@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-08-16 19:24:03,198 INFO [amun_request_handler] PortScan Detected on Port: 445 (109.108.181.165)

Aug 17 00:56:12 dedicated sshd[14268]: Invalid user brc from 162.243.20.243 port 56890

firewall-block, port(s): 11210/tcp, 11222/tcp, 11241/tcp, 11249/tcp, 11333/tcp, 11349/tcp

WordPress login Brute force / Web App Attack on client site.

WordPress brute force

Multiple SSH auth failures recorded by fail2ban

Aug 17 03:20:19 XXX sshd[32060]: Invalid user pao from 191.241.247.150 port 35646

@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-08-16 18:49:42,868 INFO [amun_request_handler] PortScan Dete5.234.219.61)

WordPress brute force

Aug 17 03:58:16 tuxlinux sshd[63854]: Invalid user usuario from 139.59.59.187 port 59528
Aug 17 03:58:16 tuxlinux sshd[63854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.59.187 
Aug 17 03:58:16 tuxlinux sshd[63854]: Invalid user usuario from 139.59.59.187 port 59528
Aug 17 03:58:16 tuxlinux sshd[63854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.59.187 
...

Aug 17 02:06:54 *** sshd[7833]: Invalid user user from 174.138.56.93

2019-08-17T02:27:28.051542abusebot-5.cloudsearch.cf sshd\[19146\]: Invalid user tim from 193.253.105.165 port 20025

firewall-block, port(s): 21/tcp, 22/tcp, 80/tcp, 8080/tcp

Telnet Server BruteForce Attack

Splunk® : port scan detected:
Aug 16 22:29:56 testbed kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:c0:42:d0:39:2c:30:08:00 SRC=162.220.165.170 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=33668 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0