[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Dec 4 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-03 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 54:54 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 222.186.19.235 -> zapf.wiki:443: 2 Time(s) A total of 3 sites probed the server 205.185.124.100 222.186.19.235 34.86.35.26 Requests with error response codes 400 Bad Request mstshash=Domain: 4 Time(s) null: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... D7vDIV50rKLAACS: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) zapf.wiki:443: 2 Time(s) /zeh7dkwfdxw99tdk/: 1 Time(s) \x19\xB60\x099b\xC9\xD8\x12ZK\xC6y\xCD\xF5 ... x09\xC0\x13\xC0: 1 Time(s) \xD5/\xA6/Q'\xAC*\xAC\x9B%\x19\xCC:^\x1C\x ... xBE\x00\xBD\xC0: 1 Time(s) 500 Internal Server Error /: 25 Time(s) /.env: 6 Time(s) /Autodiscover/Autodiscover.xml: 2 Time(s) /console/: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /autodiscover/autodiscover.json?(a)1337.com/ ... son%3F(a)1337.com: 1 Time(s) /favicon.ico: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /robots.txt: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) /zeh7dkwfdxw99tdk/: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (takwimuud.tk): 92 Time(s) unknown (92.255.85.37): 51 Time(s) root (121.4.158.199): 38 Time(s) root (170.106.142.98): 38 Time(s) root (leased-line-93-191-101-219.telecom.by): 34 Time(s) root (1.15.183.60): 29 Time(s) root (103.122.246.60): 27 Time(s) unknown (203.56.24.180): 21 Time(s) root (106.13.19.75): 19 Time(s) root (206.189.101.13): 19 Time(s) unknown (1.15.183.60): 18 Time(s) root (1.235.192.218): 16 Time(s) unknown (leased-line-93-191-101-219.telecom.by): 16 Time(s) root (221.213.129.46): 15 Time(s) unknown (106.54.164.19): 14 Time(s) root (112.216.157.26): 13 Time(s) unknown (121.4.158.199): 12 Time(s) unknown (179.113.177.45): 12 Time(s) root (203.56.24.180): 11 Time(s) root (92.255.85.37): 11 Time(s) unknown (103.122.246.60): 11 Time(s) root (211.159.147.235): 10 Time(s) unknown (141.98.10.60): 10 Time(s) unknown (170.106.142.98): 10 Time(s) unknown (221.213.129.46): 9 Time(s) unknown (206.189.101.13): 8 Time(s) unknown (1.235.192.218): 7 Time(s) root (179.113.177.45): 6 Time(s) unknown (106.13.19.75): 6 Time(s) unknown (112.216.157.26): 6 Time(s) unknown (141.98.10.82): 6 Time(s) unknown (141.98.10.202): 5 Time(s) unknown (209.141.33.121): 5 Time(s) root (113.215.181.54): 4 Time(s) root (106.54.164.19): 3 Time(s) unknown (112.33.16.34): 3 Time(s) unknown (134.236.247.145): 3 Time(s) unknown (146.185.79.101): 3 Time(s) unknown (209.141.47.245): 3 Time(s) unknown (209.141.53.74): 3 Time(s) unknown (61.135.152.226): 3 Time(s) unknown (92.255.85.237): 3 Time(s) root (141.98.10.246): 2 Time(s) unknown (115.238.88.130): 2 Time(s) unknown (141.98.10.246): 2 Time(s) unknown (194.85.248.40): 2 Time(s) unknown (195.133.18.104): 2 Time(s) unknown (209.141.34.220): 2 Time(s) unknown (212.192.241.124): 2 Time(s) unknown (212.192.241.37): 2 Time(s) unknown (23.183.81.136): 2 Time(s) unknown (23.183.81.249): 2 Time(s) unknown (23.183.81.54): 2 Time(s) unknown (62.175.19.95.dynamic.jazztel.es): 2 Time(s) unknown (hsi-kbw-078-043-072-017.hsi4.kabel-badenwuerttemberg.de): 2 Time(s) unknown (slot0.epaperitaliait.com): 2 Time(s) news (115.238.88.130): 1 Time(s) nobody (92.255.85.37): 1 Time(s) postgres (134.236.247.145): 