[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Oct 12 04:42:05 2021 Date Range Processed: yesterday ( 2021-Oct-11 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 83:81 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 9 sites probed the server 193.107.216.49 199.195.251.213 209.141.56.41 222.186.19.235 27.115.124.74 64.225.98.138 68.183.198.74 89.233.107.229 91.132.58.79 Requests with error response codes 400 Bad Request null: 10 Time(s) /: 4 Time(s) /config/getuser?index=0: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /66526102: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /bag2: 1 Time(s) /manager/html: 1 Time(s) /robots.txt: 1 Time(s) \xD6tI\x19J~0\x88\xB13\xD4C\xCA\x07: 1 Time(s) mstshash=Administr: 1 Time(s) 499 (undefined) /_ignition/execute-solution: 1 Time(s) 500 Internal Server Error /: 54 Time(s) /.env: 34 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /favicon.ico: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s) //remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /OA_HTML/RF.jsp: 1 Time(s) /OWA/NSPI/: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /console/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s) /robots.txt: 1 Time(s) /sitemap.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (121.5.45.12): 43 Time(s) root (178.254.138.66): 43 Time(s) root (118.25.182.61): 42 Time(s) root (121.5.154.247): 40 Time(s) root (82.157.189.241): 40 Time(s) root (200-148-108-181.dsl.telesp.net.br): 39 Time(s) root (114.255.252.30): 38 Time(s) root (121.5.171.213): 38 Time(s) root (82.156.81.59): 38 Time(s) root (177.8.172.94): 37 Time(s) root (66.96.236.91): 37 Time(s) root (1.117.77.29): 35 Time(s) root (81.70.178.153): 35 Time(s) root (123.59.211.63): 34 Time(s) unknown (159.75.130.111): 34 Time(s) root (121.4.142.38): 33 Time(s) root (144.135.85.184): 33 Time(s) root (49.234.111.57): 33 Time(s) root (121.5.25.74): 32 Time(s) root (159.75.126.127): 32 Time(s) root (49.235.72.35): 32 Time(s) root (115.159.102.251): 31 Time(s) root (121.4.175.99): 31 Time(s) root (121.4.175.37): 30 Time(s) root (200.123.180.52): 30 Time(s) root (1.116.211.139): 29 Time(s) root (81.70.146.107): 29 Time(s) root (193.112.99.178): 28 Time(s) root (hsi-kbw-109-193-249-107.hsi7.kabel-badenwuerttemberg.de): 24 Time(s) root (223.197.175.91): 22 Time(s) unknown (193.112.99.178): 22 Time(s) unknown (1.116.211.139): 21 Time(s) root (1.116.140.147): 20 Time(s) root (101.34.3.70): 20 Time(s) root (211.140.196.90): 20 Time(s) root (45.124.144.116): 20 Time(s) unknown (121.4.175.37): 20 Time(s) root (189-089-221-246.static.stratus.com.br): 19 Time(s) unknown (81.70.146.107): 19 Time(s) root (49.235.254.75): 18 Time(s) unknown (121.4.175.99): 18 Time(s) unknown (121.5.25.74): 18 Time(s) unknown (49.235.72.35): 18 Time(s) unknown (115.159.102.251): 17 Time(s) unknown (159.75.126.127): 17 Time(s) root (159.75.130.111): 16 Time(s) unknown (1.117.77.29): 15 Time(s) unknown (123.59.211.63): 15 Time(s) unknown (179.60.132.10): 15 Time(s) unknown (49.234.111.57): 15 Time(s) root (39.129.9.180): 14 Time(s) unknown (1.116.140.147): 14 Time(s) root (185.6.91.219): 13 Time(s) unknown (121.4.142.38): 13 Time(s) unknown (177.8.172.94): 13 Time(s) unknown (81.70.178.153): 13 Time(s) root (120.92.134.94): 12 Time(s) unknown (114.255.252.30): 12 Time(s) unknown (121.5.171.213): 12 Time(s) unknown (144.135.85.184): 12 Time(s) unknown (82.156.81.59): 12 Time(s) root (157.230.230.126): 11 Time(s) root (v150-95-151-4.a090.g.tyo1.static.cnode.io): 11 Time(s) unknown (200-148-108-181.dsl.telesp.net.br): 11 Time(s) unknown (66.96.236.91): 11 Time(s) root (47.254.215.122): 10 Time(s) root (h2821125.stratoserver.net): 10 Time(s) unknown (121.5.154.247): 10 Time(s) unknown (180.167.18.22): 10 Time(s) unknown (82.157.189.241): 10 Time(s) root (89.40.53.35): 9 Time(s) unknown (211.220.27.191): 9 Time(s) unknown (hsi-kbw-109-193-249-107.hsi7.kabel-badenwuerttemberg.de): 