[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Dec 15 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-14 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 25:25 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 7 sites probed the server 104.45.194.225 139.162.145.250 18.189.180.116 23.225.163.201 34.96.130.17 66.240.205.34 71.6.199.23 Requests with error response codes 400 Bad Request null: 15 Time(s) mstshash=Domain: 6 Time(s) /: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s) /config/getuser?index=0: 3 Time(s) /bag2: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) Z,j\xC8\x18\x1A: 1 Time(s) zapf.in: 1 Time(s) 500 Internal Server Error /: 31 Time(s) /robots.txt: 4 Time(s) /.env: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /favicon.ico: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.git/config: 1 Time(s) /.well-known/security.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /HNAP1: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /console/: 1 Time(s) /evox/about: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /nmaplowercheck1639504127: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /sdk: 1 Time(s) /sitemap.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (47.156.250.168): 34 Time(s) root (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 32 Time(s) root (1.116.87.135): 31 Time(s) unknown (186.67.248.6): 23 Time(s) root (219.147.74.48): 21 Time(s) root (218.25.140.72): 19 Time(s) unknown (219.147.74.48): 19 Time(s) unknown (1.116.87.135): 18 Time(s) root (191.209.88.62): 17 Time(s) root (254.177.229.35.bc.googleusercontent.com): 17 Time(s) root (ec2-15-206-158-208.ap-south-1.compute.amazonaws.com): 16 Time(s) unknown (47.156.250.168): 16 Time(s) unknown (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 16 Time(s) root (138.197.203.168): 13 Time(s) unknown (138.197.203.168): 10 Time(s) unknown (218.25.140.72): 9 Time(s) unknown (191.209.88.62): 8 Time(s) root (186.67.248.6): 7 Time(s) root (p578ac460.dip0.t-ipconnect.de): 7 Time(s) root (96.78.175.36): 6 Time(s) unknown (ec2-15-206-158-208.ap-south-1.compute.amazonaws.com): 6 Time(s) root (148.102.25.170): 4 Time(s) unknown (254.177.229.35.bc.googleusercontent.com): 4 Time(s) unknown (96.78.175.36): 4 Time(s) root (161.35.201.142): 2 Time(s) unknown (124.43.64.13): 2 Time(s) unknown (148.102.25.170): 2 Time(s) unknown (221.163.103.143): 2 Time(s) unknown (65.78.98.124): 2 Time(s) root (117.33.128.218): 1 Time(s) root (164.90.203.55): 1 Time(s) root (218.14.208.90): 1 Time(s) unknown (141.98.10.63): 1 Time(s) unknown (185.165.171.175): 1 Time(s) unknown (185.220.102.242): 1 Time(s) unknown (205.185.124.178): 1 Time(s) unknown (218.14.208.90): 1 Time(s) unknown (31.184.198.71): 1 Time(s) unknown (36.110.142.212): 1 Time(s) unknown (92.255.85.37): 1 Time(s) unknown (kalium.0x49.net): 1 Time(s) Invalid Users: Unknown Account: 150 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 4 Miscellaneous warnings 8.362K Bytes accepted 8,563 8.362K Bytes sent via SMTP 8,563 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 47 Connections 39 Connections lost (inbound) 47 Disconnections 1 Removed from queue 1 Sent via SMTP 21 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.116.87.135: 31 times 15.206.158.208 (ec2-15-206-158-208.ap-south-1.compute.amazonaws.com): 16 times 35.229.177.254 (254.177.229.35.bc.googleusercontent.com): 17 times 47.156.250.168: 34 times 87.138.196.96 (p578ac460.dip0.t-ipconnect.de): 7 times 96.78.175.36 (96-78-175-36-static.hfc.comcastbusiness.net): 6 times 117.33.128.218: 1 time 138.197.203.168: 13 times 148.102.25.170: 4 times 161.35.201.142: 2 times 161.189.131.226 (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 32 times 164.90.203.55: 1 time 186.67.248.6: 7 times 191.209.88.62 (191-209-88-62.user.vivozap.com.br): 17 times 218.14.208.90: 1 time 218.25.140.72: 19 times 219.147.74.48: 21 times Illegal users from: 2001:470:1:c84::25: 1 time undef: 116 times 1.116.87.135: 18 times 15.206.158.208 (ec2-15-206-158-208.ap-south-1.compute.amazonaws.com): 6 times 31.184.198.71: 1 time 35.229.177.254 (254.177.229.35.bc.googleusercontent.com): 4 times 36.110.142.212: 1 time 47.156.250.168: 16 times 65.49.20.66 (scan-17.shadowserver.org): 1 time 65.78.98.124 (65-78-98-124.s4730.c3-0.smt-ubr1.atw-smt.pa.cable.rcncustomer.com): 2 times 92.255.85.37: 1 time 96.78.175.36 (96-78-175-36-static.hfc.comcastbusiness.net): 4 times 124.43.64.13: 2 times 138.197.203.168: 10 times 141.98.10.63: 1 time 148.102.25.170: 2 times 152.32.170.230: 1 time 161.189.131.226 (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 16 times 185.165.171.175: 1 time 185.220.102.242 (185-220-102-242.torservers.net): 1 time 186.67.248.6: 23 times 191.209.88.62 (191-209-88-62.user.vivozap.com.br): 8 times 198.98.53.212 (kalium.0x49.net): 1 time 205.185.124.178: 1 time 218.14.208.90: 1 time 218.25.140.72: 9 times 219.147.74.48: 19 times 221.163.103.143: 2 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################