UDP 81.171.5.193:5086 -> port 5060, len 436

$f2bV_matches

Brute forcing RDP port 3389

\[2019-10-03 19:55:20\] NOTICE\[1948\] chan_sip.c: Registration from '\' failed for '81.171.58.169:57646' - Wrong password
\[2019-10-03 19:55:20\] SECURITY\[2006\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-10-03T19:55:20.922-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="14637",SessionID="0x7f1e1c18d4b8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.169/57646",Challenge="41c6b477",ReceivedChallenge="41c6b477",ReceivedHash="2e5fa560951e571b7f09e22fee4f44bf"
\[2019-10-03 19:56:09\] NOTICE\[1948\] chan_sip.c: Registration from '\' failed for '81.171.58.169:55961' - Wrong password
\[2019-10-03 19:56:09\] SECURITY\[2006\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-10-03T19:56:09.386-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="10287",SessionID="0x7f1e1c2f44f8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.17

\[2019-10-03 14:49:02\] NOTICE\[1948\] chan_sip.c: Registration from '\' failed for '81.171.58.169:52231' - Wrong password
\[2019-10-03 14:49:02\] SECURITY\[2006\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-10-03T14:49:02.044-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="25265",SessionID="0x7f1e1c02d9c8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.169/52231",Challenge="00cc7a4c",ReceivedChallenge="00cc7a4c",ReceivedHash="94e8442ee5d08dada044ff54a8d677c6"
\[2019-10-03 14:49:52\] NOTICE\[1948\] chan_sip.c: Registration from '\' failed for '81.171.58.169:51231' - Wrong password
\[2019-10-03 14:49:52\] SECURITY\[2006\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-10-03T14:49:52.199-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="10027",SessionID="0x7f1e1c2bed58",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.17

\[2019-10-02 06:17:15\] NOTICE\[1948\] chan_sip.c: Registration from '\' failed for '81.171.58.169:57370' - Wrong password
\[2019-10-02 06:17:15\] SECURITY\[2006\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-10-02T06:17:15.344-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="19517",SessionID="0x7f1e1c53ea18",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.169/57370",Challenge="28c43c23",ReceivedChallenge="28c43c23",ReceivedHash="aada70f8f75db732e3554136d5b07f4b"
\[2019-10-02 06:17:58\] NOTICE\[1948\] chan_sip.c: Registration from '\' failed for '81.171.58.169:56179' - Wrong password
\[2019-10-02 06:17:58\] SECURITY\[2006\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-10-02T06:17:58.011-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="23041",SessionID="0x7f1e1d0db3e8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.17

Sep 30 06:52:56 luisaranguren wordpress(life.luisaranguren.com)[1775276]: Authentication attempt for unknown user admin from 81.171.56.142
...

\[2019-09-27 08:50:00\] NOTICE\[18654\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '81.171.58.182:57613' \(callid: 1333370421-481187802-1858144895\) - Failed to authenticate
\[2019-09-27 08:50:00\] SECURITY\[1715\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-09-27T08:50:00.668+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="1333370421-481187802-1858144895",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/81.171.58.182/57613",Challenge="1569567000/7daa4da04e4fcc795dbbb2317fc1c580",Response="2967d15325be825f2c26204e596cd8f7",ExpectedResponse=""
\[2019-09-27 08:50:00\] NOTICE\[1168\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '81.171.58.182:57613' \(callid: 1333370421-481187802-1858144895\) - Failed to authenticate
\[2019-09-27 08:50:00\] SECURITY\[1715\] res_security_log.c: SecurityEvent="ChallengeResponseFa

\[2019-09-26 09:30:40\] NOTICE\[14660\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '81.171.58.182:64769' \(callid: 1832784954-1306307298-904183106\) - Failed to authenticate
\[2019-09-26 09:30:40\] SECURITY\[1715\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-09-26T09:30:40.589+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="1832784954-1306307298-904183106",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/81.171.58.182/64769",Challenge="1569483040/bdf4b8ac73d03971941b75372ea2e590",Response="f1ef8db92c3dae3a26db31ca2df0a096",ExpectedResponse=""
\[2019-09-26 09:30:40\] NOTICE\[25634\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '81.171.58.182:64769' \(callid: 1832784954-1306307298-904183106\) - Failed to authenticate
\[2019-09-26 09:30:40\] SECURITY\[1715\] res_security_log.c: SecurityEvent="ChallengeResponseF

