xmlrpc attack

Persistent bad bot

Aug 29 22:52:03 vps647732 sshd[10175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.87.194
Aug 29 22:52:05 vps647732 sshd[10175]: Failed password for invalid user galileo from 2.228.87.194 port 35312 ssh2
...

"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:

2020-08-29T20:26:28.140058vps1033 sshd[14133]: Invalid user cdm from 152.170.65.133 port 52002
2020-08-29T20:26:28.145814vps1033 sshd[14133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.170.65.133
2020-08-29T20:26:28.140058vps1033 sshd[14133]: Invalid user cdm from 152.170.65.133 port 52002
2020-08-29T20:26:30.337170vps1033 sshd[14133]: Failed password for invalid user cdm from 152.170.65.133 port 52002 ssh2
2020-08-29T20:27:26.604769vps1033 sshd[16112]: Invalid user xq from 152.170.65.133 port 36042
...

20 attempts against mh-misbehave-ban on comet

[2020-08-29 17:06:54] NOTICE[1185] chan_sip.c: Registration from '"70002" ' failed for '103.145.13.118:6425' - Wrong password
[2020-08-29 17:06:54] SECURITY[1203] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-08-29T17:06:54.906-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="70002",SessionID="0x7f10c405a408",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.13.118/6425",Challenge="2c0c354f",ReceivedChallenge="2c0c354f",ReceivedHash="d7c72c4e17234be00a4d2a8acde78474"
[2020-08-29 17:06:55] NOTICE[1185] chan_sip.c: Registration from '"70002" ' failed for '103.145.13.118:6425' - Wrong password
[2020-08-29 17:06:55] SECURITY[1203] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-08-29T17:06:55.123-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="70002",SessionID="0x7f10c4286a78",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IP
...

2020-08-29T20:52:10.384830shield sshd\[24290\]: Invalid user satou from 123.201.124.74 port 20073
2020-08-29T20:52:10.411905shield sshd\[24290\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.201.124.74
2020-08-29T20:52:12.624470shield sshd\[24290\]: Failed password for invalid user satou from 123.201.124.74 port 20073 ssh2
2020-08-29T20:54:53.106783shield sshd\[24478\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.201.124.74  user=root
2020-08-29T20:54:55.364153shield sshd\[24478\]: Failed password for root from 123.201.124.74 port 48838 ssh2

prod11
...

Aug 29 22:28:08 lnxmysql61 sshd[27616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.71.111
Aug 29 22:28:08 lnxmysql61 sshd[27616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.71.111

Aug 29 21:48:46 ns382633 sshd\[5269\]: Invalid user ts3bot from 117.51.150.202 port 57512
Aug 29 21:48:46 ns382633 sshd\[5269\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.51.150.202
Aug 29 21:48:48 ns382633 sshd\[5269\]: Failed password for invalid user ts3bot from 117.51.150.202 port 57512 ssh2
Aug 29 22:28:04 ns382633 sshd\[11961\]: Invalid user bravo from 117.51.150.202 port 46248
Aug 29 22:28:04 ns382633 sshd\[11961\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.51.150.202

$f2bV_matches

Aug 29 23:28:51 ift sshd\[62503\]: Failed password for root from 194.15.36.63 port 39662 ssh2Aug 29 23:29:44 ift sshd\[62591\]: Invalid user oracle from 194.15.36.63Aug 29 23:29:46 ift sshd\[62591\]: Failed password for invalid user oracle from 194.15.36.63 port 35902 ssh2Aug 29 23:30:40 ift sshd\[62912\]: Failed password for root from 194.15.36.63 port 60370 ssh2Aug 29 23:31:32 ift sshd\[63025\]: Invalid user postgres from 194.15.36.63
...

Failed password for invalid user from 85.209.0.103 port 17646 ssh2

Total attacks: 2

2020-08-29T21:20:38.756406shield sshd\[26161\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.177  user=root
2020-08-29T21:20:40.782757shield sshd\[26161\]: Failed password for root from 61.177.172.177 port 47722 ssh2
2020-08-29T21:20:44.269939shield sshd\[26161\]: Failed password for root from 61.177.172.177 port 47722 ssh2
2020-08-29T21:20:47.238550shield sshd\[26161\]: Failed password for root from 61.177.172.177 port 47722 ssh2
2020-08-29T21:20:50.563788shield sshd\[26161\]: Failed password for root from 61.177.172.177 port 47722 ssh2