04:42
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Sat Jan 15 04:42:04 2022
Date Range Processed: yesterday
( 2022-Jan-14 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 14:14 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 5 sites probed the server
185.142.236.41
20.111.24.80
35.180.51.179
45.134.144.108
54.255.234.43
Requests with error response codes
400 Bad Request
null: 10 Time(s)
mstshash=Administr: 4 Time(s)
mstshash=Domain: 4 Time(s)
/: 2 Time(s)
/w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
/.env: 1 Time(s)
/21887054: 1 Time(s)
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s)
/index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s)
404 Not Found
//2018/wp-includes/wlwmanifest.xml: 1 Time(s)
//2019/wp-includes/wlwmanifest.xml: 1 Time(s)
//blog/wp-includes/wlwmanifest.xml: 1 Time(s)
//cms/wp-includes/wlwmanifest.xml: 1 Time(s)
//media/wp-includes/wlwmanifest.xml: 1 Time(s)
//news/wp-includes/wlwmanifest.xml: 1 Time(s)
//shop/wp-includes/wlwmanifest.xml: 1 Time(s)
//site/wp-includes/wlwmanifest.xml: 1 Time(s)
//sito/wp-includes/wlwmanifest.xml: 1 Time(s)
//test/wp-includes/wlwmanifest.xml: 1 Time(s)
//web/wp-includes/wlwmanifest.xml: 1 Time(s)
//website/wp-includes/wlwmanifest.xml: 1 Time(s)
//wordpress/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp-includes/wlwmanifest.xml: 1 Time(s)
//wp/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp1/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp2/wp-includes/wlwmanifest.xml: 1 Time(s)
//xmlrpc.php?rsd: 1 Time(s)
500 Internal Server Error
/: 29 Time(s)
/.env: 28 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/favicon.ico: 2 Time(s)
/.DS_Store: 1 Time(s)
/.git/config: 1 Time(s)
/.json: 1 Time(s)
/.well-known/security.txt: 1 Time(s)
///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s)
/?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/actuator/health: 1 Time(s)
/api/search?folderIds=0: 1 Time(s)
/config.json: 1 Time(s)
/debug/default/view?panel=config: 1 Time(s)
/dns-query?dns=EAwBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE: 1 Time(s)
/dns-query?dns=OUEBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE: 1 Time(s)
/frontend_dev.php/$: 1 Time(s)
/idx_config/: 1 Time(s)
/info.php: 1 Time(s)
/login.action: 1 Time(s)
/mifs/.;/services/LogService: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/robots.txt: 1 Time(s)
/robots.txt/: 1 Time(s)
/s/lkx/_/;/META-INF/maven/com.atlassian.ji ... /pom.properties: 1 Time(s)
/server-status: 1 Time(s)
/telescope/requests: 1 Time(s)
/v2/_catalog: 1 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (106.12.140.168): 30 Time(s)
root (125.141.139.29): 30 Time(s)
root (206.189.145.18): 30 Time(s)
root (37.252.190.224): 30 Time(s)
root (43.154.51.238): 30 Time(s)
root (49.247.198.162): 30 Time(s)
root (45.5.195.205): 29 Time(s)
root (117.220.15.119): 27 Time(s)
root (64.185.3.117): 20 Time(s)
root (42.248.78.142): 19 Time(s)
root (61.190.13.219): 15 Time(s)
root (128.187.26.211.sta.commander.net.au): 12 Time(s)
root (177.191.173.209): 12 Time(s)
root (172.247.14.238): 10 Time(s)
root (113.120.36.22): 9 Time(s)
root (122.4.52.245): 7 Time(s)
root (113.120.26.186): 6 Time(s)
root (113.120.29.107): 6 Time(s)
