################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Jun 21 04:42:05 2021 Date Range Processed: yesterday ( 2021-Jun-20 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [347:349] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 5 sites probed the server 167.71.102.181 174.138.26.153 193.56.29.42 23.92.22.62 64.227.99.233 Requests with error response codes 400 Bad Request null: 8 Time(s) /: 4 Time(s) *G_\x9F\xC8\x16\x80\x04jt\x90\xD9\xAB(\x8D ... x13\x97\xB4\xE9: 2 Time(s) /manager/text/list: 1 Time(s) /spywall/timeConfig.php: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) \xCF\x84\xCB\xE2\x10\xC6)\x11\x96\x96q\x7F ... x09\xC0\x14\xC0: 1 Time(s) mstshash=Administr: 1 Time(s) 404 Not Found /robots.txt: 27 Time(s) /wp-login.php: 4 Time(s) /blog/wp-login.php: 2 Time(s) /wordpress/wp-login.php: 2 Time(s) /wp/wp-login.php: 2 Time(s) /cf_scripts/scripts/ajax/ckeditor/plugins/ ... nager/plugin.js: 1 Time(s) /home/zapf: 1 Time(s) /stapf: 1 Time(s) /wp-includes: 1 Time(s) /zapf/reader/2018_WiSe_Wuerzburg: 1 Time(s) 500 Internal Server Error /: 47 Time(s) /owa/: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.env: 1 Time(s) //login_sid.lua: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /robots.txt: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (118.70.233.206): 100 Time(s) root (138.197.195.123): 100 Time(s) root (140.249.197.154): 100 Time(s) root (dsl51b6fe7c.fixip.t-online.hu): 100 Time(s) root (fixed-187-188-206-106.totalplay.net): 100 Time(s) root (81.70.246.12): 99 Time(s) root (49.232.212.10): 72 Time(s) root (212.225.238.245): 70 Time(s) root (106.75.224.132): 60 Time(s) root (104.225.236.41.16clouds.com): 59 Time(s) root (106.13.43.92): 59 Time(s) root (157.245.39.243): 57 Time(s) root (140.249.205.107): 55 Time(s) root (219.131.193.180): 52 Time(s) root (58.56.40.210): 52 Time(s) root (106.52.123.11): 49 Time(s) unknown (159.65.199.76): 48 Time(s) root (103.79.90.72): 40 Time(s) root (81.70.3.190): 39 Time(s) root (81.69.36.65): 37 Time(s) root (106.12.217.119): 27 Time(s) unknown (101.251.207.228): 27 Time(s) unknown (115-188-87-193-adsl.sparkbb.co.nz): 27 Time(s) unknown (138-219-100-74.meganetscm.net.br): 27 Time(s) unknown (176.113.115.117): 27 Time(s) unknown (178.128.41.141): 27 Time(s) unknown (200.73.128.100): 27 Time(s) unknown (121.5.124.51): 26 Time(s) unknown (180.97.31.28): 26 Time(s) unknown (51.15.167.103): 26 Time(s) unknown (61.133.122.19): 26 Time(s) unknown (81.68.234.113): 26 Time(s) unknown (148.223.120.122): 25 Time(s) root (42.192.125.230): 24 Time(s) root (68.183.82.97): 24 Time(s) unknown (128.199.108.153): 24 Time(s) unknown (142.93.118.252): 24 Time(s) unknown (123.14.207.216): 23 Time(s) unknown (128.199.78.229): 23 Time(s) root (190.94.253.22): 22 Time(s) root (138.197.66.68): 21 Time(s) root (81.71.72.142): 21 Time(s) unknown (159.75.122.40): 21 Time(s) unknown (196.1.97.216): 21 Time(s) root (119.45.185.51): 20 Time(s) unknown (119.29.184.119): 20 Time(s) unknown (45.55.63.118): 20 Time(s) root (123.58.5.243): 18 