[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Feb 23 04:42:03 2024 Date Range Processed: yesterday ( 2024-Feb-22 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 58:57 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 14 sites probed the server 103.180.149.83 162.216.149.190 172.105.77.209 181.214.166.113 195.170.172.128 198.199.107.115 45.95.169.184 65.49.20.68 66.240.205.34 78.153.140.177 87.251.64.153 94.74.120.130 94.74.88.143 94.74.90.173 Requests with error response codes 400 Bad Request null: 20 Time(s) /: 9 Time(s) *: 5 Time(s) /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 3 Time(s) 1,: 2 Time(s) (Windows: 1 Time(s) /.env: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 12.1.2: 1 Time(s) LM: 1 Time(s) O\x00\x13\xA3\x07\x00\x00h\xCC\x14\xCC\x13 ... C0$\xC0\x14\xC0: 1 Time(s) X\xD4>\x12\x98\xC4<\xE0\x13\xCF\x00\xAC\xA ... 5Cs\x9C\xBD\xCB: 1 Time(s) Y\xF8\xB1\xCBO^[{B\xCC\xB3\xD3\x85b\xB0\xC ... A9\xCF\x99\x9BW: 1 Time(s) \x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x ... x00\x00\x00\x00: 1 Time(s) \x17Rd\x8Bs\xA7\x0Cx_G\xBC\xDD\x93\xE3\x8A ... x09\xC0\x14\xC0: 1 Time(s) \x9F\xEB\x18P\xBB0H|'\x95: 1 Time(s) \xCC#[: 1 Time(s) \xF9\xA0\x14qK\xA5\xFB&?\xB9_1\xAD\x00\x00 ... x09\xC0\x14\xC0: 1 Time(s) mstshash=Administr: 1 Time(s) stager64: 1 Time(s) 404 Not Found /admin/ckeditor/kcfinder/upload.php: 1 Time(s) /admin/ckeditor/plugins/kcfinder/upload.php: 1 Time(s) /admin/core/kcfinder/upload.php: 1 Time(s) /admin/js/kcfinder/upload.php: 1 Time(s) /app/webroot/js/kcfinder/upload.php: 1 Time(s) /app/webroot/kcfinder/upload.php: 1 Time(s) /application/themes/admin/assets/js/kcfinder/upload.php: 1 Time(s) /assets/admin/tinymce/plugins/filemanager/dialog.php: 1 Time(s) /assets/js/kcfinder/upload.php: 1 Time(s) /assets/plugins/filemanager/dialog.php: 1 Time(s) /assets/plugins/kcfinder/upload.php: 1 Time(s) /assets/plugins/tinymce/plugins/filemanager/dialog.php: 1 Time(s) /assets/scripts/filemanager/dialog.php: 1 Time(s) /assets/tinymce/plugins/filemanager/dialog.php: 1 Time(s) /ckeditor/plugins/kcfinder/upload.php: 1 Time(s) /core/scripts/kcfinder/upload.php: 1 Time(s) /core/scripts/wysiwyg/kcfinder/upload.php: 1 Time(s) /js/tinymce/kcfinder/upload.php: 1 Time(s) /phpformbuilder/plugins/filemanager/dialog.php: 1 Time(s) 500 Internal Server Error /: 18 Time(s) /.env: 10 Time(s) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 2 Time(s) /.git/config: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /favicon.ico: 1 Time(s) /geoserver/web/: 1 Time(s) /login: 1 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s) /webui/: 1 Time(s) /wp-content/themes/bricks/assets/js/feedback.min.js: 1 Time(s) 502 Bad Gateway /-rCRU_K7RWOzSTXDghlneA/pdf: 1 Time(s) /NDAi3L_fSz2XYjfxzaCc_Q/pdf: 1 Time(s) /_2VggSWpTGiqgb_nGCCc8A/pdf: 1 Time(s) /register/pdf: 1 Time(s) /u24dL2y8RIGSpTp_YM-pCQ/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (134.209.251.215): 29 Time(s) root (141.98.11.169): 27 Time(s) unknown (134.209.251.215): 22 Time(s) root (141.98.11.86): 21 Time(s) root (141.98.11.141): 19 Time(s) root (218.60.48.100): 18 Time(s) root (218.92.0.26): 18 Time(s) root (218.92.0.33): 18 Time(s) root (218.92.0.43): 18 Time(s) root (194.169.175.22): 14 Time(s) root (141.98.10.105): 