\[2019-09-15 09:23:22\] NOTICE\[20685\] chan_sip.c: Registration from '\' failed for '81.171.58.72:63263' - Wrong password
\[2019-09-15 09:23:22\] SECURITY\[20693\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-15T09:23:22.962-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="2276",SessionID="0x7f8a6c255a88",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.72/63263",Challenge="4e55de05",ReceivedChallenge="4e55de05",ReceivedHash="cf04ec34a09d20b3cdc9c852861fec2b"
\[2019-09-15 09:23:50\] NOTICE\[20685\] chan_sip.c: Registration from '\' failed for '81.171.58.72:55571' - Wrong password
\[2019-09-15 09:23:50\] SECURITY\[20693\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-15T09:23:50.666-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="888",SessionID="0x7f8a6c6094e8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.

\[2019-09-14 21:52:44\] NOTICE\[20685\] chan_sip.c: Registration from '\' failed for '81.171.58.72:60548' - Wrong password
\[2019-09-14 21:52:44\] SECURITY\[20693\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-14T21:52:44.036-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="9520",SessionID="0x7f8a6c6094e8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.72/60548",Challenge="52b9688a",ReceivedChallenge="52b9688a",ReceivedHash="a281472ce410fffe48bc9ccd39403d64"
\[2019-09-14 21:53:09\] NOTICE\[20685\] chan_sip.c: Registration from '\' failed for '81.171.58.72:64462' - Wrong password
\[2019-09-14 21:53:09\] SECURITY\[20693\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-14T21:53:09.754-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="5407",SessionID="0x7f8a6c30ae18",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.5

\[2019-09-13 16:41:25\] NOTICE\[20685\] chan_sip.c: Registration from '\' failed for '81.171.58.72:56754' - Wrong password
\[2019-09-13 16:41:25\] SECURITY\[20693\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-13T16:41:25.281-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="9143",SessionID="0x7f8a6c255a88",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.72/56754",Challenge="376670ac",ReceivedChallenge="376670ac",ReceivedHash="434faa32ad2bc81725ec401c7deb8fbf"
\[2019-09-13 16:41:44\] NOTICE\[20685\] chan_sip.c: Registration from '\' failed for '81.171.58.72:64344' - Wrong password
\[2019-09-13 16:41:44\] SECURITY\[20693\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-13T16:41:44.033-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="7429",SessionID="0x7f8a6c830888",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.5

\[2019-09-12 06:18:34\] NOTICE\[1827\] chan_sip.c: Registration from '\' failed for '81.171.58.72:54054' - Wrong password
\[2019-09-12 06:18:34\] SECURITY\[1849\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-12T06:18:34.792-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="4583",SessionID="0x7fd9a83796a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.72/54054",Challenge="59164cdb",ReceivedChallenge="59164cdb",ReceivedHash="f21fdb2cf9af5c0a596e81f517455a4e"
\[2019-09-12 06:18:54\] NOTICE\[1827\] chan_sip.c: Registration from '\' failed for '81.171.58.72:64181' - Wrong password
\[2019-09-12 06:18:54\] SECURITY\[1849\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-12T06:18:54.624-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="2638",SessionID="0x7fd9a8545448",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.72

