[2020-07-16 18:26:05] NOTICE[1277] chan_sip.c: Registration from '"543"' failed for '5.183.92.128:52838' - Wrong password
[2020-07-16 18:26:05] SECURITY[1295] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-07-16T18:26:05.073-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="543",SessionID="0x7f175414cf98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/5.183.92.128/52838",Challenge="328762d7",ReceivedChallenge="328762d7",ReceivedHash="f154eae596210d6e27e3ca3700e7b8de"
[2020-07-16 18:32:29] NOTICE[1277] chan_sip.c: Registration from '"544"' failed for '5.183.92.128:37339' - Wrong password
[2020-07-16 18:32:29] SECURITY[1295] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-07-16T18:32:29.083-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="544",SessionID="0x7f17540de808",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/5.183.92.1
...

[2020-09-09 13:27:41] SECURITY[2022] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2020-09-09T13:27:41.388+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="",SessionID="518973635-123769044-452640836",LocalAddress="IPV4/UDP/51.255.2.242/5060",RemoteAddress="IPV4/UDP/5.183.92.170/60923",Challenge="1599650861/52198d4167c3a9a00e5d361ee7f02dcd",Response="6532c6282320ff82d1005d4123862644",ExpectedResponse=""
[2020-09-09 13:27:41] SECURITY[2022] res_security_log.c: SecurityEvent="InvalidAccountID",EventTV="2020-09-09T13:27:41.418+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="10",SessionID="518973635-123769044-452640836",LocalAddress="IPV4/UDP/51.255.2.242/5060",RemoteAddress="IPV4/UDP/5.183.92.170/60923"
[2020-09-09 13:27:41] SECURITY[2022] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2020-09-09T13:27:41.419+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="",SessionID="518
...

[2020-09-09 13:27:41] SECURITY[2022] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2020-09-09T13:27:41.388+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="",SessionID="518973635-123769044-452640836",LocalAddress="IPV4/UDP/51.255.2.242/5060",RemoteAddress="IPV4/UDP/5.183.92.170/60923",Challenge="1599650861/52198d4167c3a9a00e5d361ee7f02dcd",Response="6532c6282320ff82d1005d4123862644",ExpectedResponse=""
[2020-09-09 13:27:41] SECURITY[2022] res_security_log.c: SecurityEvent="InvalidAccountID",EventTV="2020-09-09T13:27:41.418+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="10",SessionID="518973635-123769044-452640836",LocalAddress="IPV4/UDP/51.255.2.242/5060",RemoteAddress="IPV4/UDP/5.183.92.170/60923"
[2020-09-09 13:27:41] SECURITY[2022] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2020-09-09T13:27:41.419+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="",SessionID="518
...

[2020-09-09 13:27:41] SECURITY[2022] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2020-09-09T13:27:41.388+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="",SessionID="518973635-123769044-452640836",LocalAddress="IPV4/UDP/51.255.2.242/5060",RemoteAddress="IPV4/UDP/5.183.92.170/60923",Challenge="1599650861/52198d4167c3a9a00e5d361ee7f02dcd",Response="6532c6282320ff82d1005d4123862644",ExpectedResponse=""
[2020-09-09 13:27:41] SECURITY[2022] res_security_log.c: SecurityEvent="InvalidAccountID",EventTV="2020-09-09T13:27:41.418+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="10",SessionID="518973635-123769044-452640836",LocalAddress="IPV4/UDP/51.255.2.242/5060",RemoteAddress="IPV4/UDP/5.183.92.170/60923"
[2020-09-09 13:27:41] SECURITY[2022] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2020-09-09T13:27:41.419+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="",SessionID="518
...

(From info@conniecwilson.cc) Hi,

Have you had enough of President Donnie?

Welcome to Weekly Wilson's New News.

Join us in facing 2020 with as much good humor as we can muster.
Progressives, remorseful Republicans, incensed Independents,
disillusioned Democrats, Lincoln Project alums—-lend me your ears. Come
take a comedic stroll down memory lane with author Connie C. Wilson.

Connie has followed presidential politics on the ground for 20 years.
She was Content Producer of the Year for Politics (Yahoo, 2008) and is
the author of 40 books, 4 of them on presidential races.

Order BEE GONE now and we will give you—-absolutely FREE August
16-20—-the children’s e-book version, “The Christmas Cats Flee the Bee,”
when you purchase the adult version.

This hysterically funny, beautifully illustrated graphic novel just won
the E-Lit Gold Medal for graphic novels.

In a very short story about a disgruntled drone in a beehive who wants
to take over the hive, the take-away is: “Elections have con

Spam comment : go now https://hydraruzonionx.ru

(From jessicastone236@gmail.com) Hi,

I hope this email reaches you in good health. I had a chance to come across your website recently. Your amazing website was a pleasant detour for me, which led me here in your inbox. 

I would like to propose an offer to you, an offer that would be beneficial for both of us. 

I would like to publish a guest post article on your splendid website. The article would be relevant to your website niche and of top-notch quality. All I require in return is a backlink within the body of the article. 

If you're happy with this arrangement, I can proceed to send you some unique topics. 

I await your affirmation with anticipation.

Looking forward.

