[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Apr 10 04:42:03 2024 Date Range Processed: yesterday ( 2024-Apr-09 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 23:23 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 45.125.66.34 -> google.com:443: 1 Time(s) 45.128.96.141 -> google.com:443: 1 Time(s) 87.121.69.52 -> google.com:443: 2 Time(s) A total of 7 sites probed the server 134.209.0.193 170.64.166.144 174.138.61.44 192.241.231.10 65.49.1.33 66.240.205.34 78.153.140.179 Requests with error response codes 400 Bad Request null: 11 Time(s) google.com:443: 4 Time(s) mstshash=Administr: 3 Time(s) *: 1 Time(s) /: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2 ... %2e/.%2e/bin/sh: 1 Time(s) 499 (undefined) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s) 500 Internal Server Error /: 8 Time(s) /.git/config: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /robots.txt: 1 Time(s) 502 Bad Gateway /4KvxGgBKTGWWglSbI0Xg3w/pdf: 1 Time(s) /CWNtLmX2SLelz0pnhfcNyA/pdf: 1 Time(s) /DJN1EHJMQt-tpE1lNqpnaw/pdf: 1 Time(s) /DigitalZaPF:Notizen_zu_psychologischen_Beratungsstellen/pdf: 1 Time(s) /OFaX7OVFSXSL7jGHLFF3hQ/pdf: 1 Time(s) /Studirendenwerk/pdf: 1 Time(s) /ZAMXk83bREapH1s41rckvg/pdf: 1 Time(s) /ak_wiki/pdf: 1 Time(s) /akkreditierungsworkshop/pdf: 1 Time(s) /berlin17_ak_physik_nebenfaechler/pdf: 1 Time(s) /berlin17_ak_pratikum_2_0_bu/pdf: 1 Time(s) /eRS1_n_IRVirXNN_X4ryVQ/pdf: 1 Time(s) /features/pdf: 1 Time(s) /slide-example/pdf: 1 Time(s) /sose17_bama1/pdf: 1 Time(s) /sose20_protokoll_awareness_spiel/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (183.81.169.238): 41 Time(s) root (179.43.180.106): 20 Time(s) root (113.106.88.146): 15 Time(s) root (212.70.149.150): 11 Time(s) unknown (185.196.8.238): 11 Time(s) unknown (193.201.9.156): 9 Time(s) root (103.6.220.142): 6 Time(s) root (124244106153.ctinets.com): 6 Time(s) root (5400f91a.dsl.pool.telekom.hu): 6 Time(s) root (64.23.242.20): 6 Time(s) unknown (14.32.119.65): 6 Time(s) root (121.183.211.13): 5 Time(s) root (193.222.96.178): 5 Time(s) unknown (212.70.149.150): 5 Time(s) unknown (85.209.11.227): 5 Time(s) unknown (125.142.103.237): 4 Time(s) unknown (221.145.174.66): 4 Time(s) root (193.201.9.156): 3 Time(s) unknown (112.160.43.55): 3 Time(s) root (211.252.27.38): 2 Time(s) root (119.145.190.102): 1 Time(s) root (183.249.1.82): 1 Time(s) root (190.15.101.6): 1 Time(s) root (85.209.11.227): 1 Time(s) root (94.198.211.49): 1 Time(s) unknown (024-199-036-058.biz.spectrum.com): 1 Time(s) unknown (103.153.227.13): 1 Time(s) unknown (103.232.247.197): 1 Time(s) unknown (103.251.143.14): 1 Time(s) unknown (103.29.185.162): 1 Time(s) unknown (116.114.86.62): 1 Time(s) unknown (122.160.53.132): 1 Time(s) unknown (122.176.161.46): 1 Time(s) unknown (124.152.188.47): 1 Time(s) unknown (143.0.54.215): 1 Time(s) unknown (147.253.143.99): 1 Time(s) unknown (157.122.183.220): 1 Time(s) unknown (162.191.182.142): 1 Time(s) unknown (171.244.40.236): 1 Time(s) unknown (178.242.45.32): 1 Time(s) unknown (182.230.163.173): 1 Time(s) unknown (185.6.81.48): 1 Time(s) unknown (190.117.96.174): 1 Time(s) unknown (202.170.206.211): 1 Time(s) unknown (211.106.126.27): 1 Time(s) unknown (211.39.130.134): 1 Time(s) unknown (222.235.82.88): 1 Time(s) unknown (41.223.84.21): 1 Time(s) unknown (41.82.133.239): 1 Time(s) unknown (45.119.30.104): 1 Time(s) unknown (47.185.33.88): 1 Time(s) unknown (60.166.158.148): 1 Time(s) unknown (81.91.159.110): 1 Time(s) unknown (84.175.242.35.bc.googleusercontent.com): 1 Time(s) unknown (90.161.217.228): 1 Time(s) unknown (94.204.244.106): 1 Time(s) unknown (broadband-188-32-85-56.ip.moscow.rt.ru): 1 Time(s) unknown (host-95-255-196-183.business.telecomitalia.it): 1 Time(s) uucp (193.201.9.156): 1 Time(s) Invalid Users: Unknown Account: 84 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 21 Miscellaneous warnings 158 Connections 8 Connections lost (inbound) 158 Disconnections ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** systemd-logind: New seat seat0.: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ SSHD Started: 2 Time(s) Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 3 Time(s) Failed logins from: 64.23.242.20: 6 times 84.0.249.26 (5400F91A.dsl.pool.telekom.hu): 6 times 85.209.11.227: 1 time 94.198.211.49: 1 time 103.6.220.142: 6 times 113.106.88.146: 15 times 119.145.190.102: 1 time 121.183.211.13: 6 times 124.244.106.153 (124244106153.ctinets.com): 6 times 179.43.180.106 (hostedby.privatelayer.com): 20 times 183.81.169.238: 41 times 183.249.1.82: 1 time 190.15.101.6: 1 time 193.201.9.156: 4 times 193.222.96.178: 5 times 211.252.27.38: 3 times 212.70.149.150: 11 times Illegal users from: 2001:470:1:fb5:4074:abe9:9597:6138: 1 time undef: 29 times 14.32.119.65: 6 times 24.199.36.58 (024-199-036-058.biz.spectrum.com): 1 time 35.242.175.84 (84.175.242.35.bc.googleusercontent.com): 1 time 41.82.133.239: 1 time 41.223.84.21: 1 time 45.119.30.104: 1 time 47.185.33.88: 1 time 60.166.158.148: 1 time 64.62.197.149 (scan-48m.shadowserver.org): 1 time 79.110.62.21: 1 time 81.91.159.110: 1 time 85.209.11.227: 5 times 90.161.217.228 (228.pool90-161-217.static.orange.es): 1 time 94.204.244.106: 1 time 95.255.196.183 (host-95-255-196-183.business.telecomitalia.it): 1 time 103.29.185.162 (ip-103-29-185-162.pascalwave.com): 1 time 103.153.227.13: 1 time 103.232.247.197: 1 time 103.251.143.14: 1 time 112.160.43.55: 3 times 115.238.32.194: 1 time 116.114.86.62: 1 time 122.160.53.132 (abts-north-static-132.53.160.122.airtelbroadband.in): 1 time 122.176.161.46 (abts-north-dynamic-046.161.176.122.airtelbroadband.in): 1 time 124.152.188.47: 1 time 125.142.103.237: 4 times 143.0.54.215 (143-0-54-215.bitmail.com.br): 1 time 147.253.143.99 (modemcable099.143-253-147.static.videotron.ca): 1 time 157.122.183.220: 1 time 162.191.182.142: 1 time 171.244.40.236: 1 time 178.242.45.32: 1 time 182.230.163.173: 5 times 185.6.81.48 (48.81.6.185.in-addr.arpa): 1 time 185.196.8.238: 11 times 188.32.85.56 (broadband-188-32-85-56.ip.moscow.rt.ru): 1 time 190.117.96.174: 1 time 193.201.9.156: 9 times 194.169.175.106: 1 time 202.170.206.211 (ws211-206.170.202.rcil.gov.in): 1 time 211.39.130.134: 1 time 211.106.126.27: 1 time 212.70.149.150: 6 times 221.145.174.66: 5 times 222.235.82.88: 1 time **Unmatched Entries** Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 2 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop19598p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################