################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Jul 23 04:42:04 2021 Date Range Processed: yesterday ( 2021-Jul-22 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [250:252] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 1.85.217.107 -> zapf.wiki:443: 1 Time(s) 222.186.19.235 -> zapf.wiki:443: 2 Time(s) A total of 11 sites probed the server 157.90.242.173 159.89.112.155 165.232.146.19 167.99.182.74 188.166.90.62 195.154.200.175 205.185.115.135 209.141.41.98 219.156.232.128 222.186.19.235 66.240.205.34 Requests with error response codes 400 Bad Request mstshash=hello: 1141 Time(s) /: 28 Time(s) null: 11 Time(s) mstshash=Administr: 3 Time(s) zapf.wiki:443: 3 Time(s) /.well-known/security.txt: 1 Time(s) /_profiler/phpinfo: 1 Time(s) /c/version.js: 1 Time(s) /favicon.ico/: 1 Time(s) /robots.txt: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) \x04}\x07\xE03\xEAQ\x84N\x8E\xE9V\xCB\xA0\ ... x09\xC0\x14\xC0: 1 Time(s) 404 Not Found /robots.txt: 45 Time(s) /wp-login.php: 9 Time(s) /.env: 3 Time(s) /: 1 Time(s) /.svn/: 1 Time(s) /2018/: 1 Time(s) /2019/: 1 Time(s) /2020/: 1 Time(s) /administrator/components/com_jbusinessdir ... sets/upload.php: 1 Time(s) /backup/: 1 Time(s) /bak/: 1 Time(s) /bk/: 1 Time(s) /blog/: 1 Time(s) /cms/: 1 Time(s) /datenschutz: 1 Time(s) /datenschutz/: 1 Time(s) /demo/: 1 Time(s) /dev/: 1 Time(s) /install/: 1 Time(s) /main/: 1 Time(s) /new-site/: 1 Time(s) /new/: 1 Time(s) /old-site/: 1 Time(s) /old-wp/: 1 Time(s) /old/: 1 Time(s) /protokolle/Protokoll_MV_12.11.2016.pdf: 1 Time(s) /reader/1993-so-reader_do93.pdf: 1 Time(s) /reader/1998-so-reader_ro98.pdf: 1 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s) /site/: 1 Time(s) /temp/: 1 Time(s) /test/: 1 Time(s) /tmp/: 1 Time(s) /v1/: 1 Time(s) /v2/: 1 Time(s) /web/: 1 Time(s) /wordpress/: 1 Time(s) /wp/: 1 Time(s) /wp1/: 1 Time(s) /wp2/: 1 Time(s) 500 Internal Server Error /: 26 Time(s) /.env: 3 Time(s) /favicon.ico: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) //login_sid.lua: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /c/version.js: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /robots.txt: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /t4: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (45.80.64.142): 74 Time(s) root (119.96.189.177): 70 Time(s) root (190-58-130-230.business.static.tstt.net.tt): 70 Time(s) root (204.48.20.154): 70 Time(s) root (140.249.203.115): 69 Time(s) root (82.157.22.209): 60 Time(s) root (161.35.129.216): 55 Time(s) root (195.54.41.29): 55 Time(s) root (121.4.175.18): 54 Time(s) root (138.68.99.110): 50 Time(s) root (159.89.194.103): 50 Time(s) root (42-200-155-72.static.imsbiz.com): 50 Time(s) root (52.183.128.237): 50 Time(s) root (96-1-64-194-staticipwest.wireless.telus.com): 50 Time(s) root (sf.nowing.com): 50 Time(s) root (106.124.136.227): 48 Time(s) root (89.175.29.126): 46 Time(s) root (h-82-196-113-78.a166.priv.bahnhof.se): 46 Time(s) root (152.136.212.92): 44 Time(s) root (121.5.157.59): 43 Time(s) root (43.129.224.142): 43 Time(s) root (82.156.67.62): 42 Time(s) root (210.14.73.172): 41 Time(s) root (110.43.42.91): 40 Time(s) root (vmi619707.contaboserver.net): 40 