05 |
| 212.70.149.67 |
attackbots |
Aug 10 09:35:47 alpha postfix/smtps/smtpd[5164]: warning: unknown[212.70.149.67]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 10 09:37:34 alpha postfix/smtps/smtpd[5164]: warning: unknown[212.70.149.67]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 10 09:39:20 alpha postfix/smtps/smtpd[5164]: warning: unknown[212.70.149.67]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 |
2020-08-10 15:41:53 |
| 177.21.206.240 |
attackspam |
Aug 10 05:07:18 mail.srvfarm.net postfix/smtps/smtpd[1310649]: warning: unknown[177.21.206.240]: SASL PLAIN authentication failed:
Aug 10 05:07:19 mail.srvfarm.net postfix/smtps/smtpd[1310649]: lost connection after AUTH from unknown[177.21.206.240]
Aug 10 05:09:31 mail.srvfarm.net postfix/smtps/smtpd[1297693]: warning: unknown[177.21.206.240]: SASL PLAIN authentication failed:
Aug 10 05:09:32 mail.srvfarm.net postfix/smtps/smtpd[1297693]: lost connection after AUTH from unknown[177.21.206.240]
Aug 10 05:12:20 mail.srvfarm.net postfix/smtpd[1310347]: warning: unknown[177.21.206.240]: SASL PLAIN authentication failed: |
2020-08-10 15:48:13 |
| 94.102.59.107 |
attack |
Aug 10 08:28:48 web01.agentur-b-2.de postfix/submission/smtpd[3931190]: lost connection after EHLO from unknown[94.102.59.107]
Aug 10 08:34:27 web01.agentur-b-2.de postfix/submission/smtpd[3931828]: lost connection after EHLO from unknown[94.102.59.107]
Aug 10 08:34:36 web01.agentur-b-2.de postfix/submission/smtpd[3931828]: lost connection after EHLO from unknown[94.102.59.107]
Aug 10 08:34:39 web01.agentur-b-2.de postfix/submission/smtpd[3931828]: lost connection after EHLO from unknown[94.102.59.107]
Aug 10 08:34:40 web01.agentur-b-2.de postfix/submission/smtpd[3931828]: lost connection after EHLO from unknown[94.102.59.107] |
2020-08-10 15:50:42 |
| 45.176.214.173 |
attackbotsspam |
Aug 10 05:34:27 mail.srvfarm.net postfix/smtps/smtpd[1312813]: warning: unknown[45.176.214.173]: SASL PLAIN authentication failed:
Aug 10 05:34:28 mail.srvfarm.net postfix/smtps/smtpd[1312813]: lost connection after AUTH from unknown[45.176.214.173]
Aug 10 05:34:43 mail.srvfarm.net postfix/smtpd[1313877]: warning: unknown[45.176.214.173]: SASL PLAIN authentication failed:
Aug 10 05:34:43 mail.srvfarm.net postfix/smtpd[1313877]: lost connection after AUTH from unknown[45.176.214.173]
Aug 10 05:37:59 mail.srvfarm.net postfix/smtpd[1313884]: warning: unknown[45.176.214.173]: SASL PLAIN authentication failed: |
2020-08-10 15:40:19 |
| 179.107.15.28 |
attack |
Aug 10 05:13:24 mail.srvfarm.net postfix/smtpd[1310399]: warning: unknown[179.107.15.28]: SASL PLAIN authentication failed:
Aug 10 05:13:24 mail.srvfarm.net postfix/smtpd[1310399]: lost connection after AUTH from unknown[179.107.15.28]
Aug 10 05:13:43 mail.srvfarm.net postfix/smtpd[1310343]: warning: unknown[179.107.15.28]: SASL PLAIN authentication failed:
Aug 10 05:13:44 mail.srvfarm.net postfix/smtpd[1310343]: lost connection after AUTH from unknown[179.107.15.28]
Aug 10 05:18:12 mail.srvfarm.net postfix/smtps/smtpd[1310042]: warning: unknown[179.107.15.28]: SASL PLAIN authentication failed: |
2020-08-10 15:47:01 |
| 45.65.241.42 |
attack |
Attempted Brute Force (dovecot) |
2020-08-10 15:12:25 |
| 80.82.65.187 |
attackspam |
(pop3d) Failed POP3 login from 80.82.65.187 (NL/Netherlands/no-reverse-dns-configured.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Aug 10 11:45:42 ir1 dovecot[3110802]: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.65.187, lip=5.63.12.44, session=<8j3euICsdPdQUkG7> |
2020-08-10 15:52:23 |