13 Time(s) root (218.92.0.28): 12 Time(s) root (218.92.0.45): 12 Time(s) root (218.92.0.47): 12 Time(s) root (218.92.0.51): 12 Time(s) root (218.92.0.53): 12 Time(s) root (218.92.0.59): 12 Time(s) unknown (170.64.133.141): 10 Time(s) unknown (170.64.151.13): 8 Time(s) unknown (170.64.151.75): 8 Time(s) root (141.98.10.153): 7 Time(s) root (129.205.194.230): 6 Time(s) root (218.92.0.40): 6 Time(s) root (218.92.0.52): 6 Time(s) root (218.92.0.55): 6 Time(s) root (38.85.184.157): 6 Time(s) root (43.133.155.141): 6 Time(s) unknown (62.122.184.252): 6 Time(s) root (182.45.171.234): 5 Time(s) unknown (185.11.61.88): 5 Time(s) root (208.65.84.121): 3 Time(s) unknown (185.196.10.93): 3 Time(s) unknown (2.57.122.127): 3 Time(s) postgres (185.196.9.45): 2 Time(s) root (170.64.151.13): 2 Time(s) root (170.64.151.75): 2 Time(s) unknown (199.76.38.123): 2 Time(s) unknown (31.184.198.71): 2 Time(s) unknown (c-67-169-120-11.hsd1.ca.comcast.net): 2 Time(s) mysql (170.64.133.141): 1 Time(s) root (170.64.133.141): 1 Time(s) root (185.11.61.88): 1 Time(s) root (31.184.198.71): 1 Time(s) root (static.88.178.107.91.clients.your-server.de): 1 Time(s) unknown (103.147.34.150): 1 Time(s) unknown (121.158.203.212): 1 Time(s) Invalid Users: Unknown Account: 77 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 7.008K Bytes accepted 7,176 7.008K Bytes sent via SMTP 7,176 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 31 Connections 9 Connections lost (inbound) 31 Disconnections 1 Removed from queue 1 Sent via SMTP 2 SMTP dialog errors 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 25 Time(s) Failed logins from: 31.184.198.71: 1 time 38.85.184.157: 6 times 43.133.155.141: 6 times 91.107.178.88 (static.88.178.107.91.clients.your-server.de): 1 time 129.205.194.230: 6 times 134.209.251.215: 29 times 141.98.10.105: 13 times 141.98.10.153: 7 times 141.98.11.86 (leunie.poppopprision.com): 21 times 141.98.11.141 (srv-141-98-11-141.serveroffer.net): 19 times 141.98.11.169 (exclu.lutend-169.seneciomorphology.com): 27 times 170.64.133.141: 2 times 170.64.151.13: 2 times 170.64.151.75: 2 times 182.45.171.234: 5 times 185.11.61.88: 1 time 185.196.9.45: 3 times 194.169.175.22: 14 times 208.65.84.121 (server-by.c1vhosting.it): 3 times 218.60.48.100: 18 times 218.92.0.26: 18 times 218.92.0.28: 12 times 218.92.0.33: 18 times 218.92.0.40: 6 times 218.92.0.43: 18 times 218.92.0.45: 12 times 218.92.0.47: 12 times 218.92.0.51: 12 times 218.92.0.52: 6 times 218.92.0.53: 12 times 218.92.0.55: 6 times 218.92.0.59: 12 times Illegal users from: 2001:470:1:332::166 (scan-50p.shadowserver.org): 1 time undef: 48 times 2.57.122.127: 3 times 31.184.198.71: 3 times 62.122.184.252: 6 times 64.62.197.143 (scan-48g.shadowserver.org): 1 time 67.169.120.11 (c-67-169-120-11.hsd1.ca.comcast.net): 2 times 103.147.34.150: 1 time 121.158.203.212: 5 times 134.209.251.215: 22 times 170.64.133.141: 12 times 170.64.151.13: 9 times 170.64.151.75: 9 times 185.11.61.88: 5 times 185.196.10.93: 3 times 199.76.38.123: 2 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (ubnt,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (root,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop11758p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################