[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Jan 9 04:42:04 2022 Date Range Processed: yesterday ( 2022-Jan-08 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 24:24 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 103.145.13.223 -> zapf.wiki:443: 2 Time(s) 45.88.109.151 -> 179.61.251.239:4444: 3 Time(s) A total of 5 sites probed the server 178.128.209.5 185.142.236.36 200.73.112.67 34.96.130.13 5.8.10.202 Requests with error response codes 400 Bad Request null: 14 Time(s) mstshash=Administr: 6 Time(s) /phpmyadmin/scripts/setup.php: 4 Time(s) mstshash=Domain: 4 Time(s) 179.61.251.239:4444: 3 Time(s) /: 2 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) zapf.wiki:443: 2 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) \x97A-\xC8: 1 Time(s) 404 Not Found //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) 500 Internal Server Error /: 29 Time(s) /.env: 5 Time(s) /robots.txt: 4 Time(s) /favicon.ico: 3 Time(s) /.well-known/security.txt: 2 Time(s) /.DS_Store: 1 Time(s) /.git/HEAD: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /level/15/exec/-/sh/run/CR: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /sitemap.xml: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (183.92.214.38): 35 Time(s) root (58.246.125.198): 34 Time(s) root (45.120.69.82): 32 Time(s) root (219.147.74.48): 21 Time(s) root (81.70.205.210): 20 Time(s) root (168.196.96.37): 19 Time(s) unknown (45.120.69.82): 18 Time(s) root (138.0.239.70): 17 Time(s) unknown (58.246.125.198): 16 Time(s) root (78.196.113.72): 15 Time(s) unknown (183.92.214.38): 15 Time(s) root (117.131.215.49): 14 Time(s) root (58.57.15.29): 14 Time(s) unknown (81.70.205.210): 10 Time(s) root (180.250.248.169): 9 Time(s) unknown (138.0.239.70): 8 Time(s) unknown (168.196.96.37): 8 Time(s) unknown (180.250.248.169): 8 Time(s) unknown (219.147.74.48): 8 Time(s) unknown (58.57.15.29): 8 Time(s) unknown (78.196.113.72): 7 Time(s) root (176.226.168.224): 6 Time(s) unknown (117.131.215.49): 5 Time(s) root (201.236.172.234): 2 Time(s) root (221.0.94.20): 2 Time(s) unknown (195.87.255.34): 2 Time(s) unknown (221.0.94.20): 2 Time(s) unknown (42-2-192-115.static.netvigator.com): 2 Time(s) unknown (8.225.226.100): 2 Time(s) root (1.245.237.130): 1 Time(s) root (103.254.198.67): 1 Time(s) root (117.174.121.39): 1 Time(s) root (92.255.85.237): 1 Time(s) unknown (201.236.172.234): 1 Time(s) unknown (45.141.84.10): 1 Time(s) Invalid Users: Unknown Account: 121 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 42 Miscellaneous warnings 11.771K Bytes accepted 12,053 11.771K Bytes sent via SMTP 12,053 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 10 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 10 Total 4xx Rejects 100.00% ======== ================================================== 239 Connections 89 Connections lost (inbound) 239 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 1.245.237.130: 1 time 45.120.69.82: 32 times 58.57.15.29: 14 times 58.246.125.198: 34 times 78.196.113.72 (1dh67-1_migr-78-196-113-72.fbx.proxad.net): 15 times 81.70.205.210: 20 times 92.255.85.237: 1 time 103.254.198.67: 1 time 117.131.215.49: 14 times 117.174.121.39: 1 time 138.0.239.70: 17 times 168.196.96.37: 19 times 176.226.168.224 (pool-176-226-168-224.is74.ru): 6 times 180.250.248.169: 9 times 183.92.214.38: 35 times 201.236.172.234: 2 times 219.147.74.48: 21 times 221.0.94.20: 2 times Illegal users from: 2001:470:1:332::2 (the-shadow-server-foundation.e0-1.core1.sfo2.he.net): 1 time undef: 88 times 8.225.226.100: 2 times 42.2.192.115 (42-2-192-115.static.netvigator.com): 2 times 45.120.69.82: 18 times 45.141.84.10: 1 time 58.57.15.29: 8 times 58.246.125.198: 16 times 64.62.197.122: 1 time 78.196.113.72 (1dh67-1_migr-78-196-113-72.fbx.proxad.net): 7 times 81.70.205.210: 10 times 106.75.190.201 (szbgd.cn): 1 time 117.131.215.49: 5 times 138.0.239.70: 8 times 168.196.96.37: 8 times 180.250.248.169: 8 times 183.92.214.38: 15 times 195.87.255.34: 2 times 201.236.172.234: 1 time 219.147.74.48: 8 times 221.0.94.20: 2 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################