################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Nov 13 04:42:05 2021 Date Range Processed: yesterday ( 2021-Nov-12 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 43:43 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 8 sites probed the server 117.221.184.134 138.68.176.177 205.185.124.100 209.141.54.186 212.102.34.241 212.193.30.245 45.33.65.249 45.61.184.37 Requests with error response codes 400 Bad Request null: 14 Time(s) /: 8 Time(s) mstshash=Administr: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 2 Time(s) 7: 2 Time(s) /4hUk: 1 Time(s) /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: 1 Time(s) /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: 1 Time(s) /base.html: 1 Time(s) /c/version.js: 1 Time(s) /config/getuser?index=0: 1 Time(s) /docs/cplugError.html/: 1 Time(s) /favicon.ico: 1 Time(s) /flu/403.html: 1 Time(s) /gemini-iptv/get_prc.php: 1 Time(s) /gemini-iptv/vod.json: 1 Time(s) /oe1W: 1 Time(s) /pools: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) \x087\x0C\xBF3\xE9\x17\x80e~\xECh\x8B\xBC: 1 Time(s) \x1B\x02\x93|\xE9\xE0\x00}Y\xED\xF7\xEF\x1 ... (\xC0#\xC0'\xC0: 1 Time(s) zapf.in: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 4 Time(s) /build/260ef443edb4dfd026d82e2b21a4c75c.woff: 2 Time(s) /fonts/SourceSansPro-Regular.woff: 2 Time(s) /favicon.png: 1 Time(s) /js/mathjax-config-extra.js: 1 Time(s) 500 Internal Server Error /: 63 Time(s) /robots.txt: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.env: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /c/version.js: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /ecp/x.js: 1 Time(s) /favicon.ico: 1 Time(s) /flu/403.html: 1 Time(s) /gemini-iptv/get_prc.php: 1 Time(s) /gemini-iptv/vod.json: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) /wp-login.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (static.183.26.243.136.clients.your-server.de): 39 Time(s) root (ns3152155.ip-151-106-38.eu): 37 Time(s) root (111.206.4.222): 31 Time(s) root (121.4.95.102): 31 Time(s) root (v-182-163-90-49.ub-freebit.net): 29 Time(s) root (134.17.16.196): 20 Time(s) root (ypfbfwlpz01.ypfb.gob.bo): 19 Time(s) unknown (176.111.173.237): 18 Time(s) root (111.125.70.22): 16 Time(s) root (157.245.101.31): 16 Time(s) root (58.208.84.93): 14 Time(s) root (3.35.199.104.bc.googleusercontent.com): 13 Time(s) unknown (ns3152155.ip-151-106-38.eu): 13 Time(s) root (139.217.98.200): 11 Time(s) unknown (139.217.98.200): 11 Time(s) unknown (static.183.26.243.136.clients.your-server.de): 11 Time(s) unknown (v-182-163-90-49.ub-freebit.net): 10 Time(s) unknown (111.206.4.222): 9 Time(s) unknown (157.245.101.31): 9 Time(s) unknown (3.35.199.104.bc.googleusercontent.com): 9 Time(s) root (113.215.181.247): 8 Time(s) root (116.235.92.119): 6 Time(s) unknown (121.4.95.102): 6 Time(s) unknown (134.17.16.196): 6 Time(s) unknown (ypfbfwlpz01.ypfb.gob.bo): 6 Time(s) root (176.111.173.237): 5 Time(s) unknown (111.125.70.22): 5 Time(s) unknown (141.98.10.142): 5 Time(s) unknown (58.208.84.93): 5 Time(s) root (37.61.176.231): 4 Time(s) unknown (113.215.181.247): 4 Time(s) unknown (205.185.120.180): 4 Time(s) unknown (45.135.232.159): 3 Time(s) unknown (45.155.204.39): 3 Time(s) unknown (51.15.197.4): 3 Time(s) unknown (smtp4.achtungumbedingt.de): 3 Time(s) root (mbl-65-136-170.dsl.net.pk): 2 Time(s) unknown (136.144.41.36): 2 Time(s) unknown (141.98.10.121): 2 Time(s) unknown (209.141.47.245): 2 Time(s) unknown (94.19.49.235): 2 Time(s) mysql (157.245.101.31): 1 Time(s) root (101.132.130.54): 1 Time(s) root (106.13.74.61): 1 Time(s) root (124.160.83.138): 1 Time(s) root (128.199.162.108): 1 Time(s) root (195.54.166.135): 1 Time(s) root (51.15.197.4): 1 Time(s) root (67.205.138.198): 1 Time(s) unknown (141.98.10.63): 1 Time(s) unknown (156.234.168.70): 1 Time(s) unknown (185.31.175.228): 1 Time(s) unknown (195.54.166.135): 1 Time(s) unknown (199.19.224.157): 1 Time(s) unknown (205.185.115.39): 1 Time(s) unknown (209.141.44.165): 1 Time(s) unknown (marcuse-2.nos-oignons.net): 1 Time(s) unknown (mbl-65-136-170.dsl.net.pk): 1 Time(s) unknown (smtp17.mib360realestate.com): 1 Time(s) Invalid Users: Unknown Account: 161 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 37 Miscellaneous warnings 12.381K Bytes accepted 12,678 12.381K Bytes sent via SMTP 12,678 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 245 Connections 40 Connections lost (inbound) 245 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 37.61.176.231 (37.61.176.231.svttk.ru): 4 times 51.15.197.4 (4-197-15-51.instances.scw.cloud): 1 time 58.65.136.170 (mbl-65-136-170.dsl.net.pk): 2 times 58.208.84.93: 14 times 67.205.138.198: 1 time 101.132.130.54: 1 time 104.199.35.3 (3.35.199.104.bc.googleusercontent.com): 13 times 106.13.74.61: 1 time 111.125.70.22: 16 times 111.206.4.222: 31 times 113.215.181.247: 8 times 116.235.92.119: 6 times 121.4.95.102: 31 times 124.160.83.138: 1 time 128.199.162.108: 1 time 134.17.16.196 (196-16-17-134-cloud.mts.by): 20 times 136.243.26.183 (static.183.26.243.136.clients.your-server.de): 39 times 139.217.98.200: 11 times 151.106.38.100 (ns3152155.ip-151-106-38.eu): 37 times 157.245.101.31: 17 times 176.111.173.237: 5 times 182.163.90.49 (v-182-163-90-49.ub-freebit.net): 29 times 190.129.69.101 (ypfbfwlpz01.ypfb.gob.bo): 19 times 195.54.166.135: 1 time Illegal users from: 2001:470:1:332::3: 1 time undef: 91 times 45.33.65.249 (45-33-65-249.ip.linodeusercontent.com): 1 time 45.135.232.159: 3 times 45.155.204.39: 3 times 51.15.197.4 (4-197-15-51.instances.scw.cloud): 3 times 58.65.136.170 (mbl-65-136-170.dsl.net.pk): 1 time 58.208.84.93: 5 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 94.19.49.235 (94.19.49.235.pool.sknt.ru): 2 times 104.199.35.3 (3.35.199.104.bc.googleusercontent.com): 9 times 107.189.30.134 (smtp4.achtungumbedingt.de): 3 times 111.125.70.22: 5 times 111.206.4.222: 9 times 113.215.181.247: 4 times 121.4.95.102: 6 times 134.17.16.196 (196-16-17-134-cloud.mts.by): 6 times 136.144.41.36: 2 times 136.243.26.183 (static.183.26.243.136.clients.your-server.de): 11 times 139.217.98.200: 11 times 141.98.10.63: 1 time 141.98.10.121: 2 times 141.98.10.142 (rectum-bounders.oinkhow.net): 5 times 151.106.38.100 (ns3152155.ip-151-106-38.eu): 13 times 156.234.168.70: 1 time 157.245.101.31: 9 times 176.111.173.237: 18 times 178.20.55.18 (marcuse-2.nos-oignons.net): 1 time 182.163.90.49 (v-182-163-90-49.ub-freebit.net): 10 times 185.31.175.228: 1 time 190.129.69.101 (ypfbfwlpz01.ypfb.gob.bo): 6 times 195.54.166.135: 1 time 199.19.224.157: 1 time 205.185.115.39 (mx.learnmorefun.org): 1 time 205.185.119.40 (smtp17.mib360realestate.com): 1 time 205.185.120.180: 4 times 209.141.44.165: 1 time 209.141.47.245: 2 times **Unmatched Entries** Protocol major versions differ for 45.33.65.249: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s) fatal: Unable to negotiate a key exchange method [preauth] : 1 time(s) Protocol major versions differ for 45.33.65.249: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################