[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Mar 28 04:42:03 2024 Date Range Processed: yesterday ( 2024-Mar-27 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 54:54 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 87.121.69.52 -> google.com:443: 3 Time(s) A total of 7 sites probed the server 134.209.187.205 172.104.242.173 178.128.40.69 185.100.87.136 46.101.82.177 66.240.205.34 78.153.140.179 Requests with error response codes 400 Bad Request null: 11 Time(s) /: 8 Time(s) *: 7 Time(s) google.com:443: 3 Time(s) /.env: 2 Time(s) mstshash=Administr: 2 Time(s) /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 1 Time(s) /gF6y: 1 Time(s) HTTP/1.0: 1 Time(s) X\xD4>\x12\x98\xC4<\xE0\x13\xCF\x00\xAC\xA ... 5Cs\x9C\xBD\xCB: 1 Time(s) \x00\x00BBBB\xBA\x8C\xC1\xABDAAA: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xD6\x97\x06\xD6\xA7T\x82\x9EP\xA7\xD8x\xB ... x09\xC0\x14\xC0: 1 Time(s) \xE7?\x5C\xF9\x90\xB5\xA1\xFE\x17\xE8\xE6\ ... x09\xC0\x13\xC0: 1 Time(s) 404 Not Found //cdnjs.cloudflare.com/ajax/libs/es5-shim/ ... es5-shim.min.js: 4 Time(s) //cdnjs.cloudflare.com/ajax/libs/html5shiv ... tml5shiv.min.js: 4 Time(s) //cdnjs.cloudflare.com/ajax/libs/respond.j ... /respond.min.js: 4 Time(s) //protokolle.zapf.in/build/6.cover-pack.fe ... 36298be630a4.js: 4 Time(s) //protokolle.zapf.in/build/8.common.fef3ca2736298be630a4.js: 4 Time(s) //protokolle.zapf.in/build/constant.js: 4 Time(s) 500 Internal Server Error /: 17 Time(s) /.env: 4 Time(s) /.git/config: 3 Time(s) /favicon.ico: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /HNAP1/: 1 Time(s) /ReportServer: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /geoserver/web/: 1 Time(s) /pCaequeitoo5er2Z: 1 Time(s) /robots.txt: 1 Time(s) /webui/: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (103.36.84.194): 66 Time(s) root (183.81.169.238): 47 Time(s) root (179.43.180.106): 34 Time(s) root (43.248.185.142): 33 Time(s) unknown (212.70.149.150): 20 Time(s) root (171.217.93.19): 18 Time(s) root (fixed-186-96-145-241.totalplay.net): 13 Time(s) root (89.218.49.34): 12 Time(s) root (47.236.175.136): 10 Time(s) unknown (170.64.174.86): 7 Time(s) root (058177019073.ctinets.com): 6 Time(s) root (109.99.224.72): 6 Time(s) root (112.53.160.61): 6 Time(s) root (122.224.37.86): 6 Time(s) root (47.236.179.153): 6 Time(s) root (93.84.100.70): 6 Time(s) unknown (175.203.213.44): 6 Time(s) unknown (183.106.181.107): 6 Time(s) root (121.129.177.87): 5 Time(s) root (121.135.41.52): 5 Time(s) root (170.64.174.86): 5 Time(s) unknown (fixed-186-96-145-241.totalplay.net): 5 Time(s) unknown (220.119.65.20): 4 Time(s) root (212.70.149.150): 2 Time(s) root (36.110.228.254): 2 Time(s) unknown (183.98.107.63): 2 Time(s) unknown (185.196.8.151): 2 Time(s) unknown (200.32.84.13): 2 Time(s) unknown (41.207.248.204): 2 Time(s) unknown (44-132-127-185-pppoe-customers.fiber42.it): 2 Time(s) unknown (62.122.184.252): 2 Time(s) daemon (185.11.61.88): 1 Time(s) root (102.220.158.10): 1 Time(s) root (110.39.19.34): 1 Time(s) root (175.100.107.238): 1 Time(s) root (91.238.69.91): 1 Time(s) root (94.131.211.168): 1 Time(s) unknown (103.147.248.44): 1 Time(s) unknown (103.157.114.194): 1 Time(s) unknown (103.157.115.2): 1 Time(s) unknown (103.41.173.52): 1 Time(s) unknown (110-25-96-211.adsl.fetnet.net): 1 Time(s) unknown (110.39.9.122): 1 Time(s) unknown (111.22.108.103): 1 Time(s) unknown (112.163.14.14): 1 Time(s) unknown (116.97.193.156): 1 Time(s) unknown (119246235167.ctinets.com): 1 Time(s) unknown (120.33.205.162): 1 Time(s) unknown (122.226.37.26): 1 Time(s) unknown (123.163.52.74): 1 Time(s) unknown (123202032213.ctinets.com): 1 Time(s) unknown (124244010182.ctinets.com): 1 Time(s) unknown (151.114.15.93.rev.sfr.net): 1 Time(s) unknown (167.172.239.86): 1 Time(s) unknown (179.60.244.18): 1 Time(s) unknown (185.11.61.88): 1 Time(s) unknown (185.232.36.17): 1 Time(s) unknown (188-169-66-154.dsl.utg.ge): 1 Time(s) unknown (189.80.1.174): 1 Time(s) unknown (200.108.131.4): 1 Time(s) unknown (201.236.204.98): 1 Time(s) unknown (203.192.224.72): 1 Time(s) unknown (208-96-235-253.resi.cgocable.ca): 1 Time(s) unknown (211.194.92.166): 1 Time(s) unknown (222.217.65.21): 1 Time(s) unknown (27.21.168.184.host.secureserver.net): 1 Time(s) unknown (42-2-251-116.static.netvigator.com): 1 Time(s) unknown (47.185.58.2): 1 Time(s) unknown (47.188.208.86): 1 Time(s) unknown (58.150.154.235): 1 Time(s) unknown (59.97.236.148): 1 Time(s) unknown (65.20.179.251): 1 Time(s) unknown (82.208.65.46): 1 Time(s) unknown (87.200.225.10): 1 Time(s) unknown (94.207.99.76): 1 Time(s) unknown (99.232.240.108): 1 Time(s) unknown (c-67-160-200-79.hsd1.ca.comcast.net): 1 Time(s) unknown (c186-141.i13-47.melita.com): 1 Time(s) unknown (c188-151-63-219.bredband.tele2.se): 1 Time(s) unknown (c80-217-108-111.bredband.tele2.se): 1 Time(s) unknown (n219077126040.netvigator.com): 1 Time(s) unknown (p667146-ipngn2401imazuka.yamagata.ocn.ne.jp): 1 Time(s) unknown (ua-83-227-140-167.bbcust.telenor.se): 1 Time(s) uucp (212.70.149.150): 1 Time(s) Invalid Users: Unknown Account: 114 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 10.176K Bytes accepted 10,420 10.176K Bytes sent via SMTP 10,420 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 25 Connections 10 Connections lost (inbound) 25 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 2 Time(s) root : 6 Time(s) Failed logins from: 36.110.228.254: 2 times 43.248.185.142: 33 times 47.236.175.136: 10 times 47.236.179.153: 6 times 58.177.19.73 (058177019073.ctinets.com): 6 times 89.218.49.34 (mx12.vertex.kz): 12 times 91.238.69.91 (tvinnet-91-238-69-91.tvinnet.ru): 1 time 93.84.100.70: 6 times 94.131.211.168: 1 time 102.220.158.10: 1 time 103.36.84.194: 66 times 109.99.224.72: 6 times 110.39.19.34 (WGPON-3919-34.wateen.net): 1 time 112.53.160.61: 6 times 121.129.177.87: 6 times 121.135.41.52: 6 times 122.224.37.86: 6 times 170.64.174.86: 5 times 171.217.93.19: 18 times 175.100.107.238 (dynamic-ip-adsl.metfone.com.kh): 1 time 179.43.180.106 (hostedby.privatelayer.com): 34 times 183.81.169.238: 47 times 185.11.61.88: 1 time 186.96.145.241 (fixed-186-96-145-241.totalplay.net): 13 times 212.70.149.150: 