[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Aug 22 04:42:03 2023 Date Range Processed: yesterday ( 2023-Aug-21 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [194:194] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 84.54.51.12 -> google.com:443: 1 Time(s) A total of 14 sites probed the server 107.170.254.20 161.35.230.183 167.71.102.95 167.99.122.44 174.138.61.44 176.124.199.74 178.62.66.67 179.43.191.162 179.43.191.194 192.155.90.220 192.241.229.22 198.235.24.235 64.62.197.38 66.240.205.34 Requests with error response codes 400 Bad Request null: 14 Time(s) /: 7 Time(s) A@BAE@FAI: 4 Time(s) /aaa9: 3 Time(s) /aab8: 3 Time(s) mstshash=Administr: 3 Time(s) *: 2 Time(s) %: 1 Time(s) /GponForm/diag_Form?images/: 1 Time(s) /api/v1: 1 Time(s) /private/api/v1/service/premaster: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) 7: 1 Time(s) O\xBC\x0B1d\xD9\xA9: 1 Time(s) [{\x08\xBC!\xF2: 1 Time(s) google.com:443: 1 Time(s) 500 Internal Server Error /: 25 Time(s) /glpi: 4 Time(s) /favicon.ico: 3 Time(s) /.env: 2 Time(s) /.git/config: 2 Time(s) /restore.php: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /FD873AC4-CF86-4FED-84EC-4BD59C6F17A7: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /api/v1: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /dns-query: 1 Time(s) /dns-query?dns=134BAAABAAAAAAAABmdvb2dsZQNjb20AAAEAAQ: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /geoserver/web/: 1 Time(s) /owa/auth/x.js: 1 Time(s) /robots.txt: 1 Time(s) /sitemap.xml: 1 Time(s) /t4: 1 Time(s) /version: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (170.64.155.108): 104 Time(s) unknown (170.64.139.234): 26 Time(s) root (119.18.48.48): 25 Time(s) unknown (185.161.248.200): 25 Time(s) root (103.135.34.213): 18 Time(s) root (175.203.61.33): 18 Time(s) root (43.153.225.154): 18 Time(s) root (59.98.83.57): 18 Time(s) root (097-068-057-241.biz.spectrum.com): 17 Time(s) root (121.165.242.205): 17 Time(s) root (128.201.78.253): 17 Time(s) root (136.233.27.164): 17 Time(s) root (143.198.146.239): 17 Time(s) root (146.190.230.42): 17 Time(s) root (160.120.247.113): 17 Time(s) root (190.52.39.248): 17 Time(s) root (196.189.124.195): 17 Time(s) root (43.131.229.122): 17 Time(s) root (43.156.107.111): 17 Time(s) root (45.189.223.120): 17 Time(s) root (70.32.24.196): 17 Time(s) root (fixed-187-189-92-59.totalplay.net): 17 Time(s) root (host-31-24-188-200.hirsat.hu): 17 Time(s) root (103.171.91.192): 16 Time(s) root (161.132.37.34): 16 Time(s) root (182.23.23.42): 16 Time(s) root (182.75.216.74): 16 Time(s) root (200.118.57.215): 16 Time(s) root (43.154.185.151): 16 Time(s) root (167.99.155.22): 15 Time(s) root (103.106.104.9): 14 Time(s) root (179.43.189.58): 14 Time(s) root (190.202.130.61): 14 Time(s) root (196.189.126.112): 14 Time(s) root (43.156.106.15): 14 Time(s) root (cloud198.techguru.host): 14 Time(s) unknown (170.64.173.87): 14 Time(s) root (141.136.47.165): 13 Time(s) root (164.90.229.79): 13 Time(s) root (164.92.80.209): 13 Time(s) root (175.118.152.100): 13 Time(s) root (189-210-119-4.static.axtel.net): 13 Time(s) root (221.204.171.211): 13 Time(s) root (43.152.212.29): 13 Time(s) root (55.18.92.34.bc.googleusercontent.com): 13 Time(s) root (102.223.180.124): 12 Time(s) root (129.226.164.101): 12 Time(s) root (134.17.17.32): 12 Time(s) root (144.126.210.70): 12 Time(s) root (157.230.178.11): 12 Time(s) root (159.65.206.41): 12 Time(s) root (164.92.93.179): 12 Time(s) root (167.71.54.30): 12 Time(s) root (170.106.195.162): 12 