[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Nov 28 04:42:05 2021 Date Range Processed: yesterday ( 2021-Nov-27 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 59:62 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 222.186.19.235 -> zapf.wiki:443: 2 Time(s) 91.218.67.129 -> 91.200.100.126:4444: 1 Time(s) A total of 11 sites probed the server 115.202.46.2 119.28.114.205 159.223.59.234 165.227.229.18 172.104.131.24 185.142.236.43 195.133.18.100 205.185.124.100 217.165.24.22 222.186.19.235 34.77.162.19 Requests with error response codes 400 Bad Request null: 21 Time(s) mstshash=Domain: 4 Time(s) /admin/config.php: 2 Time(s) zapf.wiki:443: 2 Time(s) /: 1 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /goettingen: 1 Time(s) 91.200.100.126:4444: 1 Time(s) F\x13\x8AQWj\xAC\xC1S\x8BN\xFE\xA4]pUa\xBC ... x09\xC0\x13\xC0: 1 Time(s) \x0B\x881\xDA\xB2\xA0\x149\xDA\xBE.i:\xE2\ ... C\x00<\x00/\x00: 1 Time(s) \x0F\x13\xD6\xC5\xE7\x9C\xA5%\xC2\xA2\xB6\xFC\xBF\xF8||QA: 1 Time(s) \x11\x88i)\xE9\xF8\xE4\xA7\xF2\x18\x18,\xB ... C0$\xC0\x14\xC0: 1 Time(s) \x84\x19\x11M\xD8\x88\x15\xF7(\x5C\x0E\x0C ... x13\xC0\x11\x00: 1 Time(s) \x91\xB5uI\xD9\x8F\x1B\xEC\x87\xC6\xDF\x7F ... C0\xAE\xC0+\xC0: 1 Time(s) \xA3%P\xC1s\x0E\x9E\xCCK'\xB2\xDB\x04\xD0\x86M: 1 Time(s) \xA6j\xCC\xCB%Q\xBF\xD9\xF5\x047\x80\xBB\x ... x09\xC0\x14\xC0: 1 Time(s) \xAB\x81\x8E\xCD\xE3\xD2: 1 Time(s) \xD4\xBCr\xED\xDC\xB3?\xBE\xE1-\x80\x8C\xA ... EB\x89\x8D8\x88: 1 Time(s) \xD7I\x95\xEB\xC4\x12G\xBE\xF3\xC2: 1 Time(s) \xE4\xDB\xDD\xDA8\xBC\x186\x96+U!|\x0B\x0B ... C0\xAE\xC0+\xC0: 1 Time(s) ^\xFC\xA4\xF75M: 1 Time(s) 500 Internal Server Error /: 23 Time(s) /.env: 4 Time(s) /robots.txt: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /owa/: 2 Time(s) /.well-known/security.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /autodiscover/autodiscover.json?(a)1337.com/ ... son%3F(a)1337.com: 1 Time(s) /bag2: 1 Time(s) /console/: 1 Time(s) /favicon.ico: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s) /sitemap.xml: 1 Time(s) /swagger.json: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (38.91.102.38): 40 Time(s) root (139.59.44.143): 37 Time(s) root (121.4.35.38): 35 Time(s) root (161.49.97.133): 33 Time(s) root (202.83.16.8): 32 Time(s) root (203.135.20.36): 31 Time(s) root (49.232.141.86): 25 Time(s) root (122.51.220.15): 21 Time(s) root (server.fri.mom.mybluehost.me): 21 Time(s) root (123-194-80-147.dynamic.kbronet.com.tw): 19 Time(s) root (220.178.31.90): 18 Time(s) root (123.122.163.248): 17 Time(s) unknown (161.49.97.133): 17 Time(s) unknown (202.83.16.8): 17 Time(s) root (173-161-87-170-illinois.hfc.comcastbusiness.net): 16 Time(s) root (117.119.100.210): 15 Time(s) unknown (121.4.35.38): 15 Time(s) root (113.31.119.233): 13 Time(s) root (211.234.119.189): 13 Time(s) unknown (139.59.44.143): 13 Time(s) unknown (203.135.20.36): 13 Time(s) unknown (45.114.192.154): 13 Time(s) unknown (138.0.239.70): 12 Time(s) unknown (211.234.119.189): 12 Time(s) unknown (38.91.102.38): 12 Time(s) root (123.122.163.100): 