Regards,

Jessica Stone

\[Apr 12 06:53:33\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '5.183.92.176:53654' - Wrong password
\[Apr 12 06:54:20\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '5.183.92.176:59122' - Wrong password
\[Apr 12 06:54:42\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '5.183.92.176:60576' - Wrong password
\[Apr 12 06:54:48\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '5.183.92.176:65343' - Wrong password
\[Apr 12 06:55:00\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '5.183.92.176:59309' - Wrong password
\[Apr 12 06:55:11\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '5.183.92.176:51353' - Wrong password
\[Apr 12 06:55:31\] NOTICE\[2019\] chan_sip.c: Registration from '\' failed for '5.1
...

Has tried to attack my server.

POST /index.php/napisat-nam.html HTTP/1.0 303 - index.phpMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44

[2020-02-26 22:38:49] NOTICE[14744] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '' failed for '5.183.92.32:64598' (callid: 376215522-649646893-389571818) - Failed to authenticate
[2020-02-26 22:38:49] SECURITY[20721] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2020-02-26T22:38:49.492+0100",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="",SessionID="376215522-649646893-389571818",LocalAddress="IPV4/UDP/185.118.196.148/5060",RemoteAddress="IPV4/UDP/5.183.92.32/64598",Challenge="1582753129/dad733ecc9e5841b0a1529ab2e7adcda",Response="1de0935f9f82950b6c3e7fb95c212f82",ExpectedResponse=""
[2020-02-26 22:38:49] NOTICE[14744] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '' failed for '5.183.92.32:64598' (callid: 376215522-649646893-389571818) - Failed to authenticate
[2020-02-26 22:38:49] SECURITY[20721] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2020-02-26T22:38:49.563+0

SSH Brute Force

2020-03-27T22:57:14.667802librenms sshd[17425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.188.89.146
2020-03-27T22:57:14.665074librenms sshd[17425]: Invalid user butter from 222.188.89.146 port 55998
2020-03-27T22:57:16.141572librenms sshd[17425]: Failed password for invalid user butter from 222.188.89.146 port 55998 ssh2
...

Triggered by Fail2Ban at Ares web server

Mar 27 17:29:03 NPSTNNYC01T sshd[25260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.207.153.52
Mar 27 17:29:05 NPSTNNYC01T sshd[25260]: Failed password for invalid user cxb from 123.207.153.52 port 57370 ssh2
Mar 27 17:33:40 NPSTNNYC01T sshd[25675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.207.153.52
...

Mar 27 18:14:17 firewall sshd[4080]: Invalid user dave from 94.23.212.137
Mar 27 18:14:19 firewall sshd[4080]: Failed password for invalid user dave from 94.23.212.137 port 37771 ssh2
Mar 27 18:18:44 firewall sshd[4360]: Invalid user chan from 94.23.212.137
...

Mar 27 22:55:07 santamaria sshd\[1637\]: Invalid user krq from 118.25.36.79
Mar 27 22:55:07 santamaria sshd\[1637\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.36.79
Mar 27 22:55:09 santamaria sshd\[1637\]: Failed password for invalid user krq from 118.25.36.79 port 39128 ssh2
...

CMS (WordPress or Joomla) login attempt.

Mar 28 02:16:42 gw1 sshd[27180]: Failed password for root from 94.23.203.37 port 33006 ssh2
...

DATE:2020-03-27 22:14:22, IP:121.180.248.58, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)

Mar 27 22:18:39 nginx sshd[68496]: Invalid user debian2 from 62.210.139.113
Mar 27 22:18:39 nginx sshd[68496]: Received disconnect from 62.210.139.113 port 58568:11: Normal Shutdown, Thank you for playing [preauth]

2020-03-27T21:14:36.421433upcloud.m0sh1x2.com sshd[30926]: Invalid user tdb from 167.71.142.180 port 59368

2020-03-27T17:52:42.229899xentho-1 sshd[118968]: Failed password for root from 218.92.0.203 port 19750 ssh2
2020-03-27T17:52:40.703656xentho-1 sshd[118968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
2020-03-27T17:52:42.229899xentho-1 sshd[118968]: Failed password for root from 218.92.0.203 port 19750 ssh2
2020-03-27T17:52:45.006099xentho-1 sshd[118968]: Failed password for root from 218.92.0.203 port 19750 ssh2
2020-03-27T17:52:40.703656xentho-1 sshd[118968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
2020-03-27T17:52:42.229899xentho-1 sshd[118968]: Failed password for root from 218.92.0.203 port 19750 ssh2
2020-03-27T17:52:45.006099xentho-1 sshd[118968]: Failed password for root from 218.92.0.203 port 19750 ssh2
2020-03-27T17:52:48.165143xentho-1 sshd[118968]: Failed password for root from 218.92.0.203 port 19750 ssh2
2020-03-27T17:54:26.991152xent
...

Mar 27 22:18:53 debian-2gb-nbg1-2 kernel: \[7603002.994156\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.175.93.100 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=8588 PROTO=TCP SPT=53112 DPT=6046 WINDOW=1024 RES=0x00 SYN URGP=0

Brute force attempt

Mar 27 22:02:07 ip-172-31-61-156 sshd[28662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.187  user=root
Mar 27 22:02:08 ip-172-31-61-156 sshd[28662]: Failed password for root from 222.186.30.187 port 34799 ssh2
...