[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Jan 19 04:42:04 2022 Date Range Processed: yesterday ( 2022-Jan-18 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 7:6 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 112.66.106.86 -> zapf.wiki:443: 1 Time(s) 222.186.19.235 -> zapf.wiki:443: 2 Time(s) A total of 8 sites probed the server 109.74.204.123 159.89.162.182 164.52.24.179 200.73.112.67 222.186.19.235 23.250.19.242 61.219.11.151 66.240.205.34 Requests with error response codes 400 Bad Request null: 19 Time(s) /: 5 Time(s) mstshash=Administr: 5 Time(s) mstshash=Domain: 4 Time(s) zapf.wiki:443: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) http://fuwu.sogou.com/404/index.html: 2 Time(s) /.git/HEAD: 1 Time(s) /Portal/Portal.mwsl: 1 Time(s) /Z4Yu: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /admin.php: 1 Time(s) /bag2: 1 Time(s) /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s) /nmaplowercheck1642463716: 1 Time(s) /scripts/WPnBr.dll: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) 7: 1 Time(s) \x01\x00\x01\x1C\x03\x030+\x03P\xE6^R\x14\ ... 70\xFF\xF6c\x82: 1 Time(s) \xCFA^\xEE\x80\xEE\xE6\x7F\xCF\xC1\xD4\x9As\xEB\xAFU\x8E: 1 Time(s) \xDF\x92AW\xC4\xB0\x9E\x1C\xC9\xF9\x13\xC8 ... x09\xC0\x14\xC0: 1 Time(s) 500 Internal Server Error /: 29 Time(s) /.env: 4 Time(s) /favicon.ico: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /robots.txt: 2 Time(s) /.DS_Store: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /berlin: 1 Time(s) /console/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /login.action: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /sdk: 1 Time(s) /sitemap.xml: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (1.15.102.211): 32 Time(s) root (103.145.191.30): 30 Time(s) root (139.59.69.76): 30 Time(s) root (143.110.148.132): 30 Time(s) root (153.101.29.178): 30 Time(s) root (157.245.53.100): 30 Time(s) root (159.203.168.167): 30 Time(s) root (165.227.159.95): 30 Time(s) root (165.227.84.172): 30 Time(s) root (177.43.90.107): 30 Time(s) root (180.106.148.201): 30 Time(s) root (192.227.194.32): 30 Time(s) root (194.215.64.34.bc.googleusercontent.com): 30 Time(s) root (206.189.178.171): 30 Time(s) root (210.22.128.214): 30 Time(s) root (212.230.159.248): 30 Time(s) root (41.76.175.129): 30 Time(s) root (46.146.240.185): 30 Time(s) root (47.180.114.229): 30 Time(s) root (49.233.173.136): 30 Time(s) root (61.32.231.156): 30 Time(s) root (81.70.83.99): 30 Time(s) root (leased-line-60-72.telecom.by): 30 Time(s) root (notidigitalrd.com): 30 Time(s) root (vps-4877551d.vps.ovh.net): 30 Time(s) root (103.97.128.148): 29 Time(s) root (115.248.153.89): 29 Time(s) root (1.116.81.51): 28 Time(s) root (116.255.131.3): 28 Time(s) root (120.53.108.58): 28 Time(s) root (43.134.232.140): 25 Time(s) root (43.154.189.216): 22 Time(s) root (113.90.236.98): 13 Time(s) root (117.132.4.151): 13 Time(s) root (190.187.100.17): 13 Time(s) root (119.136.115.66): 9 Time(s) root (65.ip-51-83-45.eu): 9 Time(s) root (113.128.31.190): 6 Time(s) root (133.ip-5-196-7.eu): 6 Time(s) root (36.134.149.251): 5 Time(s) root (1.116.175.181): 3 Time(s) root (195.93.223.2): 3 Time(s) root (49.234.219.31): 3 Time(s) unknown (64.227.127.35): 3 Time(s) root (113.120.60.196): 2 Time(s) root (42.194.148.212): 2 Time(s) root (62.233.50.133): 2 Time(s) root (77.81.151.203.sta.inet.co.th): 2 Time(s) unknown (37.245.3.185): 2 Time(s) unknown (96-89-191-241-static.hfc.comcastbusiness.net): 2 Time(s) unknown (dslb-002-200-106-227.002.200.pools.vodafone-ip.de): 2 Time(s) root (101.78.144.54): 1 Time(s) root (103.119.144.75): 1 Time(s) root (104.248.36.3): 1 Time(s) root (106.12.61.190): 1 Time(s) root (108.ip-51-254-140.eu): 1 Time(s) root (111.132.7.174): 1 Time(s) root (111.231.195.159): 