[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Jul 1 04:42:05 2021 Date Range Processed: yesterday ( 2021-Jun-30 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [219:222] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 8 sites probed the server 112.235.37.130 142.93.223.235 159.65.181.215 178.62.13.11 193.34.216.51 199.19.224.201 45.9.150.27 61.219.11.151 Requests with error response codes 400 Bad Request null: 8 Time(s) mstshash=Administr: 3 Time(s) //html/admin/config.php: 2 Time(s) //admin/config.php: 1 Time(s) //admin/images/: 1 Time(s) //asterisk/admin/config.php: 1 Time(s) //asterisk/admin/images/: 1 Time(s) //asterisk/recordings/index.php: 1 Time(s) //config.php: 1 Time(s) //fpbx/admin/config.php: 1 Time(s) //fpbx/admin/images/: 1 Time(s) //fpbx/recordings/index.php: 1 Time(s) //freepbx/admin/images/: 1 Time(s) //freepbx/recordings/index.php: 1 Time(s) //html/recordings/index.php: 1 Time(s) //myasterisk/admin/config.php: 1 Time(s) //myasterisk/admin/images/: 1 Time(s) //myasterisk/recordings/index.php: 1 Time(s) //pbx/admin/config.php: 1 Time(s) //pbx/admin/images/: 1 Time(s) //pbx/recordings/index.php: 1 Time(s) //recordings/index.php: 1 Time(s) //www/admin/config.php: 1 Time(s) //www/admin/images/: 1 Time(s) //www/recordings/index.php: 1 Time(s) /DlRZ: 1 Time(s) 7: 1 Time(s) \xC6n\xB0: 1 Time(s) 404 Not Found /robots.txt: 34 Time(s) /wp-login.php: 3 Time(s) /neuigkeiten/einladung-mgv-ss2011: 2 Time(s) /xmlrpc.php: 2 Time(s) /datenschutz: 1 Time(s) /node?page=1: 1 Time(s) /reader/2017_SoSe_Berlin.pdf%7C: 1 Time(s) /reader/Deutsche%20Mathematiker-Vereinigun ... Unterrichts.pdf: 1 Time(s) /resolutionen/sose18/Akkreditierung/reso_laender_: 1 Time(s) /resolutionen/sose19/Akkreditierungsrichtlinien_: 1 Time(s) /resolutionen/wise15/Transparenz_in_der_Dr ... sparenz_in_der_: 1 Time(s) /resolutionen/wise17/Akkreditierung_PosPap/Pospap_: 1 Time(s) /verein%7CZaPF: 1 Time(s) /wordpress/wp-admin/: 1 Time(s) /zapf/reader/%7CTagungsreader: 1 Time(s) 499 (undefined) /build/MathJax/config/TeX-AMS-MML_HTMLorMML.js: 1 Time(s) 500 Internal Server Error /: 34 Time(s) /.env: 5 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s) //: 3 Time(s) /?XDEBUG_SESSION_START=phpstorm: 2 Time(s) /api/jsonws/invoke: 2 Time(s) /console/: 2 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s) //a2billing/customer/templates/default/footer.tpl: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /bag2: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /favicon.ico: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /nice%20ports%2C/Tri%6Eity.txt%2ebak: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /robots.txt: 1 Time(s) /wsman: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (103.39.221.143): 70 Time(s) root (129.226.159.126): 70 Time(s) root (157.230.42.191): 70 Time(s) root (175.125.94.166): 70 Time(s) root (175.27.156.124): 70 Time(s) root (178.62.81.36): 70 Time(s) root (204.90.142.68): 70 Time(s) root (209.97.163.175): 70 Time(s) root (182.71.85.94): 68 Time(s) root (106.13.172.132): 63 Time(s) root (186.16.209.222): 60 Time(s) root (152.32.150.194): 54 Time(s) root (101.32.40.233): 50 Time(s) root (118.195.139.187): 50 Time(s) root (120.223.246.139): 50 Time(s) root (159.89.47.106): 50 Time(s) root (189.178.107.223): 50 Time(s) root (45.175.18.29): 50 Time(s) root (49.232.172.163): 50 Time(s) root (user-24-236-85-150.knology.net): 50 Time(s) root (v118-27-108-171.6p1s.static.cnode.io): 50 Time(s) root (129.28.166.144): 48 Time(s) root (42.193.140.247): 48 Time(s) root (101.32.19.11): 44 Time(s) root (124.235.171.114): 44 Time(s) root (175.24.30.100): 43 Time(s) root (167.99.137.148): 42 Time(s) root (52.168.26.21): 42 Time(s) root (36.137.193.128): 41 Time(s) root (104.131.16.66): 40 Time(s) root (119.29.77.63): 40 Time(s) root (81.70.25.19): 36 Time(s) unknown (42.194.137.87): 34 Time(s) root (103.37.151.84): 31 Time(s) root (188.166.187.141): 30 Time(s) root (42.193.99.56): 30 Time(s) root (122.192.87.150): 29 Time(s) root (200-101-209-240.user3p.brasiltelecom.net.br): 29 Time(s) root (104.131.165.30): 28 Time(s) root (static-200-105-212-213.acelerate.net): 28 Time(s) root (107.173.82.229): 27 Time(s) root (164.163.99.10): 27 Time(s) root (103.226.250.120): 26 Time(s) unknown (81.70.176.31): 26 Time(s) root (42.192.95.184): 25 Time(s) root (49.232.209.128): 25 Time(s) unknown (202.95.15.68): 25 Time(s) unknown (81.28.167.30): 25 Time(s) unknown (134.122.130.38): 24 Time(s) unknown (134.175.206.145): 23 Time(s) unknown (211.184.187.129): 22 Time(s) unknown (111.231.206.166): 21 Time(s) unknown (192.3.128.45): 21 Time(s) unknown (49.235.247.5): 21 Time(s) unknown (106.13.177.14): 20 Time(s) unknown (121.5.160.89): 20 Time(s) unknown (14.63.213.72): 20 Time(s) unknown (157.245.40.222): 20 Time(s) unknown (mail.issys.gov.ar): 20 Time(s) unknown (103.40.242.213): 19 Time(s) unknown (152.136.255.119): 19 Time(s) unknown (36.22.187.34): 19 Time(s) unknown (49.232.222.89): 19 Time(s) unknown (103.253.147.160): 17 Time(s) unknown (krishnovate.tech): 17 Time(s) unknown (68.183.31.114): 16 Time(s) root (147.139.168.106): 15 Time(s) unknown (106.12.114.101): 15 Time(s) root (211.198.174.72): 14 Time(s) root (49.232.222.89): 13 Time(s) unknown (187.112.99.191): 13 Time(s) root (139.198.179.46): 12 Time(s) root (42.194.137.87): 12 Time(s) root (46.146.218.79): 12 Time(s) root (krishnovate.tech): 12 Time(s) unknown (104.131.74.150): 12 Time(s) unknown (80.122.135.22): 12 Time(s) root (134.175.206.145): 10 Time(s) root (106.12.114.101): 9 Time(s) unknown (209.141.49.67): 9 Time(s) root (209.141.49.67): 8 Time(s) root (103.40.242.213): 7 Time(s) root (68.183.31.114): 7 Time(s) root (80.122.135.22): 7 Time(s) root (81.28.167.30): 7 Time(s) root (81.70.176.31): 7 Time(s) root (mail.issys.gov.ar): 7 Time(s) root (106.13.177.14): 6 Time(s) root (152.136.255.119): 6 Time(s) root (187.112.99.191): 6 Time(s) root (192.3.128.45): 6 Time(s) root (211.184.187.129): 6 Time(s) root (36.112.171.51): 6 Time(s) root (41.175.237.162): 6 Time(s) unknown (120.195.30.152): 6 Time(s) unknown (137.135.202.38): 6 Time(s) unknown (165.22.59.185): 6 Time(s) root (103.253.147.160): 5 Time(s) root (111.231.206.166): 5 Time(s) root (121.5.160.89): 5 Time(s) root (134.122.130.38): 5 Time(s) root (157.245.40.222): 5 Time(s) unknown (121.46.26.17): 5 Time(s) unknown (195.133.40.104): 5 Time(s) unknown (211.253.10.96): 5 Time(s) root (121.5.253.93): 4 Time(s) root (14.63.213.72): 4 Time(s) root (211.253.10.96): 4 Time(s) root (222.141.14.16): 4 Time(s) root (36.22.187.34): 4 Time(s) unknown (199.195.248.154): 4 Time(s) unknown (205.185.125.109): 4 Time(s) root (121.46.26.17): 3 Time(s) root (209.97.141.112): 3 Time(s) root (45.146.165.72): 3 Time(s) root (49.235.247.5): 3 Time(s) unknown (107.189.1.174): 3 Time(s) unknown (107.189.1.180): 3 Time(s) postgres (106.12.114.101): 2 Time(s) root (104.131.74.150): 2 Time(s) root (107.189.1.174): 2 Time(s) root (107.189.1.180): 2 Time(s) root (107.189.3.138): 2 Time(s) root (120.195.30.152): 2 Time(s) root (137.135.202.38): 2 Time(s) root (202.95.15.68): 2 Time(s) root (tor-exit5-readme.dfri.se): 2 Time(s) unknown (107.189.3.138): 2 Time(s) unknown (42.194.149.96): 2 Time(s) unknown (43.128.70.127): 2 Time(s) unknown (b2b-37-24-123-223.unitymedia.biz): 2 Time(s) backup (134.175.206.145): 1 Time(s) bin (68.183.31.114): 1 Time(s) deployment (14.63.213.72): 1 Time(s) deployment (192.3.128.45): 1 Time(s) mysql (104.131.74.150): 1 Time(s) mysql (49.235.247.5): 1 Time(s) mysql (mail.issys.gov.ar): 1 Time(s) postgres (121.5.160.89): 1 Time(s) postgres (14.63.213.72): 1 Time(s) postgres (157.245.40.222): 1 Time(s) postgres (192.3.128.45): 1 Time(s) postgres (211.184.187.129): 1 Time(s) postgres (81.28.167.30): 1 Time(s) root (106.12.242.251): 1 Time(s) root (106.193.183.234): 1 Time(s) root (143.198.203.154): 1 Time(s) root (150.158.164.72): 1 Time(s) root (153.36.233.60): 1 Time(s) root (162.62.117.85): 1 Time(s) root (172.96.251.154.16clouds.com): 1 Time(s) root (185.100.87.72): 1 Time(s) root (185.216.32.130): 1 Time(s) root (193.169.254.113): 1 Time(s) root (197.5.145.26): 1 Time(s) root (198.98.50.112): 1 Time(s) root (203.172.56.202): 1 Time(s) root (220.178.227.208): 1 Time(s) root (36.134.75.149): 1 Time(s) root (37.183.188.131): 1 Time(s) root (43.128.71.88): 1 Time(s) root (45.135.232.165): 1 Time(s) root (49.232.155.44): 1 Time(s) root (60.167.169.224): 1 Time(s) root (60.6.209.7): 1 Time(s) root (tor-exit0-readme.dfri.se): 1 Time(s) root (tor-exit4-readme.dfri.se): 1 Time(s) sshd (45.135.232.165): 1 Time(s) unknown (118.194.233.231): 1 Time(s) unknown (186.24.218.195): 1 Time(s) unknown (193.169.254.113): 1 Time(s) unknown (198.98.54.56): 1 Time(s) unknown (209.141.47.35): 1 Time(s) unknown (222.141.14.16): 1 Time(s) unknown (23.225.39.125): 1 Time(s) unknown (45.135.232.165): 1 Time(s) unknown (49.234.58.242): 1 Time(s) www-data (106.12.114.101): 1 Time(s) www-data (42.194.137.87): 1 Time(s) Invalid Users: Unknown Account: 593 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 23.305K Bytes accepted 23,864 23.305K Bytes sent via SMTP 23,864 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 311 Connections 230 Connections lost (inbound) 311 Disconnections 1 Removed from queue 1 Sent via SMTP 7 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 14.63.213.72: 6 times 24.236.85.150 (user-24-236-85-150.knology.net): 50 times 36.22.187.34: 4 times 36.112.171.51: 6 times 36.134.75.149: 1 time 36.137.193.128: 41 times 37.183.188.131: 1 time 41.175.237.162: 6 times 42.192.95.184: 25 times 42.193.99.56: 30 times 42.193.140.247: 48 times 42.194.137.87: 13 times 43.128.71.88: 1 time 45.135.232.165: 2 times 45.146.165.72: 3 times 45.175.18.29: 50 times 46.146.218.79 (net218-79.perm.ertelecom.ru): 12 times 49.232.155.44: 1 time 49.232.172.163: 50 times 49.232.209.128: 25 times 49.232.222.89: 13 times 49.235.247.5: 4 times 52.168.26.21: 42 times 60.6.209.7: 1 time 60.167.169.224: 1 time 68.183.31.114: 8 times 80.122.135.22: 7 times 81.28.167.30: 8 times 81.70.25.19: 36 times 81.70.176.31: 7 times 101.32.19.11: 44 times 101.32.40.233: 50 times 103.37.151.84: 31 times 103.39.221.143: 70 times 103.40.242.213: 7 times 103.226.250.120: 26 times 103.253.147.160: 5 times 104.131.16.66: 40 times 104.131.74.150: 3 times 104.131.165.30 (mobile-dev.secondsiren.com): 28 times 106.12.114.101: 12 times 106.12.242.251: 1 time 106.13.172.132: 63 times 106.13.177.14: 6 times 106.193.183.234: 1 time 107.173.82.229 (107-173-82-229-host.colocrossing.com): 27 times 107.189.1.174: 2 times 107.189.1.180: 2 times 107.189.3.138: 2 times 111.231.206.166: 5 times 118.27.108.171 (v118-27-108-171.6p1s.static.cnode.io): 50 times 118.195.139.187: 50 times 