Scoundrels

D --> f001ish attempts at misuse of resources

D --> fail2ban

743	[sshd]  189.112.109.185
738	[sshd]  81.149.211.134
613	[sshd]  94.21.243.204
608	[sshd]  118.70.182.185
459	[sshd]  175.197.77.3
198	[sshd]  177.92.144.90
197	[sshd]  95.44.60.193
196	[sshd]  179.98.151.134
189	[sshd]  222.112.65.55
154	[sshd]  125.227.62.145
81	[sshd]  186.223.229.247
79	[sshd-ddos]  49.88.112.65
61	[sshd]  79.188.68.90
46	[sshd]  86.16.120.243
29	[sshd]  79.157.240.57
... list truncated...

D --> via http

8 requests from 112.245.242.245 5 requests from 120.92.33.226 3 requests from 62.234.110.91 2 requests from 203.96.184.18 2 requests from 206.248.139.105 2 requests from 117.85.63.252 2 requests from 60.205.229.224 1 requests from 94.102.50.96 1 requests from 66.249.79.149 1 requests from 104.131.185.1 1 requests from 82.165.84.68 1 requests from 209.17.96.226 1 requests from 91.121.82.64 1 requests from 184.168.224.163 1 requests from 61.126.47.234 ... 45 items truncated ...

14 requests for / 13 requests for /wp-login.php 4 requests for /wp-admin/ 3 requests for www.baidu.com:443 3 requests for cn.bing.com:443 2 requests for /gallery/Formspring_Archives_files/ 2 requests for //wp-login.php 1 requests for //plus/recommend.php 1 requests for //plus/mytag_js.php... 1 requests for /webadmin/script... 1 requests for /gallery/notifier/macros/ 1 requests for //plus/moon.php 1 requests for /TP/index.php 1 requests for /wp-content/themes/amoveo/includes/fileuploader/upload_handler.php 1 requests for /MyAdmin/scripts/setup.php ... 28 items truncated ...

D --> via ssh

254 attempts from  189.112.0.0/16 252 attempts from  81.128.0.0/11 213 attempts from  94.21.0.0/16 211 attempts from  118.70.182.0/24 157 attempts from  175.192.0.0/13 72 attempts from  222.112.0.0/13 69 attempts from  177.92.144.0/22 67 attempts from  95.44.0.0/15 67 attempts from  179.98.0.0/16 53 attempts from  125.227.0.0/16 28 attempts from  186.223.224.0/21 21 attempts from  79.184.0.0/13 20 attempts from  86.16.0.0/14 12 attempts from  121.184.0.0/13 10 attempts from  79.157.0.0/16 10 attempts from  157.230.32.0/20 9 attempts from  193.201.224.0/22 8 attempts from  46.101.0.0/18 8 attempts from  104.196.0.0/19 7 attempts from  88.88.0.0/13 ... 64 items truncated ...

244 attempts on root 68 attempts on admin 42 attempts on test 21 attempts on oracle 20 attempts on user 19 attempts on mysql 18 attempts on ubuntu 18 attempts on postgres 18 attempts on pi 13 attempts on web 13 attempts on git 13 attempts on ftpuser 11 attempts on www 11 attempts on 123456 10 attempts on guest 10 attempts on ftp 8 attempts on testuser 8 attempts on teste 8 attempts on test1 8 attempts on teamspeak ... 220 items truncated ..

D --> via smtp

4 attempts from  186.145.62.187 4 attempts from  185.27.235.193 4 attempts from  43.250.243.159 3 attempts from  213.6.17.2

16 of Recipient address rejected: someone sold this address to spammers 14 of Recipient address rejected: User unknown in local recipient table 4 of Recipient address rejected: Warcraft Realms sold this address to spammers 4 of Recipient address rejected: User unknown in virtual alias table 4 of Recipient address rejected: LinkedIn client list got hacked by spammers 3 of Sender address rejected: Domain not found 3 of Recipient address rejected: Please see http://www.openspf.net/Why?s=helo 2 of Recipient address rejected: Tumblr user list got hacked by spammers 2 of Recipient address rejected: MSPaintFanAdvenures got hacked by spammers

