[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Feb 11 04:42:03 2024 Date Range Processed: yesterday ( 2024-Feb-10 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [137:137] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 81.94.156.139 -> google.com:443: 1 Time(s) A total of 5 sites probed the server 192.241.192.8 205.210.31.37 66.240.205.34 74.82.47.5 89.190.156.234 Requests with error response codes 400 Bad Request null: 5 Time(s) *: 4 Time(s) /: 3 Time(s) -/\x16)\xE1\xCB\xC7\x96\xEA-\xFE\xE8\x22\x ... x09\xC0\x13\xC0: 1 Time(s) 12.1.2: 1 Time(s) 7: 1 Time(s) google.com:443: 1 Time(s) mstshash=Administr: 1 Time(s) 404 Not Found /.well-known/acme-challenge/cloud.php: 1 Time(s) /wp-content/plugins/hellopress/wp_filemanager.php: 1 Time(s) /wp-content/themes/intense/block-css.php?mode=upload: 1 Time(s) 499 (undefined) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s) 500 Internal Server Error /: 10 Time(s) /favicon.ico: 2 Time(s) /.git/config: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /geoserver/web/: 1 Time(s) /robots.txt: 1 Time(s) /sitemap.xml: 1 Time(s) /webui/: 1 Time(s) 502 Bad Gateway /1sUrbDPnRPO14t0k66Jlig/pdf: 1 Time(s) /30LaYzroQGCb3t45pYOJpA/pdf: 1 Time(s) /4mAvBdYMS2CRIJl9MnI8fg/pdf: 1 Time(s) /6lQV19a7TVerl8yEJ2vCLQ/pdf: 1 Time(s) /7MJ3fYYeSt6NNHrCr2upag/pdf: 1 Time(s) /9igFCEdFSomw4HrDmKD5JQ/pdf: 1 Time(s) /EcC0jCZ4T1W8qjgbqrqHFQ/pdf: 1 Time(s) /F0wTGo9bRVeZ9MHALPZ6qA/pdf: 1 Time(s) /FCDj6VIwTKm8h8i9d5B8FQ/pdf: 1 Time(s) /HJQnJPlrQZiMJi9HvD0qWA/pdf: 1 Time(s) /HQRuyRIvSWi2CzWlobKfMA/pdf: 1 Time(s) /IG3YmOkURiiNa4rKfiykew/pdf: 1 Time(s) /IMaThXcFRzyCNIcz9TkidQ/pdf: 1 Time(s) /LPV5bWb2RHqvHxvRFmHErA/pdf: 1 Time(s) /M4sGyaqdSDCsFaWr3kglLA/pdf: 1 Time(s) /Nx09WSCaSyWXcZ7jR5Y1tg/pdf: 1 Time(s) /PnihMtr6Qf6cWqyqSXRJ5g/pdf: 1 Time(s) /QINDkUdoTUiAjNuMAyw5OA/pdf: 1 Time(s) /R4z4mBDLSPWY6fV0d3vqjg/pdf: 1 Time(s) /Vnd6SuvKQDuMm5PDeazkyQ/pdf: 1 Time(s) /W4CAUIGNS8CQR7NTZk3g3A/pdf: 1 Time(s) /WBpjrPU6QDmYns7aYwCn8A/pdf: 1 Time(s) /WimroIaXR5CXrvgv95elSQ/pdf: 1 Time(s) /aa3xNKSxRzuWslSYULFYiw/pdf: 1 Time(s) /cNLvvGbtQGm2tQV4potgIQ/pdf: 1 Time(s) /cdZDOUK6SMuuOAgcE8hemA/pdf: 1 Time(s) /hP5Pw0I3R765ZaDNXBPs8w/pdf: 1 Time(s) /qjKcGifjT1ane0HIWl4LtA/pdf: 1 Time(s) /r1ttsNytwArbeitspad/pdf: 1 Time(s) /rHu6N32pQtmByz067anNsw/pdf: 1 Time(s) /ra096r0rTouv8Ic0qv7NOw/pdf: 1 Time(s) /v7DnD4hVQTudc73ZRJpAVA/pdf: 1 Time(s) /vtiGK5IARbm3GZ2zBzrhRg/pdf: 1 Time(s) /yeHvln1zT4KUBVio7cnVfg/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (117.203.166.52): 62 Time(s) unknown (187.62.88.136): 12 Time(s) unknown (156.247.11.154): 11 Time(s) unknown (103.2.233.237): 9 Time(s) unknown (103.58.4.36): 9 Time(s) unknown (118.45.205.44): 9 Time(s) unknown (134.122.16.11): 9 Time(s) unknown (154.211.15.217): 9 Time(s) unknown (161.10.247.113): 9 Time(s) unknown (162.241.69.208): 9 Time(s) unknown (165.227.166.247): 9 Time(s) unknown (165.227.245.17): 9 Time(s) unknown (189.8.108.39): 9 Time(s) unknown (190.167.98.151): 9 Time(s) unknown (192.166.123.50): 9 Time(s) unknown (211-21-113-128.hinet-ip.hinet.net): 9 Time(s) unknown (40.115.18.231): 9 Time(s) unknown (43.134.92.4): 9 Time(s) unknown (43.135.173.15): 9 Time(s) unknown (43.153.110.28): 9 Time(s) unknown (43.155.168.85): 9 Time(s) unknown (43.156.19.22): 9 Time(s) unknown (43.157.29.245): 9 Time(s) unknown (43.159.32.200): 9 Time(s) unknown (49.51.207.184): 9 Time(s) unknown (65.42.224.35.bc.googleusercontent.com): 9 Time(s) unknown (96.78.175.36): 9 Time(s) unknown (ec2-13-250-158-182.ap-southeast-1.compute.amazonaws.com): 9 Time(s) unknown (singlencloud.tm.net.my): 9 Time(s) unknown (vmd127355.contaboserver.net): 9 Time(s) unknown (vps-606253ad.vps.ovh.net): 9 Time(s) unknown (124.221.202.232): 8 Time(s) unknown (124.221.237.2): 8 Time(s) unknown (154.94.4.16): 8 Time(s) unknown (175.178.229.7): 8 Time(s) unknown (199.195.254.71): 8 Time(s) unknown (49.234.53.247): 8 Time(s) unknown (94.181.191.24): 8 Time(s) unknown (101.34.159.89): 7 Time(s) unknown (123.207.221.13): 7 Time(s) unknown (152.136.59.111): 7 Time(s) unknown (43.136.178.124): 7 Time(s) root (14.143.175.158): 6 Time(s) unknown (110.42.217.88): 6 Time(s) unknown (118.89.164.64): 6 Time(s) unknown (124.222.42.91): 6 Time(s) unknown (175.178.153.86): 6 Time(s) unknown (223.242.41.96): 6 Time(s) unknown (185.196.8.151): 3 Time(s) root (222.77.96.50): 1 Time(s) unknown (185.11.61.234): 1 Time(s) unknown (27.50.80.120): 1 Time(s) unknown (43.138.3.21): 1 Time(s) Invalid Users: Unknown Account: 395 Time(s) systemd-user: Unknown Entries: session opened for user root by (uid=0): 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 1.618K Bytes accepted 1,657 1.618K Bytes sent via SMTP 1,657 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 13 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 13 Total 4xx Rejects 100.00% ======== ================================================== 55 Connections 25 Connections lost (inbound) 55 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- rsyslogd Begin ------------------------ **** Unmatched entries **** [origin software="rsyslogd" swVersion="8.4.2" x-pid="196" x-info="http://www.rsyslog.com"] exiting on signal 15. : 1 Times ---------------------- rsyslogd End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** systemd-logind: New seat seat0.: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ SSHD Started: 2 Time(s) Failed logins from: 14.143.175.158 (14.143.175.158.static-vsnl.net.in): 6 times 117.203.166.52: 62 times 222.77.96.50: 1 time Illegal users from: undef: 279 times 13.250.158.182 (ec2-13-250-158-182.ap-southeast-1.compute.amazonaws.com): 9 times 27.50.80.120 (27-50-80-120.as45671.net): 1 time 35.224.42.65 (65.42.224.35.bc.googleusercontent.com): 9 times 40.115.18.231: 9 times 43.134.92.4: 9 times 43.135.173.15: 9 times 43.136.178.124: 7 times 43.138.3.21: 1 time 43.153.110.28: 9 times 43.155.168.85: 9 times 43.156.19.22: 9 times 43.157.29.245: 9 times 43.159.32.200: 9 times 49.51.207.184: 9 times 49.234.53.247: 8 times 54.37.73.222 (vps-606253ad.vps.ovh.net): 9 times 94.181.191.24 (94x181x191x24.static-business.penza.ertelecom.ru): 8 times 96.78.175.36 (96-78-175-36-static.hfc.comcastbusiness.net): 9 times 101.34.159.89: 7 times 103.2.233.237 (yash-static-237.233.2.103.yashtel.co.in): 9 times 103.58.4.36 (36-4.58.103.mysipl.com): 9 times 110.42.217.88: 6 times 117.203.166.52: 16 times 118.45.205.44: 9 times 118.89.164.64: 6 times 123.207.221.13: 7 times 124.221.202.232: 8 times 124.221.237.2: 8 times 124.222.42.91: 6 times 134.122.16.11: 9 times 152.136.59.111: 7 times 154.94.4.16: 8 times 154.211.15.217: 9 times 156.247.11.154: 11 times 161.10.247.113: 9 times 161.97.89.3 (vmd127355.contaboserver.net): 9 times 162.241.69.208 (162-241-69-208.webhostbox.net): 9 times 165.227.166.247: 9 times 165.227.245.17: 9 times 175.178.153.86: 6 times 175.178.229.7: 8 times 185.11.61.234: 1 time 185.196.8.151: 3 times 187.62.88.136: 12 times 189.8.108.39 (39.108.8.189.redel.com.br): 9 times 190.167.98.151 (151.98.167.190.l.static.codetel.net.do): 9 times 192.166.123.50: 9 times 199.195.254.71: 8 times 202.188.109.48 (singlencloud.tm.net.my): 9 times 211.21.113.128 (211-21-113-128.hinet-ip.hinet.net): 9 times 223.242.41.96: 6 times Users logging in through sshd: root: 77.180.79.242 (dynamic-077-180-079-242.77.180.pool.telefonica.de): 1 time **Unmatched Entries** fatal: buffer_get_string: buffer error [preauth] : 1 time(s) error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop30261p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################