Fail2Ban Ban Triggered

Fail2Ban Ban Triggered

Mar 13 02:36:46 ns1 sshd[350]: Invalid user pi from 125.138.58.188 port 42104
Mar 13 02:36:46 ns1 sshd[350]: Excess permission or bad ownership on file /var/log/btmp
Mar 13 02:36:46 ns1 sshd[350]: pam_unix(sshd:auth): check pass; user unknown
Mar 13 02:36:46 ns1 sshd[350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.138.58.188
Mar 13 02:36:46 ns1 sshd[357]: Invalid user pi from 125.138.58.188 port 42110
Mar 13 02:36:46 ns1 sshd[357]: Excess permission or bad ownership on file /var/log/btmp
Mar 13 02:36:46 ns1 sshd[357]: pam_unix(sshd:auth): check pass; user unknown
Mar 13 02:36:46 ns1 sshd[357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.138.58.188
Mar 13 02:36:49 ns1 sshd[350]: Failed password for invalid user pi from 125.

$f2bV_matches

Mar 13 05:21:30 silence02 sshd[9590]: Failed password for root from 51.38.179.179 port 55474 ssh2
Mar 13 05:26:30 silence02 sshd[10091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.179.179
Mar 13 05:26:32 silence02 sshd[10091]: Failed password for invalid user dolphin from 51.38.179.179 port 47134 ssh2

$f2bV_matches

leo_www

Unauthorized connection attempt detected from IP address 196.52.43.56 to port 5916

Mar 13 04:54:58 * sshd[24362]: Failed password for root from 134.175.121.80 port 57172 ssh2

[2020-03-13 00:12:11] NOTICE[1148] chan_sip.c: Registration from '' failed for '141.98.10.127:60380' - Wrong password
[2020-03-13 00:12:11] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-03-13T00:12:11.036-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="dana",SessionID="0x7fd82ca712e8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/141.98.10.127/60380",Challenge="52e2df66",ReceivedChallenge="52e2df66",ReceivedHash="d05cdf98843ef1090bc25f3de093048a"
[2020-03-13 00:19:24] NOTICE[1148] chan_sip.c: Registration from '' failed for '141.98.10.127:52878' - Wrong password
[2020-03-13 00:19:24] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-03-13T00:19:24.564-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="Arrundel",SessionID="0x7fd82ca9d388",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/141.9
...

2020-03-1304:56:551jCbRO-0003W4-Oy\<=info@whatsup2013.chH=\(localhost\)[113.172.130.72]:54976P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=2377id=8B8E386B60B49A29F5F0B901F594C5BD@whatsup2013.chT="fromDarya"fordreaming949@hotmail.compoksay3@gmail.com2020-03-1304:55:511jCbQM-0003Rk-7e\<=info@whatsup2013.chH=\(localhost\)[113.181.135.44]:53490P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=2419id=6560D6858E5A74C71B1E57EF1B77A7AC@whatsup2013.chT="fromDarya"forrezafaozi9@gmail.comnyinyi.aa220@gmail.com2020-03-1304:56:381jCbR7-0003Um-Ls\<=info@whatsup2013.chH=\(localhost\)[113.172.197.86]:51466P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=2376id=ADA81E4D4692BC0FD3D69F27D3B5CA15@whatsup2013.chT="fromDarya"forbcharazean@gmail.comsteverog84@gmail.com2020-03-1304:56:131jCbQi-0003TC-Rn\<=info@whatsup2013.chH=\(localhost\)[113.172.192.150]:38696P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-S

Mar 13 04:51:58 eventyay sshd[30888]: Failed password for root from 103.123.8.75 port 44870 ssh2
Mar 13 04:54:47 eventyay sshd[30984]: Failed password for root from 103.123.8.75 port 59196 ssh2
...

03/12/2020-23:58:05.161704 185.175.93.104 Protocol: 6 ET DROP Dshield Block Listed Source group 1

RPC Portmapper DUMP Request Detected

Mar 13 10:19:29 areeb-Workstation sshd[7638]: Failed password for root from 222.186.180.142 port 31141 ssh2
Mar 13 10:19:32 areeb-Workstation sshd[7638]: Failed password for root from 222.186.180.142 port 31141 ssh2
...

Mar 13 05:57:34 sso sshd[4838]: Failed password for root from 31.171.143.212 port 33740 ssh2
Mar 13 06:00:36 sso sshd[5201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.171.143.212
...

port scan and connect, tcp 23 (telnet)