[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Jan 24 04:42:04 2022 Date Range Processed: yesterday ( 2022-Jan-23 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 77:77 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 9 sites probed the server 103.147.185.14 157.245.59.176 161.35.236.158 174.138.2.32 178.128.167.150 20.102.57.61 23.250.19.242 45.134.144.108 61.219.11.151 Requests with error response codes 400 Bad Request null: 17 Time(s) /: 5 Time(s) mstshash=Domain: 4 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s) mstshash=Administr: 3 Time(s) /manager/html: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) /../.git/HEAD: 1 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /manager/text/list: 1 Time(s) /spywall/timeConfig.php: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) http://dyn.epicgifs.net/test6956.php: 1 Time(s) 500 Internal Server Error /: 25 Time(s) /.env: 6 Time(s) /_ignition/execute-solution: 2 Time(s) /robots.txt: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.well-known/security.txt: 1 Time(s) ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s) /actuator/health: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /favicon.ico: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (60.196.69.234): 60 Time(s) root (89.236.239.25.static.ip.tps.uz): 60 Time(s) unknown (118.25.3.65): 57 Time(s) root (42.193.144.254): 56 Time(s) root (200-207-95-202.dsl.telesp.net.br): 52 Time(s) root (90.189.182.30): 44 Time(s) root (41.106.80.51): 40 Time(s) unknown (134.209.93.51): 40 Time(s) unknown (210.212.205.39): 40 Time(s) root (112.93.116.123): 36 Time(s) unknown (134.17.94.149): 36 Time(s) root (125.212.233.50): 32 Time(s) root (121.4.242.145): 31 Time(s) root (163.172.143.33): 31 Time(s) root (177.36.14.101): 31 Time(s) root (190.145.192.106): 31 Time(s) root (20.205.206.132): 31 Time(s) root (49.233.34.80): 31 Time(s) root (78.196.138.44): 31 Time(s) root (81.70.236.203): 31 Time(s) unknown (93-39-225-138.ip77.fastwebnet.it): 30 Time(s) root (217.160.9.187): 28 Time(s) root (222.101.206.56): 27 Time(s) unknown (101.251.223.236): 23 Time(s) root (210.22.128.214): 22 Time(s) unknown (119.91.117.82): 20 Time(s) unknown (mail.gtmsk.ru): 18 Time(s) root (195.29.51.133): 17 Time(s) root (134.209.93.51): 16 Time(s) root (196.41.243.3): 16 Time(s) root (1.15.84.185): 15 Time(s) root (210.212.205.39): 15 Time(s) root (118.25.3.65): 14 Time(s) unknown (mail.gtspb.ru): 13 Time(s) root (134.17.94.149): 12 Time(s) root (45.61.164.20): 12 Time(s) unknown (mail.gtnov.ru): 9 Time(s) root (119.91.117.82): 8 Time(s) root (202.154.180.51): 8 Time(s) root (161.35.52.86): 7 Time(s) root (185.100.87.202): 6 Time(s) root (185.220.101.81): 6 Time(s) root (212.64.75.189): 6 Time(s) root (45.153.160.132): 6 Time(s) root (45.153.160.139): 6 Time(s) root (phoolandevi.tor-exit.calyxinstitute.org): 6 Time(s) root (101.251.223.236): 5 Time(s) root (mail.gtspb.ru): 5 Time(s) root (175.213.182.152): 4 Time(s) root (41.111.211.227): 4 Time(s) root (mail.gtnov.ru): 3 Time(s) unknown (117.161.75.117): 3 Time(s) bin (134.209.93.51): 2 Time(s) root (1.116.136.239): 2 Time(s) root (1.14.163.183): 2 Time(s) root (1.14.195.32): 2 Time(s) root (103.136.40.66): 2 Time(s) root (103.72.4.241): 2 Time(s) root (106.13.82.231): 2 Time(s) root (106.52.20.56): 2 Time(s) root (114.7.162.198): 2 Time(s) root (118.89.200.78): 2 Time(s) root (121.5.201.243): 2 Time(s) root (122.181.16.134): 2 Time(s) root (139.155.15.210): 2 Time(s) root (143.110.253.161): 2 Time(s) root (170.210.71.10): 2 Time(s) root (180.167.57.26): 2 Time(s) root (187.72.3.58): 2 Time(s) root (200.180.250.194): 2 Time(s) root (222.ip-51-79-52.net): 2 Time(s) root (42.192.86.190): 2 Time(s) root (50.214.100.27): 2 Time(s) root (92.53.69.6): 2 Time(s) root (93-39-225-138.ip77.fastwebnet.it): 2 Time(s) root (c-73-196-151-189.hsd1.nj.comcast.net): 2 Time(s) root (host133.181-15-88.telecom.net.ar): 2 Time(s) root (mail.gtmsk.ru): 2 Time(s) root (ppp91-122-159-193.pppoe.avangarddsl.ru): 2 Time(s) root (vmi695134.contaboserver.net): 2 Time(s) temp (134.17.94.149): 2 Time(s) unknown (1.245.237.130): 2 Time(s) unknown (103.147.4.25): 2 Time(s) unknown (121.5.205.212): 2 Time(s) unknown (124.43.64.13): 2 Time(s) unknown (138.68.99.110): 2 Time(s) unknown (146.56.198.19): 2 Time(s) unknown (167.172.133.221): 2 Time(s) unknown (188.166.185.16): 2 Time(s) unknown (192.241.153.104): 2 Time(s) unknown (203.128.242.166): 2 Time(s) unknown (203.245.29.159): 2 Time(s) unknown (206.81.25.146): 2 Time(s) unknown (211-22-236-44.hinet-ip.hinet.net): 2 Time(s) unknown (fixed-187-189-52-132.totalplay.net): 2 Time(s) unknown (host-79-56-91-30.retail.telecomitalia.it): 2 Time(s) unknown (host-95-182-201-129.dynamic.voo.be): 2 Time(s) unknown (host184.186-109-86.telecom.net.ar): 2 Time(s) man (210.212.205.39): 1 Time(s) root (1.63.226.147): 1 Time(s) root (101.79.167.101): 1 Time(s) root (161.35.59.177): 1 Time(s) root (162.241.120.188): 1 Time(s) root (165.227.119.154): 1 Time(s) root (188.128.39.127): 1 Time(s) root (192.144.237.48): 1 Time(s) root (43.154.201.45): 1 Time(s) root (45.88.137.100): 1 Time(s) root (62.76.94.180): 1 Time(s) unknown (104.131.31.252): 1 Time(s) unknown (123.125.194.157): 1 Time(s) unknown (58.122.153.209): 1 Time(s) www-data (210.212.205.39): 1 Time(s) Invalid Users: Unknown Account: 326 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 13.586K Bytes accepted 13,912 13.586K Bytes sent via SMTP 13,912 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 5 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 5 Total 4xx Rejects 100.00% ======== ================================================== 98 Connections 17 Connections lost (inbound) 98 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 5 Time(s) Failed logins from: 1.14.163.183: 2 times 1.14.195.32: 2 times 1.15.84.185: 15 times 1.63.226.147: 1 time 1.116.136.239: 2 times 20.205.206.132: 31 times 41.106.80.51: 40 times 41.111.211.227: 4 times 42.192.86.190: 2 times 42.193.144.254: 56 times 43.154.201.45: 1 time 45.61.164.20 (ip-45-61-164-20.mallfordo.com): 12 times 45.88.137.100: 1 time 45.153.160.132: 6 times 45.153.160.139: 6 times 49.233.34.80: 31 times 50.214.100.27: 2 times 51.79.52.222 (222.ip-51-79-52.net): 2 times 60.196.69.234: 60 times 62.76.94.180: 1 time 73.196.151.189 (c-73-196-151-189.hsd1.nj.comcast.net): 2 times 78.196.138.44 (sol87-1_migr-78-196-138-44.fbx.proxad.net): 31 times 81.70.236.203: 31 times 89.236.239.25 (89.236.239.25.static.ip.tps.uz): 60 times 90.189.182.30 (b-internet.90.189.182.30.snt.ru): 44 times 91.122.159.193 (ppp91-122-159-193.pppoe.avangarddsl.ru): 2 times 91.219.164.204 (mail.gtnov.ru): 10 times 92.53.69.6: 2 times 93.39.225.138 (93-39-225-138.ip77.fastwebnet.it): 2 times 95.111.232.98 (vmi695134.contaboserver.net): 2 times 101.79.167.101: 1 time 101.251.223.236: 5 times 103.72.4.241: 2 times 103.136.40.66 (joyfoundry.com): 2 times 106.13.82.231: 2 times 106.52.20.56: 2 times 112.93.116.123: 36 times 114.7.162.198 (114-7-162-198.resources.indosat.com): 2 times 118.25.3.65: 14 times 118.89.200.78: 2 times 119.91.117.82: 8 times 121.4.242.145: 31 times 121.5.201.243: 2 times 122.181.16.134 (mail.eduquity.com): 2 times 125.212.233.50: 32 times 134.17.94.149 (149-94-17-134-cloud.mts.by): 14 times 134.209.93.51: 18 times 139.155.15.210: 2 times 143.110.253.161: 2 times 161.35.52.86: 7 times 161.35.59.177: 1 time 162.241.120.188 (162-241-120-188.unifiedlayer.com): 1 time 162.247.74.216 (phoolandevi.tor-exit.calyxinstitute.org): 6 times 163.172.143.33 (33-143-172-163.instances.scw.cloud): 31 times 165.227.119.154: 1 time 170.210.71.10: 2 times 175.213.182.152: 4 times 177.36.14.101: 31 times 180.167.57.26: 2 times 181.15.88.133 (host133.181-15-88.telecom.net.ar): 2 times 185.100.87.202: 6 times 185.220.101.81 (tor-exit-81.cccs.de): 6 times 187.72.3.58: 2 times 188.128.39.127: 1 time 190.145.192.106: 31 times 192.144.237.48: 1 time 195.29.51.133: 17 times 196.41.243.3: 16 times 200.180.250.194 (zimbra.supernicolini.com.br): 2 times 200.207.95.202 (200-207-95-202.dsl.telesp.net.br): 52 times 202.154.180.51: 8 times 210.22.128.214: 22 times 210.212.205.39: 17 times 212.64.75.189: 6 times 217.160.9.187: 28 times 222.101.206.56: 27 times Illegal users from: 2001:470:1:332::4: 1 time undef: 69 times 1.245.237.130: 2 times 58.122.153.209: 1 time 64.62.197.62: 1 time 79.56.91.30 (host-79-56-91-30.retail.telecomitalia.it): 2 times 91.219.164.204 (mail.gtnov.ru): 40 times 93.39.225.138 (93-39-225-138.ip77.fastwebnet.it): 30 times 95.182.201.129 (host-95-182-201-129.dynamic.voo.be): 2 times 101.251.223.236: 23 times 103.147.4.25: 2 times 104.131.31.252: 1 time 106.75.251.234: 1 time 117.161.75.117: 3 times 118.25.3.65: 57 times 119.91.117.82: 20 times 121.5.205.212: 2 times 123.125.194.157: 1 time 124.43.64.13: 2 times 134.17.94.149 (149-94-17-134-cloud.mts.by): 36 times 134.209.93.51: 40 times 138.68.99.110: 2 times 146.56.198.19: 2 times 167.172.133.221: 2 times 186.109.86.184 (host184.186-109-86.telecom.net.ar): 2 times 187.189.52.132 (fixed-187-189-52-132.totalplay.net): 2 times 188.166.185.16: 2 times 192.241.153.104: 2 times 203.128.242.166: 2 times 203.245.29.159: 2 times 206.81.25.146: 2 times 210.212.205.39: 40 times 211.22.236.44 (211-22-236-44.hinet-ip.hinet.net): 2 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################