Time(s) root (170.106.198.17): 12 Time(s) root (185.224.128.142): 12 Time(s) root (192.157.125.216): 12 Time(s) root (192.210.226.176): 12 Time(s) root (20.232.30.249): 12 Time(s) root (43.131.41.86): 12 Time(s) root (43.134.197.109): 12 Time(s) root (43.134.90.124): 12 Time(s) root (43.153.178.30): 12 Time(s) root (43.153.185.216): 12 Time(s) root (43.154.25.104): 12 Time(s) root (43.159.194.228): 12 Time(s) root (43.159.200.220): 12 Time(s) root (63.250.60.187): 12 Time(s) root (95.179.252.232): 12 Time(s) root (ip70.ip-51-77-185.eu): 12 Time(s) root (vps-41077.vps-default-host.net): 12 Time(s) root (vps-7d7dcd34.vps.ovh.net): 12 Time(s) unknown (123.200.17.60): 12 Time(s) unknown (181.48.60.49): 12 Time(s) unknown (102.22.146.178): 11 Time(s) unknown (143.198.63.216): 11 Time(s) unknown (190.145.81.37): 11 Time(s) unknown (121.171.173.69): 9 Time(s) unknown (146.190.92.6): 9 Time(s) unknown (165.22.249.151): 9 Time(s) unknown (181.28.101.14): 9 Time(s) unknown (43.133.76.69): 9 Time(s) unknown (43.163.207.202): 9 Time(s) unknown (45.184.44.144): 9 Time(s) unknown (ip41.ip-135-125-68.eu): 9 Time(s) unknown (v157-7-207-25.botu.static.cnode.io): 9 Time(s) root (185.161.248.200): 8 Time(s) root (151.234.119.219): 6 Time(s) root (170.64.155.108): 6 Time(s) root (189.110.29.249): 6 Time(s) root (218.145.31.213): 6 Time(s) unknown (20.24.20.79): 6 Time(s) root (170.64.173.87): 4 Time(s) unknown (121.186.6.200): 4 Time(s) root (170.64.139.234): 3 Time(s) unknown (124.222.53.226): 3 Time(s) unknown (176.59.54.255): 3 Time(s) unknown (213.87.131.92): 3 Time(s) unknown (81.17.22.114): 3 Time(s) root (143.198.63.216): 2 Time(s) unknown (113.255.148.30): 2 Time(s) unknown (175.211.223.18): 2 Time(s) daemon (121.171.173.69): 1 Time(s) mail (102.22.146.178): 1 Time(s) mail (190.145.81.37): 1 Time(s) mail (43.163.207.202): 1 Time(s) mysql (v157-7-207-25.botu.static.cnode.io): 1 Time(s) postgres (102.22.146.178): 1 Time(s) postgres (170.64.139.234): 1 Time(s) postgres (170.64.173.87): 1 Time(s) postgres (185.161.248.200): 1 Time(s) sshd (185.161.248.200): 1 Time(s) sys (170.64.173.87): 1 Time(s) unknown (108-87-157-123.lightspeed.nsvltn.sbcglobal.net): 1 Time(s) unknown (116.102.18.44): 1 Time(s) unknown (167.99.155.22): 1 Time(s) unknown (192.157.125.216): 1 Time(s) unknown (210.14.41.25): 1 Time(s) unknown (213.87.157.208): 1 Time(s) unknown (43.154.185.151): 1 Time(s) unknown (77.90.185.131): 1 Time(s) uucp (170.64.173.87): 1 Time(s) Invalid Users: Unknown Account: 356 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 507 Miscellaneous warnings 19.063K Bytes accepted 19,521 19.063K Bytes sent via SMTP 19,521 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 773 Connections 520 Connections lost (inbound) 773 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 20.232.30.249: 12 times 31.24.188.200 (host-31-24-188-200.hirsat.hu): 17 times 34.92.18.55 (55.18.92.34.bc.googleusercontent.com): 13 times 43.131.41.86: 12 times 43.131.229.122: 17 times 43.134.90.124: 12 times 43.134.197.109: 12 times 43.152.212.29: 13 times 43.153.178.30: 12 times 43.153.185.216: 12 times 43.153.225.154: 18 times 43.154.25.104: 12 times 43.154.185.151: 16 times 43.156.106.15: 14 times 43.156.107.111: 17 times 43.159.194.228: 12 times 43.159.200.220: 12 times 43.163.207.202: 1 time 43.240.66.198 (cloud198.techguru.host): 14 times 45.189.223.120 (45-189-223-120.deltacorporate.com.br): 17 times 51.77.185.70 (ip70.ip-51-77-185.eu): 12 times 59.98.83.57: 18 times 63.250.60.187 (zs8pjhayv.olivewoodprojects.com): 12 times 70.32.24.196 (swapnil.com): 17 times 95.179.252.232 (95.179.252.232.vultrusercontent.com): 12 times 97.68.57.241 (097-068-057-241.biz.spectrum.com): 17 times 102.22.146.178: 2 times 102.223.180.124 (mail.jimmydavis.party): 12 times 103.106.104.9: 14 times 103.135.34.213: 18 times 103.171.91.192: 16 times 119.18.48.48: 25 times 121.165.242.205: 17 times 121.171.173.69: 1 time 128.201.78.253: 17 times 129.226.164.101: 12 times 134.17.17.32 (32-17-17-134-cloud.mts.by): 12 times 136.233.27.164: 17 times 141.136.47.165: 13 times 143.198.63.216: 2 times 143.198.146.239: 17 times 144.126.210.70: 12 times 146.59.228.111 (vps-7d7dcd34.vps.ovh.net): 12 times 146.190.230.42: 17 times 151.234.119.219: 6 times 157.7.207.25 (v157-7-207-25.botu.static.cnode.io): 1 time 157.230.178.11: 12 times 159.65.206.41: 12 times 160.120.247.113: 17 times 161.132.37.34: 16 times 164.90.229.79: 13 times 164.92.80.209: 13 times 164.92.93.179: 12 times 167.71.54.30: 12 times 167.99.155.22: 15 times 170.64.139.234: 4 times 170.64.155.108: 6 times 170.64.173.87: 7 times 170.106.195.162: 12 times 170.106.198.17: 12 times 175.118.152.100: 13 times 175.203.61.33: 18 times 179.43.189.58 (hostedby.swire.cx): 14 times 182.23.23.42: 16 times 182.75.216.74 (nsg-static-74.216.75.182-airtel.com): 16 times 185.161.248.200: 10 times 185.224.128.142 (ihate.feds.kys): 12 times 185.233.36.187 (vps-41077.vps-default-host.net): 12 times 187.189.92.59 (fixed-187-189-92-59.totalplay.net): 17 times 189.110.29.249 (189-110-29-249.dsl.telesp.net.br): 6 times 189.210.119.4 (189-210-119-4.static.axtel.net): 13 times 190.52.39.248: 17 times 190.145.81.37: 1 time 190.202.130.61 (190-202-130-61.estatic.cantv.net): 14 times 192.157.125.216: 12 times 192.210.226.176 (192-210-226-176-host.colocrossing.com): 12 times 196.189.124.195: 17 times 196.189.126.112: 14 times 200.118.57.215 (dynamic-ip-cr20011857215.cable.net.co): 16 times 218.145.31.213: 6 times 221.204.171.211 (211.171.204.221.adsl-pool.sx.cn): 13 times Illegal users from: 2001:470:1:332::28: 1 time undef: 207 times 20.24.20.79: 6 times 43.133.76.69: 9 times 43.154.185.151: 1 time 43.163.207.202: 9 times 45.129.14.51 (sanchez.explorethebest.com): 1 time 45.184.44.144: 9 times 64.62.197.53 (scan-45g.shadowserver.org): 1 time 77.90.185.131: 1 time 81.17.22.114 (hostedby.privatelayer.com): 15 times 102.22.146.178: 11 times 108.87.157.123 (108-87-157-123.lightspeed.nsvltn.sbcglobal.net): 5 times 113.255.148.30 (30-148-255-113-on-nets.com): 2 times 116.102.18.44: 1 time 121.171.173.69: 9 times 121.186.6.200: 5 times 123.200.17.60 (17.60.aries.link3.net): 12 times 124.222.53.226: 3 times 135.125.68.41 (ip41.ip-135-125-68.eu): 9 times 143.198.63.216: 11 times 146.190.92.6: 9 times 157.7.207.25 (v157-7-207-25.botu.static.cnode.io): 9 times 165.22.249.151 (lsm4k.com): 9 times 167.99.155.22: 1 time 170.64.139.234: 26 times 170.64.155.108: 104 times 170.64.173.87: 15 times 175.211.223.18: 2 times 176.59.54.255: 3 times 181.28.101.14 (14-101-28-181.fibertel.com.ar): 9 times 181.48.60.49: 12 times 185.161.248.200: 25 times 190.145.81.37: 11 times 192.157.125.216: 1 time 210.14.41.25: 1 time 213.87.131.92 (92.gprs.mts.ru): 3 times 213.87.157.208 (208.mtsnet.ru): 1 time **Unmatched Entries** Protocol major versions differ for 152.32.148.19: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Server : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47383p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################