1 Time(s) root (111.93.235.74): 1 Time(s) root (113.81.198.230): 1 Time(s) root (116.228.53.227): 1 Time(s) root (120.192.206.102): 1 Time(s) root (122.176.31.189): 1 Time(s) root (122.4.43.190): 1 Time(s) root (122.51.73.181): 1 Time(s) root (124.43.10.224): 1 Time(s) root (129.226.155.229): 1 Time(s) root (129.28.205.31): 1 Time(s) root (134.122.124.193): 1 Time(s) root (139.59.27.92): 1 Time(s) root (139.59.98.121): 1 Time(s) root (142.93.142.245): 1 Time(s) root (142.93.211.192): 1 Time(s) root (152.136.121.144): 1 Time(s) root (157.230.22.160): 1 Time(s) root (159.65.15.143): 1 Time(s) root (159.65.152.201): 1 Time(s) root (167.172.133.221): 1 Time(s) root (167.99.3.98): 1 Time(s) root (176.122.224.151): 1 Time(s) root (178.128.103.172): 1 Time(s) root (179.210.108.171): 1 Time(s) root (180.76.124.150): 1 Time(s) root (180.76.141.221): 1 Time(s) root (181.23.75.28): 1 Time(s) root (182.61.52.98): 1 Time(s) root (186.81.100.205): 1 Time(s) root (187.123.56.57): 1 Time(s) root (188.128.39.127): 1 Time(s) root (188.226.192.115): 1 Time(s) root (189.180.75.161): 1 Time(s) root (20.84.56.71): 1 Time(s) root (202.137.26.3): 1 Time(s) root (203.129.197.98): 1 Time(s) root (204.48.16.247): 1 Time(s) root (206.189.185.21): 1 Time(s) root (210.19.254.6): 1 Time(s) root (218.56.160.82): 1 Time(s) root (222.108.172.135): 1 Time(s) root (222.180.208.14): 1 Time(s) root (27.128.156.158): 1 Time(s) root (27.128.168.225): 1 Time(s) root (27.71.224.121): 1 Time(s) root (36-227-138-87.dynamic-ip.hinet.net): 1 Time(s) root (37.139.2.161): 1 Time(s) root (42.192.129.242): 1 Time(s) root (42.194.218.212): 1 Time(s) root (43.129.175.138): 1 Time(s) root (43.129.190.14): 1 Time(s) root (43.154.141.86): 1 Time(s) root (45.232.244.5): 1 Time(s) root (45.80.64.246): 1 Time(s) root (49.233.176.20): 1 Time(s) root (5.11.23.130): 1 Time(s) root (58.220.87.226): 1 Time(s) root (58.221.101.182): 1 Time(s) root (60-241-53-60.static.tpgi.com.au): 1 Time(s) root (60.174.248.244): 1 Time(s) root (77.68.112.131): 1 Time(s) root (81.70.47.108): 1 Time(s) root (82.156.177.242): 1 Time(s) root (82.156.24.211): 1 Time(s) root (ip-72-167-224-135.ip.secureserver.net): 1 Time(s) root (maryfindlay.plus.com): 1 Time(s) root (net-2-34-98-210.cust.vodafonedsl.it): 1 Time(s) root (net-2-45-179-5.cust.vodafonedsl.it): 1 Time(s) root (rede44-74.total.psi.br): 1 Time(s) root (vmi687767.contaboserver.net): 1 Time(s) unknown (1.15.102.211): 1 Time(s) unknown (141.98.10.47): 1 Time(s) unknown (43.154.189.216): 1 Time(s) unknown (479088.cloud4box.ru): 1 Time(s) Invalid Users: Unknown Account: 13 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 6 Miscellaneous warnings 17.045K Bytes accepted 17,454 17.045K Bytes sent via SMTP 17,454 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 92 Connections 39 Connections lost (inbound) 92 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.15.102.211: 32 times 1.116.81.51: 28 times 1.116.175.181: 3 times 2.34.98.210 (net-2-34-98-210.cust.vodafonedsl.it): 1 time 2.45.179.5 (net-2-45-179-5.cust.vodafonedsl.it): 1 time 5.11.23.130: 1 time 5.196.7.133 (133.ip-5-196-7.eu): 6 times 20.84.56.71: 1 time 27.71.224.121: 1 time 27.128.156.158: 1 time 27.128.168.225: 1 time 34.64.215.194 (194.215.64.34.bc.googleusercontent.com): 30 times 36.134.149.251: 5 times 36.227.138.87 (36-227-138-87.dynamic-ip.hinet.net): 1 time 37.139.2.161: 1 time 41.76.175.129: 30 times 42.192.129.242: 1 time 42.194.148.212: 2 times 42.194.218.212: 1 time 43.129.175.138: 1 time 43.129.190.14: 1 time 43.134.232.140: 25 times 43.154.141.86: 1 time 43.154.189.216: 22 times 45.80.64.246: 1 time 45.232.244.5: 1 time 46.146.240.185 (verdit.ru): 30 times 47.180.114.229: 30 times 49.233.173.136: 30 times 49.233.176.20: 1 time 49.234.219.31: 