3 times Illegal users from: 2001:470:1:c84::29 (scan-19o.shadowserver.org): 1 time undef: 50 times 41.207.248.204: 2 times 42.2.251.116 (42-2-251-116.static.netvigator.com): 1 time 43.248.185.142: 16 times 44.220.185.101 (ec2-44-220-185-101.compute-1.amazonaws.com): 1 time 47.185.58.2: 1 time 47.188.208.86: 1 time 58.150.154.235: 1 time 59.97.236.148 (static.ftth.ngp.59.97.236.148.bsnl.in): 1 time 62.122.184.252: 2 times 64.62.197.158 (scan-41g.shadowserver.org): 1 time 65.20.179.251: 1 time 67.160.200.79 (c-67-160-200-79.hsd1.ca.comcast.net): 1 time 80.217.108.111 (c80-217-108-111.bredband.tele2.se): 1 time 82.208.65.46 (est.giport.ru): 1 time 83.227.140.167 (ua-83-227-140-167.bbcust.telenor.se): 1 time 87.200.225.10: 1 time 93.15.114.151 (151.114.15.93.rev.sfr.net): 1 time 94.17.186.141 (c186-141.i13-47.melita.com): 1 time 94.207.99.76: 1 time 99.232.240.108 (cpea84e3f47e063-cma84e3f47e060.cpe.net.cable.rogers.com): 1 time 103.41.173.52: 1 time 103.147.248.44: 1 time 103.157.114.194 (194.114.157.103.Ai-bkti-hts.iforte.net.id): 1 time 103.157.115.2 (2.115.157.103.Ai-bkti-hts.iforte.net.id): 1 time 110.25.96.211 (110-25-96-211.adsl.fetnet.net): 1 time 110.39.9.122 (WGPON-399-122.wateen.net): 1 time 111.22.108.103: 1 time 112.163.14.14: 5 times 116.97.193.156 (dynamic-adsl.viettel.vn): 1 time 119.246.235.167 (119246235167.ctinets.com): 1 time 120.33.205.162: 1 time 122.226.37.26: 1 time 123.163.52.74: 1 time 123.202.32.213 (123202032213.ctinets.com): 1 time 124.244.10.182 (124244010182.ctinets.com): 1 time 167.172.239.86: 1 time 170.64.174.86: 8 times 175.24.152.224: 1 time 175.203.213.44: 6 times 179.60.244.18 (179-60-244-18.wisp.net.ec): 1 time 183.98.107.63: 2 times 183.106.181.107: 6 times 184.168.21.27 (27.21.168.184.host.secureserver.net): 1 time 185.11.61.88: 1 time 185.127.132.44 (44-132-127-185-pppoe-customers.fiber42.it): 2 times 185.196.8.151: 2 times 185.232.36.17: 1 time 186.96.145.241 (fixed-186-96-145-241.totalplay.net): 5 times 188.151.63.219 (c188-151-63-219.bredband.tele2.se): 1 time 188.169.66.154 (188-169-66-154.dsl.utg.ge): 1 time 189.80.1.174 (18980001174.user.veloxzone.com.br): 1 time 200.32.84.13 (200-32-84-13.static.impsat.net.ar): 2 times 200.108.131.4: 1 time 201.236.204.98 (laofrendasa.com): 1 time 203.192.224.72 (dhcp-192-224-72.in2cable.com): 1 time 208.96.235.253 (208-96-235-253.resi.cgocable.ca): 1 time 211.194.92.166: 5 times 212.70.149.150: 21 times 219.77.126.40 (n219077126040.netvigator.com): 1 time 219.165.15.146 (p667146-ipngn2401imazuka.yamagata.ocn.ne.jp): 1 time 220.119.65.20: 4 times 222.217.65.21: 1 time 223.111.168.11: 6 times **Unmatched Entries** warning: can't get client address: Connection reset by peer : 1 time(s) error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 2 time(s) fatal: buffer_get_string: buffer error [preauth] : 1 time(s) Protocol major versions differ for 118.194.251.141: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Server : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop19598p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################