[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Apr 1 04:42:02 2024 Date Range Processed: yesterday ( 2024-Mar-31 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [127:126] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 87.121.69.52 -> google.com:443: 4 Time(s) A total of 14 sites probed the server 138.68.136.152 146.190.227.200 161.35.238.241 164.52.0.94 178.62.67.36 192.241.202.27 198.199.113.105 205.210.31.235 24.199.98.33 43.163.232.152 45.95.169.184 64.227.97.195 64.62.197.151 87.98.246.158 Requests with error response codes 400 Bad Request null: 22 Time(s) /: 7 Time(s) mstshash=Administr: 5 Time(s) google.com:443: 4 Time(s) *: 3 Time(s) .\x91\xB1y~\xC0\xE1/\xB0\xE1j\x05\x18\xD5\ ... x09\xC0\x13\xC0: 1 Time(s) /.env: 1 Time(s) //admin/config.php: 1 Time(s) /cdn-cgi/trace: 1 Time(s) /manager/html: 1 Time(s) /nice%20ports%2C/Tri%6Eity.txt%2ebak: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) :\xF1\xC8Ot\x90\x15\xC7\xA3\xFD\xF7a%\x83, ... C0\xAE\xC0+\xC0: 1 Time(s) HTTP/1.0: 1 Time(s) \x7F\x03\xC0>\xB9\xADGn\x7F\xED\xBC\xD8\xBC\xF2$\x1A\x22: 1 Time(s) \x98\xE2\xBF\x1C\x90d\xEE\xA1\x08G\xE8`B\x ... C0\xAE\xC0+\xC0: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xD9xS\xEC<\xA0\x97;y\x96\xB6R\xCA\xFEL\x1 ... C\x00<\x00/\x00: 1 Time(s) \xF6w\xB1\x947\xDAM\xB4G\xBE`\xE4\x0C\xE5\ ... C0$\x13\x05\xC0: 1 Time(s) \xF7N\x9C\xDC\x0B\xBAJzI\xACT: 1 Time(s) 404 Not Found /wp-content/plugins/gotmls/readme.txt: 1 Time(s) 499 (undefined) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s) 500 Internal Server Error /: 29 Time(s) /.env: 6 Time(s) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 5 Time(s) /favicon.ico: 3 Time(s) /.git/config: 2 Time(s) //admin/config.php: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /alive.php: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /geoserver/web/: 1 Time(s) /manager/html: 1 Time(s) /t4: 1 Time(s) /teorema505?t=1: 1 Time(s) /version: 1 Time(s) /webui/: 1 Time(s) 502 Bad Gateway /-S9MXoBxT0OMhDssROVsEg/pdf: 1 Time(s) /ak_wiki/pdf: 1 Time(s) /musterrechtsverordung/pdf: 1 Time(s) /register/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (223.111.168.11): 102 Time(s) root (218.92.0.55): 77 Time(s) root (218.92.0.33): 72 Time(s) root (103.36.84.194): 66 Time(s) root (218.92.0.28): 66 Time(s) root (218.92.0.43): 60 Time(s) root (218.92.0.47): 54 Time(s) root (218.92.0.45): 47 Time(s) unknown (178.128.230.173): 43 Time(s) root (218.92.0.52): 36 Time(s) root (218.92.0.59): 36 Time(s) root (179.43.180.106): 32 Time(s) root (218.92.0.40): 24 Time(s) root (218.92.0.51): 18 Time(s) unknown (fixed-186-96-145-241.totalplay.net): 18 Time(s) unknown (212.70.149.150): 17 Time(s) root (ip142.ip-87-98-138.eu): 7 Time(s) root (059149080184.ctinets.com): 6 Time(s) root (113.106.88.146): 6 Time(s) root (118.145.151.164): 6 Time(s) root (118.37.57.49): 6 Time(s) root (122.224.37.86): 6 Time(s) root (171.217.93.19): 6 Time(s) root (185.125.91.48): 6 Time(s) root (190.85.51.52): 6 Time(s) root (193.222.96.178): 6 Time(s) root (50.27.184.5): 6 Time(s) root (222.112.42.32): 5 Time(s) root (139.196.28.37): 4 Time(s) unknown (183.103.32.4): 4 Time(s) unknown (85.209.11.254): 3 Time(s) unknown (85.209.11.27): 3 Time(s) root (113.219.217.244): 2 Time(s) root (58.23.144.131): 2 Time(s) root (85.209.11.254): 2 Time(s) unknown (112.164.236.13): 2 Time(s) unknown (194.169.175.35): 2 Time(s) unknown (31.184.198.71): 2 Time(s) unknown (i53870a06.versanet.de): 2 Time(s) root (212.70.149.150): 1 Time(s) root (31.184.198.71): 1 Time(s) root (47.236.179.153): 1 Time(s) unknown (139.196.28.37): 1 Time(s) unknown (185.196.8.151): 1 Time(s) Invalid Users: Unknown Account: 99 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 Miscellaneous warnings 9.756K Bytes accepted 9,990 9.756K Bytes sent via SMTP 9,990 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 12 Connections 8 Connections lost (inbound) 12 Disconnections 1 Removed from queue 1 Sent via SMTP 2 SMTP dialog errors 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 89 Time(s) Failed logins from: 31.184.198.71: 1 time 47.236.179.153: 1 time 50.27.184.5: 6 times 58.23.144.131: 2 times 59.149.80.184 (059149080184.ctinets.com): 6 times 85.209.11.254: 2 times 87.98.138.142 (ip142.ip-87-98-138.eu): 7 times 103.36.84.194: 66 times 113.106.88.146: 6 times 113.219.217.244: 2 times 118.37.57.49: 6 times 118.145.151.164: 6 times 122.224.37.86: 6 times 139.196.28.37: 4 times 171.217.93.19: 6 times 179.43.180.106 (hostedby.privatelayer.com): 32 times 185.125.91.48 (dev.taptatti.kz): 6 times 190.85.51.52: 6 times 193.222.96.178: 6 times 212.70.149.150: 1 time 218.92.0.28: 66 times 218.92.0.33: 72 times 218.92.0.40: 24 times 218.92.0.43: 60 times 218.92.0.45: 47 times 218.92.0.47: 54 times 218.92.0.51: 18 times 218.92.0.52: 36 times 218.92.0.55: 77 times 218.92.0.59: 36 times 222.112.42.32: 6 times 223.111.168.11: 102 times Illegal users from: 2001:470:1:c84::14 (scan-04n.shadowserver.org): 1 time undef: 32 times 31.184.198.71: 3 times 64.62.197.177 (scan-49k.shadowserver.org): 1 time 83.135.10.6 (i53870A06.versanet.de): 2 times 85.209.11.27: 3 times 85.209.11.254: 3 times 112.164.236.13: 2 times 139.196.28.37: 2 times 178.128.230.173: 44 times 183.103.32.4: 4 times 185.196.8.151: 1 time 186.96.145.241 (fixed-186-96-145-241.totalplay.net): 18 times 194.169.175.35: 2 times 212.70.149.150: 24 times **Unmatched Entries** warning: can't get client address: Connection reset by peer : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (ubnt,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (test,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 3 time(s) Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (root,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop17333p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################