Time(s) root (165.232.122.187): 18 Time(s) root (118.24.146.186): 17 Time(s) unknown (20.64.172.31): 17 Time(s) root (106.55.25.102): 15 Time(s) root (159.75.120.153): 15 Time(s) unknown (141.98.10.193): 15 Time(s) root (101.251.207.228): 13 Time(s) root (wc.42170022533.clnt.kht.ru): 13 Time(s) unknown (123.58.5.243): 13 Time(s) unknown (182.61.43.226): 13 Time(s) root (159.75.122.40): 12 Time(s) root (182.61.43.226): 12 Time(s) root (81.68.234.113): 12 Time(s) unknown (106.12.217.119): 12 Time(s) unknown (121.4.135.108): 12 Time(s) unknown (88.225.240.38): 12 Time(s) unknown (wc.42170022533.clnt.kht.ru): 12 Time(s) root (121.5.3.180): 11 Time(s) root (134.255.229.5): 10 Time(s) root (179.38.47.170): 10 Time(s) unknown (190.94.253.22): 10 Time(s) unknown (42.192.51.95): 10 Time(s) root (123.14.207.216): 9 Time(s) root (128.199.108.153): 9 Time(s) unknown (118.24.146.186): 9 Time(s) unknown (138.197.66.68): 9 Time(s) unknown (81.71.72.142): 9 Time(s) root (128.199.78.229): 8 Time(s) root (159.65.199.76): 8 Time(s) root (20.64.172.31): 8 Time(s) unknown (165.232.122.187): 8 Time(s) root (176.113.115.117): 7 Time(s) root (180.97.31.28): 7 Time(s) root (200.73.128.100): 7 Time(s) unknown (81.69.36.65): 7 Time(s) root (115-188-87-193-adsl.sparkbb.co.nz): 6 Time(s) root (148.223.120.122): 6 Time(s) root (196.1.97.216): 6 Time(s) root (218.92.0.165): 6 Time(s) root (218.92.0.247): 6 Time(s) root (27.110.250.34): 6 Time(s) root (60.8.87.190): 6 Time(s) root (61.133.122.19): 6 Time(s) unknown (179.38.47.170): 6 Time(s) root (119.29.184.119): 5 Time(s) root (45.55.63.118): 5 Time(s) root (51.15.167.103): 5 Time(s) unknown (106.12.242.251): 5 Time(s) unknown (159.75.120.153): 5 Time(s) unknown (192.3.255.140): 5 Time(s) root (106.12.242.251): 4 Time(s) root (117.50.94.89): 4 Time(s) root (119.29.98.53): 4 Time(s) root (138-219-100-74.meganetscm.net.br): 4 Time(s) root (142.93.118.252): 4 Time(s) root (196.201.224.30): 4 Time(s) unknown (117.50.94.89): 4 Time(s) unknown (199.195.248.154): 4 Time(s) root (121.5.124.51): 3 Time(s) root (178.128.41.141): 3 Time(s) unknown (103.148.79.199): 3 Time(s) unknown (119.45.185.51): 3 Time(s) unknown (124.236.22.12): 3 Time(s) unknown (141.98.10.179): 3 Time(s) unknown (141.98.10.221): 3 Time(s) unknown (141.98.10.39): 3 Time(s) unknown (197.156.93.190): 3 Time(s) unknown (209.141.47.35): 3 Time(s) unknown (209.141.54.238): 3 Time(s) mail (123.14.207.216): 2 Time(s) root (103.148.79.199): 2 Time(s) root (121.4.135.108): 2 Time(s) unknown (115.138.224.8): 2 Time(s) unknown (134.255.229.5): 2 Time(s) unknown (183.82.0.21): 2 Time(s) unknown (194.165.16.105): 2 Time(s) unknown (194.165.16.107): 2 Time(s) unknown (194.165.16.108): 2 Time(s) unknown (194.165.16.89): 2 Time(s) unknown (194.61.25.28): 2 Time(s) unknown (31.42.176.112): 2 Time(s) unknown (34.red-88-4-94.dynamicip.rima-tde.net): 2 Time(s) unknown (45.135.232.165): 2 Time(s) unknown (45.146.165.72): 2 Time(s) unknown (46.56.70.95): 2 Time(s) unknown (lfbn-ami-1-62-111.w90-24.abo.wanadoo.fr): 2 Time(s) unknown (mail.clubfrancaisduvin.com): 2 Time(s) backup (106.12.217.119): 1 Time(s) backup (142.93.118.252): 1 Time(s) backup (176.113.115.117): 1 Time(s) bin (20.64.172.31): 1 Time(s) daemon (101.251.207.228): 1 Time(s) daemon (200.73.128.100): 1 Time(s) games (128.199.78.229): 1 Time(s) gnats (101.251.207.228): 1 Time(s) gnats (159.75.122.40): 1 Time(s) irc (128.199.78.229): 1 Time(s) irc (148.223.120.122): 1 Time(s) irc (159.65.199.76): 1 Time(s) irc (20.64.172.31): 1 Time(s) irc (61.133.122.19): 1 Time(s) jan (121.5.124.51): 1 Time(s) list (115-188-87-193-adsl.sparkbb.co.nz): 1 Time(s) list (159.65.199.76): 1 Time(s) lp (123.58.5.243): 1 Time(s) mail (148.223.120.122): 1 Time(s) mail (159.65.199.76): 1 Time(s) mail (180.97.31.28): 1 Time(s) mail (20.64.172.31): 1 Time(s) mailman (115-188-87-193-adsl.sparkbb.co.nz): 1 Time(s) mailman (123.14.207.216): 1 Time(s) mailman (128.199.108.153): 1 Time(s) mailman (142.93.118.252): 1 Time(s) man (119.29.184.119): 1 Time(s) man (124.236.22.12): 1 Time(s) mysql (128.199.78.229): 1 Time(s) mysql (182.61.43.226): 1 Time(s) mysql (51.15.167.103): 1 Time(s) nobody (128.199.78.229): 1 Time(s) nobody (196.1.97.216): 1 Time(s) nobody (45.55.63.118): 1 Time(s) nobody (81.68.234.113): 1 Time(s) postfix (123.14.207.216): 1 Time(s) postfix (138-219-100-74.meganetscm.net.br): 1 Time(s) postgres (159.75.122.40): 1 Time(s) postgres (194.61.25.28): 1 Time(s) postgres (51.15.167.103): 1 Time(s) proxy (148.223.120.122): 1 Time(s) proxy (159.75.122.40): 1 Time(s) proxy (178.128.41.141): 1 Time(s) proxy (20.64.172.31): 1 Time(s) root (1.116.96.30): 1 Time(s) root (140.249.200.71): 1 Time(s) root (176.122.149.209.16clouds.com): 1 Time(s) root (180.76.39.214): 1 Time(s) root (183.82.0.21): 1 Time(s) root (192.3.255.140): 1 Time(s) root (194.165.16.106): 1 Time(s) root (194.165.16.109): 1 Time(s) root (194.61.25.28): 1 Time(s) root (197.156.93.190): 1 Time(s) root (212.129.247.130): 1 Time(s) root (42.192.48.55): 1 Time(s) root (45.146.165.72): 1 Time(s) root (68.183.146.178): 1 Time(s) root (89-232-192-40.pppoe-adsl.isurgut.ru): 1 Time(s) root (ip166.ip-51-195-166.eu): 1 Time(s) root (mail.clubfrancaisduvin.com): 1 Time(s) smmsp (121.5.124.51): 1 Time(s) sshd (101.251.207.228): 1 Time(s) sshd (121.5.124.51): 1 Time(s) sshd (138-219-100-74.meganetscm.net.br): 1 Time(s) sshd (159.65.199.76): 1 Time(s) sshd (178.128.41.141): 1 Time(s) sshd (51.15.167.103): 1 Time(s) sync (121.5.124.51): 1 Time(s) sync (128.199.78.229): 1 Time(s) sync (138-219-100-74.meganetscm.net.br): 1 Time(s) sync (148.223.120.122): 1 Time(s) sync (20.64.172.31): 1 Time(s) temp (45.135.232.165): 1 Time(s) temp (61.133.122.19): 1 Time(s) unknown (119.29.98.53): 1 Time(s) unknown (122.51.27.41): 1 Time(s) unknown (171.244.139.236): 1 Time(s) unknown (189.20.97.83.ro.ovo.sc): 1 Time(s) unknown (196.201.224.30): 1 Time(s) unknown (45.153.160.130): 1 Time(s) unknown (ip166.ip-51-195-166.eu): 1 Time(s) unknown (r201-217-143-51.ir-static.anteldata.net.uy): 1 Time(s) unknown (tor-exit-05.nonanet.net): 1 Time(s) unknown (tor-exit-4126.nortor.no): 1 Time(s) unknown (tor-exit-node.net): 1 Time(s) uucp (117.50.94.89): 1 Time(s) www-data (159.65.199.76): 1 Time(s) www-data (183.82.0.21): 1 Time(s) www-data (194.61.25.28): 1 Time(s) Invalid Users: Unknown Account: 806 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 16 Miscellaneous warnings 34.134K Bytes accepted 34,953 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 768 Connections 202 Connections lost (inbound) 768 Disconnections 1 Removed from queue 1 Sent via SMTP 5 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 4 Time(s) Failed logins from: 1.116.96.30: 1 time 20.64.172.31: 13 times 27.110.250.34: 6 times 42.192.48.55: 1 time 42.192.125.230: 24 times 45.55.63.118: 6 times 45.135.232.165: 1 time 45.146.165.72: 1 time 49.232.212.10: 72 times 51.15.167.103 (51-15-167-103.rev.poneytelecom.eu): 8 times 51.195.166.166 (ip166.ip-51-195-166.eu): 1 time 58.56.40.210: 52 times 60.8.87.190: 6 times 61.133.122.19: 8 times 68.183.82.97: 24 times 68.183.146.178: 1 time 81.68.234.113: 13 times 81.69.36.65: 37 times 81.70.3.190: 39 times 81.70.246.12: 99 times 81.71.72.142: 21 times 81.182.254.124 (dsl51B6FE7C.fixip.t-online.hu): 100 times 87.225.104.160 (wc.42170022533.clnt.kht.ru): 13 times 89.232.192.40 (89-232-192-40.pppoe-adsl.isurgut.ru): 1 time 95.217.212.122 (mail.clubfrancaisduvin.com): 1 time 101.251.207.228: 16 times 103.79.90.72 (host-103-79-90-72.temanggungkab.go.id): 40 times 103.148.79.199: 2 times 104.225.236.41 (104.225.236.41.16clouds.com): 59 times 106.12.217.119: 28 times 106.12.242.251: 4 times 106.13.43.92: 59 times 106.52.123.11: 49 times 106.55.25.102: 15 times 106.75.224.132: 60 times 115.188.87.193 (115-188-87-193-adsl.sparkbb.co.nz): 8 times 117.50.94.89: 5 times 118.24.146.186: 17 times 118.70.233.206: 100 times 119.29.98.53: 4 times 119.29.184.119: 6 times 119.45.185.51: 20 times 121.4.135.108: 2 times 121.5.3.180: 11 times 121.5.124.51: 7 times 123.14.207.216 (hn.kd.ny.adsl): 13 times 123.58.5.243: 19 times 124.236.22.12 (12.22.236.124.broad.sj.he.dynamic.163data.com.cn): 1 time 128.199.78.229: 13 times 128.199.108.153: 10 times 134.255.229.5: 10 times 138.197.66.68: 21 times 138.197.195.123: 100 times 138.219.100.74 (138-219-100-74.meganetscm.net.br): 7 times 140.249.197.154: 100 times 140.249.200.71: 1 time 140.249.205.107: 55 times 142.93.118.252: 6 times 148.223.120.122 (customer-148-223-120-122.uninet-ide.com.mx): 10 times 157.245.39.243: 57 times 159.65.199.76: 13 times 159.75.120.153: 15 times 159.75.122.40: 15 times 165.232.122.187: 18 times 176.113.115.117: 8 times 176.122.149.209 (176.122.149.209.16clouds.com): 1 time 178.128.41.141: 5 times 179.38.47.170 (179-38-47-170.speedy.com.ar): 10 times 180.76.39.214: 1 time 180.97.31.28: 8 times 182.61.43.226: 13 times 183.82.0.21 (broadband.actcorp.in): 2 times 187.188.206.106 (fixed-187-188-206-106.totalplay.net): 100 times 190.94.253.22 (190-94-253-22.ifxnw.com.ve): 22 times 192.3.255.140 (mail.whitebox1.com): 1 time 194.61.25.28: 3 times 194.165.16.106: 1 time 194.165.16.109: 1 time 