2019-08-14T05:52:00.680277enmeeting.mahidol.ac.th sshd\[32250\]: User root from 49.88.112.78 not allowed because not listed in AllowUsers
2019-08-14T05:52:01.052392enmeeting.mahidol.ac.th sshd\[32250\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.78  user=root
2019-08-14T05:52:03.123671enmeeting.mahidol.ac.th sshd\[32250\]: Failed password for invalid user root from 49.88.112.78 port 28272 ssh2
...

Invalid user ilsa from 151.80.155.98 port 44240

37.214.50.185 - - [13/Aug/2019:20:22:21 +0200] "GET /administrator/index.php HTTP/1.1" 302 538
...

Invalid user dennis from 45.71.209.254 port 45224

DATE:2019-08-13 20:21:30, IP:37.191.237.214, PORT:telnet - Telnet brute force auth on a honeypot server (epe-dc)

\[2019-08-13 17:51:22\] NOTICE\[2288\] chan_sip.c: Registration from '\' failed for '89.187.178.186:3921' - Wrong password
\[2019-08-13 17:51:22\] SECURITY\[2326\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-08-13T17:51:22.405-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="493",SessionID="0x7ff4d07952f8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/89.187.178.186/62351",Challenge="0cae85d3",ReceivedChallenge="0cae85d3",ReceivedHash="d6ac4df210a3df126adaaaae8e7a6e8f"
\[2019-08-13 17:51:40\] NOTICE\[2288\] chan_sip.c: Registration from '\' failed for '89.187.178.186:3833' - Wrong password
\[2019-08-13 17:51:40\] SECURITY\[2326\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-08-13T17:51:40.720-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="494",SessionID="0x7ff4d0c799b8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/89.187.178.1

(sshd) Failed SSH login from 185.129.62.62 (tor01.zencurity.dk): 5 in the last 3600 secs

Aug 13 20:21:15 MK-Soft-Root2 sshd\[13618\]: Invalid user michele from 152.136.86.234 port 45150
Aug 13 20:21:15 MK-Soft-Root2 sshd\[13618\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.86.234
Aug 13 20:21:16 MK-Soft-Root2 sshd\[13618\]: Failed password for invalid user michele from 152.136.86.234 port 45150 ssh2
...

Aug 13 20:48:33 XXX sshd[8548]: Invalid user baldwin from 94.23.204.136 port 54256

Aug 14 00:36:45 andromeda sshd\[41082\]: Invalid user qhsupport from 106.12.6.195 port 37686
Aug 14 00:36:45 andromeda sshd\[41082\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.6.195
Aug 14 00:36:47 andromeda sshd\[41082\]: Failed password for invalid user qhsupport from 106.12.6.195 port 37686 ssh2

SSH Brute Force

Aug 13 23:25:02 mail sshd\[18701\]: Invalid user emily from 195.154.55.174 port 53654
Aug 13 23:25:02 mail sshd\[18701\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.55.174
...

" "

Aug 13 23:31:57 v22018076622670303 sshd\[9422\]: Invalid user yin from 37.187.79.117 port 50716
Aug 13 23:31:57 v22018076622670303 sshd\[9422\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.79.117
Aug 13 23:31:59 v22018076622670303 sshd\[9422\]: Failed password for invalid user yin from 37.187.79.117 port 50716 ssh2
...

Aug 13 23:31:49 MK-Soft-Root1 sshd\[30567\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.49.110.210  user=root
Aug 13 23:31:52 MK-Soft-Root1 sshd\[30567\]: Failed password for root from 201.49.110.210 port 47788 ssh2
Aug 13 23:38:56 MK-Soft-Root1 sshd\[31675\]: Invalid user king from 201.49.110.210 port 41722
Aug 13 23:38:56 MK-Soft-Root1 sshd\[31675\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.49.110.210
...