11 Time(s) unknown (141.98.10.63): 11 Time(s) unknown (176.111.173.238): 10 Time(s) root (138.0.239.70): 9 Time(s) unknown (141.98.10.179): 9 Time(s) unknown (49.232.141.86): 9 Time(s) unknown (173-161-87-170-illinois.hfc.comcastbusiness.net): 8 Time(s) unknown (220.178.31.90): 8 Time(s) root (ns2.mknz.net): 7 Time(s) unknown (123.122.163.248): 7 Time(s) root (123.122.162.150): 6 Time(s) unknown (117.119.100.210): 6 Time(s) unknown (122.51.220.15): 6 Time(s) unknown (141.98.10.82): 6 Time(s) unknown (167.71.11.216): 6 Time(s) unknown (176.111.173.218): 6 Time(s) unknown (200.195.169.59): 6 Time(s) root (123.122.160.70): 5 Time(s) root (221.213.129.46): 5 Time(s) root (45.114.192.154): 5 Time(s) unknown (164.92.242.51): 5 Time(s) unknown (209.141.33.121): 5 Time(s) unknown (server.fri.mom.mybluehost.me): 5 Time(s) root (120.228.157.219): 4 Time(s) root (134.122.49.13): 4 Time(s) root (176.111.173.218): 4 Time(s) unknown (113.31.119.233): 4 Time(s) unknown (221.213.129.46): 4 Time(s) root (209.141.62.233): 3 Time(s) unknown (123-194-80-147.dynamic.kbronet.com.tw): 3 Time(s) unknown (141.98.10.60): 3 Time(s) unknown (167.71.77.225): 3 Time(s) unknown (185.217.1.246): 3 Time(s) unknown (209.141.47.245): 3 Time(s) unknown (209.141.52.25): 3 Time(s) unknown (209.141.53.74): 3 Time(s) unknown (23.183.81.136): 3 Time(s) unknown (23.183.81.249): 3 Time(s) unknown (ns2.mknz.net): 3 Time(s) root (209.141.34.220): 2 Time(s) unknown (122.5.204.23): 2 Time(s) unknown (123.122.160.70): 2 Time(s) unknown (167.71.2.44): 2 Time(s) unknown (176-151-159-56.abo.bbox.fr): 2 Time(s) unknown (176.111.173.237): 2 Time(s) unknown (179.43.187.37): 2 Time(s) unknown (212.192.241.124): 2 Time(s) unknown (23.183.81.54): 2 Time(s) backup (45.114.192.154): 1 Time(s) root (1.245.237.130): 1 Time(s) root (103.254.198.67): 1 Time(s) root (117.50.119.185): 1 Time(s) root (176.111.173.237): 1 Time(s) root (176.111.173.238): 1 Time(s) root (94.232.46.202): 1 Time(s) unknown (120.228.157.219): 1 Time(s) unknown (123.122.162.150): 1 Time(s) unknown (123.122.163.100): 1 Time(s) unknown (134.122.49.13): 1 Time(s) unknown (164.92.242.54): 1 Time(s) unknown (182.74.25.246): 1 Time(s) unknown (190.107.170.166): 1 Time(s) unknown (222.80.32.212): 1 Time(s) unknown (slot0.epaperitaliait.com): 1 Time(s) Invalid Users: Unknown Account: 300 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 Miscellaneous warnings 12.985K Bytes accepted 13,297 12.985K Bytes sent via SMTP 13,297 ======== ================================================== 4 Accepted 100.00% -------- -------------------------------------------------- 4 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 180 Connections 5 Connections lost (inbound) 180 Disconnections 4 Removed from queue 4 Sent via SMTP 3 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.245.237.130: 1 time 23.123.90.52 (ns2.mknz.net): 7 times 38.91.102.38: 40 times 45.114.192.154 (154-192-114-45.intechonline.net): 6 times 49.232.141.86: 25 times 94.232.46.202: 1 time 103.254.198.67: 1 time 113.31.119.233: 