9 Time(s) root (61.183.194.150): 8 Time(s) root (heribay.intertoons.net): 8 Time(s) unknown (118.25.182.61): 8 Time(s) unknown (120.92.134.94): 8 Time(s) unknown (121.5.45.12): 8 Time(s) unknown (176.111.173.237): 8 Time(s) unknown (200.123.180.52): 8 Time(s) unknown (49.235.254.75): 8 Time(s) unknown (89.40.53.35): 8 Time(s) root (180.167.18.22): 7 Time(s) unknown (157.230.230.126): 7 Time(s) unknown (178.254.138.66): 7 Time(s) unknown (185.6.91.219): 7 Time(s) unknown (211.140.196.90): 7 Time(s) root (60.8.87.190): 6 Time(s) unknown (141.98.10.82): 6 Time(s) unknown (171.225.184.186): 6 Time(s) unknown (176.111.173.238): 6 Time(s) unknown (189-089-221-246.static.stratus.com.br): 6 Time(s) unknown (199.19.224.76): 6 Time(s) root (82.157.125.42): 5 Time(s) unknown (101.34.3.70): 5 Time(s) unknown (223.197.175.91): 5 Time(s) unknown (39.129.9.180): 5 Time(s) unknown (45.124.144.116): 5 Time(s) unknown (v150-95-151-4.a090.g.tyo1.static.cnode.io): 5 Time(s) root (205.185.127.160): 4 Time(s) root (49.234.41.154): 4 Time(s) root (76.224.200.35.bc.googleusercontent.com): 4 Time(s) root (ritvexu-pi1.rit.edu): 4 Time(s) root (static-186-30-112-151.static.etb.net.co): 4 Time(s) unknown (205.185.127.160): 4 Time(s) unknown (209.141.53.99): 4 Time(s) unknown (49.234.41.154): 4 Time(s) root (211.220.27.191): 3 Time(s) unknown (31.184.198.71): 3 Time(s) unknown (45.155.204.39): 3 Time(s) unknown (49.232.67.184): 3 Time(s) unknown (smtp7.calabarblog.com): 3 Time(s) root (058177171112.ctinets.com): 2 Time(s) root (49.232.67.184): 2 Time(s) unknown (125.187.24.45): 2 Time(s) unknown (141.98.10.121): 2 Time(s) unknown (171.251.25.233): 2 Time(s) unknown (205.185.121.149): 2 Time(s) unknown (212.193.30.64): 2 Time(s) unknown (222.103.167.174): 2 Time(s) unknown (47.254.215.122): 2 Time(s) unknown (58.225.55.143): 2 Time(s) postfix (180.167.18.22): 1 Time(s) root (116.110.124.53): 1 Time(s) root (117.220.15.119): 1 Time(s) root (fixed-187-188-132-86.totalplay.net): 1 Time(s) root (v118-27-25-147.4l0s.static.cnode.io): 1 Time(s) unknown (116.110.124.53): 1 Time(s) unknown (116.110.74.200): 1 Time(s) unknown (164.90.199.110): 1 Time(s) unknown (171.235.81.27): 1 Time(s) unknown (185.220.102.242): 1 Time(s) unknown (185.31.175.220): 1 Time(s) unknown (188.126.89.45): 1 Time(s) unknown (188.126.89.90): 1 Time(s) unknown (61.183.194.150): 1 Time(s) unknown (76.224.200.35.bc.googleusercontent.com): 1 Time(s) unknown (84.246.151.125): 1 Time(s) unknown (h-37-123-163-58.a785.priv.bahnhof.se): 1 Time(s) unknown (h2821125.stratoserver.net): 1 Time(s) unknown (ritvexu-pi1.rit.edu): 1 Time(s) unknown (static-186-30-112-151.static.etb.net.co): 1 Time(s) unknown (torops.cccfr.de): 1 Time(s) Invalid Users: Unknown Account: 630 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 15.042K Bytes accepted 15,403 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 198 Connections 70 Connections lost (inbound) 198 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 1.116.140.147: 20 times 1.116.211.139: 29 times 1.117.77.29: 35 times 35.200.224.76 (76.224.200.35.bc.googleusercontent.com): 4 times 39.129.9.180: 14 times 45.124.144.116: 20 times 47.254.215.122: 10 times 49.232.67.184: 2 times 49.234.41.154: 4 times 49.234.111.57: 33 times 49.235.72.35: 32 times 49.235.254.75: 18 times 58.177.171.112 (058177171112.ctinets.com): 2 times 60.8.87.190: 6 times 61.183.194.150: 8 times 66.96.236.91 (host-66-96-236-91.myrepublic.co.id): 37 times 81.70.146.107: 29 times 81.70.178.153: 35 times 81.169.200.132 (h2821125.stratoserver.net): 10 times 82.156.81.59: 38 times 82.157.125.42: 5 times 82.157.189.241: 40 times 89.40.53.35: 9 times 101.34.3.70: 20 times 109.193.249.107 (HSI-KBW-109-193-249-107.hsi7.kabel-badenwuerttemberg.de): 24 times 114.255.252.30: 38 times 115.159.102.251: 31 times 116.110.124.53: 1 time 117.220.15.119: 1 time 118.25.182.61: 42 times 118.27.25.147 (v118-27-25-147.4l0s.static.cnode.io): 