119.29.77.63: 40 times 120.195.30.152: 2 times 120.223.246.139: 50 times 121.5.160.89: 6 times 121.5.253.93: 4 times 121.46.26.17: 3 times 122.192.87.150: 29 times 124.235.171.114: 44 times 129.28.166.144: 48 times 129.226.159.126: 70 times 134.122.130.38: 5 times 134.175.206.145: 11 times 137.135.202.38: 2 times 139.198.179.46: 12 times 143.198.203.154: 1 time 147.139.168.106: 15 times 150.158.164.72: 1 time 152.32.150.194: 54 times 152.136.255.119: 6 times 153.36.233.60: 1 time 157.230.42.191: 70 times 157.245.40.222: 6 times 159.89.47.106: 50 times 162.62.117.85: 1 time 164.163.99.10 (164-163-99-10.isp.infomaistelecom.com.br): 27 times 167.99.137.148: 42 times 171.25.193.20 (tor-exit0-readme.dfri.se): 1 time 171.25.193.25 (tor-exit5-readme.dfri.se): 2 times 171.25.193.78 (tor-exit4-readme.dfri.se): 1 time 172.96.251.154 (172.96.251.154.16clouds.com): 1 time 175.24.30.100: 43 times 175.27.156.124: 70 times 175.125.94.166: 70 times 178.62.81.36: 70 times 182.71.85.94 (nsg-static-094.85.71.182.airtel.in): 68 times 185.100.87.72 (iclnm.worlpeed.net): 1 time 185.216.32.130 (mail6.squareitmedia.com): 1 time 186.16.209.222 (pool-222-209-16-186.telecel.com.py): 60 times 187.112.99.191 (187.112.99.191.static.host.gvt.net.br): 6 times 188.166.187.141: 30 times 189.178.107.223 (dsl-189-178-107-223-dyn.prod-infinitum.com.mx): 50 times 192.3.128.45 (192-3-128-45-host.colocrossing.com): 8 times 192.64.82.114 (krishnovate.tech): 12 times 193.169.254.113: 1 time 197.5.145.26: 1 time 198.98.50.112 (tor.your-domain.tld): 1 time 200.5.196.218 (mail.issys.gov.ar): 8 times 200.101.209.240 (200-101-209-240.user3p.brasiltelecom.net.br): 29 times 200.105.212.213 (static-200-105-212-213.acelerate.net): 28 times 202.95.15.68: 2 times 203.172.56.202 (reverse-203-172-56-202.csloxinfo.net): 1 time 204.90.142.68: 70 times 209.97.141.112 (abrus.cloud): 3 times 209.97.163.175: 70 times 209.141.49.67 (backup.adtoo.net): 8 times 211.184.187.129: 7 times 211.198.174.72: 14 times 211.253.10.96: 4 times 220.178.227.208: 1 time 222.141.14.16 (hn.kd.ny.adsl): 4 times Illegal users from: undef: 393 times 14.63.213.72: 20 times 23.225.39.125: 1 time 36.22.187.34: 19 times 37.24.123.223 (b2b-37-24-123-223.unitymedia.biz): 2 times 42.194.137.87: 34 times 42.194.149.96: 2 times 43.128.70.127: 2 times 45.135.232.165: 1 time 49.232.222.89: 19 times 49.234.58.242: 1 time 49.235.247.5: 21 times 68.183.31.114: 16 times 80.122.135.22: 12 times 81.28.167.30: 25 times 81.70.176.31: 26 times 103.40.242.213: 19 times 103.253.147.160: 17 times 104.131.74.150: 12 times 106.12.114.101: 15 times 106.13.177.14: 20 times 107.189.1.174: 3 times 107.189.1.180: 3 times 107.189.3.138: 2 times 111.231.206.166: 21 times 118.194.233.231: 1 time 120.195.30.152: 6 times 121.5.160.89: 20 times 121.46.26.17: 5 times 134.122.130.38: 24 times 134.175.206.145: 23 times 137.135.202.38: 6 times 152.136.255.119: 19 times 157.245.40.222: 20 times 165.22.59.185: 6 times 186.24.218.195 (186-24-218-195.genericrev.telcel.net.ve): 1 time 187.112.99.191 (187.112.99.191.static.host.gvt.net.br): 13 times 192.3.128.45 (192-3-128-45-host.colocrossing.com): 21 times 192.64.82.114 (krishnovate.tech): 17 times 193.169.254.113: 1 time 195.133.40.104: 5 times 198.98.54.56: 1 time 199.195.248.154: 4 times 200.5.196.218 (mail.issys.gov.ar): 20 times 202.95.15.68: 25 times 205.185.125.109: 4 times 209.141.47.35: 1 time 209.141.49.67 (backup.adtoo.net): 9 times 211.184.187.129: 22 times 211.253.10.96: 5 times 222.141.14.16 (hn.kd.ny.adsl): 1 time ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################