[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Jan 20 04:42:04 2022 Date Range Processed: yesterday ( 2022-Jan-19 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 7:8 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 11 sites probed the server 103.153.77.170 156.146.50.152 161.35.230.3 18.144.164.4 200.73.112.67 209.141.54.110 34.77.162.14 5.188.210.227 61.219.11.151 64.227.99.233 66.240.205.34 Requests with error response codes 400 Bad Request null: 15 Time(s) /: 6 Time(s) mstshash=Domain: 4 Time(s) /phpmyadmin/scripts/setup.php: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /.env: 1 Time(s) /aaa9: 1 Time(s) /aab9: 1 Time(s) /c/version.js: 1 Time(s) /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s) /flu/403.html: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) mstshash=Administr: 1 Time(s) 404 Not Found //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) 500 Internal Server Error /: 25 Time(s) /.env: 7 Time(s) /favicon.ico: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.DS_Store: 1 Time(s) /.git/config: 1 Time(s) /.json: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /ReportServer: 1 Time(s) /aaa9: 1 Time(s) /aab9: 1 Time(s) /actuator/health: 1 Time(s) /api/search?folderIds=0: 1 Time(s) /c/version.js: 1 Time(s) /config.json: 1 Time(s) /debug/default/view?panel=config: 1 Time(s) /flu/403.html: 1 Time(s) /frontend_dev.php/$: 1 Time(s) /idx_config/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /info.php: 1 Time(s) /login: 1 Time(s) /login.action: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s) /robots.txt: 1 Time(s) /s/lkx/_/;/META-INF/maven/com.atlassian.ji ... /pom.properties: 1 Time(s) /server-status: 1 Time(s) /solr/: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /telescope/requests: 1 Time(s) /v2/_catalog: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (1.245.61.144): 30 Time(s) root (102.223.75.234): 30 Time(s) root (103.127.77.78): 30 Time(s) root (103.20.34.169): 30 Time(s) root (112.216.157.26): 30 Time(s) root (122.170.111.175): 30 Time(s) root (190.96.244.152): 30 Time(s) root (198.199.97.218): 30 Time(s) root (220.86.29.35): 30 Time(s) root (223.197.188.206): 30 Time(s) root (24.147.208.110): 30 Time(s) root (31.186.48.216): 30 Time(s) root (43.128.3.101): 30 Time(s) root (47.254.179.224): 30 Time(s) root (50.225.176.238): 30 Time(s) root (81.71.37.218): 30 Time(s) root (93-39-225-138.ip77.fastwebnet.it): 30 Time(s) root (ti0107a400-4175.bb.online.no): 30 Time(s) root (v118-27-37-117.0jtl.static.cnode.io): 30 Time(s) root (49.233.176.20): 27 Time(s) root (65.ip-51-83-45.eu): 21 Time(s) root (vmi688484.contaboserver.net): 20 Time(s) root (109.227.63.3): 19 Time(s) root (1.14.72.164): 16 Time(s) root (177.69.144.89): 15 Time(s) root (80.253.31.232): 14 Time(s) root (111.93.214.67): 13 Time(s) root (223.119.49.99): 12 Time(s) root (45.124.144.116): 12 Time(s) root (123.122.161.30): 10 Time(s) root (106.51.80.198): 9 Time(s) root (123.122.162.120): 9 Time(s) root (113.128.32.200): 6 Time(s) root (123.122.163.248): 6 Time(s) root (144.123.68.248): 6 Time(s) root (123.122.163.100): 5 Time(s) unknown (45.155.204.161): 3 Time(s) root (203.245.29.159): 2 Time(s) unknown (103.91.67.235): 2 Time(s) unknown (14.177.255.131): 2 Time(s) unknown (201.119.42.20): 2 Time(s) unknown (26.16-200-80.adsl-dyn.isp.belgacom.be): 2 Time(s) unknown (4.14.70.6): 2 Time(s) unknown (49.75.93.183): 2 Time(s) unknown (62.232.54.10): 2 Time(s) unknown (66.84.107.170): 2 Time(s) unknown (90.189.168.72): 2 Time(s) unknown (n114-75-224-252.rdl3.qld.optusnet.com.au): 2 Time(s) root (1.117.101.59): 1 Time(s) root (103.3.58.53): 1 Time(s) root (103.91.67.235): 1 Time(s) root (106.248.228.114): 1 Time(s) root (106.52.139.223): 1 Time(s) root (112.111.0.245): 1 Time(s) root (114.7.162.198): 1 Time(s) root (115.238.88.130): 1 Time(s) root (117.217.125.87): 1 Time(s) root (121.5.208.243): 1 Time(s) root (125.209.84.51): 1 Time(s) root (125.88.253.37): 1 Time(s) root (132.232.88.59): 1 Time(s) root (134.175.195.76): 1 Time(s) root (138.68.71.92): 1 Time(s) root (139.186.143.194): 1 Time(s) root (148.66.132.190): 1 Time(s) root (159.89.236.71): 1 Time(s) root (162.243.20.232): 1 Time(s) root (170.245.14.173): 1 Time(s) root (171.244.139.236): 1 Time(s) root (175.198.80.24): 1 Time(s) root (181.127.185.120): 1 Time(s) root (182.71.85.94): 1 Time(s) root (185.49.240.20): 1 Time(s) root (186.10.86.130): 1 Time(s) root (190.13.81.218): 1 Time(s) root (200.77.39.194): 1 Time(s) root (217.106.225.140): 1 Time(s) root (223.223.194.101): 1 Time(s) root (36.91.119.221): 1 Time(s) root (42.193.157.80): 1 Time(s) root (45.172.204.92): 1 Time(s) root (46.101.5.100): 1 Time(s) root (49.233.166.251): 1 Time(s) root (51.159.66.152): 1 Time(s) root (51.38.47.78): 1 Time(s) root (60.210.40.210): 1 Time(s) root (62.233.50.133): 1 Time(s) root (81.68.119.137): 1 Time(s) root (gb-media.com.tw): 1 Time(s) root (host16.190-230-171.telecom.net.ar): 1 Time(s) root (l37-193-125-103.novotelecom.ru): 1 Time(s) root (server.challengeyourbelief.org): 1 Time(s) root (server.sna.hsl.mybluehostin.me): 1 Time(s) root (sys.phpfox.us): 1 Time(s) unknown (124.41.243.253): 1 Time(s) Invalid Users: Unknown Account: 24 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 46 Miscellaneous warnings 16.408K Bytes accepted 16,802 16.408K Bytes sent via SMTP 16,802 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 10 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 10 Total 4xx Rejects 100.00% ======== ================================================== 114 Connections 48 Connections lost (inbound) 114 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.14.72.164: 16 times 1.117.101.59: 1 time 1.245.61.144: 30 times 24.147.208.110: 30 times 31.186.48.216 (31-186-48-216.aknet.kg): 30 times 36.91.119.221: 1 time 37.193.125.103 (l37-193-125-103.novotelecom.ru): 1 time 42.193.157.80: 1 time 43.128.3.101: 30 times 45.124.144.116: 12 times 45.172.204.92 (45-172-204-92.rev.seuwifi.com): 1 time 46.101.5.100: 1 time 47.254.179.224: 30 times 49.233.166.251: 1 time 49.233.176.20: 27 times 50.225.176.238: 30 times 51.38.47.78: 1 