[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Apr 13 04:42:03 2024 Date Range Processed: yesterday ( 2024-Apr-12 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 87:86 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 185.254.97.142 -> zapf.wiki:443: 1 Time(s) 45.125.66.34 -> google.com:443: 1 Time(s) 80.75.212.75 -> www.google.com:443: 1 Time(s) 87.121.69.52 -> google.com:443: 2 Time(s) A total of 7 sites probed the server 106.75.173.226 139.162.253.22 192.241.224.44 195.170.172.128 35.172.191.59 66.240.205.34 91.92.250.119 Requests with error response codes 400 Bad Request null: 10 Time(s) *: 6 Time(s) /: 5 Time(s) google.com:443: 3 Time(s) /.env: 2 Time(s) 1,: 2 Time(s) [\x22miner1\x22,: 2 Time(s) (Windows: 1 Time(s) /login: 1 Time(s) /sendgrid/.env: 1 Time(s) 7: 1 Time(s) NT: 1 Time(s) \x82\xA3\xE0\x1F\x96\xCB\xA2\xEF/\xF0: 1 Time(s) icap://icap-server.net/server?arg=87: 1 Time(s) stager64: 1 Time(s) w\xEE3\xD4\xF51\xDE\x9A\x80aX\xB7\xE0\x0C\ ... x00\x01\x02\x00: 1 Time(s) www.google.com:443: 1 Time(s) zapf.wiki:443: 1 Time(s) 500 Internal Server Error /: 22 Time(s) /favicon.ico: 3 Time(s) /.env: 2 Time(s) /dqgqoeCXckuwPtxov: 2 Time(s) /.git/config: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /SiteLoader: 1 Time(s) /WuEL: 1 Time(s) /a: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /download/file.ext: 1 Time(s) /geoserver/web/: 1 Time(s) /mPlayer: 1 Time(s) /robots.txt: 1 Time(s) /sitemap.xml: 1 Time(s) /webui/: 1 Time(s) 502 Bad Gateway /-S9MXoBxT0OMhDssROVsEg/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (47.236.171.98): 180 Time(s) unknown (154.61.76.78): 62 Time(s) unknown (185.196.8.238): 49 Time(s) root (179.43.180.106): 34 Time(s) root (183.81.169.238): 28 Time(s) root (212.70.149.150): 16 Time(s) root (154.61.76.78): 13 Time(s) root (183.14.134.202): 13 Time(s) root (185.196.8.238): 10 Time(s) unknown (212.70.149.150): 8 Time(s) root (113.106.88.146): 6 Time(s) root (163.177.112.219): 6 Time(s) unknown (175.192.226.38): 5 Time(s) unknown (175.210.178.197): 3 Time(s) unknown (221.151.28.225): 3 Time(s) unknown (31.184.198.71): 2 Time(s) unknown (90-225-133-108-no2101.tbcn.telia.com): 2 Time(s) bin (185.196.8.238): 1 Time(s) root (117.6.241.38): 1 Time(s) root (122.143.115.18): 1 Time(s) root (124.167.20.116): 1 Time(s) root (130.185.96.126): 1 Time(s) root (178.135.49.226): 1 Time(s) root (183.6.115.88): 1 Time(s) root (31.184.198.71): 1 Time(s) root (58.230.236.82): 1 Time(s) root (94.131.211.168): 1 Time(s) root (c-98-52-116-108.hsd1.il.comcast.net): 1 Time(s) sshd (185.196.8.238): 1 Time(s) temp (41.207.248.204): 1 Time(s) unknown (103.146.0.135): 1 Time(s) unknown (103.157.115.2): 1 Time(s) unknown (105.73.203.1): 1 Time(s) unknown (111.75.223.17): 1 Time(s) unknown (112.5.76.239): 1 Time(s) unknown (113.108.88.121): 1 Time(s) unknown (117.103.207.214): 1 Time(s) unknown (117.2.49.79): 1 Time(s) unknown (121.158.249.166): 1 Time(s) unknown (122.187.233.177): 1 Time(s) unknown (168.126.90.210): 1 Time(s) unknown (182.76.36.62): 1 Time(s) unknown (183.233.177.34): 1 Time(s) unknown (185.196.8.151): 1 Time(s) unknown (201.173.128.164): 1 Time(s) unknown (210.3.53.50): 1 Time(s) unknown (218.156.1.212): 1 Time(s) unknown (220-130-226-160.hinet-ip.hinet.net): 1 Time(s) unknown (222.104.241.19): 1 Time(s) unknown (244.76.71.37.rev.sfr.net): 1 Time(s) unknown (27.72.145.25): 