\[2019-11-24 11:19:23\] NOTICE\[2754\] chan_sip.c: Registration from '\' failed for '81.171.85.139:54856' - Wrong password
\[2019-11-24 11:19:23\] SECURITY\[2765\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-24T11:19:23.400-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="608",SessionID="0x7f26c452fc98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.139/54856",Challenge="3c3e14d0",ReceivedChallenge="3c3e14d0",ReceivedHash="b50ae21db0b448ee65545cf6ebdb3712"
\[2019-11-24 11:19:46\] NOTICE\[2754\] chan_sip.c: Registration from '\' failed for '81.171.85.139:52134' - Wrong password
\[2019-11-24 11:19:46\] SECURITY\[2765\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-24T11:19:46.476-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="609",SessionID="0x7f26c4b7dbd8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.139

\[2019-12-13 17:13:49\] NOTICE\[2839\] chan_sip.c: Registration from '\' failed for '81.171.85.147:57793' - Wrong password
\[2019-12-13 17:13:49\] SECURITY\[2857\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-12-13T17:13:49.682-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="4975",SessionID="0x7f0fb41f2588",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.147/57793",Challenge="4cde0a78",ReceivedChallenge="4cde0a78",ReceivedHash="147535da941dd3ca4b9b5f28f5e3c866"
\[2019-12-13 17:13:59\] NOTICE\[2839\] chan_sip.c: Registration from '\' failed for '81.171.85.147:64572' - Wrong password
\[2019-12-13 17:13:59\] SECURITY\[2857\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-12-13T17:13:59.851-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="5309",SessionID="0x7f0fb4ca4128",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85

\[2019-11-19 01:46:22\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:56580' - Wrong password
\[2019-11-19 01:46:22\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-19T01:46:22.129-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="7981",SessionID="0x7fdf2c19f8b8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/56580",Challenge="17405e64",ReceivedChallenge="17405e64",ReceivedHash="748ee31c9032d0bf28dd5bc04a21428d"
\[2019-11-19 01:51:30\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:54338' - Wrong password
\[2019-11-19 01:51:30\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-19T01:51:30.577-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="8335",SessionID="0x7fdf2c19f8b8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85

\[2019-11-18 23:55:21\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:59335' - Wrong password
\[2019-11-18 23:55:21\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-18T23:55:21.535-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="1019",SessionID="0x7fdf2cc50ca8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/59335",Challenge="447ef86c",ReceivedChallenge="447ef86c",ReceivedHash="3f118bed1205cab5a30150c325b90e0a"
\[2019-11-18 23:59:04\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:56269' - Wrong password
\[2019-11-18 23:59:04\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-18T23:59:04.868-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="4862",SessionID="0x7fdf2cd1cd48",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85

\[2019-11-17 11:59:02\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:59850' - Wrong password
\[2019-11-17 11:59:02\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-17T11:59:02.379-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="9238",SessionID="0x7fdf2cd1cd48",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/59850",Challenge="275e1510",ReceivedChallenge="275e1510",ReceivedHash="91da1a2027504caca8267ac8a8f60865"
\[2019-11-17 11:59:09\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:60861' - Wrong password
\[2019-11-17 11:59:09\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-17T11:59:09.028-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="147",SessionID="0x7fdf2c745a48",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.1

\[2019-11-17 05:35:15\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:52525' - Wrong password
\[2019-11-17 05:35:15\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-17T05:35:15.800-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="3410",SessionID="0x7fdf2c144d18",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/52525",Challenge="5bcbf956",ReceivedChallenge="5bcbf956",ReceivedHash="302c071543fdbccad02d95c2a2252ac2"
\[2019-11-17 05:36:00\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:60126' - Wrong password
\[2019-11-17 05:36:00\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-17T05:36:00.993-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="3677",SessionID="0x7fdf2c946ac8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85

\[2019-11-17 01:02:21\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:60943' - Wrong password
\[2019-11-17 01:02:21\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-17T01:02:21.391-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="5255",SessionID="0x7fdf2cd1cd48",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/60943",Challenge="07d3bc1e",ReceivedChallenge="07d3bc1e",ReceivedHash="d5b08cf4f68a054879a60a64d5c3e695"
\[2019-11-17 01:02:21\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:61025' - Wrong password
\[2019-11-17 01:02:21\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-17T01:02:21.666-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="4181",SessionID="0x7fdf2c144d18",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85

\[2019-11-16 16:44:27\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:60009' - Wrong password
\[2019-11-16 16:44:27\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-16T16:44:27.956-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="9220",SessionID="0x7fdf2c4868a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/60009",Challenge="7b97aa0b",ReceivedChallenge="7b97aa0b",ReceivedHash="de79b1b6a07d89c28a93ac3bc27be57c"
\[2019-11-16 16:44:28\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:60403' - Wrong password
\[2019-11-16 16:44:28\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-16T16:44:28.990-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="9993",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85