time 51.83.45.65 (65.ip-51-83-45.eu): 21 times 51.159.66.152 (51-159-66-152.rev.poneytelecom.eu): 1 time 60.210.40.210: 1 time 61.219.178.73 (gb-media.com.tw): 1 time 62.233.50.133: 1 time 80.253.31.232: 14 times 81.68.119.137: 1 time 81.71.37.218: 30 times 88.88.155.110 (ti0107a400-4175.bb.online.no): 30 times 93.39.225.138 (93-39-225-138.ip77.fastwebnet.it): 30 times 102.223.75.234: 30 times 103.3.58.53: 1 time 103.20.34.169: 30 times 103.91.67.235 (spying.pistbay.com): 1 time 103.127.77.78: 30 times 104.248.157.240 (sys.phpfox.us): 1 time 106.51.80.198 (106.51.80.198.actcorp.in): 9 times 106.52.139.223: 1 time 106.248.228.114: 1 time 109.227.63.3 (srv-109-227-63-3.static.a1.hr): 19 times 111.93.214.67 (static-67.214.93.111-tataidc.co.in): 13 times 112.111.0.245: 1 time 112.216.157.26: 30 times 113.128.32.200: 6 times 114.7.162.198 (114-7-162-198.resources.indosat.com): 1 time 115.238.88.130: 1 time 117.217.125.87: 1 time 118.27.37.117 (v118-27-37-117.0jtl.static.cnode.io): 30 times 121.5.208.243: 1 time 122.170.111.175 (abts-mum-static-175.111.170.122.airtelbroadband.in): 30 times 123.122.161.30: 10 times 123.122.162.120: 9 times 123.122.163.100: 5 times 123.122.163.248: 6 times 125.88.253.37: 1 time 125.209.84.51 (125-209-84-51.multi.net.pk): 1 time 132.232.88.59: 1 time 134.175.195.76: 1 time 138.68.71.92: 1 time 139.186.143.194: 1 time 144.123.68.248: 6 times 148.66.132.190: 1 time 159.89.236.71: 1 time 162.214.166.84 (server.sna.hsl.mybluehostin.me): 1 time 162.241.130.89 (server.challengeyourbelief.org): 1 time 162.243.20.232: 1 time 170.245.14.173 (neorede.com.br): 1 time 171.244.139.236: 1 time 175.198.80.24: 1 time 177.69.144.89 (177-069-144-089.static.ctbctelecom.com.br): 15 times 178.18.252.22 (vmi688484.contaboserver.net): 20 times 181.127.185.120 (pool-120-185-127-181.telecel.com.py): 1 time 182.71.85.94 (nsg-static-094.85.71.182.airtel.in): 1 time 185.49.240.20: 1 time 186.10.86.130 (z328.entelchile.net): 1 time 190.13.81.218 (azteca-comunicaciones.com): 1 time 190.96.244.152 (190-96-244-152.telebucaramanga.net.co): 30 times 190.230.171.16 (host16.190-230-171.telecom.net.ar): 1 time 198.199.97.218: 30 times 200.77.39.194 (customer-GDL-MCA-39-194.megared.net.mx): 1 time 203.245.29.159: 2 times 217.106.225.140 (b.m-10.ru): 1 time 220.86.29.35: 30 times 223.119.49.99: 12 times 223.197.188.206 (223-197-188-206.static.imsbiz.com): 30 times 223.223.194.101: 1 time Illegal users from: 2001:470:1:332::5: 1 time undef: 10 times 4.14.70.6: 2 times 14.177.255.131 (static.vnpt.vn): 2 times 45.155.204.161: 3 times 49.75.93.183: 2 times 62.232.54.10: 2 times 64.62.197.2: 1 time 66.84.107.170 (dhcp66-84-107-170.fiber.mi.airadvantage.net): 2 times 80.200.16.26 (26.16-200-80.adsl-dyn.isp.belgacom.be): 2 times 90.189.168.72 (b-internet.90.189.168.72.snt.ru): 2 times 103.91.67.235 (spying.pistbay.com): 2 times 114.75.224.252 (n114-75-224-252.rdl3.qld.optusnet.com.au): 2 times 124.41.243.253 (253.243.41.124.dynamic.wlink.com.np): 1 time 201.119.42.20: 2 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################