May  3 11:54:33 mail.srvfarm.net postfix/smtpd[2510825]: lost connection after CONNECT from unknown[185.50.149.11]
May  3 11:54:34 mail.srvfarm.net postfix/smtps/smtpd[2510818]: warning: unknown[185.50.149.11]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May  3 11:54:34 mail.srvfarm.net postfix/smtpd[2508605]: lost connection after CONNECT from unknown[185.50.149.11]
May  3 11:54:34 mail.srvfarm.net postfix/smtps/smtpd[2510818]: lost connection after AUTH from unknown[185.50.149.11]
May  3 11:54:36 mail.srvfarm.net postfix/smtpd[2508585]: lost connection after AUTH from unknown[185.50.149.11]

2020-05-03T09:25:00.338141abusebot-6.cloudsearch.cf sshd[28975]: Invalid user git from 122.225.230.10 port 39262
2020-05-03T09:25:00.345384abusebot-6.cloudsearch.cf sshd[28975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.225.230.10
2020-05-03T09:25:00.338141abusebot-6.cloudsearch.cf sshd[28975]: Invalid user git from 122.225.230.10 port 39262
2020-05-03T09:25:02.336742abusebot-6.cloudsearch.cf sshd[28975]: Failed password for invalid user git from 122.225.230.10 port 39262 ssh2
2020-05-03T09:27:49.275963abusebot-6.cloudsearch.cf sshd[29120]: Invalid user mininet from 122.225.230.10 port 36308
2020-05-03T09:27:49.282290abusebot-6.cloudsearch.cf sshd[29120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.225.230.10
2020-05-03T09:27:49.275963abusebot-6.cloudsearch.cf sshd[29120]: Invalid user mininet from 122.225.230.10 port 36308
2020-05-03T09:27:51.143003abusebot-6.cloudsearch.cf sshd[29120]: F
...

Unauthorized connection attempt detected from IP address 106.12.47.216 to port 1026 [T]

2020-05-03T07:29:31.586069abusebot-2.cloudsearch.cf sshd[14770]: Invalid user uap from 68.183.236.92 port 45040
2020-05-03T07:29:31.592586abusebot-2.cloudsearch.cf sshd[14770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.92
2020-05-03T07:29:31.586069abusebot-2.cloudsearch.cf sshd[14770]: Invalid user uap from 68.183.236.92 port 45040
2020-05-03T07:29:33.353789abusebot-2.cloudsearch.cf sshd[14770]: Failed password for invalid user uap from 68.183.236.92 port 45040 ssh2
2020-05-03T07:34:43.859365abusebot-2.cloudsearch.cf sshd[14904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.92  user=root
2020-05-03T07:34:45.450415abusebot-2.cloudsearch.cf sshd[14904]: Failed password for root from 68.183.236.92 port 35908 ssh2
2020-05-03T07:39:04.996794abusebot-2.cloudsearch.cf sshd[15110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.92  u
...

Port scan(s) denied

Automatic report - XMLRPC Attack

CMS (WordPress or Joomla) login attempt.

Attempt to hack Wordpress Login, XMLRPC or other login

Invalid user saas from 193.112.111.28 port 39140

May  3 11:04:06 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.78.96, lip=185.118.197.126, session=
May  3 11:06:12 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.78.96, lip=185.118.197.126, session=
May  3 11:06:50 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.78.96, lip=185.118.197.126, session=
May  3 11:09:26 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.78.96, lip=185.118.197.126, session=
May  3 11:09:48 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.78.96, lip=185.

May  3 11:28:03 mail kernel: [503701.908588] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=194.26.29.203 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=56007 PROTO=TCP SPT=52424 DPT=499 WINDOW=1024 RES=0x00 SYN URGP=0 
...

2020-05-03T09:24:50.179844shield sshd\[4449\]: Invalid user lh from 195.154.176.103 port 41836
2020-05-03T09:24:50.183466shield sshd\[4449\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=195-154-176-103.rev.poneytelecom.eu
2020-05-03T09:24:52.142064shield sshd\[4449\]: Failed password for invalid user lh from 195.154.176.103 port 41836 ssh2
2020-05-03T09:28:36.656766shield sshd\[5011\]: Invalid user cdarte from 195.154.176.103 port 52702
2020-05-03T09:28:36.660373shield sshd\[5011\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=195-154-176-103.rev.poneytelecom.eu

May  3 09:25:45 localhost sshd\[11412\]: Invalid user ajp from 51.255.173.70
May  3 09:25:45 localhost sshd\[11412\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.255.173.70
May  3 09:25:48 localhost sshd\[11412\]: Failed password for invalid user ajp from 51.255.173.70 port 55202 ssh2
May  3 09:29:38 localhost sshd\[11529\]: Invalid user vda from 51.255.173.70
May  3 09:29:38 localhost sshd\[11529\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.255.173.70
...

firewall-block, port(s): 9000/tcp

Lines containing failures of 106.52.56.26
May  3 08:33:53 shared03 sshd[4672]: Invalid user inventory from 106.52.56.26 port 43626
May  3 08:33:53 shared03 sshd[4672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.56.26
May  3 08:33:55 shared03 sshd[4672]: Failed password for invalid user inventory from 106.52.56.26 port 43626 ssh2
May  3 08:33:55 shared03 sshd[4672]: Received disconnect from 106.52.56.26 port 43626:11: Bye Bye [preauth]
May  3 08:33:55 shared03 sshd[4672]: Disconnected from invalid user inventory 106.52.56.26 port 43626 [preauth]


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=106.52.56.26