3 times 51.83.45.65 (65.ip-51-83-45.eu): 9 times 51.254.140.108 (108.ip-51-254-140.eu): 1 time 58.220.87.226: 1 time 58.221.101.182: 1 time 60.174.248.244: 1 time 60.241.53.60 (60-241-53-60.static.tpgi.com.au): 1 time 61.32.231.156: 30 times 62.233.50.133: 2 times 72.167.224.135 (ip-72-167-224-135.ip.secureserver.net): 1 time 77.68.112.131: 1 time 80.229.18.62 (maryfindlay.plus.com): 1 time 81.70.47.108: 1 time 81.70.83.99: 30 times 82.156.24.211: 1 time 82.156.177.242: 1 time 101.78.144.54: 1 time 103.97.128.148: 29 times 103.119.144.75 (ip-144-75.balifiber.id): 1 time 103.145.191.30: 30 times 104.236.49.215 (notidigitalrd.com): 30 times 104.248.36.3: 1 time 106.12.61.190: 1 time 111.93.235.74 (static-74.235.93.111-tataidc.co.in): 1 time 111.132.7.174: 1 time 111.231.195.159: 1 time 113.81.198.230: 1 time 113.90.236.98: 13 times 113.120.60.196: 2 times 113.128.31.190: 6 times 115.248.153.89: 29 times 116.228.53.227: 1 time 116.255.131.3: 28 times 117.132.4.151: 13 times 119.136.115.66: 9 times 120.53.108.58: 28 times 120.192.206.102: 1 time 122.4.43.190 (190.43.4.122.broad.jn.sd.dynamic.163data.com.cn): 1 time 122.51.73.181: 1 time 122.176.31.189 (abts-north-static-189.31.176.122.airtelbroadband.in): 1 time 124.43.10.224: 1 time 129.28.205.31: 1 time 129.226.155.229: 1 time 134.122.124.193: 1 time 139.59.27.92: 1 time 139.59.69.76: 30 times 139.59.98.121: 1 time 142.93.142.245: 1 time 142.93.211.192: 1 time 143.110.148.132: 30 times 152.136.121.144: 1 time 153.101.29.178: 30 times 157.230.22.160: 1 time 157.245.53.100: 30 times 159.65.15.143: 1 time 159.65.152.201: 1 time 159.203.168.167: 30 times 165.227.84.172: 30 times 165.227.159.95: 30 times 167.99.3.98: 1 time 167.172.133.221: 1 time 176.122.224.151: 1 time 177.43.90.107 (177.43.90.107.static.gvt.net.br): 30 times 178.128.103.172: 1 time 179.210.108.171 (b3d26cab.virtua.com.br): 1 time 180.76.124.150: 1 time 180.76.141.221: 1 time 180.106.148.201: 30 times 181.23.75.28 (181-23-75-28.speedy.com.ar): 1 time 182.61.52.98: 1 time 186.81.100.205 (static-ip-18681100205.cable.net.co): 1 time 187.123.56.57 (bb7b3839.virtua.com.br): 1 time 188.128.39.127: 1 time 188.226.192.115: 1 time 189.50.44.74 (rede44-74.total.psi.br): 1 time 189.180.75.161 (dsl-189-180-75-161-dyn.prod-infinitum.com.mx): 1 time 190.187.100.17: 13 times 192.227.194.32 (192-227-194-32-host.colocrossing.com): 30 times 194.163.142.182 (vmi687767.contaboserver.net): 1 time 195.93.223.2 (host-195-93-223-2.dynamic.mm.pl): 3 times 202.137.26.3 (smtp.wantannas.go.id): 1 time 203.129.197.98: 1 time 203.151.81.77 (77.81.151.203.sta.inet.co.th): 2 times 204.48.16.247: 1 time 206.189.178.171: 30 times 206.189.185.21: 1 time 210.19.254.6: 1 time 210.22.128.214: 30 times 212.230.159.248: 30 times 217.21.60.72 (leased-line-60-72.telecom.by): 30 times 217.182.75.250 (vps-4877551d.vps.ovh.net): 30 times 218.56.160.82: 1 time 222.108.172.135: 1 time 222.180.208.14: 1 time Illegal users from: 2001:470:1:c84::14: 1 time undef: 7 times 1.15.102.211: 1 time 2.200.106.227 (dslb-002-200-106-227.002.200.pools.vodafone-ip.de): 2 times 37.245.3.185: 2 times 43.154.189.216: 1 time 64.227.127.35: 3 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 96.89.191.241 (96-89-191-241-static.hfc.comcastbusiness.net): 2 times 109.74.204.123 (li151-123.members.linode.com): 1 time 141.98.10.47 (afterwards-hest.oinkhow.net): 1 time 188.130.139.178 (479088.cloud4box.ru): 1 time **Unmatched Entries** Protocol major versions differ for 109.74.204.123: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s) Protocol major versions differ for 109.74.204.123: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s) fatal: Unable to negotiate a key exchange method [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################