[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Oct 31 04:42:06 2021 Date Range Processed: yesterday ( 2021-Oct-30 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 39:39 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 10 sites probed the server 178.62.248.109 181.214.206.162 185.191.32.158 193.142.146.242 198.20.87.98 201.71.186.178 209.141.51.171 209.141.54.186 52.175.204.57 91.134.146.186 Requests with error response codes 400 Bad Request null: 12 Time(s) /: 6 Time(s) /ab2g: 6 Time(s) /ab2h: 6 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /config/getuser?index=0: 2 Time(s) mstshash=Administr: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 7: 1 Time(s) \xD2\x97V\x00\x00\x05\x8BC\x88\xD5\xCF\xE5 ... (\xC0#\xC0'\xC0: 1 Time(s) \xE6\x80_\x00\x00h\xCC\x14\xCC\x13\xC0/\xC ... C0$\xC0\x14\xC0: 1 Time(s) 404 Not Found //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) 500 Internal Server Error /.env: 50 Time(s) /: 24 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) ///libs/js/iframe.js: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /console/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /users/sign_in: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (170.106.115.41): 153 Time(s) root (203.113.167.3): 37 Time(s) root (81.70.32.28): 37 Time(s) root (210.101.91.155): 36 Time(s) root (45.82.137.137): 36 Time(s) root (175.27.156.124): 35 Time(s) root (81.69.190.192): 34 Time(s) root (42.192.183.78): 33 Time(s) root (49.234.224.88): 33 Time(s) root (1.116.102.149): 32 Time(s) root (106.75.84.96): 32 Time(s) root (120.48.8.194): 32 Time(s) root (42.193.157.80): 32 Time(s) root (82.156.235.6): 31 Time(s) root (186.147.10.92): 30 Time(s) unknown (82.156.25.181): 29 Time(s) unknown (42.192.156.183): 28 Time(s) root (121.157.233.164): 25 Time(s) root (128.199.90.55): 23 Time(s) unknown (186.147.10.92): 20 Time(s) unknown (185.90.136.171): 19 Time(s) unknown (82.156.235.6): 19 Time(s) root (81.69.160.121): 18 Time(s) root (27.156.4.179): 16 Time(s) unknown (120.48.8.194): 16 Time(s) unknown (42.192.183.78): 16 Time(s) unknown (49.234.224.88): 16 Time(s) unknown (81.69.190.192): 16 Time(s) root (129.204.66.236): 15 Time(s) root (81.70.21.113): 15 Time(s) unknown (141.98.10.60): 15 Time(s) unknown (42.193.157.80): 15 Time(s) unknown (45.82.137.137): 14 Time(s) unknown (1.116.102.149): 13 Time(s) unknown (121.157.233.164): 13 Time(s) unknown (175.27.156.124): 13 Time(s) unknown (203.113.167.3): 13 Time(s) root (1.193.160.115): 12 Time(s) unknown (141.98.10.63): 12 Time(s) unknown (210.101.91.155): 12 Time(s) unknown (81.70.32.28): 12 Time(s) root (183.230.160.130): 11 Time(s) unknown (89-97-218-142.ip19.fastwebnet.it): 11 Time(s) root (122.155.0.205): 10 Time(s) root (42.192.156.183): 10 Time(s) root (89-97-218-142.ip19.fastwebnet.it): 10 Time(s) unknown (106.75.84.96): 10 Time(s) unknown (128.199.90.55): 10 Time(s) unknown (219.232.48.190): 10 Time(s) root (157.245.124.160): 9 Time(s) root (195.29.102.21): 9 Time(s) unknown (27.156.4.179): 8 Time(s) unknown (81.69.160.121): 8 Time(s) root (219.232.48.190): 7 Time(s) unknown (122.155.0.205): 7 Time(s) root (186.206.149.195): 6 Time(s) root (c-73-243-38-206.hsd1.co.comcast.net): 6 Time(s) unknown (1.193.160.115): 6 Time(s) unknown (129.204.66.236): 6 Time(s) unknown (amazoncojpbation.ga): 6 Time(s) root (185.90.136.171): 4 Time(s) unknown (141.98.10.121): 4 Time(s) unknown (183.230.160.130): 4 Time(s) unknown (195.29.102.21): 4 Time(s) unknown (46.249.32.69): 4 Time(s) root (220.248.95.178): 3 Time(s) unknown (157.245.124.160): 3 Time(s) unknown (45.135.232.159): 3 Time(s) unknown (c-73-243-38-206.hsd1.co.comcast.net): 3 Time(s) root (45.155.204.39): 2 Time(s) unknown (101.78.144.54): 2 Time(s) unknown (167.88.161.219): 2 Time(s) unknown (182.253.158.12): 2 Time(s) unknown (188.126.89.144): 2 Time(s) unknown (220.193.11.109.rev.sfr.net): 2 