[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Feb 22 04:42:02 2024 Date Range Processed: yesterday ( 2024-Feb-21 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 21:21 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 7 sites probed the server 162.243.150.12 190.92.217.79 65.49.20.67 80.82.77.202 94.74.120.130 94.74.74.175 94.74.88.143 Requests with error response codes 400 Bad Request null: 9 Time(s) mstshash=Administr: 4 Time(s) *: 3 Time(s) /: 3 Time(s) /.env: 1 Time(s) /manager/text/list: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) /zy/api/k.js: 1 Time(s) \x15A\x9A\xCA\x5C\xAF\xC7: 1 Time(s) \x1E\xD7F\xBDl\xFA\xDF\xB1\xA6!&o\x0C\xA21 ... x09\xC0\x13\xC0: 1 Time(s) \x84\xB4,\x85\xAFn\xE3Y\xBBbhl\xFF(=':\xA9 ... B9\x90\x00(\xC0: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xD4\x9B}\x99\x00M\xCC\xAB\x02U\xFEZ\xC0If ... 3\x10'`\xF0\xC7: 1 Time(s) 500 Internal Server Error /: 19 Time(s) /.env: 3 Time(s) /.git/config: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /favicon.ico: 1 Time(s) /geoserver/web/: 1 Time(s) /robots.txt: 1 Time(s) /webui/: 1 Time(s) /zy/api/k.js: 1 Time(s) 502 Bad Gateway /70ngShdKS3eQcEWPm_k3lw/pdf: 1 Time(s) /DJN1EHJMQt-tpE1lNqpnaw/pdf: 1 Time(s) /Reso_DigitalePruefungen/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (141.98.11.169): 26 Time(s) root (218.60.48.100): 20 Time(s) unknown (170.64.151.75): 9 Time(s) root (194.169.175.22): 7 Time(s) root (124.222.211.66): 6 Time(s) root (141.98.10.105): 6 Time(s) root (141.98.10.153): 6 Time(s) root (141.98.11.141): 6 Time(s) root (175.206.107.100): 6 Time(s) root (222.235.45.233): 6 Time(s) root (141.98.10.59): 4 Time(s) unknown (185.11.61.88): 4 Time(s) unknown (62.122.184.252): 4 Time(s) postgres (185.196.10.93): 3 Time(s) unknown (124.222.211.66): 3 Time(s) unknown (211.229.73.221): 3 Time(s) unknown (185.196.9.45): 2 Time(s) unknown (p57b40e7e.dip0.t-ipconnect.de): 2 Time(s) postgres (170.64.151.75): 1 Time(s) root (170.64.151.75): 1 Time(s) Invalid Users: Unknown Account: 27 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 1.618K Bytes accepted 1,657 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 56 Connections 20 Connections lost (inbound) 56 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** systemd-logind: New seat seat0.: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ SSHD Started: 2 Time(s) Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 124.222.211.66: 6 times 141.98.10.59: 4 times 141.98.10.105: 6 times 141.98.10.153: 6 times 141.98.11.141 (srv-141-98-11-141.serveroffer.net): 6 times 141.98.11.169 (exclu.lutend-169.seneciomorphology.com): 26 times 170.64.151.75: 2 times 175.206.107.100: 6 times 185.196.10.93: 3 times 194.169.175.22: 7 times 218.60.48.100: 20 times 222.235.45.233: 6 times Illegal users from: 2001:470:1:332::166 (scan-50p.shadowserver.org): 1 time undef: 34 times 62.122.184.252: 4 times 65.49.1.14 (scan-52e.shadowserver.org): 1 time 87.180.14.126 (p57b40e7e.dip0.t-ipconnect.de): 2 times 124.222.211.66: 3 times 170.64.151.75: 9 times 185.11.61.88: 4 times 185.196.9.45: 3 times 211.229.73.221: 3 times 218.60.48.100: 16 times **Unmatched Entries** fatal: buffer_get_string: buffer error [preauth] : 1 time(s) error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop11758p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################