[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Sep 1 04:42:03 2023 Date Range Processed: yesterday ( 2023-Aug-31 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 45:45 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 84.54.51.12 -> google.com:443: 1 Time(s) A total of 9 sites probed the server 107.170.249.17 165.232.34.182 179.43.191.194 192.241.225.78 205.210.31.167 45.95.169.184 65.49.1.107 84.54.51.146 95.214.27.197 Requests with error response codes 400 Bad Request null: 10 Time(s) /: 8 Time(s) mstshash=Administr: 5 Time(s) *: 3 Time(s) /aaa9: 2 Time(s) /aab8: 2 Time(s) /favicon.ico: 1 Time(s) /manager/text/list: 1 Time(s) /robots.txt: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 7: 1 Time(s) D\xB8=,4lP\x98\xE6`\xE0\xDAe\xC7: 1 Time(s) \xB9\xDB\x0CEN#5h[\xE4\xC5\x16\xF7wBr=\xB1: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xE9\xC4\x8B\x909\x01\x82[\xDC\x9C\x89\xFA ... x09\xC0\x14\xC0: 1 Time(s) google.com:443: 1 Time(s) 404 Not Found /wp-content/plugins/core-plugin/include.php: 1 Time(s) 500 Internal Server Error /: 27 Time(s) /favicon.ico: 3 Time(s) /.env: 2 Time(s) /.git/config: 2 Time(s) /?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /?name=example.com&type=A: 2 Time(s) /dns-query: 2 Time(s) /dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /dns-query?name=example.com&type=A: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /query: 2 Time(s) /query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /query?name=example.com&type=A: 2 Time(s) /resolve: 2 Time(s) /resolve?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /resolve?name=example.com&type=A: 2 Time(s) /robots.txt: 2 Time(s) /.aws/credentials: 1 Time(s) /.svn/entries: 1 Time(s) /000000000000.cfg: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /_profiler/phpinfo: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /autodiscover/autodiscover.json?(a)foo.com/m ... json%3f(a)foo.com: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /cgi-bin/welcome: 1 Time(s) /geoserver/web/: 1 Time(s) /owa/auth/x.js: 1 Time(s) /sitemap.xml: 1 Time(s) /vpn/index.html: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (84-255-204-251.static.t-2.net): 97 Time(s) root (67.207.81.228): 76 Time(s) root (41.77.84.69): 49 Time(s) unknown (185.161.248.200): 32 Time(s) root (95.179.252.232): 24 Time(s) unknown (141.98.11.90): 19 Time(s) unknown (193.201.9.109): 19 Time(s) unknown (141.98.11.11): 15 Time(s) unknown (93.179.90.168): 13 Time(s) root (218.145.31.213): 12 Time(s) unknown (185.224.128.187): 12 Time(s) unknown (81.17.22.115): 12 Time(s) root (141.98.11.90): 9 Time(s) root (141.98.11.11): 8 Time(s) root (185.161.248.200): 8 Time(s) root (93.179.90.168): 8 Time(s) unknown (31.41.244.61): 8 Time(s) root (193.201.9.109): 7 Time(s) root (101.42.22.243): 6 Time(s) root (103.146.140.167): 6 Time(s) root (106.225.138.204): 6 Time(s) root (14.54.46.207): 6 Time(s) root (185.224.128.142): 6 Time(s) root (4.227.212.63): 6 Time(s) root (104.194.242.195): 5 Time(s) root (185.224.128.187): 4 Time(s) root (31.41.244.62): 4 Time(s) root (50.7.14.52): 4 Time(s) unknown (193.35.18.169): 4 Time(s) root (31.41.244.61): 3 Time(s) unknown (80.66.83.207): 3 Time(s) mail (81.17.22.115): 2 Time(s) root (81.17.22.115): 2 Time(s) unknown (103.94.250.174): 2 Time(s) unknown (118.41.17.23): 2 Time(s) unknown (host81-135-40-20.range81-135.btcentralplus.com): 2 Time(s) uucp (193.201.9.109): 2 Time(s) bin (185.161.248.200): 1 Time(s) mysql (31.41.244.62): 1 Time(s) root (162.214.112.164): 1 Time(s) root (211.106.244.242): 1 Time(s) sshd (185.161.248.200): 1 Time(s) temp (185.161.248.200): 1 Time(s) unknown (121.146.113.247): 1 Time(s) unknown (220.120.48.118): 1 Time(s) unknown (220.77.4.105): 1 Time(s) unknown (221.151.120.235): 1 Time(s) unknown (31.41.244.62): 1 Time(s) unknown (50.7.14.52): 1 Time(s) uucp (185.161.248.200): 1 Time(s) www-data (185.161.248.200): 1 Time(s) Invalid Users: Unknown Account: 149 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 8.687K Bytes accepted 8,895 8.687K Bytes sent via SMTP 8,895 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 52 Connections 9 Connections lost (inbound) 52 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 4.227.212.63: 6 times 14.54.46.207: 6 times 31.41.244.61: 3 times 31.41.244.62: 5 times 41.77.84.69: 49 times 50.7.14.52: 4 times 67.207.81.228: 76 times 81.17.22.115 (hostedby.privatealps.net): 4 times 84.255.204.251 (84-255-204-251.static.t-2.net): 97 times 93.179.90.168: 8 times 95.179.252.232 (95.179.252.232.vultrusercontent.com): 24 times 101.42.22.243: 6 times 103.146.140.167: 6 times 104.194.242.195 (www.ofertadasorte.com.br): 5 times 106.225.138.204: 6 times 141.98.11.11 (axon-stall.riddlecamera.net): 8 times 141.98.11.90 (lighten.medyamol.com): 9 times 162.214.112.164 (162-214-112-164.unifiedlayer.com): 1 time 185.161.248.200: 13 times 185.224.128.142 (ihate.feds.kys): 6 times 185.224.128.187: 4 times 193.201.9.109: 9 times 211.106.244.242: 2 times 218.145.31.213: 12 times Illegal users from: 2001:470:1:c84::30: 1 time 2001:470:1:fb5:a9b7:717f:4ad6:dee4: 1 time undef: 75 times 31.41.244.61: 9 times 31.41.244.62: 1 time 36.170.39.170: 6 times 41.77.84.69: 21 times 50.7.14.52: 1 time 64.62.197.2 (scan-36a.shadowserver.org): 1 time 80.66.83.207: 3 times 81.17.22.115 (hostedby.privatealps.net): 18 times 81.135.40.20 (host81-135-40-20.range81-135.btcentralplus.com): 2 times 93.179.90.168: 13 times 103.94.250.174: 2 times 118.41.17.23: 2 times 121.146.113.247: 1 time 141.98.11.11 (axon-stall.riddlecamera.net): 16 times 141.98.11.90 (lighten.medyamol.com): 21 times 185.161.248.200: 32 times 185.224.128.187: 12 times 193.35.18.169: 4 times 193.201.9.109: 20 times 220.77.4.105: 1 time 220.120.48.118: 1 time 221.151.120.235: 1 time **Unmatched Entries** error: buffer_get_string_ret: incomplete message [preauth] : 2 time(s) fatal: buffer_get_string: buffer error [preauth] : 2 time(s) userauth_pubkey: unsupported public key algorithm: rsa-sha2-512 [preauth] : 77 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47383p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################