D --> blacklisted

Blacklisted by hand
pkts	bytes	target	prot	source
321	16284	REFUSE	all	185.222.211.0/24
Auto-blacklisted by triggering a trap
pkts	bytes	target	prot	source
0	0	REFUSE	all	5.77.55.67
13	584	REFUSE	all	13.52.162.149
0	0	REFUSE	all	18.136.8.191
0	0	REFUSE	all	31.24.33.250
7	404	REFUSE	all	31.202.101.40
12	572	REFUSE	all	36.75.46.233
0	0	REFUSE	all	37.187.143.98
0	0	REFUSE	all	39.98.163.123
12	544	REFUSE	all	40.70.218.165
8	344	REFUSE	all	45.40.166.150
10	424	REFUSE	all	45.122.223.63
0	0	REFUSE	all	46.32.240.47
0	0	REFUSE	all	46.250.210.127
0	0	REFUSE	all	47.100.245.119
0	0	REFUSE	all	49.244.70.55
0	0	REFUSE	all	50.62.177.112
0	0	REFUSE	all	50.63.194.35
0	0	REFUSE	all	50.63.197.33
0	0	REFUSE	all	50.63.197.100
1	68	REFUSE	all	51.68.11.215
0	0	REFUSE	all	54.36.250.91
0	0	REFUSE	all	59.42.121.8
0	0	REFUSE	all	60.195.249.207
0	0	REFUSE	all	62.234.108.128
13	584	REFUSE	all	62.234.110.91
20	912	REFUSE	all	62.234.156.64
0	0	REFUSE	all	64.91.246.239
0	0	REFUSE	all	65.99.237.192
0	0	REFUSE	all	65.182.101.71
0	0	REFUSE	all	66.96.128.60
1	60	REFUSE	all	66.147.242.98
0	0	REFUSE	all	67.227.154.91
0	0	REFUSE	all	69.163.163.221
0	0	REFUSE	all	69.195.124.213
0	0	REFUSE	all	74.124.215.139
11	1092	REFUSE	all	74.208.56.190
0	0	REFUSE	all	74.208.56.210
0	0	REFUSE	all	74.208.57.19
12	1152	REFUSE	all	74.208.58.222
1	60	REFUSE	all	77.72.1.98
0	0	REFUSE	all	77.234.46.145
8	344	REFUSE	all	79.170.40.178
12	512	REFUSE	all	79.180.232.14
0	0	REFUSE	all	80.243.110.5
0	0	REFUSE	all	81.27.92.78
0	0	REFUSE	all	81.169.144.135
8	320	REFUSE	all	81.176.232.150
0	0	REFUSE	all	82.165.80.38
0	0	REFUSE	all	82.165.80.138
0	0	REFUSE	all	82.165.80.244
11	1090	REFUSE	all	82.165.82.69
0	0	REFUSE	all	82.165.82.148
11	1090	REFUSE	all	82.165.84.68
0	0	REFUSE	all	82.165.84.131
0	0	REFUSE	all	82.165.85.249
0	0	REFUSE	all	82.165.86.200
0	0	REFUSE	all	82.221.105.125
3	152	REFUSE	all	83.15.219.198
0	0	REFUSE	all	83.223.124.6
0	0	REFUSE	all	88.99.228.18
0	0	REFUSE	all	90.166.116.201
0	0	REFUSE	all	91.121.81.65
11	464	REFUSE	all	91.134.138.193
0	0	REFUSE	all	91.134.248.211
0	0	REFUSE	all	91.208.99.2
0	0	REFUSE	all	94.23.252.225
1	60	REFUSE	all	94.73.147.215
98	5248	REFUSE	all	94.102.50.96
0	0	REFUSE	all	94.102.50.96
0	0	REFUSE	all	95.110.157.81
0	0	REFUSE	all	95.211.209.158
0	0	REFUSE	all	101.231.101.134
5	224	REFUSE	all	101.249.53.139
6	252	REFUSE	all	102.164.214.225
9	384	REFUSE	all	103.7.221.127
9	372	REFUSE	all	103.26.247.102
0	0	REFUSE	all	103.29.134.121
0	0	REFUSE	all	103.120.251.15
0	0	REFUSE	all	104.200.134.161
1	40	REFUSE	all	106.45.0.50
0	0	REFUSE	all	109.175.101.81
155	9260	REFUSE	all	110.249.212.46
6	264	REFUSE	all	111.221.46.181
8	344	REFUSE	all	111.224.235.147
18	820	REFUSE	all	111.230.49.202
0	0	REFUSE	all	113.66.33.195
0	0	REFUSE	all	113.111.82.141
0	0	REFUSE	all	114.215.164.201
0	0	REFUSE	all	115.28.229.143
7	280	REFUSE	all	116.21.28.106
0	0	REFUSE	all	116.21.29.26