root (144.123.70.172): 6 Time(s)
root (43.154.139.88): 6 Time(s)
root (bras-base-mtrlpq4362w-grc-50-65-94-6-226.dsl.bell.ca): 6 Time(s)
root (1.117.155.198): 5 Time(s)
root (113.120.32.222): 2 Time(s)
root (175.42.70.240): 2 Time(s)
root (201.119.42.20): 2 Time(s)
unknown (110.136.232.7): 2 Time(s)
unknown (23-24-152-174-static.hfc.comcastbusiness.net): 2 Time(s)
unknown (62.233.50.133): 2 Time(s)
unknown (91.86.24.160): 2 Time(s)
root (1.245.237.130): 1 Time(s)
root (103.26.40.145): 1 Time(s)
root (103.3.58.53): 1 Time(s)
root (116.228.53.227): 1 Time(s)
root (168.121.104.248): 1 Time(s)
root (180.250.115.121): 1 Time(s)
root (180.67.48.169): 1 Time(s)
root (191.83.210.56): 1 Time(s)
root (204.44.68.125): 1 Time(s)
root (94-43-85-6.dsl.utg.ge): 1 Time(s)
unknown (1.117.155.198): 1 Time(s)
unknown (206.189.90.247): 1 Time(s)
unknown (45.141.84.10): 1 Time(s)
unknown (60.174.40.155): 1 Time(s)
unknown (72.221.196.152): 1 Time(s)
Invalid Users:
Unknown Account: 13 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
2 Miscellaneous warnings
9.100K Bytes accepted 9,318
9.100K Bytes sent via SMTP 9,318
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
1 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
1 Total 4xx Rejects 100.00%
======== ==================================================
82 Connections
8 Connections lost (inbound)
82 Disconnections
1 Removed from queue
1 Sent via SMTP
1 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End
-------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 1 Time(s)
Failed logins from:
1.117.155.198: 5 times
1.245.237.130: 1 time
37.252.190.224: 30 times
42.248.78.142: 19 times
43.154.51.238: 30 times
43.154.139.88: 6 times
45.5.195.205: 29 times
49.247.198.162: 30 times
61.190.13.219: 15 times
64.185.3.117: 20 times
65.94.6.226 (bras-base-mtrlpq4362w-grc-50-65-94-6-226.dsl.bell.ca): 6 times
94.43.85.6 (94-43-85-6.dsl.utg.ge): 1 time
103.3.58.53: 1 time
103.26.40.145 (103-26-40-145.static.hostcentral.net): 1 time
106.12.140.168: 30 times
113.120.26.186: 6 times
113.120.29.107: 6 times
113.120.32.222: 2 times
113.120.36.22: 9 times
116.228.53.227: 1 time
117.220.15.119: 27 times
122.4.52.245 (245.52.4.122.broad.jn.sd.dynamic.163data.com.cn): 7 times
125.141.139.29: 30 times
144.123.70.172: 6 times
168.121.104.248: 1 time
172.247.14.238: 10 times
175.42.70.240: 2 times
177.191.173.209 (177-191-173-209.xd-dynamic.algarnetsuper.com.br): 12 times
180.67.48.169 (mail.dmoon.co.kr): 1 time
180.250.115.121: 1 time
191.83.210.56 (191-83-210-56.speedy.com.ar): 1 time
201.119.42.20: 2 times
204.44.68.125 (204.44.68.125.static.quadranet.com): 1 time
206.189.145.18: 30 times
211.26.187.128 (128.187.26.211.sta.commander.net.au): 12 times
Illegal users from:
2001:470:1:c84::17: 1 time
undef: 8 times
1.117.155.198: 1 time
23.24.152.174 (23-24-152-174-static.hfc.comcastbusiness.net): 2 times
45.141.84.10: 1 time
60.174.40.155: 1 time
62.233.50.133: 2 times
65.49.20.66 (scan-17.shadowserver.org): 1 time
72.221.196.152: 1 time
91.86.24.160: 2 times
110.136.232.7: 2 times
206.189.90.247: 1 time
**Unmatched Entries**
Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(0,ssh-connection) [preauth] : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################