\[2019-11-15 03:52:58\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:51821' - Wrong password
\[2019-11-15 03:52:58\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-15T03:52:58.607-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="8433",SessionID="0x7fdf2c3f5928",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/51821",Challenge="4b408bfd",ReceivedChallenge="4b408bfd",ReceivedHash="4805f33feb7f71ba57923cb51b33d7cd"
\[2019-11-15 03:53:14\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:57532' - Wrong password
\[2019-11-15 03:53:14\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-15T03:53:14.176-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="296",SessionID="0x7fdf2c5fd9f8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.1

\[2019-11-14 09:08:10\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:52829' - Wrong password
\[2019-11-14 09:08:10\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-14T09:08:10.414-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="8094",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/52829",Challenge="3230f28c",ReceivedChallenge="3230f28c",ReceivedHash="c20022828317b8e8b6cc70516377cc73"
\[2019-11-14 09:08:21\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:56934' - Wrong password
\[2019-11-14 09:08:21\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-14T09:08:21.472-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="8274",SessionID="0x7fdf2c09e0a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85

\[2019-11-13 18:19:05\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:61852' - Wrong password
\[2019-11-13 18:19:05\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-13T18:19:05.403-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="9866",SessionID="0x7fdf2ccecc48",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/61852",Challenge="77d3ac17",ReceivedChallenge="77d3ac17",ReceivedHash="e38bf28ee3c82a2de52944471a82d8ba"
\[2019-11-13 18:19:14\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:65341' - Wrong password
\[2019-11-13 18:19:14\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-13T18:19:14.446-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="7368",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85

\[2019-11-13 02:31:24\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:62626' - Wrong password
\[2019-11-13 02:31:24\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-13T02:31:24.473-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="2223",SessionID="0x7fdf2cd1cd48",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/62626",Challenge="7cf66a7a",ReceivedChallenge="7cf66a7a",ReceivedHash="a9b1e31bf1f2c7afe2d658bb048c6a38"
\[2019-11-13 02:31:36\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:50927' - Wrong password
\[2019-11-13 02:31:36\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-13T02:31:36.590-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="987",SessionID="0x7fdf2c3e82d8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.1

\[2019-11-12 19:19:11\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:59809' - Wrong password
\[2019-11-12 19:19:11\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-12T19:19:11.980-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="4214",SessionID="0x7fdf2c797b18",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/59809",Challenge="17554977",ReceivedChallenge="17554977",ReceivedHash="0a191d853e53e0c37cf53cd0620c3ff2"
\[2019-11-12 19:19:43\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:55661' - Wrong password
\[2019-11-12 19:19:43\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-12T19:19:43.273-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="8077",SessionID="0x7fdf2c3f5928",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85

\[2019-11-05 06:37:32\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.138:49398' - Wrong password
\[2019-11-05 06:37:32\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-05T06:37:32.621-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="601",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.138/49398",Challenge="60e4c714",ReceivedChallenge="60e4c714",ReceivedHash="e92c2afc555dc183b7c9bafd080dd8aa"
\[2019-11-05 06:38:42\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.138:60006' - Wrong password
\[2019-11-05 06:38:42\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-05T06:38:42.284-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="1160",SessionID="0x7fdf2c3f5928",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.1

\[2019-11-04 03:50:11\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.138:56293' - Wrong password
\[2019-11-04 03:50:11\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-04T03:50:11.626-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="1164",SessionID="0x7fdf2c82a038",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.138/56293",Challenge="46bb0e66",ReceivedChallenge="46bb0e66",ReceivedHash="fcce94aea120013a826e4498a5269642"
\[2019-11-04 03:51:07\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.138:49670' - Wrong password
\[2019-11-04 03:51:07\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-04T03:51:07.771-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="1226",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85

\[2019-11-03 12:14:33\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.138:63255' - Wrong password
\[2019-11-03 12:14:33\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-03T12:14:33.563-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="1080",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.138/63255",Challenge="2dcd67a5",ReceivedChallenge="2dcd67a5",ReceivedHash="6bbb4b07016d6900e2686c72e2e753fb"
\[2019-11-03 12:15:33\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.138:57160' - Wrong password
\[2019-11-03 12:15:33\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-03T12:15:33.148-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="547",SessionID="0x7fdf2cabda78",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.1

2020-03-12T17:20:26.689226linuxbox-skyline auth[1354]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=hr rhost=185.36.81.23
...

$f2bV_matches

SASL PLAIN auth failed: ruser=...

