[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Apr 2 04:42:03 2024 Date Range Processed: yesterday ( 2024-Apr-01 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [146:148] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 185.150.26.251 -> zapf.wiki:443: 1 Time(s) 45.125.66.34 -> google.com:443: 1 Time(s) 87.121.69.52 -> google.com:443: 4 Time(s) A total of 11 sites probed the server 128.199.112.178 178.79.139.171 181.214.166.113 185.216.70.217 205.210.31.77 35.203.211.13 64.227.41.39 64.62.197.72 66.240.205.34 78.153.140.179 84.252.74.36 Requests with error response codes 400 Bad Request null: 19 Time(s) mstshash=Administr: 6 Time(s) /: 5 Time(s) google.com:443: 5 Time(s) /.env: 1 Time(s) /favicon.ico: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) 7: 1 Time(s) LM: 1 Time(s) \x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x ... x00\x00\x00\x00: 1 Time(s) \xE4\x8FE\xE3\x97\x0F\xEA'U(\x9E\xD5\xF1\x10\xD0\x9F\xD0\x08: 1 Time(s) default.asp: 1 Time(s) mstshash=hello: 1 Time(s) p1n'\x9A\x9A\x8At\x83\xCA\xACe\xD8\x18\xB6 ... xBE\x00\xBD\xC0: 1 Time(s) zapf.wiki:443: 1 Time(s) |\xA9\xECV\xF8\xF4f\xCCe/\x14\xA0\x85)\x88 ... F`\xF3\xF92\xDA: 1 Time(s) 500 Internal Server Error /: 22 Time(s) /.env: 4 Time(s) /.git/config: 4 Time(s) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 4 Time(s) /?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /?name=example.com&type=A: 2 Time(s) /dns-query: 2 Time(s) /dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /dns-query?name=example.com&type=A: 2 Time(s) /query: 2 Time(s) /query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /query?name=example.com&type=A: 2 Time(s) /resolve: 2 Time(s) /resolve?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /resolve?name=example.com&type=A: 2 Time(s) /3rdpartylicenses.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /FD873AC4-CF86-4FED-84EC-4BD59C6F17A7: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 1 Time(s) /epa/scripts/win/nsepa_setup.exe: 1 Time(s) /favicon.ico: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /version: 1 Time(s) /webui/: 1 Time(s) 502 Bad Gateway /%7CHackMD/pdf: 1 Time(s) /Z7JgFtprRTu4mj0ux-SJ3w/pdf: 1 Time(s) /w1op49QpSGyk43xo0up_Aw/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (89.218.49.34): 164 Time(s) root (223.111.168.11): 78 Time(s) root (218.92.0.59): 66 Time(s) root (103.36.84.194): 60 Time(s) root (218.92.0.40): 54 Time(s) root (218.92.0.51): 53 Time(s) root (183.81.169.238): 52 Time(s) root (218.92.0.33): 48 Time(s) root (218.92.0.45): 48 Time(s) root (179.43.180.106): 39 Time(s) root (218.92.0.28): 36 Time(s) root (218.92.0.55): 36 Time(s) root (218.92.0.52): 29 Time(s) root (218.92.0.43): 24 Time(s) root (218.92.0.47): 23 Time(s) unknown (212.70.149.150): 15 Time(s) postgres (fixed-186-96-145-241.totalplay.net): 12 Time(s) root (171.217.93.19): 8 Time(s) root (47.236.179.153): 8 Time(s) root (113.195.40.240): 6 Time(s) root (186.224.22.90): 6 Time(s) root (221.156.105.215): 6 Time(s) root (36.37.132.34): 6 Time(s) unknown (159.203.15.96): 6 Time(s) unknown (194.169.175.36): 6 Time(s) unknown (221.165.237.165): 6 Time(s) unknown (fixed-186-96-145-241.totalplay.net): 6 Time(s) root (193.222.96.178): 5 Time(s) root (222.102.14.163): 5 Time(s) unknown (85.209.11.254): 5 Time(s) root (194.169.175.36): 4 Time(s) root (85.209.11.27): 4 Time(s) unknown (178.128.230.173): 4 Time(s) root (194.169.175.35): 3 Time(s) root (220.77.4.105): 3 Time(s) root (85.209.11.254): 3 Time(s) unknown (194.169.175.35): 3 Time(s) unknown (85.209.11.27): 3 Time(s) root (212.70.149.150): 2 Time(s) root (condor1188.startdedicated.com): 2 Time(s) sshd (85.209.11.27): 2 Time(s) unknown (121.137.74.48): 2 Time(s) unknown (125.132.41.164): 2 Time(s) unknown (85.137.218.117.dyn.user.ono.com): 2 Time(s) unknown (89-179-242-70.static.corbina.ru): 2 Time(s) unknown (condor1188.startdedicated.com): 2 Time(s) nobody (111.39.206.23): 1 Time(s) nobody (152.200.152.78): 1 Time(s) nobody (65.20.154.204): 1 Time(s) root (101.126.70.229): 1 Time(s) root (112.28.128.173): 1 Time(s) root (122-148-252-147.sta.wbroadband.net.au): 1 Time(s) root (200.32.84.13): 1 Time(s) root (219.138.108.82): 1 Time(s) root (65.20.160.189): 1 Time(s) root (cm222-167-253-195.hkcable.com.hk): 1 Time(s) sshd (194.169.175.36): 1 Time(s) sshd (85.209.11.254): 1 Time(s) unknown (102.90.34.90): 1 Time(s) unknown (103.123.169.200): 1 Time(s) unknown (108.180.149.210): 1 Time(s) unknown (111.85.90.198): 1 Time(s) unknown (112.26.65.51): 1 Time(s) unknown (116.236.142.18): 1 Time(s) unknown (118.41.204.80): 1 Time(s) unknown (119.160.166.237): 1 Time(s) unknown (121.154.90.17): 1 Time(s) unknown (121.162.94.141): 1 Time(s) unknown (123.175.4.173): 1 Time(s) unknown (137.59.95.5): 1 Time(s) unknown (137.63.145.24): 1 Time(s) unknown (159.65.202.125): 1 Time(s) unknown (177.124.81.14): 1 Time(s) unknown (177.126.224.141): 1 Time(s) unknown (183.230.162.194): 1 Time(s) unknown (195.158.26.59): 1 Time(s) unknown (20.239.187.13): 1 Time(s) unknown (201.191.123.132): 1 Time(s) unknown (202.62.72.35): 1 Time(s) unknown (203.115.107.61): 1 Time(s) unknown (211.243.43.30): 1 Time(s) unknown (218.147.183.177): 1 Time(s) unknown (220.120.224.169): 1 Time(s) unknown (220.82.166.157): 1 Time(s) unknown (223.171.91.143): 1 Time(s) unknown (23.237.2.42): 1 Time(s) unknown (45.252.74.108): 1 Time(s) unknown (45.55.35.178): 1 Time(s) unknown (46.101.9.55): 1 Time(s) unknown (50.35.170.34.bc.googleusercontent.com): 1 Time(s) unknown (58.230.236.86): 1 Time(s) unknown (60.223.255.130): 1 Time(s) unknown (62.183.82.70): 1 Time(s) unknown (65.20.146.177): 1 Time(s) unknown (66.232.18.244): 1 Time(s) unknown (67.188.34.108): 1 Time(s) unknown (78.186.54.65): 1 Time(s) unknown (81.16.121.86): 1 Time(s) unknown (81.69.244.171): 1 Time(s) unknown (85.51.24.68): 1 Time(s) unknown (91.92.124.199): 1 Time(s) unknown (c-69-255-127-110.hsd1.va.comcast.net): 1 Time(s) Invalid Users: Unknown Account: 119 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 10.536K Bytes accepted 10,789 713 Bytes sent via SMTP 713 ======== ================================================== 2 Accepted 100.00% -------- -------------------------------------------------- 2 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 63 Connections 7 Connections lost (inbound) 63 Disconnections 2 Removed from queue 2 Sent via SMTP 1 SMTP dialog errors ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 73 Time(s) Failed logins from: 36.37.132.34: 6 times 47.236.179.153: 8 times 65.20.154.204: 1 time 65.20.160.189: 1 time 85.209.11.27: 6 times 85.209.11.254: 4 times 89.218.49.34 (mx12.vertex.kz): 164 times 101.126.70.229: 1 time 103.36.84.194: 60 times 111.39.206.23: 1 time 112.28.128.173: 1 time 113.195.40.240 (240.40.195.113.adsl-pool.jx.chinaunicom.com): 6 times 122.148.252.147 (122-148-252-147.sta.wbroadband.net.au): 1 time 152.200.152.78: 1 time 171.217.93.19: 8 times 179.43.180.106 (hostedby.privatelayer.com): 39 times 183.81.169.238: 