[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Jul 31 04:42:03 2023 Date Range Processed: yesterday ( 2023-Jul-30 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 68:68 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 45.128.232.183 -> google.com:443: 1 Time(s) A total of 19 sites probed the server 103.141.136.18 107.170.227.16 107.170.231.8 107.170.253.7 138.197.15.3 159.223.2.172 161.35.238.241 167.172.57.1 167.71.102.181 167.71.133.68 174.138.61.44 195.3.222.214 198.199.114.69 198.235.24.238 219.155.15.145 45.55.68.23 64.227.150.86 64.62.197.161 91.219.236.56 Requests with error response codes 400 Bad Request null: 23 Time(s) mstshash=Administr: 7 Time(s) /: 6 Time(s) A@BAE@FAI: 3 Time(s) *: 2 Time(s) /.env: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /private/api/v1/service/premaster: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) F\x89\x82\xE3\xF1\xACD\xA7\xA1\xA9\xFDF\xD ... !@\xFC\xC5B\xF0: 1 Time(s) \x00\x00\x1A\xC0/\xC0+\xC0\x11\xC0\x07\xC0 ... x09\xC0\x14\xC0: 1 Time(s) \xA0g\x88\xAA\xD8[\x1D\x00\x00\x1A\xC0/\xC ... x09\xC0\x14\xC0: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xCB\xC6\x02\xD4\xB1#\xEE\xC8~1\x18\xFE: 1 Time(s) \xCF}\x00\x00\x1A\xC0/\xC0+\xC0\x11\xC0\x0 ... x09\xC0\x14\xC0: 1 Time(s) google.com:443: 1 Time(s) 500 Internal Server Error /: 30 Time(s) /.env: 5 Time(s) /.git/config: 4 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /HNAP1/: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /actuator/health: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /favicon.ico: 1 Time(s) /geoserver: 1 Time(s) /geoserver/web/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /t4: 1 Time(s) /version: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (24.199.87.170): 198 Time(s) root (162.240.38.128): 47 Time(s) root (185.224.128.142): 31 Time(s) root (83.139.6.147): 26 Time(s) root (139.59.23.204): 24 Time(s) unknown (141.98.11.113): 15 Time(s) unknown (162.240.38.128): 15 Time(s) root (217.160.49.181): 14 Time(s) unknown (24.144.98.156): 11 Time(s) root (141.98.11.11): 9 Time(s) root (193.169.255.233): 9 Time(s) unknown (141.98.11.11): 9 Time(s) root (118.220.252.143): 6 Time(s) root (176.113.115.210): 6 Time(s) root (207.154.212.27): 6 Time(s) root (218.149.29.177): 6 Time(s) unknown (159.203.46.152): 6 Time(s) root (220.85.247.129): 5 Time(s) unknown (176.113.115.211): 5 Time(s) unknown (83.139.6.147): 5 Time(s) unknown (176.113.115.210): 4 Time(s) unknown (193.35.18.169): 4 Time(s) root (141.98.11.113): 3 Time(s) unknown (207.154.212.27): 3 Time(s) unknown (c-24-56-197-103.customer.broadstripe.net): 3 Time(s) root (24.144.98.156): 2 Time(s) root (vmi1314211.contaboserver.net): 2 Time(s) unknown (186.67.55.133): 2 Time(s) bin (162.240.38.128): 1 Time(s) postgres (162.240.38.128): 1 Time(s) root (176.113.115.211): 1 Time(s) root (178.46.163.13): 1 Time(s) unknown (175.156.138.216): 1 Time(s) unknown (209.40.218.11): 1 Time(s) unknown (211.229.73.221): 1 Time(s) unknown (222.118.223.15): 1 Time(s) unknown (5.42.12.220): 1 Time(s) unknown (vmi1314211.contaboserver.net): 1 Time(s) Invalid Users: Unknown Account: 293 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 9.136K Bytes accepted 9,355 9.136K Bytes sent via SMTP 9,355 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 339 Connections 94 Connections lost (inbound) 339 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 3 Time(s) Failed logins from: 24.144.98.156: 2 times 83.139.6.147: 26 times 118.220.252.143: 6 times 139.59.23.204: 24 times 141.98.11.11 (axon-stall.riddlecamera.net): 9 times 141.98.11.113 (annoying.medyamol.com): 3 times 154.26.155.154 (vmi1314211.contaboserver.net): 2 times 162.240.38.128 (5583657.serviceraven.net): 49 times 176.113.115.210: 6 times 176.113.115.211: 1 time 178.46.163.13: 1 time 185.224.128.142: 31 times 193.169.255.233: 13 times 207.154.212.27: 6 times 217.160.49.181: 14 times 218.149.29.177: 6 times 220.85.247.129: 6 times Illegal users from: 2001:470:1:332::157: 1 time undef: 59 times 5.42.12.220: 1 time 24.56.197.103 (c-24-56-197-103.customer.broadstripe.net): 3 times 24.144.98.156: 11 times 24.199.87.170: 198 times 64.62.197.13 (scan-36l.shadowserver.org): 1 time 83.139.6.147: 5 times 141.98.11.11 (axon-stall.riddlecamera.net): 9 times 141.98.11.113 (annoying.medyamol.com): 15 times 154.26.155.154 (vmi1314211.contaboserver.net): 3 times 159.203.46.152: 6 times 162.240.38.128 (5583657.serviceraven.net): 15 times 175.156.138.216: 1 time 176.113.115.210: 4 times 176.113.115.211: 6 times 185.224.128.142: 1 time 186.67.55.133: 2 times 193.35.18.169: 4 times 207.154.212.27: 3 times 209.40.218.11: 1 time 211.229.73.221: 5 times 222.118.223.15: 5 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47383p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################