13 times 117.50.119.185: 1 time 117.119.100.210: 15 times 120.228.157.219: 4 times 121.4.35.38: 35 times 122.51.220.15: 21 times 123.122.160.70: 5 times 123.122.162.150: 6 times 123.122.163.100: 11 times 123.122.163.248: 17 times 123.194.80.147 (123-194-80-147.dynamic.kbronet.com.tw): 19 times 134.122.49.13: 4 times 138.0.239.70: 9 times 139.59.44.143: 37 times 161.49.97.133 (133.97.49.161-rev.convergeict.com): 33 times 162.241.94.40 (server.fri.mom.mybluehost.me): 21 times 173.161.87.170 (173-161-87-170-Illinois.hfc.comcastbusiness.net): 16 times 176.111.173.218: 4 times 176.111.173.237: 1 time 176.111.173.238: 1 time 202.83.16.8 (act20283168.broadband.actcorp.in): 32 times 203.135.20.36: 31 times 209.141.34.220 (meshlv02.oxds.org): 2 times 209.141.62.233 (hhb8.cn): 3 times 211.234.119.189 (wing.gurum.com): 13 times 220.178.31.90: 18 times 221.213.129.46: 5 times Illegal users from: 2001:470:1:c84::22: 1 time undef: 181 times 23.123.90.52 (ns2.mknz.net): 3 times 23.183.81.54: 2 times 23.183.81.136: 3 times 23.183.81.249: 3 times 38.91.102.38: 12 times 45.114.192.154 (154-192-114-45.intechonline.net): 13 times 49.232.141.86: 9 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 113.31.119.233: 4 times 117.119.100.210: 6 times 120.228.157.219: 1 time 121.4.35.38: 15 times 122.5.204.23 (23.204.5.122.broad.hz.sd.dynamic.163data.com.cn): 2 times 122.51.220.15: 6 times 123.122.160.70: 2 times 123.122.162.150: 1 time 123.122.163.100: 1 time 123.122.163.248: 7 times 123.194.80.147 (123-194-80-147.dynamic.kbronet.com.tw): 3 times 134.122.49.13: 1 time 138.0.239.70: 12 times 139.59.44.143: 13 times 141.98.10.60: 3 times 141.98.10.63: 11 times 141.98.10.82: 6 times 141.98.10.179 (er.includeswitche.com): 9 times 161.49.97.133 (133.97.49.161-rev.convergeict.com): 17 times 162.241.94.40 (server.fri.mom.mybluehost.me): 5 times 164.92.242.51: 5 times 164.92.242.54: 1 time 167.71.2.44: 2 times 167.71.11.216: 6 times 167.71.77.225: 3 times 173.161.87.170 (173-161-87-170-Illinois.hfc.comcastbusiness.net): 8 times 176.111.173.218: 6 times 176.111.173.237: 2 times 176.111.173.238: 11 times 176.151.159.56 (smc13-h01-176-151-159-56.dsl.sta.abo.bbox.fr): 2 times 179.43.187.37: 2 times 182.74.25.246: 1 time 185.217.1.246: 3 times 190.107.170.166: 1 time 195.133.18.24 (slot0.epaperitaliait.com): 1 time 200.195.169.59 (59.169.195.200.static.copel.net): 6 times 202.83.16.8 (act20283168.broadband.actcorp.in): 17 times 203.135.20.36: 13 times 209.141.33.121: 5 times 209.141.47.245: 3 times 209.141.52.25 (jsebean.com): 3 times 209.141.53.74: 3 times 211.234.119.189 (wing.gurum.com): 12 times 212.192.241.124: 2 times 220.178.31.90: 8 times 221.213.129.46: 4 times 222.80.32.212: 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (!root,ssh-connection) [preauth] : 1 time(s) fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 2 time(s) Protocol major versions differ for 27.115.124.106: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Server : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################