[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Oct 27 04:42:04 2021 Date Range Processed: yesterday ( 2021-Oct-26 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 85:84 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 222.186.19.235 -> zapf.wiki:443: 1 Time(s) A total of 12 sites probed the server 178.239.21.161 185.254.31.134 193.56.117.45 209.141.51.171 209.141.54.186 222.186.19.235 34.86.35.10 45.61.184.37 46.101.130.39 61.147.15.67 66.240.205.34 89.248.165.210 Requests with error response codes 400 Bad Request null: 16 Time(s) /: 7 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /config/getuser?index=0: 2 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /c/version.js: 1 Time(s) /cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32% ... .%%32%65/bin/sh: 1 Time(s) /flu/403.html: 1 Time(s) /gemini-iptv/get_prc.php: 1 Time(s) /gemini-iptv/vod.json: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) 8\x00\x00b\xC00\xC0,\xC0/\xC0+\x00\x9F\x00 ... C0$\xC0\x14\xC0: 1 Time(s) \xA7i\xB7|\x91\x0E\xC2\x92\x1C\xA2\x1Au\x9 ... B4\x94/\x19\xA5: 1 Time(s) zapf.wiki:443: 1 Time(s) 500 Internal Server Error /.env: 29 Time(s) /: 21 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /autodiscover/autodiscover.json?a=a(a)edu.ed ... s/exchange.asmx: 1 Time(s) /c/version.js: 1 Time(s) /console/: 1 Time(s) /flu/403.html: 1 Time(s) /gemini-iptv/get_prc.php: 1 Time(s) /gemini-iptv/vod.json: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (170.106.115.41): 154 Time(s) root (1.116.159.92): 36 Time(s) root (159.89.183.173): 36 Time(s) root (203.114.114.63): 35 Time(s) root (1-34-164-63.hinet-ip.hinet.net): 32 Time(s) root (104.131.75.252): 31 Time(s) root (188.254.173.120): 31 Time(s) root (42.192.49.241): 31 Time(s) root (138.68.172.66): 29 Time(s) root (rentguarantee.org): 28 Time(s) root (49.233.175.111): 25 Time(s) root (250-72-182-201.provedornetlux.com.br): 23 Time(s) root (40.115.79.44): 23 Time(s) root (120.92.134.94): 22 Time(s) root (1.117.39.206): 21 Time(s) root (164.52.117.194): 21 Time(s) root (116.196.122.196): 20 Time(s) root (106.75.135.64): 19 Time(s) unknown (104.131.75.252): 19 Time(s) unknown (188.254.173.120): 19 Time(s) root (1.119.131.102): 18 Time(s) root (222.185.231.246): 18 Time(s) unknown (1-34-164-63.hinet-ip.hinet.net): 18 Time(s) root (117.119.100.210): 17 Time(s) root (103.233.1.53): 16 Time(s) root (106.52.216.170): 15 Time(s) unknown (104.131.1.89): 15 Time(s) unknown (141.98.10.60): 15 Time(s) unknown (203.114.114.63): 15 Time(s) root (116.247.81.99): 14 Time(s) unknown (1.117.39.206): 14 Time(s) unknown (159.89.183.173): 14 Time(s) unknown (1.116.159.92): 13 Time(s) unknown (42.192.49.241): 13 Time(s) root (60.255.230.126): 12 Time(s) root (104.131.1.89): 11 Time(s) root (118.24.212.114): 11 Time(s) unknown (116.247.81.99): 11 Time(s) root (222.90.93.146): 10 Time(s) unknown (106.75.135.64): 10 Time(s) unknown (117.119.100.210): 10 Time(s) unknown (222.90.93.146): 10 Time(s) unknown (250-72-182-201.provedornetlux.com.br): 10 Time(s) root (58.22.61.212): 9 Time(s) unknown (49.233.175.111): 9 Time(s) root (219.232.48.190): 8 Time(s) unknown (116.196.122.196): 8 Time(s) root (pool-108-49-132-150.bstnma.fios.verizon.net): 7 Time(s) unknown (106.52.216.170): 7 Time(s) unknown (40.115.79.44): 7 Time(s) unknown (58.22.61.212): 7 Time(s) unknown (60.255.230.126): 7 Time(s) unknown (1.119.131.102): 6 Time(s) unknown (118.24.212.114): 6 Time(s) unknown (120.92.134.94): 6 Time(s) unknown (222.185.231.246): 6 Time(s) unknown (164.52.117.194): 5 Time(s) unknown (45.135.232.159): 5 Time(s) root (109.74.130.129): 4 Time(s) unknown (103.233.1.53): 4 Time(s) unknown (167.88.161.219): 4 Time(s) unknown (116.98.160.246): 3 Time(s) unknown (134.236.247.145): 3 Time(s) unknown (212.193.30.101): 3 Time(s) unknown (212.193.30.32): 3 Time(s) unknown (45.155.204.39): 3 Time(s) unknown (51.15.197.4): 3 Time(s) unknown (61-91-5-144.static.asianet.co.th): 3 Time(s) unknown (pool-108-49-132-150.bstnma.fios.verizon.net): 3 Time(s) unknown (109.74.130.129): 2 Time(s) unknown (151.52.164.45): 2 Time(s) unknown (199.195.251.49): 2 Time(s) unknown (c-98-199-124-73.hsd1.tx.comcast.net): 2 Time(s) nobody (45.135.232.159): 