[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Jan 11 04:42:04 2022 Date Range Processed: yesterday ( 2022-Jan-10 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 23:23 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 11 sites probed the server 103.156.91.51 143.198.136.88 159.65.145.226 159.65.56.77 161.35.238.241 167.71.102.181 172.104.131.24 194.110.115.41 23.250.19.242 34.134.67.189 66.240.205.34 Requests with error response codes 400 Bad Request null: 18 Time(s) mstshash=Administr: 8 Time(s) /phpmyadmin/scripts/setup.php: 3 Time(s) /: 2 Time(s) *: 1 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /manager/html: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 7: 1 Time(s) \x90\xB1\x81\x04: 1 Time(s) \xDA\x0C\xB6#V\x15\xA1\xCF\x01\xE0\x9DM_\x ... g\xF6\xDE\xE8<G: 1 Time(s) \xF1\xFA\xF4\xCB\x05\xE6l\x9Ce\xD8\xAEy\xE ... x09\xC0\x14\xC0: 1 Time(s) 500 Internal Server Error /: 22 Time(s) /.env: 4 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 3 Time(s) /favicon.ico: 2 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s) /.well-known/security.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /?q=%unparticularizing%&va=b&t=hc&ia=web: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /robots.txt: 1 Time(s) /sitemap.xml: 1 Time(s) /web/1000(a)/wmLogin.html: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (182.50.65.146): 35 Time(s) root (58.246.71.26): 35 Time(s) root (93-42-117-137.ip86.fastwebnet.it): 35 Time(s) root (42.193.184.210): 28 Time(s) root (net-2-45-185-2.cust.vodafonedsl.it): 28 Time(s) root (202.83.16.8): 27 Time(s) unknown (net-2-45-185-2.cust.vodafonedsl.it): 17 Time(s) root (110.80.17.26): 15 Time(s) unknown (182.50.65.146): 15 Time(s) unknown (58.246.71.26): 15 Time(s) unknown (93-42-117-137.ip86.fastwebnet.it): 15 Time(s) root (119.97.252.154): 13 Time(s) root (122.51.52.154): 12 Time(s) root (168.121.104.248): 12 Time(s) unknown (202.83.16.8): 11 Time(s) unknown (42.193.184.210): 10 Time(s) root (175.213.182.152): 9 Time(s) unknown (110.80.17.26): 7 Time(s) unknown (113.81.197.236): 7 Time(s) root (90.189.182.30): 6 Time(s) unknown (113.81.199.202): 6 Time(s) unknown (113.81.199.48): 6 Time(s) unknown (119.97.252.154): 6 Time(s) unknown (168.121.104.248): 6 Time(s) root (221.0.94.20): 5 Time(s) unknown (175.213.182.152): 4 Time(s) root (113.81.197.236): 3 Time(s) unknown (90.189.182.30): 3 Time(s) unknown (115.187.156.18): 2 Time(s) unknown (12.105.144.162): 2 Time(s) unknown (160.20.68.10): 2 Time(s) unknown (201.105.139.228): 2 Time(s) unknown (205.185.124.62): 2 Time(s) unknown (221.0.94.20): 2 Time(s) unknown (62.233.50.133): 2 Time(s) unknown (63.151.164.222): 2 Time(s) unknown (66.84.107.170): 2 Time(s) unknown (89.244.123.59): 2 Time(s) unknown (93.21.149.192): 2 Time(s) unknown (o3wxdf.static.otenet.gr): 2 Time(s) unknown (ool-603829e6.static.optonline.net): 2 Time(s) irc (90.189.182.30): 1 Time(s) postgres (221.0.94.20): 1 Time(s) root (106.54.164.19): 1 Time(s) root (198.46.218.138): 1 Time(s) root (36.110.142.212): 1 Time(s) root (42.99.180.135): 1 Time(s) root (92.255.85.135): 1 Time(s) unknown (106.54.164.19): 1 Time(s) unknown (113.81.199.184): 1 Time(s) unknown (176.111.173.218): 1 Time(s) unknown (209.141.58.169): 1 Time(s) unknown (218.17.137.208): 1 Time(s) unknown (oc-144-22-108-33.compute.oraclecloud.com): 1 Time(s) Invalid Users: Unknown Account: 164 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 63 Miscellaneous warnings 9.612K Bytes accepted 9,843 9.612K Bytes sent via SMTP 9,843 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 8 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 8 Total 4xx Rejects 100.00% ======== ================================================== 184 Connections 11 Connections lost (inbound) 184 Disconnections 1 Removed from queue 1 Sent via SMTP 4 Timeouts (inbound) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 28 times 36.110.142.212: 1 time 42.99.180.135 (ip-42-99-180-135.asianetcom.net): 1 time 42.193.184.210: 28 times 58.246.71.26: 35 times 90.189.182.30 (b-internet.90.189.182.30.snt.ru): 7 times 92.255.85.135: 1 time 93.42.117.137 (93-42-117-137.ip86.fastwebnet.it): 35 times 106.54.164.19: 1 time 110.80.17.26: 15 times 113.81.197.236: 3 times 119.97.252.154: 13 times 122.51.52.154: 12 times 168.121.104.248: 12 times 175.213.182.152: 9 times 182.50.65.146: 35 times 198.46.218.138 (198-46-218-138-host.colocrossing.com): 1 time 202.83.16.8 (act20283168.broadband.actcorp.in): 27 times 221.0.94.20: 6 times Illegal users from: 2001:470:1:c84::19: 1 time undef: 121 times 2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 17 times 12.105.144.162: 2 times 42.193.184.210: 10 times 43.134.92.159: 1 time 58.246.71.26: 15 times 62.233.50.133: 2 times 63.151.164.222: 2 times 65.49.20.66 (scan-17.shadowserver.org): 1 time 66.84.107.170 (dhcp66-84-107-170.fiber.mi.airadvantage.net): 2 times 89.244.123.59 (i59F47B3B.versanet.de): 2 times 90.189.182.30 (b-internet.90.189.182.30.snt.ru): 3 times 93.21.149.192 (192.149.21.93.rev.sfr.net): 2 times 93.42.117.137 (93-42-117-137.ip86.fastwebnet.it): 15 times 94.65.33.242 (o3wxdf.static.otenet.gr): 2 times 96.56.41.230 (ool-603829e6.static.optonline.net): 2 times 101.36.126.176: 1 time 106.54.164.19: 1 time 110.80.17.26: 7 times 113.81.197.236: 7 times 113.81.199.48: 6 times 113.81.199.184: 1 time 113.81.199.202: 6 times 115.187.156.18: 2 times 119.97.252.154: 6 times 144.22.108.33 (oc-144-22-108-33.compute.oraclecloud.com): 1 time 160.20.68.10: 2 times 168.121.104.248: 6 times 175.213.182.152: 4 times 176.111.173.218: 5 times 182.50.65.146: 15 times 201.105.139.228 (dup-201-105-139-228.prod-dial.com.mx): 2 times 202.83.16.8 (act20283168.broadband.actcorp.in): 11 times 205.185.124.62: 2 times 209.141.58.169: 1 time 218.17.137.208: 1 time 221.0.94.20: 2 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################