\[2019-09-11 18:50:26\] NOTICE\[1827\] chan_sip.c: Registration from '\' failed for '81.171.58.72:54971' - Wrong password
\[2019-09-11 18:50:26\] SECURITY\[1849\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-11T18:50:26.922-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="607",SessionID="0x7fd9a86cbbd8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.72/54971",Challenge="0d0f5554",ReceivedChallenge="0d0f5554",ReceivedHash="10efe34a38d40a417471a14c3864f132"
\[2019-09-11 18:50:49\] NOTICE\[1827\] chan_sip.c: Registration from '\' failed for '81.171.58.72:51668' - Wrong password
\[2019-09-11 18:50:49\] SECURITY\[1849\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-11T18:50:49.882-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="8250",SessionID="0x7fd9a819fa08",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.72/5

\[2019-09-10 23:50:29\] NOTICE\[1827\] chan_sip.c: Registration from '\' failed for '81.171.58.72:55568' - Wrong password
\[2019-09-10 23:50:29\] SECURITY\[1849\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-10T23:50:29.432-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="1208",SessionID="0x7fd9a80f66a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.72/55568",Challenge="3c1fdcc0",ReceivedChallenge="3c1fdcc0",ReceivedHash="895b8459047c60e3769489c4be75a7da"
\[2019-09-10 23:50:48\] NOTICE\[1827\] chan_sip.c: Registration from '\' failed for '81.171.58.72:50802' - Wrong password
\[2019-09-10 23:50:48\] SECURITY\[1849\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-09-10T23:50:48.979-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="9432",SessionID="0x7fd9a8c8f538",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.58.72

Sep 12 23:04:56 lcprod sshd\[24815\]: Invalid user password from 62.210.207.185
Sep 12 23:04:56 lcprod sshd\[24815\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-207-185.rev.poneytelecom.eu
Sep 12 23:04:58 lcprod sshd\[24815\]: Failed password for invalid user password from 62.210.207.185 port 39364 ssh2
Sep 12 23:09:45 lcprod sshd\[25337\]: Invalid user teste@123 from 62.210.207.185
Sep 12 23:09:45 lcprod sshd\[25337\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-207-185.rev.poneytelecom.eu

Telnetd brute force attack detected by fail2ban

SMTP/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -

Unauthorized connection attempt from IP address 117.212.115.6 on Port 445(SMB)

23/tcp 23/tcp 23/tcp...
[2019-09-13]6pkt,1pt.(tcp)

Sep 13 03:02:43 lnxded63 sshd[7334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.85.11.192

Sep 13 09:34:16 dev0-dcde-rnet sshd[4641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.47.158.130
Sep 13 09:34:18 dev0-dcde-rnet sshd[4641]: Failed password for invalid user ts from 201.47.158.130 port 36928 ssh2
Sep 13 09:39:12 dev0-dcde-rnet sshd[4658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.47.158.130

Sep 13 05:24:40 vps691689 sshd[6783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.131.146.100
Sep 13 05:24:42 vps691689 sshd[6783]: Failed password for invalid user user from 69.131.146.100 port 46488 ssh2
...

Escaneo de puertos e intento de log mediante root.

119.29.107.146 - - \[13/Sep/2019:03:04:06 +0200\] "POST /wp-login.php HTTP/1.1" 200 2113 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
119.29.107.146 - - \[13/Sep/2019:03:04:08 +0200\] "POST /wp-login.php HTTP/1.1" 200 2091 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
...

Unauthorized connection attempt from IP address 189.168.23.208 on Port 445(SMB)

Sep 13 11:43:28 vps01 sshd[5932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.158.117.17
Sep 13 11:43:30 vps01 sshd[5932]: Failed password for invalid user 123 from 51.158.117.17 port 54894 ssh2

$f2bV_matches

Sep 13 07:58:56 meumeu sshd[30593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.88.196.30 
Sep 13 07:58:58 meumeu sshd[30593]: Failed password for invalid user 123456 from 185.88.196.30 port 54265 ssh2
Sep 13 08:03:04 meumeu sshd[31308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.88.196.30 
...

Sep 13 05:48:19 vps691689 sshd[7132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.9.150
Sep 13 05:48:21 vps691689 sshd[7132]: Failed password for invalid user ts3server from 62.234.9.150 port 54524 ssh2
Sep 13 05:53:42 vps691689 sshd[7182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.9.150
...