[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Jul 30 04:42:03 2023 Date Range Processed: yesterday ( 2023-Jul-29 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 37:37 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 45.128.232.183 -> google.com:443: 1 Time(s) A total of 9 sites probed the server 138.68.172.20 139.162.218.225 162.243.143.60 167.172.236.111 192.161.56.4 205.210.31.58 64.225.4.122 64.62.197.25 89.248.163.237 Requests with error response codes 400 Bad Request null: 20 Time(s) /: 4 Time(s) /aaa9: 3 Time(s) /aab8: 3 Time(s) /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 3 Time(s) mstshash=Administr: 3 Time(s) 7: 2 Time(s) A@BAE@FAI: 2 Time(s) *: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /private/api/v1/service/premaster: 1 Time(s) 9tnR/\xC3K\xF1\x0F\x5C\xEF\x9F\x8F4'\xD3e\ ... D\xC0$\xC0(\xC0: 1 Time(s) XP|'|'|No|'|'|0.6.4|'|'|..|'|'||'|'|[endof]: 1 Time(s) \x1C\xEF\x07\xD7\xD2\xD8P$+c\x0C{r\xAE\xB9\x9C_R\xA1\xD3X~m: 1 Time(s) \xB1\xBET\xA4\x9AZ\x9A\xA0?\x90\xE0\xF2t0\ ... J\xA9<\xBD\xDA`: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xE29\xE6\x00\x92\x810\x13\x81\xDC\x95\xD2 ... C0$\xC0\x14\xC0: 1 Time(s) google.com:443: 1 Time(s) 500 Internal Server Error /: 22 Time(s) /_profiler/phpinfo: 5 Time(s) /.env: 3 Time(s) /ab2g: 2 Time(s) /ab2h: 2 Time(s) /favicon.ico: 2 Time(s) /.git/config: 1 Time(s) /ReportServer: 1 Time(s) /admin/assets/js/views/login.js: 1 Time(s) /ajax: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /cpanel: 1 Time(s) /dns-query: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /geoserver/web/: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /t4: 1 Time(s) 502 Bad Gateway /1M3B801aTLa4jlAz2WbSrw/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (24.199.87.170): 199 Time(s) unknown (193.233.21.187): 75 Time(s) unknown (134.122.83.197): 37 Time(s) unknown (170.64.175.2): 37 Time(s) unknown (24.144.98.156): 26 Time(s) unknown (139.59.10.175): 19 Time(s) root (134.122.83.197): 15 Time(s) root (170.64.175.2): 15 Time(s) root (193.233.21.187): 14 Time(s) unknown (159.203.46.152): 14 Time(s) root (24.144.98.156): 13 Time(s) unknown (141.98.11.113): 13 Time(s) root (139.59.23.204): 12 Time(s) root (185.224.128.142): 12 Time(s) unknown (141.98.11.11): 9 Time(s) root (141.98.11.11): 8 Time(s) unknown (45.136.153.217): 8 Time(s) unknown (193.169.255.233): 6 Time(s) root (217.144.216.23): 5 Time(s) unknown (176.113.115.211): 5 Time(s) unknown (175.178.160.190): 4 Time(s) unknown (176.113.115.210): 4 Time(s) unknown (139.59.10.137): 3 Time(s) unknown (143.244.50.173): 3 Time(s) root (139.59.10.175): 2 Time(s) root (141.98.11.113): 2 Time(s) root (175.178.160.190): 2 Time(s) root (176.113.115.211): 2 Time(s) sshd (193.233.21.187): 2 Time(s) unknown (ipbcc0410f.dynamic.kabel-deutschland.de): 2 Time(s) postgres (134.122.83.197): 1 Time(s) postgres (170.64.175.2): 1 Time(s) postgres (175.178.160.190): 1 Time(s) postgres (24.144.98.156): 1 Time(s) root (139.59.10.137): 1 Time(s) root (159.203.46.152): 1 Time(s) root (176.113.115.210): 1 Time(s) root (43.249.226.4): 1 Time(s) sshd (141.98.11.11): 1 Time(s) sshd (141.98.11.113): 1 Time(s) unknown (119.202.218.53): 1 Time(s) unknown (124.167.20.68): 1 Time(s) unknown (222.113.218.113): 1 Time(s) unknown (65.20.212.118): 1 Time(s) unknown (75-120-78-66.dyn.centurytel.net): 1 Time(s) unknown (c-69-243-138-199.hsd1.il.comcast.net): 1 Time(s) uucp (141.98.11.113): 1 Time(s) Invalid Users: Unknown Account: 473 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 18.813K Bytes accepted 19,265 18.813K Bytes sent via SMTP 19,265 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 6 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 6 Total 4xx Rejects 100.00% ======== ================================================== 248 Connections 81 Connections lost (inbound) 248 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 24.144.98.156: 14 times 43.249.226.4: 1 time 134.122.83.197: 16 times 139.59.10.137: 1 time 139.59.10.175: 2 times 139.59.23.204: 12 times 141.98.11.11 (axon-stall.riddlecamera.net): 9 times 141.98.11.113 (annoying.medyamol.com): 4 times 159.203.46.152: 1 time 170.64.175.2: 16 times 175.178.160.190: 3 times 176.113.115.210: 1 time 176.113.115.211: 2 times 185.224.128.142: 12 times 193.233.21.187: 16 times 217.144.216.23 (static-216-23.is.net.pl): 6 times Illegal users from: 2001:470:1:c84::30: 1 time undef: 92 times 24.144.98.156: 26 times 24.199.87.170: 199 times 45.136.153.217 (unn-45-136-153-217.datapacket.com): 8 times 64.62.197.67 (scan-38f.shadowserver.org): 1 time 65.20.212.118: 1 time 69.243.138.199 (c-69-243-138-199.hsd1.il.comcast.net): 1 time 75.120.78.66 (75-120-78-66.dyn.centurytel.net): 1 time 119.202.218.53: 2 times 124.167.20.68 (68.20.167.124.adsl-pool.sx.cn): 1 time 134.122.83.197: 37 times 139.59.10.137: 3 times 139.59.10.175: 19 times 141.98.11.11 (axon-stall.riddlecamera.net): 10 times 141.98.11.113 (annoying.medyamol.com): 13 times 143.244.50.173 (unn-143-244-50-173.datapacket.com): 3 times 159.203.46.152: 14 times 170.64.175.2: 37 times 175.178.160.190: 4 times 176.113.115.210: 4 times 176.113.115.211: 5 times 188.192.65.15 (ipbcc0410f.dynamic.kabel-deutschland.de): 2 times 193.169.255.233: 9 times 193.233.21.187: 75 times 222.113.218.113: 5 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47383p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################