1 Time(s) postgres (51.15.197.4): 1 Time(s) postgres (61-91-5-144.static.asianet.co.th): 1 Time(s) root (103.133.57.250): 1 Time(s) root (116.105.30.143): 1 Time(s) root (119.29.193.73): 1 Time(s) root (134.236.247.145): 1 Time(s) root (157.230.112.11): 1 Time(s) root (159.223.24.19): 1 Time(s) root (36.133.163.35): 1 Time(s) unknown (103.133.57.250): 1 Time(s) unknown (116.105.24.91): 1 Time(s) unknown (116.105.30.143): 1 Time(s) unknown (119.29.193.73): 1 Time(s) unknown (171.227.207.186): 1 Time(s) unknown (188.126.89.90): 1 Time(s) unknown (219.232.48.190): 1 Time(s) unknown (72.217.158.200): 1 Time(s) unknown (77.81.151.203.sta.inet.co.th): 1 Time(s) unknown (tor.momx.site): 1 Time(s) unknown (turing.tor-exit.calyxinstitute.org): 1 Time(s) Invalid Users: Unknown Account: 336 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 Miscellaneous warnings 15.938K Bytes accepted 16,320 15.938K Bytes sent via SMTP 16,320 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 387 Connections 226 Connections lost (inbound) 387 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 61 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.34.164.63 (1-34-164-63.hinet-ip.hinet.net): 32 times 1.116.159.92: 36 times 1.117.39.206: 21 times 1.119.131.102: 18 times 36.133.163.35: 1 time 40.115.79.44: 23 times 42.192.49.241: 31 times 45.135.232.159: 1 time 49.233.175.111: 25 times 51.15.197.4 (4-197-15-51.instances.scw.cloud): 1 time 58.22.61.212: 9 times 60.255.230.126: 12 times 61.91.5.144 (61-91-5-144.static.asianet.co.th): 1 time 103.133.57.250: 1 time 103.233.1.53 (server.vps.ull): 16 times 104.131.1.89: 11 times 104.131.75.252: 31 times 106.52.216.170: 15 times 106.75.135.64: 19 times 108.49.132.150 (pool-108-49-132-150.bstnma.fios.verizon.net): 7 times 109.74.130.129: 4 times 116.105.30.143: 1 time 116.196.122.196: 20 times 116.247.81.99: 14 times 117.119.100.210: 17 times 118.24.212.114: 11 times 119.29.193.73: 1 time 120.92.134.94: 22 times 134.236.247.145: 1 time 138.68.172.66: 29 times 157.230.112.11: 1 time 159.89.183.173: 36 times 159.223.24.19: 1 time 164.52.117.194: 21 times 170.106.115.41: 154 times 188.254.173.120: 31 times 201.182.72.250 (250-72-182-201.provedornetlux.com.br): 23 times 203.114.114.63 (203-114-114-63.totisp.net): 35 times 209.97.132.66 (rentguarantee.org): 28 times 219.232.48.190: 8 times 222.90.93.146: 10 times 222.185.231.246: 18 times Illegal users from: 2001:470:1:332::8: 1 time undef: 218 times 1.34.164.63 (1-34-164-63.hinet-ip.hinet.net): 18 times 1.116.159.92: 13 times 1.117.39.206: 14 times 1.119.131.102: 6 times 40.115.79.44: 7 times 42.192.49.241: 13 times 45.135.232.159: 5 times 45.155.204.39: 3 times 49.233.175.111: 9 times 51.15.197.4 (4-197-15-51.instances.scw.cloud): 3 times 58.22.61.212: 7 times 60.255.230.126: 7 times 61.91.5.144 (61-91-5-144.static.asianet.co.th): 3 times 72.217.158.200: 1 time 98.199.124.73 (c-98-199-124-73.hsd1.tx.comcast.net): 2 times 103.133.57.250: 1 time 103.233.1.53 (server.vps.ull): 4 times 104.131.1.89: 15 times 104.131.75.252: 19 times 106.52.216.170: 7 times 106.75.135.64: 10 times 108.49.132.150 (pool-108-49-132-150.bstnma.fios.verizon.net): 3 times 109.74.130.129: 2 times 116.98.160.246 (dynamic-ip-adsl.viettel.vn): 3 times 116.105.24.91: 1 time 116.105.30.143: 1 time 116.196.122.196: 8 times 116.247.81.99: 11 times 117.119.100.210: 10 times 118.24.212.114: 6 times 119.29.193.73: 1 time 120.92.134.94: 6 times 134.236.247.145: 3 times 141.98.10.60: 15 times 151.52.164.45: 2 times 159.89.183.173: 14 times 162.247.74.27 (turing.tor-exit.calyxinstitute.org): 1 time 164.52.117.194: 5 times 167.88.161.219 (smtp21.gftvrsr.xyz): 4 times 171.227.207.186 (dynamic-ip-adsl.viettel.vn): 1 time 188.126.89.90: 1 time 188.254.173.120: 19 times 193.218.118.183 (tor.momx.site): 1 time 199.195.251.49: 2 times 201.182.72.250 (250-72-182-201.provedornetlux.com.br): 10 times 203.114.114.63 (203-114-114-63.totisp.net): 15 times 203.151.81.77 (77.81.151.203.sta.inet.co.th): 1 time 212.193.30.32: 3 times 212.193.30.101 (slot0.iglogi-camo.com): 3 times 219.232.48.190: 1 time 222.90.93.146: 10 times 222.185.231.246: 6 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################