1 time 120.92.134.94: 12 times 121.4.142.38: 33 times 121.4.175.37: 30 times 121.4.175.99: 31 times 121.5.25.74: 32 times 121.5.45.12: 43 times 121.5.154.247: 40 times 121.5.171.213: 38 times 123.59.211.63: 34 times 129.21.240.247 (ritvexu-pi1.rit.edu): 4 times 143.110.179.115 (heribay.intertoons.net): 8 times 144.135.85.184 (144-135-85-184.tpips.telstra.com): 33 times 150.95.151.4 (v150-95-151-4.a090.g.tyo1.static.cnode.io): 11 times 157.230.230.126: 11 times 159.75.126.127: 32 times 159.75.130.111: 16 times 177.8.172.94: 37 times 178.254.138.66 (free-138-66.mediaworksit.net): 43 times 180.167.18.22: 8 times 185.6.91.219: 13 times 186.30.112.151 (static-186-30-112-151.static.etb.net.co): 4 times 187.188.132.86 (fixed-187-188-132-86.totalplay.net): 1 time 189.89.221.246 (189-089-221-246.static.stratus.com.br): 19 times 193.112.99.178: 28 times 200.123.180.52 (mail.host4r.com.ar): 30 times 200.148.108.181 (200-148-108-181.dsl.telesp.net.br): 39 times 205.185.127.160: 4 times 211.140.196.90: 20 times 211.220.27.191: 3 times 223.197.175.91 (223-197-175-91.static.imsbiz.com): 22 times Illegal users from: undef: 412 times 1.116.140.147: 14 times 1.116.211.139: 21 times 1.117.77.29: 15 times 5.255.97.149 (torops.cccfr.de): 1 time 31.184.198.71: 3 times 35.200.224.76 (76.224.200.35.bc.googleusercontent.com): 1 time 37.123.163.58 (h-37-123-163-58.A785.priv.bahnhof.se): 1 time 39.129.9.180: 5 times 45.124.144.116: 5 times 45.155.204.39: 3 times 47.254.215.122: 2 times 49.232.67.184: 3 times 49.234.41.154: 4 times 49.234.111.57: 15 times 49.235.72.35: 18 times 49.235.254.75: 8 times 58.225.55.143: 2 times 61.183.194.150: 1 time 65.49.20.68 (scan-19.shadowserver.org): 1 time 66.96.236.91 (host-66-96-236-91.myrepublic.co.id): 11 times 81.70.146.107: 19 times 81.70.178.153: 13 times 81.169.200.132 (h2821125.stratoserver.net): 1 time 82.156.81.59: 12 times 82.157.189.241: 10 times 84.246.151.125 (84-246-151-125.static.mavianmax.it): 1 time 89.40.53.35: 8 times 101.34.3.70: 5 times 109.193.249.107 (HSI-KBW-109-193-249-107.hsi7.kabel-badenwuerttemberg.de): 9 times 114.255.252.30: 12 times 115.159.102.251: 17 times 116.110.74.200: 1 time 116.110.124.53: 1 time 118.25.182.61: 8 times 120.92.134.94: 8 times 121.4.142.38: 13 times 121.4.175.37: 20 times 121.4.175.99: 18 times 121.5.25.74: 18 times 121.5.45.12: 8 times 121.5.154.247: 10 times 121.5.171.213: 12 times 123.59.211.63: 15 times 125.187.24.45: 2 times 129.21.240.247 (ritvexu-pi1.rit.edu): 1 time 141.98.10.82: 6 times 141.98.10.121: 2 times 144.135.85.184 (144-135-85-184.tpips.telstra.com): 12 times 150.95.151.4 (v150-95-151-4.a090.g.tyo1.static.cnode.io): 5 times 157.230.230.126: 7 times 159.75.126.127: 17 times 159.75.130.111: 34 times 164.90.199.110: 1 time 171.225.184.186 (dynamic-adsl.viettel.vn): 6 times 171.235.81.27 (dynamic-ip-adsl.viettel.vn): 1 time 171.251.25.233 (dynamic-ip-adsl.viettel.vn): 2 times 176.111.173.237: 8 times 176.111.173.238: 6 times 177.8.172.94: 13 times 178.254.138.66 (free-138-66.mediaworksit.net): 7 times 179.60.132.10: 15 times 180.167.18.22: 10 times 185.6.91.219: 7 times 185.31.175.220: 1 time 185.220.102.242 (185-220-102-242.torservers.net): 1 time 186.30.112.151 (static-186-30-112-151.static.etb.net.co): 1 time 188.126.89.45: 1 time 188.126.89.90: 1 time 189.89.221.246 (189-089-221-246.static.stratus.com.br): 6 times 193.112.99.178: 22 times 199.19.224.76 (kon.is.hentai): 6 times 200.123.180.52 (mail.host4r.com.ar): 8 times 200.148.108.181 (200-148-108-181.dsl.telesp.net.br): 11 times 205.185.113.224 (smtp7.calabarblog.com): 3 times 205.185.121.149: 2 times 205.185.127.160: 4 times 209.141.53.99 (abbrinym.com): 4 times 211.140.196.90: 7 times 211.220.27.191: 9 times 212.193.30.64: 2 times 222.103.167.174: 2 times 223.197.175.91 (223-197-175-91.static.imsbiz.com): 5 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (!root,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################