0	0	REFUSE	all	116.203.17.148
0	0	REFUSE	all	118.25.71.229
0	0	REFUSE	all	118.25.105.88
0	0	REFUSE	all	118.25.134.144
9	384	REFUSE	all	118.81.0.202
0	0	REFUSE	all	119.29.82.97
0	0	REFUSE	all	120.24.60.115
0	0	REFUSE	all	120.27.100.100
0	0	REFUSE	all	120.27.103.132
0	0	REFUSE	all	120.76.176.146
6	240	REFUSE	all	121.42.54.54
0	0	REFUSE	all	121.42.154.116
9	420	REFUSE	all	121.57.226.228
0	0	REFUSE	all	121.196.192.116
0	0	REFUSE	all	123.110.148.239
3	152	REFUSE	all	123.206.197.121
6	240	REFUSE	all	123.207.29.152
8	320	REFUSE	all	123.207.82.47
11	540	REFUSE	all	123.207.149.160
1	60	REFUSE	all	123.232.106.123
9	384	REFUSE	all	124.90.51.107
0	0	REFUSE	all	124.189.5.179
0	0	REFUSE	all	125.27.179.27
0	0	REFUSE	all	129.28.185.175
0	0	REFUSE	all	129.204.123.228
1	40	REFUSE	all	129.211.68.200
0	0	REFUSE	all	129.213.107.67
3	120	REFUSE	all	132.148.47.92
0	0	REFUSE	all	134.119.194.231
27	1424	REFUSE	all	138.201.36.93
0	0	REFUSE	all	139.129.40.112
0	0	REFUSE	all	139.129.130.253
8	320	REFUSE	all	140.143.93.167
6	304	REFUSE	all	144.217.190.197
0	0	REFUSE	all	148.70.156.246
12	524	REFUSE	all	158.69.242.115
0	0	REFUSE	all	160.153.141.240
0	0	REFUSE	all	162.144.252.192
16	764	REFUSE	all	163.172.72.161
0	0	REFUSE	all	164.132.95.220
0	0	REFUSE	all	166.62.89.205
9	384	REFUSE	all	171.34.177.151
9	384	REFUSE	all	171.34.179.32
0	0	REFUSE	all	173.236.176.142
8	356	REFUSE	all	175.42.2.71
0	0	REFUSE	all	178.33.49.219
19	952	REFUSE	all	178.137.84.167
0	0	REFUSE	all	180.101.253.161
0	0	REFUSE	all	183.111.174.4
0	0	REFUSE	all	184.168.27.75
0	0	REFUSE	all	184.168.152.112
0	0	REFUSE	all	184.168.193.41
0	0	REFUSE	all	184.168.193.97
8	344	REFUSE	all	184.168.193.98
0	0	REFUSE	all	184.168.200.23
3	120	REFUSE	all	184.168.224.163
1	60	REFUSE	all	185.17.180.163
8	344	REFUSE	all	185.17.198.18
0	0	REFUSE	all	185.33.117.140
0	0	REFUSE	all	185.92.1.86
8	344	REFUSE	all	185.122.203.164
11	660	REFUSE	all	185.222.211.14
0	0	REFUSE	all	188.76.65.156
0	0	REFUSE	all	188.165.137.168
8	344	REFUSE	all	188.254.38.186
0	0	REFUSE	all	189.171.82.185
361	18488	REFUSE	all	190.146.232.33
0	0	REFUSE	all	190.181.40.250
0	0	REFUSE	all	192.228.139.250
0	0	REFUSE	all	193.143.77.10
0	0	REFUSE	all	193.169.252.30
24	1220	REFUSE	all	193.201.224.194
10	508	REFUSE	all	193.201.224.195
0	0	REFUSE	all	195.29.89.6
0	0	REFUSE	all	198.71.224.63
0	0	REFUSE	all	198.71.236.56
0	0	REFUSE	all	198.167.223.52
8	344	REFUSE	all	198.252.105.21
0	0	REFUSE	all	199.16.128.45
0	0	REFUSE	all	200.27.172.196
0	0	REFUSE	all	202.108.1.120
0	0	REFUSE	all	202.108.4.89
10	412	REFUSE	all	204.48.29.125
11	504	REFUSE	all	207.148.72.235
76	3852	REFUSE	all	209.159.145.226
0	0	REFUSE	all	211.20.54.34
0	0	REFUSE	all	212.1.210.220
0	0	REFUSE	all	213.112.85.181
0	0	REFUSE	all	216.51.232.61
0	0	REFUSE	all	216.172.164.227
0	0	REFUSE	all	216.218.189.80
9	372	REFUSE	all	217.27.41.138
8	344	REFUSE	all	217.31.62.168
0	0	REFUSE	all	217.115.140.79
0	0	REFUSE	all	222.73.129.15