Email Subject: 'Congratulations info@l-bg.deYou are the Winne'

[N10.H2.VM2] Port Scanner Detected Blocked by UFW

Aug 10 16:44:01 journals sshd\[63162\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.66.195  user=root
Aug 10 16:44:04 journals sshd\[63162\]: Failed password for root from 129.211.66.195 port 47512 ssh2
Aug 10 16:47:43 journals sshd\[63512\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.66.195  user=root
Aug 10 16:47:44 journals sshd\[63512\]: Failed password for root from 129.211.66.195 port 58056 ssh2
Aug 10 16:51:09 journals sshd\[63898\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.66.195  user=root
...

Aug 10 16:42:28 prox sshd[32517]: Failed password for root from 175.207.29.235 port 43470 ssh2

Aug 10 13:22:51 WHD8 dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.65.187, lip=10.64.89.208, session=\<0Je6LISs4P5QUkG7\>
Aug 10 13:28:16 WHD8 dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.65.187, lip=10.64.89.208, session=\
Aug 10 13:33:43 WHD8 dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.65.187, lip=10.64.89.208, session=\
Aug 10 13:39:09 WHD8 dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.65.187, lip=10.64.89.208, session=\
Aug 10 13:44:35 WHD8 dovecot: pop3-login: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=80.82.65.187, lip=10.64.89.208,
...

Aug 10 16:17:25 localhost sshd[5781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.115  user=root
Aug 10 16:17:26 localhost sshd[5781]: Failed password for root from 222.186.15.115 port 47291 ssh2
Aug 10 16:17:29 localhost sshd[5781]: Failed password for root from 222.186.15.115 port 47291 ssh2
Aug 10 16:17:25 localhost sshd[5781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.115  user=root
Aug 10 16:17:26 localhost sshd[5781]: Failed password for root from 222.186.15.115 port 47291 ssh2
Aug 10 16:17:29 localhost sshd[5781]: Failed password for root from 222.186.15.115 port 47291 ssh2
Aug 10 16:17:25 localhost sshd[5781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.115  user=root
Aug 10 16:17:26 localhost sshd[5781]: Failed password for root from 222.186.15.115 port 47291 ssh2
Aug 10 16:17:29 localhost sshd[5781]: Failed pass
...

Aug 10 09:13:15 vm0 sshd[28910]: Failed password for root from 200.27.212.22 port 57096 ssh2
Aug 10 15:08:36 vm0 sshd[18437]: Failed password for root from 200.27.212.22 port 38548 ssh2
...

20/8/10@08:05:26: FAIL: Alarm-Network address from=49.37.136.100
...

Spam from dubaibased.investment@gmail.com

Bruteforce detected by fail2ban

188.165.230.118 - - [10/Aug/2020:16:59:35 +0100] "POST /wp-login.php HTTP/1.1" 200 5920 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
188.165.230.118 - - [10/Aug/2020:17:01:00 +0100] "POST /wp-login.php HTTP/1.1" 200 5920 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
188.165.230.118 - - [10/Aug/2020:17:02:44 +0100] "POST /wp-login.php HTTP/1.1" 200 5920 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
...

Aug 10 11:59:52 ws12vmsma01 sshd[28068]: Failed password for root from 67.205.141.165 port 32876 ssh2
Aug 10 12:03:52 ws12vmsma01 sshd[28644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=btceed.com  user=root
Aug 10 12:03:54 ws12vmsma01 sshd[28644]: Failed password for root from 67.205.141.165 port 38230 ssh2
...

Automatic report - Banned IP Access

Banned for a week because repeated abuses, for example SSH, but not only

Email Subject: 'Von Frau Janeth Johnson bis zu meinem lieben Christus.'