Time(s) unknown (78.198.56.121): 2 Time(s) unknown (81.70.21.113): 2 Time(s) unknown (82-65-33-144.subs.proxad.net): 2 Time(s) unknown (84-106-251-21.cable.dynamic.v4.ziggo.nl): 2 Time(s) root (058177171112.ctinets.com): 1 Time(s) root (120.192.206.102): 1 Time(s) root (46.249.32.69): 1 Time(s) root (58.246.251.27): 1 Time(s) root (oc-129-150-116-158.compute.oraclecloud.com): 1 Time(s) sys (106.75.84.96): 1 Time(s) unknown (190.66.24.37): 1 Time(s) unknown (198.98.54.56): 1 Time(s) unknown (45.153.160.134): 1 Time(s) unknown (45.155.204.39): 1 Time(s) unknown (58.246.251.27): 1 Time(s) Invalid Users: Unknown Account: 441 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 16.071K Bytes accepted 16,457 16.071K Bytes sent via SMTP 16,457 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 473 Connections 80 Connections lost (inbound) 473 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.116.102.149: 32 times 1.193.160.115: 12 times 27.156.4.179 (179.4.156.27.broad.fz.fj.dynamic.163data.com.cn): 16 times 42.192.156.183: 10 times 42.192.183.78: 33 times 42.193.157.80: 32 times 45.82.137.137: 36 times 45.155.204.39: 2 times 46.249.32.69 (reverse.hostingbb.com): 1 time 49.234.224.88: 33 times 58.177.171.112 (058177171112.ctinets.com): 1 time 58.246.251.27: 1 time 73.243.38.206 (c-73-243-38-206.hsd1.co.comcast.net): 6 times 81.69.160.121: 18 times 81.69.190.192: 34 times 81.70.21.113: 15 times 81.70.32.28: 37 times 82.156.235.6: 31 times 89.97.218.142 (89-97-218-142.ip19.fastwebnet.it): 10 times 106.75.84.96: 33 times 120.48.8.194: 32 times 120.192.206.102: 1 time 121.157.233.164: 25 times 122.155.0.205 (www.phatan.go.th): 10 times 128.199.90.55: 23 times 129.150.116.158 (oc-129-150-116-158.compute.oraclecloud.com): 1 time 129.204.66.236: 15 times 157.245.124.160: 9 times 170.106.115.41: 153 times 175.27.156.124: 35 times 183.230.160.130: 11 times 185.90.136.171: 4 times 186.147.10.92 (static-ip-1861471092.cable.net.co): 30 times 186.206.149.195 (bace95c3.virtua.com.br): 6 times 195.29.102.21: 9 times 203.113.167.3: 37 times 210.101.91.155: 36 times 219.232.48.190: 7 times 220.248.95.178: 3 times Illegal users from: 2001:470:1:c84::20: 1 time undef: 267 times 1.116.102.149: 13 times 1.193.160.115: 6 times 27.156.4.179 (179.4.156.27.broad.fz.fj.dynamic.163data.com.cn): 8 times 42.192.156.183: 28 times 42.192.183.78: 16 times 42.193.157.80: 15 times 45.82.137.137: 14 times 45.135.232.159: 3 times 45.153.160.134: 1 time 45.155.204.39: 1 time 46.249.32.69 (reverse.hostingbb.com): 4 times 49.234.224.88: 16 times 58.246.251.27: 1 time 73.243.38.206 (c-73-243-38-206.hsd1.co.comcast.net): 3 times 78.198.56.121 (prt22-1_migr-78-198-56-121.fbx.proxad.net): 2 times 81.69.160.121: 8 times 81.69.190.192: 16 times 81.70.21.113: 2 times 81.70.32.28: 12 times 82.65.33.144 (82-65-33-144.subs.proxad.net): 2 times 82.156.25.181: 29 times 82.156.235.6: 19 times 84.106.251.21 (84-106-251-21.cable.dynamic.v4.ziggo.nl): 2 times 89.97.218.142 (89-97-218-142.ip19.fastwebnet.it): 11 times 101.78.144.54: 2 times 106.75.84.96: 10 times 109.11.193.220 (220.193.11.109.rev.sfr.net): 2 times 120.48.8.194: 16 times 121.157.233.164: 13 times 122.155.0.205 (www.phatan.go.th): 7 times 128.199.90.55: 10 times 129.204.66.236: 6 times 141.98.10.60: 15 times 141.98.10.63: 12 times 141.98.10.121: 4 times 157.245.124.160: 3 times 167.88.161.219 (smtp21.gftvrsr.xyz): 2 times 175.27.156.124: 13 times 182.253.158.12: 2 times 183.230.160.130: 4 times 185.90.136.171: 19 times 186.147.10.92 (static-ip-1861471092.cable.net.co): 20 times 188.126.89.144: 2 times 190.66.24.37: 1 time 195.29.102.21: 4 times 198.98.54.56: 1 time 203.113.167.3: 13 times 209.141.59.184 (amazoncojpbation.ga): 6 times 210.101.91.155: 12 times 219.232.48.190: 10 times **Unmatched Entries** fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 4 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################