1 Time(s) postgres (146.185.79.101): 1 Time(s) postgres (92.255.85.37): 1 Time(s) root (103.154.101.12): 1 Time(s) root (112.33.16.34): 1 Time(s) root (115.238.88.130): 1 Time(s) root (116.110.83.113): 1 Time(s) root (59.49.13.45): 1 Time(s) root (61.135.152.226): 1 Time(s) unknown (113.215.181.54): 1 Time(s) unknown (116.105.29.71): 1 Time(s) unknown (116.110.252.176): 1 Time(s) unknown (159.224.255.79): 1 Time(s) unknown (185.235.146.29): 1 Time(s) unknown (209.141.32.141): 1 Time(s) unknown (209.141.33.193): 1 Time(s) unknown (211.159.147.235): 1 Time(s) unknown (23.183.82.135): 1 Time(s) uucp (92.255.85.37): 1 Time(s) Invalid Users: Unknown Account: 283 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 4 Miscellaneous warnings 13.166K Bytes accepted 13,482 13.166K Bytes sent via SMTP 13,482 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 561 Connections 396 Connections lost (inbound) 561 Disconnections 1 Removed from queue 1 Sent via SMTP 2 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.15.183.60: 29 times 1.235.192.218: 16 times 59.49.13.45: 1 time 61.135.152.226: 1 time 68.183.72.188 (takwimuud.tk): 92 times 92.255.85.37: 14 times 93.191.101.219 (leased-line-93-191-101-219.telecom.by): 34 times 103.122.246.60: 27 times 103.154.101.12: 1 time 106.13.19.75: 19 times 106.54.164.19: 3 times 112.33.16.34: 1 time 112.216.157.26: 13 times 113.215.181.54: 4 times 115.238.88.130: 2 times 116.110.83.113: 1 time 121.4.158.199: 38 times 134.236.247.145: 1 time 141.98.10.246 (while-alerte.flightcrown.com): 2 times 146.185.79.101: 1 time 170.106.142.98: 38 times 179.113.177.45 (179-113-177-45.user.vivozap.com.br): 6 times 203.56.24.180: 11 times 206.189.101.13: 19 times 211.159.147.235: 10 times 221.213.129.46: 15 times Illegal users from: 2001:470:1:c84::19: 1 time undef: 165 times 1.15.183.60: 18 times 1.235.192.218: 7 times 23.183.81.54: 2 times 23.183.81.136: 2 times 23.183.81.249: 2 times 23.183.82.135: 1 time 61.135.152.226: 3 times 65.49.20.67 (scan-18.shadowserver.org): 1 time 78.43.72.17 (HSI-KBW-078-043-072-017.hsi4.kabel-badenwuerttemberg.de): 2 times 92.255.85.37: 54 times 92.255.85.237: 3 times 93.191.101.219 (leased-line-93-191-101-219.telecom.by): 16 times 95.19.175.62 (62.175.19.95.dynamic.jazztel.es): 2 times 103.122.246.60: 11 times 106.13.19.75: 6 times 106.54.164.19: 14 times 112.33.16.34: 3 times 112.216.157.26: 6 times 113.215.181.54: 1 time 115.238.88.130: 2 times 116.105.29.71: 1 time 116.110.252.176: 1 time 121.4.158.199: 12 times 134.236.247.145: 3 times 141.98.10.60: 10 times 141.98.10.82: 6 times 141.98.10.202: 5 times 141.98.10.246 (while-alerte.flightcrown.com): 2 times 146.185.79.101: 3 times 159.224.255.79 (79.255.224.159.triolan.net): 1 time 170.106.142.98: 10 times 179.113.177.45 (179-113-177-45.user.vivozap.com.br): 12 times 185.235.146.29: 1 time 194.85.248.40: 2 times 195.133.18.24 (slot0.epaperitaliait.com): 2 times 195.133.18.104: 2 times 203.56.24.180: 21 times 206.189.101.13: 8 times 209.141.32.141 (smtp9.dfsfasfasf.xyz): 1 time 209.141.33.121: 5 times 209.141.33.193 (mx.chinadomainregistry.org): 1 time 209.141.34.220 (meshlv02.oxds.org): 2 times 209.141.47.245: 3 times 209.141.53.74: 3 times 211.159.147.235: 1 time 212.192.241.37: 2 times 212.192.241.124: 2 times 221.213.129.46: 9 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################