52 times 186.96.145.241 (fixed-186-96-145-241.totalplay.net): 12 times 186.224.22.90 (186-224-22-90.client.aonet.com.br): 6 times 193.222.96.178: 5 times 194.169.175.35: 3 times 194.169.175.36: 5 times 200.32.84.13 (200-32-84-13.static.impsat.net.ar): 1 time 209.126.106.12 (condor1188.startdedicated.com): 2 times 212.70.149.150: 2 times 218.92.0.28: 36 times 218.92.0.33: 48 times 218.92.0.40: 54 times 218.92.0.43: 24 times 218.92.0.45: 48 times 218.92.0.47: 23 times 218.92.0.51: 53 times 218.92.0.52: 29 times 218.92.0.55: 36 times 218.92.0.59: 66 times 219.138.108.82: 1 time 220.77.4.105: 3 times 221.156.105.215: 6 times 222.102.14.163: 6 times 222.167.253.195 (cm222-167-253-195.hkcable.com.hk): 1 time 223.111.168.11: 78 times Illegal users from: 2001:470:1:c84::13 (scan-03n.shadowserver.org): 1 time undef: 46 times 20.239.187.13: 1 time 23.237.2.42: 1 time 34.170.35.50 (50.35.170.34.bc.googleusercontent.com): 1 time 45.55.35.178: 1 time 45.252.74.108: 1 time 46.101.9.55: 1 time 58.230.236.86: 1 time 60.223.255.130 (130.255.223.60.adsl-pool.sx.cn): 1 time 62.183.82.70 (net-62-183-82-70.kbrnet.ru): 1 time 64.23.252.8: 5 times 64.62.197.174 (scan-49h.shadowserver.org): 1 time 65.20.146.177: 1 time 66.232.18.244: 1 time 67.188.34.108: 1 time 69.255.127.110 (c-69-255-127-110.hsd1.va.comcast.net): 1 time 78.186.54.65 (78.186.54.65.static.ttnet.com.tr): 1 time 81.16.121.86: 1 time 81.69.244.171: 1 time 85.51.24.68 (68.pool85-51-24.static.orange.es): 1 time 85.137.218.117 (85.137.218.117.dyn.user.ono.com): 2 times 85.209.11.27: 3 times 85.209.11.254: 5 times 89.179.242.70 (89-179-242-70.static.corbina.ru): 2 times 89.218.49.34 (mx12.vertex.kz): 16 times 91.92.124.199: 1 time 102.90.34.90: 1 time 103.123.169.200: 1 time 108.180.149.210: 1 time 111.85.90.198: 1 time 112.26.65.51: 1 time 114.32.191.1 (114-32-191-1.hinet-ip.hinet.net): 1 time 116.236.142.18: 1 time 118.41.204.80: 1 time 119.160.166.237 (237-166.adsl.static.espeed.com.bn): 1 time 121.137.74.48: 2 times 121.154.90.17: 1 time 121.162.94.141: 1 time 123.175.4.173: 1 time 125.132.41.164: 3 times 137.59.95.5 (ws5-95.59.137.rcil.gov.in): 1 time 137.63.145.24: 1 time 159.65.202.125: 1 time 159.203.15.96: 6 times 177.124.81.14 (177.124.81.14.trxnet.net.br): 1 time 177.126.224.141: 1 time 178.79.139.171 (178-79-139-171.ip.linodeusercontent.com): 1 time 178.128.230.173: 4 times 183.230.162.194: 1 time 186.96.145.241 (fixed-186-96-145-241.totalplay.net): 6 times 194.169.175.35: 3 times 194.169.175.36: 6 times 195.158.26.59: 1 time 201.191.123.132: 1 time 202.62.72.35: 1 time 203.115.107.61: 1 time 209.126.106.12 (condor1188.startdedicated.com): 2 times 211.243.43.30: 1 time 212.70.149.150: 17 times 218.147.183.177: 5 times 220.82.166.157: 5 times 220.120.224.169: 5 times 221.165.237.165: 6 times 223.171.91.143: 1 time **Unmatched Entries** fatal: Unable to negotiate a key exchange method [preauth] : 1 time(s) Protocol major versions differ for 178.79.139.171: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s) Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 5 time(s) fatal: buffer_get_string: buffer error [preauth] : 1 time(s) error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) Protocol major versions differ for 178.79.139.171: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s) warning: can't get client address: Connection reset by peer : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop17333p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################