1 Time(s) unknown (59-125-101-97.hinet-ip.hinet.net): 1 Time(s) unknown (60.220.176.32): 1 Time(s) unknown (61.153.208.38): 1 Time(s) unknown (62.201.212.52): 1 Time(s) unknown (c-69-255-127-110.hsd1.va.comcast.net): 1 Time(s) unknown (host-176-36-32-175.b024.la.net.ua): 1 Time(s) unknown (host-5-58-5-87.bitternet.ua): 1 Time(s) Invalid Users: Unknown Account: 166 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 142 Connections 10 Connections lost (inbound) 142 Disconnections 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** systemd-logind: New seat seat0.: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ SSHD Started: 2 Time(s) Failed logins from: 31.184.198.71: 1 time 41.207.248.204: 1 time 47.236.171.98: 180 times 58.230.236.82: 1 time 94.131.211.168: 1 time 98.52.116.108 (c-98-52-116-108.hsd1.il.comcast.net): 1 time 113.106.88.146: 6 times 117.6.241.38: 1 time 122.143.115.18 (18.115.143.122.adsl-pool.jlccptt.net.cn): 1 time 124.167.20.116 (116.20.167.124.adsl-pool.sx.cn): 1 time 130.185.96.126: 1 time 154.61.76.78 (78.76.61.154.mum001.in.intechdc.com): 13 times 163.177.112.219: 6 times 178.135.49.226 (mail.t3servcies.com): 1 time 179.43.180.106 (hostedby.privatelayer.com): 34 times 183.6.115.88: 1 time 183.14.134.202: 13 times 183.81.169.238: 28 times 185.196.8.238: 12 times 212.70.149.150: 16 times Illegal users from: 2001:470:1:fb5:c4cf:96ba:60ae:3a28: 1 time undef: 107 times 5.58.5.87 (host-5-58-5-87.bitternet.ua): 1 time 27.72.145.25 (dynamic-ip-adsl.viettel.vn): 1 time 31.184.198.71: 3 times 37.71.76.244 (244.76.71.37.rev.sfr.net): 1 time 47.236.171.98: 18 times 59.125.101.97 (59-125-101-97.hinet-ip.hinet.net): 1 time 60.220.176.32 (32.176.220.60.adsl-pool.sx.cn): 1 time 61.153.208.38: 1 time 62.201.212.52: 1 time 69.255.127.110 (c-69-255-127-110.hsd1.va.comcast.net): 1 time 79.110.62.21: 1 time 90.225.133.108 (90-225-133-108-no2101.tbcn.telia.com): 2 times 103.146.0.135: 1 time 103.157.115.2 (2.115.157.103.Ai-bkti-hts.iforte.net.id): 1 time 105.73.203.1: 1 time 111.75.223.17: 1 time 112.5.76.239: 1 time 113.108.88.121: 1 time 117.2.49.79 (dynamic-ip-adsl.viettel.vn): 1 time 117.103.207.214 (hn.vtc.vn): 1 time 121.158.249.166: 1 time 122.187.233.177 (nsg-corporate-177.233.187.122.airtel.in): 1 time 154.61.76.78 (78.76.61.154.mum001.in.intechdc.com): 62 times 168.126.90.210: 1 time 175.192.226.38: 5 times 175.210.178.197: 3 times 176.36.32.175 (host-176-36-32-175.b024.la.net.ua): 1 time 182.76.36.62 (nsg-static-62.36.76.182-airtel.com): 1 time 183.233.177.34: 1 time 185.196.8.151: 1 time 185.196.8.238: 49 times 201.173.128.164 (201.173.128.164-clientes-izzi.mx): 1 time 210.3.53.50 (static-bbs-50-53-3-210-on-nets.com): 1 time 212.70.149.150: 8 times 218.156.1.212: 1 time 220.77.227.100: 1 time 220.130.226.160 (220-130-226-160.hinet-ip.hinet.net): 1 time 221.151.28.225: 3 times 222.104.241.19: 5 times **Unmatched Entries** Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 4 time(s) error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (root,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (ubnt,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) warning: can't get client address: Connection reset by peer : 3 time(s) fatal: buffer_get_string: buffer error [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop19598p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################