[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Dec 22 04:42:05 2021 Date Range Processed: yesterday ( 2021-Dec-21 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 8:8 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 58.48.130.197 -> zapf.wiki:443: 1 Time(s) A total of 7 sites probed the server 172.104.153.110 2.56.59.221 222.186.19.235 34.96.130.12 45.87.61.105 66.240.205.34 89.248.165.46 Requests with error response codes 400 Bad Request null: 8 Time(s) /: 5 Time(s) mstshash=Domain: 4 Time(s) /config/getuser?index=0: 2 Time(s) /socket.io/?noteId=MTzjVrgrS7m8oUZGT_fu-g& ... 9ozdKvGWN2CAAAF: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) http://fuwu.sogou.com/404/index.html: 2 Time(s) /.git/config: 1 Time(s) /bag2: 1 Time(s) /socket.io/?noteId=MTzjVrgrS7m8oUZGT_fu-g& ... fAQi2nHYbDLAAAG: 1 Time(s) mstshash=Administr: 1 Time(s) zapf.wiki:443: 1 Time(s) 499 (undefined) /socket.io/?noteId=MTzjVrgrS7m8oUZGT_fu-g& ... 9ozdKvGWN2CAAAF: 1 Time(s) /socket.io/?noteId=MTzjVrgrS7m8oUZGT_fu-g& ... DFGGywPP27KAAAH: 1 Time(s) /socket.io/?noteId=MTzjVrgrS7m8oUZGT_fu-g& ... fAQi2nHYbDLAAAG: 1 Time(s) 500 Internal Server Error /: 22 Time(s) /.env: 5 Time(s) /.git/config: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.ftpconfig: 1 Time(s) /.remote-sync.json: 1 Time(s) /.vscode/ftp-sync.json: 1 Time(s) /.vscode/sftp.json: 1 Time(s) /actuator/health: 1 Time(s) /api/.env: 1 Time(s) /api/.ftpconfig: 1 Time(s) /api/.git/config: 1 Time(s) /api/.remote-sync.json: 1 Time(s) /api/.vscode/ftp-sync.json: 1 Time(s) /api/.vscode/sftp.json: 1 Time(s) /api/deployment-config.json: 1 Time(s) /api/ftpsync.settings: 1 Time(s) /api/sftp-config.json: 1 Time(s) /deployment-config.json: 1 Time(s) /favicon.ico: 1 Time(s) /ftpsync.settings: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /robots.txt: 1 Time(s) /sftp-config.json: 1 Time(s) 502 Bad Gateway /siegen17/pdf: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NtSYsPh: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NtSYsfL: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NtSYsvE: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (125.19.244.38): 51 Time(s) root (122.51.64.115): 38 Time(s) root (62.234.135.208): 38 Time(s) root (20.48.0.101): 32 Time(s) root (139.198.175.104): 31 Time(s) root (222.72.101.250): 27 Time(s) root (81.70.163.61): 20 Time(s) unknown (125.19.244.38): 20 Time(s) unknown (139.198.175.104): 19 Time(s) root (143.110.212.213): 18 Time(s) root (139.186.155.99): 17 Time(s) unknown (20.48.0.101): 13 Time(s) unknown (222.72.101.250): 13 Time(s) unknown (122.51.64.115): 12 Time(s) unknown (139.186.155.99): 12 Time(s) unknown (62.234.135.208): 12 Time(s) unknown (81.70.163.61): 12 Time(s) root (220.178.31.90): 6 Time(s) unknown (143.110.212.213): 6 Time(s) root (113.120.31.106): 3 Time(s) unknown (112.111.0.245): 3 Time(s) root (113.128.26.199): 2 Time(s) root (113.128.33.106): 2 Time(s) root (113.128.9.77): 2 Time(s) root (122.4.40.9): 2 Time(s) root (128.199.123.0): 2 Time(s) unknown (141.98.10.82): 2 Time(s) unknown (185.107.85.208): 2 Time(s) unknown (33.red-2-139-121.dynamicip.rima-tde.net): 2 Time(s) root (103.76.175.130): 1 Time(s) root (113.128.10.155): 1 Time(s) root (113.128.37.29): 1 Time(s) root (122.4.51.32): 1 Time(s) root (164.90.203.55): 1 Time(s) root (202.137.20.53): 1 Time(s) unknown (113.120.31.106): 1 Time(s) unknown (113.120.33.62): 1 Time(s) unknown (113.128.10.155): 1 Time(s) unknown (113.128.26.199): 1 Time(s) unknown (113.128.33.106): 1 Time(s) unknown (113.128.8.75): 1 Time(s) unknown (122.4.51.32): 1 Time(s) unknown (156.234.168.70): 1 Time(s) unknown (209.141.47.245): 1 Time(s) unknown (220.178.31.90): 1 Time(s) unknown (ltlkwlb.cn): 1 Time(s) Invalid Users: Unknown Account: 139 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 4 Miscellaneous warnings 9.648K Bytes accepted 9,880 9.648K Bytes sent via SMTP 9,880 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 1903 Connections 1844 Connections lost (inbound) 1903 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 20.48.0.101: 32 times 62.234.135.208: 38 times 81.70.163.61: 20 times 103.76.175.130 (130.175.76.103.iconpln.net.id): 1 time 113.120.31.106: 3 times 113.128.9.77: 2 times 113.128.10.155: 1 time 113.128.26.199: 2 times 113.128.33.106: 2 times 113.128.37.29: 1 time 122.4.40.9 (9.40.4.122.broad.jn.sd.dynamic.163data.com.cn): 2 times 122.4.51.32 (32.51.4.122.broad.jn.sd.dynamic.163data.com.cn): 1 time 122.51.64.115: 38 times 125.19.244.38: 51 times 128.199.123.0: 2 times 139.186.155.99: 17 times 139.198.175.104: 31 times 143.110.212.213: 18 times 164.90.203.55: 1 time 202.137.20.53 (ln-static-202-137-20-53.link.net.id): 1 time 220.178.31.90: 6 times 222.72.101.250: 27 times Illegal users from: 2001:470:1:c84::30: 1 time undef: 97 times 2.139.121.33 (33.red-2-139-121.dynamicip.rima-tde.net): 2 times 20.48.0.101: 13 times 62.234.135.208: 12 times 64.62.197.152: 1 time 81.70.163.61: 12 times 112.111.0.245: 3 times 113.120.31.106: 1 time 113.120.33.62: 1 time 113.128.8.75: 1 time 113.128.10.155: 1 time 113.128.26.199: 1 time 113.128.33.106: 1 time 122.4.51.32 (32.51.4.122.broad.jn.sd.dynamic.163data.com.cn): 1 time 122.51.64.115: 12 times 125.19.244.38: 20 times 139.186.155.99: 12 times 139.198.175.104: 19 times 141.98.10.82: 2 times 143.110.212.213: 6 times 156.234.168.70: 1 time 185.107.85.208: 2 times 205.185.125.184 (ltlkwlb.cn): 1 time 209.141.47.245: 1 time 220.178.31.90: 1 time 222.72.101.250: 13 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################