[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Dec 16 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-15 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 25:25 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 4 sites probed the server 159.89.116.96 167.99.82.16 183.167.205.82 67.207.84.198 Requests with error response codes 400 Bad Request mstshash=Administr: 13 Time(s) null: 12 Time(s) /config/getuser?index=0: 4 Time(s) /: 3 Time(s) mstshash=Domain: 2 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /socket.io/?noteId=37Wy_2oZREmwoRnOgX-yAA& ... CQ1Cy5usQUqAABy: 1 Time(s) /socket.io/?noteId=37Wy_2oZREmwoRnOgX-yAA& ... wv0JCy1YeZ2AABz: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) /zALU: 1 Time(s) 7: 1 Time(s) HTTP/1.0: 1 Time(s) XP|'|'|No|'|'|0.6.4|'|'|..|'|'||'|'|[endof]: 1 Time(s) \xA3\x85H\xED\xCB\x85_\xAB^: 1 Time(s) \xB1\xBET\xA4\x9AZ\x9A\xA0?\x90\xE0\xF2t0\ ... J\xA9<\xBD\xDA`: 1 Time(s) 499 (undefined) /socket.io/?noteId=37Wy_2oZREmwoRnOgX-yAA& ... CQ1Cy5usQUqAABy: 1 Time(s) /socket.io/?noteId=37Wy_2oZREmwoRnOgX-yAA& ... Gabaq-kQahdAAB0: 1 Time(s) /socket.io/?noteId=37Wy_2oZREmwoRnOgX-yAA& ... wv0JCy1YeZ2AABz: 1 Time(s) 500 Internal Server Error /: 19 Time(s) /.env: 7 Time(s) /robots.txt: 5 Time(s) /?XDEBUG_SESSION_START=phpstorm: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /ReportServer: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /_profiler/phpinfo: 1 Time(s) /actuator/health: 1 Time(s) /console/: 1 Time(s) /debug/default/view?panel=config: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /login: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (219.135.209.164): 36 Time(s) root (58.246.71.26): 36 Time(s) root (117.48.157.83): 35 Time(s) root (200.195.169.59): 32 Time(s) root (106.75.179.87): 30 Time(s) root (120.92.134.94): 18 Time(s) root (42.159.80.91): 18 Time(s) unknown (106.75.179.87): 18 Time(s) unknown (200.195.169.59): 18 Time(s) root (81.91.144.178): 17 Time(s) root (leased-line-93-191-100-124.telecom.by): 17 Time(s) root (117.66.243.77): 14 Time(s) unknown (219.135.209.164): 14 Time(s) unknown (58.246.71.26): 14 Time(s) unknown (117.48.157.83): 11 Time(s) root (210.22.128.214): 9 Time(s) unknown (120.92.134.94): 9 Time(s) unknown (42.159.80.91): 9 Time(s) unknown (117.66.243.77): 6 Time(s) unknown (167.71.236.111): 6 Time(s) unknown (81.91.144.178): 6 Time(s) unknown (leased-line-93-191-100-124.telecom.by): 6 Time(s) unknown (210.22.128.214): 5 Time(s) root (164.70.90.31): 4 Time(s) root (1.235.192.218): 2 Time(s) unknown (203.228.100.41): 2 Time(s) unknown (dynamic-095-116-085-199.95.116.pool.telefonica.de): 2 Time(s) unknown (lfbn-cor-1-98-221.w86-211.abo.wanadoo.fr): 2 Time(s) root (1.245.237.130): 1 Time(s) root (125.18.94.20): 1 Time(s) root (167.71.236.111): 1 Time(s) unknown (1.235.192.218): 1 Time(s) unknown (116.110.19.131): 1 Time(s) unknown (164.70.90.31): 1 Time(s) unknown (205.185.124.219): 1 Time(s) unknown (46.161.27.162): 1 Time(s) unknown (92.255.85.237): 1 Time(s) unknown (kalium.0x49.net): 1 Time(s) Invalid Users: Unknown Account: 135 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 5 Miscellaneous warnings 8.895K Bytes accepted 9,108 8.895K Bytes sent via SMTP 9,108 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 25 Connections 14 Connections lost (inbound) 25 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.235.192.218: 2 times 1.245.237.130: 1 time 42.159.80.91: 18 times 58.246.71.26: 36 times 81.91.144.178: 17 times 93.191.100.124 (leased-line-93-191-100-124.telecom.by): 17 times 106.75.179.87: 30 times 117.48.157.83: 35 times 117.66.243.77: 14 times 120.92.134.94: 18 times 125.18.94.20: 1 time 164.70.90.31 (164-70-90-31.indigo.static.arena.ne.jp): 4 times 167.71.236.111: 1 time 200.195.169.59 (59.169.195.200.static.copel.net): 32 times 210.22.128.214: 9 times 219.135.209.164 (164.209.135.219.broad.gz.gd.dynamic.163data.com.cn): 36 times Illegal users from: 2001:470:1:c84::14: 1 time undef: 90 times 1.235.192.218: 1 time 42.159.80.91: 9 times 46.161.27.162: 1 time 58.246.71.26: 14 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 81.91.144.178: 6 times 86.211.186.221 (lfbn-cor-1-98-221.w86-211.abo.wanadoo.fr): 2 times 92.255.85.237: 1 time 93.191.100.124 (leased-line-93-191-100-124.telecom.by): 6 times 95.116.85.199 (dynamic-095-116-085-199.95.116.pool.telefonica.de): 2 times 106.75.169.79: 1 time 106.75.179.87: 18 times 116.110.19.131: 1 time 117.48.157.83: 11 times 117.66.243.77: 6 times 120.92.134.94: 9 times 164.70.90.31 (164-70-90-31.indigo.static.arena.ne.jp): 1 time 167.71.236.111: 6 times 198.98.53.212 (kalium.0x49.net): 1 time 200.195.169.59 (59.169.195.200.static.copel.net): 18 times 203.228.100.41: 2 times 205.185.124.219 (smtp2.jreama.shop): 1 time 210.22.128.214: 5 times 219.135.209.164 (164.209.135.219.broad.gz.gd.dynamic.163data.com.cn): 14 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################