[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Dec 10 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-09 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 41:41 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 185.222.56.78 66.240.205.34 71.6.158.166 Requests with error response codes 400 Bad Request /: 4 Time(s) null: 3 Time(s) /bag2: 1 Time(s) /c/version.js: 1 Time(s) /cgi-bin/.%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/bin/bash: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /config/getuser?index=0: 1 Time(s) /flu/403.html: 1 Time(s) /gemini-iptv/get_prc.php: 1 Time(s) /gemini-iptv/vod.json: 1 Time(s) /socket.io/?noteId=siegen17&EIO=3&transpor ... k_rLmxas294AAJc: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) \xB2cd\xCBWW)I\x04Mi\xC1\xC64RJ\xF0\xC0F0: 1 Time(s) https://api.38666.com/digit/app/download/list: 1 Time(s) https://api.cbq66.com/odd/app/download/list: 1 Time(s) https://api.tm6.com/home/info?lang=3: 1 Time(s) https://skidn.com/index.html: 1 Time(s) 500 Internal Server Error /: 20 Time(s) /robots.txt: 4 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /actuator/health: 1 Time(s) /app/.env: 1 Time(s) /bag2: 1 Time(s) /c/version.js: 1 Time(s) /currentsetting.htm: 1 Time(s) /flu/403.html: 1 Time(s) /gemini-iptv/get_prc.php: 1 Time(s) /gemini-iptv/vod.json: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (162.248.52.82): 37 Time(s) root (180.76.148.1): 35 Time(s) root (host-92-27-140-155.static.as13285.net): 35 Time(s) root (103.146.30.114): 33 Time(s) root (49.232.191.28): 31 Time(s) root (187.32.84.234): 22 Time(s) root (92.255.85.237): 21 Time(s) root (92.255.85.37): 20 Time(s) root (104.131.29.174): 19 Time(s) root (106.75.222.175): 18 Time(s) root (204.44.68.125): 17 Time(s) unknown (103.146.30.114): 17 Time(s) root (198.23.233.28): 16 Time(s) unknown (49.232.191.28): 15 Time(s) unknown (host-92-27-140-155.static.as13285.net): 15 Time(s) root (42.193.191.227): 14 Time(s) unknown (204.44.68.125): 14 Time(s) root (ns2.mknz.net): 13 Time(s) unknown (162.248.52.82): 13 Time(s) root (212.231.197.226): 12 Time(s) unknown (180.76.148.1): 11 Time(s) unknown (212.231.197.226): 10 Time(s) unknown (104.131.29.174): 7 Time(s) unknown (106.75.222.175): 7 Time(s) unknown (198.23.233.28): 7 Time(s) root (220.197.9.114): 6 Time(s) unknown (141.98.10.82): 6 Time(s) unknown (187.32.84.234): 6 Time(s) unknown (ns2.mknz.net): 5 Time(s) unknown (209.141.44.102): 4 Time(s) root (206.223.33.121): 3 Time(s) unknown (141.98.10.60): 3 Time(s) unknown (45.155.204.39): 3 Time(s) root (1.9.131.3): 2 Time(s) root (171.115.84.233): 2 Time(s) unknown (134.209.83.158): 2 Time(s) unknown (171.115.84.233): 2 Time(s) unknown (205.185.115.39): 2 Time(s) unknown (6.41.99.84.rev.sfr.net): 2 Time(s) unknown (vmi744046.contaboserver.net): 2 Time(s) root (112.18.69.127): 1 Time(s) root (139.28.235.176): 1 Time(s) root (14.99.176.210): 1 Time(s) root (45.155.204.39): 1 Time(s) root (58.246.251.27): 1 Time(s) unknown (14.99.176.210): 1 Time(s) unknown (146.185.79.101): 1 Time(s) unknown (179.43.187.37): 1 Time(s) unknown (183.92.214.38): 1 Time(s) unknown (205.185.124.219): 1 Time(s) unknown (209.141.53.74): 1 Time(s) unknown (212.192.241.37): 1 Time(s) unknown (23.183.81.136): 1 Time(s) unknown (slot0.epaperitaliait.com): 1 Time(s) Invalid Users: Unknown Account: 162 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 Miscellaneous warnings 14.772K Bytes accepted 15,127 14.772K Bytes sent via SMTP 15,127 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 22 Connections 7 Connections lost (inbound) 22 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.9.131.3: 2 times 14.99.176.210 (static-210.176.99.14-tataidc.co.in): 1 time 23.123.90.52 (ns2.mknz.net): 13 times 42.193.191.227: 16 times 45.155.204.39: 1 time 49.232.191.28: 31 times 58.246.251.27: 1 time 92.27.140.155 (host-92-27-140-155.static.as13285.net): 35 times 92.255.85.37: 20 times 92.255.85.237: 21 times 103.146.30.114: 33 times 104.131.29.174: 19 times 106.75.222.175: 18 times 112.18.69.127: 1 time 139.28.235.176: 1 time 162.248.52.82: 37 times 171.115.84.233: 2 times 180.76.148.1: 35 times 187.32.84.234 (187-032-084-234.static.ctbctelecom.com.br): 22 times 198.23.233.28 (198-23-233-28-host.colocrossing.com): 16 times 204.44.68.125 (204.44.68.125.static.quadranet.com): 17 times 206.223.33.121: 3 times 212.231.197.226: 12 times 220.197.9.114: 6 times Illegal users from: 2001:470:1:c84::23: 1 time undef: 105 times 14.99.176.210 (static-210.176.99.14-tataidc.co.in): 1 time 23.123.90.52 (ns2.mknz.net): 5 times 23.183.81.136: 1 time 43.134.92.151: 1 time 45.88.188.13 (vmi744046.contaboserver.net): 2 times 45.155.204.39: 3 times 49.232.191.28: 15 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 84.99.41.6 (6.41.99.84.rev.sfr.net): 2 times 92.27.140.155 (host-92-27-140-155.static.as13285.net): 15 times 103.146.30.114: 17 times 104.131.29.174: 7 times 106.75.222.175: 7 times 134.209.83.158: 2 times 141.98.10.60: 3 times 141.98.10.82: 6 times 146.185.79.101: 1 time 162.248.52.82: 13 times 171.115.84.233: 2 times 178.73.215.171 (178-73-215-171-static.glesys.net): 1 time 179.43.187.37: 1 time 180.76.148.1: 11 times 183.92.214.38: 1 time 187.32.84.234 (187-032-084-234.static.ctbctelecom.com.br): 6 times 195.133.18.24 (slot0.epaperitaliait.com): 1 time 198.23.233.28 (198-23-233-28-host.colocrossing.com): 7 times 204.44.68.125 (204.44.68.125.static.quadranet.com): 14 times 205.185.115.39 (mx.learnmorefun.org): 2 times 205.185.124.219 (smtp2.jreama.shop): 1 time 209.141.44.102: 4 times 209.141.53.74: 1 time 212.192.241.37: 1 time 212.231.197.226: 10 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################