Mar 13 00:08:35 debian-2gb-nbg1-2 kernel: \[6313651.701727\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=89.248.174.213 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=3355 PROTO=TCP SPT=44661 DPT=44280 WINDOW=1024 RES=0x00 SYN URGP=0

(sshd) Failed SSH login from 46.101.174.188 (DE/Germany/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Mar 13 00:39:49 elude sshd[12807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.174.188  user=root
Mar 13 00:39:52 elude sshd[12807]: Failed password for root from 46.101.174.188 port 45178 ssh2
Mar 13 00:45:00 elude sshd[13597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.174.188  user=games
Mar 13 00:45:02 elude sshd[13597]: Failed password for games from 46.101.174.188 port 59898 ssh2
Mar 13 00:46:27 elude sshd[13819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.174.188  user=root

Mar 12 22:13:11 vps339862 kernel: \[3266507.330207\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=80.82.77.232 DST=51.254.206.43 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=57658 PROTO=TCP SPT=47563 DPT=8389 SEQ=4114288596 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 
Mar 12 22:14:05 vps339862 kernel: \[3266561.320679\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=80.82.77.232 DST=51.254.206.43 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=60099 PROTO=TCP SPT=47563 DPT=60002 SEQ=152227466 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 
Mar 12 22:16:23 vps339862 kernel: \[3266698.667915\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=80.82.77.232 DST=51.254.206.43 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=40428 PROTO=TCP SPT=47563 DPT=3395 SEQ=398286468 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 
Mar 12 22:18:43 vps339862 kernel: \[3266839.099826\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e
...

Port probing on unauthorized port 23

SpamScore above: 10.0

" "

Mar 13 00:46:41 dcd-gentoo sshd[2106]: User root from 222.186.180.142 not allowed because none of user's groups are listed in AllowGroups
Mar 13 00:46:44 dcd-gentoo sshd[2106]: error: PAM: Authentication failure for illegal user root from 222.186.180.142
Mar 13 00:46:41 dcd-gentoo sshd[2106]: User root from 222.186.180.142 not allowed because none of user's groups are listed in AllowGroups
Mar 13 00:46:44 dcd-gentoo sshd[2106]: error: PAM: Authentication failure for illegal user root from 222.186.180.142
Mar 13 00:46:41 dcd-gentoo sshd[2106]: User root from 222.186.180.142 not allowed because none of user's groups are listed in AllowGroups
Mar 13 00:46:44 dcd-gentoo sshd[2106]: error: PAM: Authentication failure for illegal user root from 222.186.180.142
Mar 13 00:46:44 dcd-gentoo sshd[2106]: Failed keyboard-interactive/pam for invalid user root from 222.186.180.142 port 31701 ssh2
...

03/12/2020-19:30:53.545392 185.176.27.250 Protocol: 6 ET SCAN NMAP -sS window 1024

Mar 12 14:39:32 home sshd[13215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.66.243.77  user=root
Mar 12 14:39:34 home sshd[13215]: Failed password for root from 117.66.243.77 port 50700 ssh2
Mar 12 14:46:45 home sshd[13339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.66.243.77  user=root
Mar 12 14:46:46 home sshd[13339]: Failed password for root from 117.66.243.77 port 39594 ssh2
Mar 12 14:51:09 home sshd[13409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.66.243.77  user=root
Mar 12 14:51:11 home sshd[13409]: Failed password for root from 117.66.243.77 port 45067 ssh2
Mar 12 14:55:43 home sshd[13526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.66.243.77  user=root
Mar 12 14:55:45 home sshd[13526]: Failed password for root from 117.66.243.77 port 50566 ssh2
Mar 12 15:00:01 home sshd[13613]: Invalid user ranjit from 1

firewall-block, port(s): 23/tcp

Port probing on unauthorized port 23

2020-03-1222:08:361jCV4F-0005Zm-0g\<=info@whatsup2013.chH=\(localhost\)[180.183.114.63]:37349P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=2317id=E1E452010ADEF0439F9AD36B9FF7D545@whatsup2013.chT="fromDarya"fortopgunmed@hotmail.comdaytonj5804@gmail.com2020-03-1222:07:471jCV3S-0005VT-Hs\<=info@whatsup2013.chH=\(localhost\)[14.162.216.181]:52493P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=2416id=6366D083885C72C11D1851E91D01CA39@whatsup2013.chT="fromDarya"forokumnams@gmail.commberrospe423@gmail.com2020-03-1222:08:191jCV3u-0005Xe-Uf\<=info@whatsup2013.chH=\(localhost\)[196.219.96.72]:49096P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=2368id=5752E4B7BC6846F5292C65DD29E58981@whatsup2013.chT="fromDarya"forsunilroy9898@gmail.comyayayetongnon@gmail.com2020-03-1222:07:151jCV2w-0005So-QW\<=info@whatsup2013.chH=\(localhost\)[222.252.22.134]:52834P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GC