196.1.97.216: 7 times 196.201.224.30: 4 times 197.156.93.190: 1 time 200.73.128.100 (100.128.73.200.cab.prima.net.ar): 8 times 212.129.247.130: 1 time 212.225.238.245 (245.red.238.225.212.procono.es): 70 times 218.92.0.165: 6 times 218.92.0.247: 6 times 219.131.193.180: 52 times Illegal users from: undef: 443 times 20.64.172.31: 17 times 31.42.176.112 (dedicated.sollutium.com): 2 times 42.192.51.95: 10 times 45.55.63.118: 20 times 45.135.232.165: 2 times 45.146.165.72: 2 times 45.153.160.130: 1 time 46.56.70.95: 2 times 51.15.167.103 (51-15-167-103.rev.poneytelecom.eu): 26 times 51.195.166.166 (ip166.ip-51-195-166.eu): 1 time 61.133.122.19: 26 times 65.49.20.66 (scan-17.shadowserver.org): 1 time 81.68.234.113: 26 times 81.69.36.65: 7 times 81.71.72.142: 9 times 83.97.20.163 (tor-exit-node.net): 1 time 83.97.20.189 (189.20.97.83.ro.ovo.sc): 1 time 87.225.104.160 (wc.42170022533.clnt.kht.ru): 12 times 88.4.94.34 (34.red-88-4-94.dynamicip.rima-tde.net): 2 times 88.225.240.38 (88.225.240.38.static.ttnet.com.tr): 15 times 90.24.39.111 (lfbn-ami-1-62-111.w90-24.abo.wanadoo.fr): 2 times 95.217.212.122 (mail.clubfrancaisduvin.com): 2 times 101.251.207.228: 27 times 103.148.79.199: 3 times 106.12.217.119: 12 times 106.12.242.251: 5 times 115.138.224.8: 2 times 115.188.87.193 (115-188-87-193-adsl.sparkbb.co.nz): 27 times 117.50.94.89: 4 times 118.24.146.186: 9 times 119.29.98.53: 1 time 119.29.184.119: 20 times 119.45.185.51: 3 times 121.4.135.108: 12 times 121.5.124.51: 26 times 122.51.27.41: 1 time 123.14.207.216 (hn.kd.ny.adsl): 23 times 123.58.5.243: 13 times 124.236.22.12 (12.22.236.124.broad.sj.he.dynamic.163data.com.cn): 3 times 128.199.78.229: 23 times 128.199.108.153: 24 times 134.255.229.5: 2 times 138.197.66.68: 9 times 138.219.100.74 (138-219-100-74.meganetscm.net.br): 27 times 141.98.10.39: 3 times 141.98.10.179 (er.includeswitche.com): 3 times 141.98.10.193: 15 times 141.98.10.221: 3 times 142.93.118.252: 24 times 148.223.120.122 (customer-148-223-120-122.uninet-ide.com.mx): 25 times 159.65.199.76: 48 times 159.75.120.153: 5 times 159.75.122.40: 21 times 165.232.122.187: 8 times 171.244.139.236: 1 time 176.113.115.117: 27 times 178.128.41.141: 27 times 179.38.47.170 (179-38-47-170.speedy.com.ar): 6 times 180.97.31.28: 26 times 182.61.43.226: 13 times 183.82.0.21 (broadband.actcorp.in): 2 times 190.94.253.22 (190-94-253-22.ifxnw.com.ve): 10 times 192.3.255.140 (mail.whitebox1.com): 5 times 194.61.25.28: 2 times 194.165.16.89: 2 times 194.165.16.105: 2 times 194.165.16.106: 1 time 194.165.16.107: 2 times 194.165.16.108: 2 times 194.165.16.109: 1 time 196.1.97.216: 21 times 196.201.224.30: 1 time 197.156.93.190: 3 times 199.195.248.154: 4 times 200.73.128.100 (100.128.73.200.cab.prima.net.ar): 27 times 201.217.143.51 (r201-217-143-51.ir-static.anteldata.net.uy): 1 time 205.185.123.19 (tor-exit-05.nonanet.net): 1 time 209.141.47.35: 3 times 209.141.54.238 (delta.tshost.no): 3 times 217.170.204.126 (tor-exit-4126.nortor.no): 1 time ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################