Port scan

Sep 16 18:06:31 mail.srvfarm.net postfix/smtps/smtpd[3584335]: warning: unknown[45.4.168.53]: SASL PLAIN authentication failed: 
Sep 16 18:06:32 mail.srvfarm.net postfix/smtps/smtpd[3584335]: lost connection after AUTH from unknown[45.4.168.53]
Sep 16 18:15:47 mail.srvfarm.net postfix/smtps/smtpd[3580300]: warning: unknown[45.4.168.53]: SASL PLAIN authentication failed: 
Sep 16 18:15:47 mail.srvfarm.net postfix/smtps/smtpd[3580300]: lost connection after AUTH from unknown[45.4.168.53]
Sep 16 18:16:05 mail.srvfarm.net postfix/smtps/smtpd[3600011]: warning: unknown[45.4.168.53]: SASL PLAIN authentication failed:

Honeypot attack, port: 445, PTR: 190-207-2-130.dyn.dsl.cantv.net.

Telnet Honeypot -> Telnet Bruteforce / Login

$f2bV_matches

Sep 16 18:24:35 mail.srvfarm.net postfix/smtpd[3600127]: warning: unknown[45.176.214.8]: SASL PLAIN authentication failed: 
Sep 16 18:24:36 mail.srvfarm.net postfix/smtpd[3600127]: lost connection after AUTH from unknown[45.176.214.8]
Sep 16 18:26:31 mail.srvfarm.net postfix/smtpd[3600860]: warning: unknown[45.176.214.8]: SASL PLAIN authentication failed: 
Sep 16 18:26:32 mail.srvfarm.net postfix/smtpd[3600860]: lost connection after AUTH from unknown[45.176.214.8]
Sep 16 18:26:57 mail.srvfarm.net postfix/smtpd[3585657]: warning: unknown[45.176.214.8]: SASL PLAIN authentication failed:

2020-09-17T07:09:49.077063randservbullet-proofcloud-66.localdomain sshd[10574]: Invalid user fubar from 64.225.122.157 port 42106
2020-09-17T07:09:49.082031randservbullet-proofcloud-66.localdomain sshd[10574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.122.157
2020-09-17T07:09:49.077063randservbullet-proofcloud-66.localdomain sshd[10574]: Invalid user fubar from 64.225.122.157 port 42106
2020-09-17T07:09:50.722638randservbullet-proofcloud-66.localdomain sshd[10574]: Failed password for invalid user fubar from 64.225.122.157 port 42106 ssh2
...

WordPress wp-login brute force :: 139.59.23.209 0.068 BYPASS [16/Sep/2020:23:39:44  0000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 2577 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

Port probing on unauthorized port 23

20/9/16@12:58:11: FAIL: Alarm-Network address from=201.234.227.142
...

2020-09-16T22:51:04.727110xentho-1 sshd[784950]: Failed password for root from 218.92.0.203 port 50530 ssh2
2020-09-16T22:51:02.335792xentho-1 sshd[784950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
2020-09-16T22:51:04.727110xentho-1 sshd[784950]: Failed password for root from 218.92.0.203 port 50530 ssh2
2020-09-16T22:51:08.307868xentho-1 sshd[784950]: Failed password for root from 218.92.0.203 port 50530 ssh2
2020-09-16T22:51:02.335792xentho-1 sshd[784950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
2020-09-16T22:51:04.727110xentho-1 sshd[784950]: Failed password for root from 218.92.0.203 port 50530 ssh2
2020-09-16T22:51:08.307868xentho-1 sshd[784950]: Failed password for root from 218.92.0.203 port 50530 ssh2
2020-09-16T22:51:12.134532xentho-1 sshd[784950]: Failed password for root from 218.92.0.203 port 50530 ssh2
2020-09-16T22:53:09.827045xent
...

Port scan on 1 port(s): 22

Sep 17 10:43:42 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.70.214, lip=185.118.198.210, session=<4XeDYX6vcCZQUkbW>
Sep 17 10:43:47 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=80.82.70.214, lip=185.118.198.210, session=
Sep 17 10:45:09 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.70.214, lip=185.118.198.210, session=
Sep 17 10:46:02 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.70.214, lip=185.118.198.210, session=<0/7YaX6vsIhQUkbW>
Sep 17 10:47:33 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=

2 SSH login attempts.

Hacking Attempt (Website Honeypot)

(sshd) Failed SSH login from 37.59.55.14 (FR/France/ns3267977.ip-37-59-55.eu): 5 in the last 3600 secs