Time(s) root (139.155.34.181): 35 Time(s) root (rs000279.fastrootserver.de): 35 Time(s) root (119.45.233.138): 34 Time(s) root (81.68.253.14): 34 Time(s) root (81.69.8.18): 32 Time(s) root (101.32.14.194): 31 Time(s) root (101.32.164.77): 31 Time(s) root (167.71.53.124): 30 Time(s) root (62.234.21.198): 30 Time(s) root (81.71.38.43): 30 Time(s) root (89.128.127.18): 30 Time(s) root (r201-217-143-51.ir-static.anteldata.net.uy): 30 Time(s) unknown (203.172.76.4): 29 Time(s) unknown (189.79.193.173): 28 Time(s) root (repositorio2.morenet.ac.mz): 27 Time(s) root (106.13.226.113): 26 Time(s) root (121.4.207.184): 26 Time(s) root (142.93.8.99): 26 Time(s) root (195.158.5.18): 25 Time(s) root (159.75.37.48): 24 Time(s) unknown (111.198.29.247): 24 Time(s) unknown (120.132.8.64): 24 Time(s) root (159.89.114.40): 23 Time(s) root (saber.ac.mz): 22 Time(s) unknown (106.13.1.239): 21 Time(s) unknown (42.192.79.202): 21 Time(s) root (157.245.168.191): 19 Time(s) root (49.235.154.212): 19 Time(s) unknown (45.55.219.226): 19 Time(s) root (101.251.219.100): 18 Time(s) root (159.75.50.105): 18 Time(s) unknown (103.240.76.205): 18 Time(s) unknown (124.152.76.180): 18 Time(s) unknown (45.146.166.111): 18 Time(s) root (43.131.66.78): 17 Time(s) unknown (110.43.42.91): 16 Time(s) unknown (116.196.69.144): 16 Time(s) unknown (139.198.177.151): 16 Time(s) unknown (154.0.6.24): 15 Time(s) unknown (159.65.84.183): 15 Time(s) unknown (175.27.189.179): 15 Time(s) unknown (68.183.218.177): 15 Time(s) unknown (81.71.8.200): 15 Time(s) unknown (shufangkeji.com): 14 Time(s) root (162.243.42.225): 12 Time(s) unknown (141.98.10.27): 12 Time(s) unknown (222.128.14.106): 12 Time(s) root (203.172.76.4): 11 Time(s) unknown (1.15.42.193): 11 Time(s) unknown (106.12.141.94): 11 Time(s) unknown (223.71.127.194): 11 Time(s) unknown (5.192.168.59): 11 Time(s) root (106.13.1.239): 10 Time(s) root (165.22.186.178): 10 Time(s) root (139.198.177.151): 9 Time(s) unknown (141.98.10.203): 9 Time(s) unknown (141.98.10.29): 9 Time(s) unknown (141.98.10.56): 9 Time(s) unknown (157.230.12.188): 9 Time(s) postgres (45.80.64.142): 8 Time(s) root (103.240.76.205): 8 Time(s) root (154.0.6.24): 8 Time(s) unknown (1.15.180.182): 8 Time(s) unknown (180.168.168.58): 8 Time(s) root (106.12.141.94): 7 Time(s) root (159.65.84.183): 7 Time(s) root (189.79.193.173): 7 Time(s) root (45.55.219.226): 7 Time(s) unknown (203.159.80.131): 7 Time(s) root (111.198.29.247): 6 Time(s) root (117.248.249.70): 6 Time(s) root (120.132.8.64): 6 Time(s) root (222.128.14.106): 6 Time(s) root (42.192.79.202): 6 Time(s) root (1.15.180.182): 5 Time(s) root (203.159.80.131): 5 Time(s) root (68.183.218.177): 5 Time(s) root (1.15.42.193): 4 Time(s) root (113.105.211.183): 4 Time(s) root (187.69.182.44): 4 Time(s) root (223.71.127.194): 4 Time(s) root (45.146.166.111): 4 Time(s) root (88.123.207.134): 4 Time(s) root (ip68-226-200-241.lf.br.cox.net): 4 Time(s) unknown (107.189.1.174): 4 Time(s) unknown (171.227.24.66): 4 Time(s) unknown (199.195.248.154): 4 Time(s) root (116.196.69.144): 3 Time(s) root (5.192.168.59): 3 Time(s) root (shufangkeji.com): 3 Time(s) unknown (107.189.1.180): 3 Time(s) unknown (116.110.30.47): 3 Time(s) unknown (171.251.26.14): 3 Time(s) unknown (205.185.125.109): 3 Time(s) unknown (205.185.126.160): 3 Time(s) unknown (205.185.127.25): 3 Time(s) unknown (37.0.11.249): 3 Time(s) mysql (42.192.79.202): 2 Time(s) postgres (159.65.84.183): 2 Time(s) postgres (203.172.76.4): 2 Time(s) postgres (222.128.14.106): 2 Time(s) root (104.244.72.34): 2 Time(s) root (107.189.1.180): 2 Time(s) root (180.168.168.58): 2 Time(s) root (210.212.207.129): 2 Time(s) root (81.71.8.200): 2 Time(s) unknown (104.244.72.34): 2 Time(s) unknown (140.207.100.82): 2 Time(s) unknown (51.15.197.4): 2 Time(s) unknown (80-60-200-156.fixed.kpn.net): 2 Time(s) backup (189.79.193.173): 1 Time(s) mysql (139.198.177.151): 1 Time(s) mysql (154.0.6.24): 1 Time(s) mysql (157.230.12.188): 1 Time(s) mysql (203.172.76.4): 1 Time(s) mysql (36.133.163.35): 1 Time(s) mysql (shufangkeji.com): 1 Time(s) nobody (139.198.177.151): 1 Time(s) postgres (106.12.141.94): 1 Time(s) postgres (106.13.1.239): 1 Time(s) postgres (189.79.193.173): 1 Time(s) postgres (shufangkeji.com): 1 Time(s) root (1.117.226.165): 1 Time(s) root (116.110.80.62): 1 Time(s) root (125.72.13.21): 1 Time(s) root (140.207.100.82): 1 Time(s) root (142.93.212.91): 1 Time(s) root (148.70.241.56): 1 Time(s) root (157.230.12.188): 1 Time(s) root (167.71.234.157): 1 Time(s) root (178.128.10.248): 1 Time(s) root (185.220.101.213): 1 Time(s) root (200.73.130.213): 1 Time(s) root (205.185.126.160): 1 Time(s) root (209.127.17.242): 1 Time(s) root (41.94.88.12): 1 Time(s) root (45.153.160.136): 1 Time(s) root (45.80.64.142): 1 Time(s) root (8.208.86.156): 1 Time(s) root (81.69.59.156): 1 Time(s) root (ns1.bessar.com.my): 1 Time(s) temp (1.15.42.193): 1 Time(s) unknown (113.105.211.183): 1 Time(s) unknown (116.110.121.173): 1 Time(s) unknown (116.110.80.62): 1 Time(s) unknown (142.93.105.220): 1 Time(s) unknown (167.99.229.57): 1 Time(s) unknown (180.250.115.121): 1 Time(s) unknown (187.69.182.44): 1 Time(s) unknown (221.143.42.71): 1 Time(s) unknown (88.123.207.134): 1 Time(s) unknown (ip68-226-200-241.lf.br.cox.net): 1 Time(s) Invalid Users: Unknown Account: 609 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 25.664K Bytes accepted 26,280 25.664K Bytes sent via SMTP 26,280 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 373 Connections 271 Connections lost (inbound) 373 Disconnections 1 Removed from queue 1 Sent via SMTP 27 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 1.15.42.193: 5 times 1.15.180.182: 5 times 1.117.226.165: 1 time 5.192.168.59: 3 times 8.208.86.156: 1 time 36.133.163.35: 1 time 41.94.88.12 (saber.ac.mz): 50 times 42.192.79.202: 8 times 42.200.155.72 (42-200-155-72.static.imsbiz.com): 50 times 43.129.224.142: 43 times 43.131.66.78: 17 times 45.55.219.226: 7 times 45.80.64.142: 9 times 45.146.166.111: 4 times 45.153.160.136: 1 time 49.235.154.212: 19 times 52.183.128.237: 50 times 62.234.21.198: 30 times 68.183.218.177: 5 times 68.226.200.241 (ip68-226-200-241.lf.br.cox.net): 4 times 75.119.152.13 (vmi619707.contaboserver.net): 40 times 81.68.253.14: 34 times 81.69.8.18: 32 times 81.69.59.156: 1 time 81.71.8.200: 2 times 81.71.38.43: 30 times 82.156.67.62: 42 times 82.157.22.209: 60 times 82.196.113.78 (h-82-196-113-78.A166.priv.bahnhof.se): 46 times 88.123.207.134 (sou06-2_migr-88-123-207-134.fbx.proxad.net): 4 times 89.128.127.18: 30 times 89.163.209.26 (rs000279.fastrootserver.de): 35 times 89.175.29.126: 46 times 96.1.64.194 (96-1-64-194-staticipwest.wireless.telus.com): 50 times 101.32.14.194: 31 times 101.32.164.77: 31 times 101.251.219.100: 18 times 103.240.76.205: 8 times 104.244.72.34: 2 times 106.12.141.94: 8 times 106.13.1.239: 11 times 106.13.226.113: 26 times 106.124.136.227: 48 times 107.189.1.180: 2 times 110.43.42.91: 40 times 111.198.29.247: 6 times 113.105.211.183: 4 times 115.231.209.94 (shufangkeji.com): 5 times 116.110.80.62: 1 time 116.196.69.144: 3 times 117.248.249.70: 6 times 119.45.233.138: 34 times 119.96.189.177: 70 times 120.132.8.64: 6 times 121.4.175.18: 54 times 121.4.207.184: 26 times 121.5.157.59: 43 times 121.120.80.170 (ns1.bessar.com.my): 1 time 125.72.13.21 (21.13.72.125.dial.xn.qh.dynamic.163data.com.cn): 1 time 138.68.99.110: 50 times 139.155.34.181: 35 times 139.198.177.151: 11 times 140.207.100.82: 1 time 140.249.203.115: 69 times 142.93.8.99: 26 times 142.93.212.91: 1 time 148.70.241.56: 1 time 152.136.212.92: 44 times 154.0.6.24 (u17c-cust.coolideas.co.za): 9 times 157.230.12.188: 2 times 157.245.168.191: 19 times 159.65.84.183 (kroki.om): 9 times 159.75.37.48: 24 times 159.75.50.105: 18 times 159.89.114.40: 23 times 159.89.194.103: 50 times 161.35.129.216: 55 times 162.243.42.225: 12 times 165.22.186.178: 10 times 167.71.53.124: 30 times 167.71.234.157: 1 time 178.128.10.248: 1 time 180.168.168.58: 2 times 185.220.101.213: 1 time 187.69.182.44 (187-69-182-44.3g.claro.net.br): 4 times 189.79.193.173 (189-79-193-173.dsl.telesp.net.br): 9 times 190.58.130.230 (190-58-130-230.business.static.tstt.net.tt): 70 times 195.54.41.29: 55 times 195.158.5.18: 25 times 198.199.97.174 (sf.nowing.com): 50 times 200.73.130.213 (213.130.73.200.cab.prima.net.ar): 1 time 201.217.143.51 (r201-217-143-51.ir-static.anteldata.net.uy): 30 times 203.159.80.131: 5 times 203.172.76.4 (reverse-203-172-76-4.csloxinfo.net): 14 times 204.48.20.154: 70 times 205.185.126.160: 1 time 209.127.17.242: 1 time 210.14.73.172: 41 times 210.212.207.129: 2 times 222.128.14.106: 8 times 223.71.127.194: 4 times Illegal users from: undef: 348 times 1.15.42.193: 11 times 1.15.180.182: 8 times 5.192.168.59: 14 times 37.0.11.249: 3 times 42.192.79.202: 21 times 45.55.219.226: 19 times 45.80.64.142: 74 times 45.146.166.111: 18 times 51.15.197.4 (4-197-15-51.instances.scw.cloud): 2 times 65.49.20.66 (scan-17.shadowserver.org): 1 time 68.183.218.177: 15 times 68.226.200.241 (ip68-226-200-241.lf.br.cox.net): 1 time 80.60.200.156 (80-60-200-156.fixed.kpn.net): 2 times 81.71.8.200: 15 times 88.123.207.134 (sou06-2_migr-88-123-207-134.fbx.proxad.net): 1 time 103.240.76.205: 18 times 104.244.72.34: 2 times 106.12.141.94: 11 times 106.13.1.239: 21 times 107.189.1.174: 4 times 107.189.1.180: 3 times 110.43.42.91: 16 times 111.198.29.247: 24 times 113.105.211.183: 1 time 115.231.209.94 (shufangkeji.com): 14 times 116.110.30.47: 3 times 116.110.80.62: 1 time 116.110.121.173: 1 time 116.196.69.144: 16 times 120.132.8.64: 24 times 124.152.76.180: 18 times 139.198.177.151: 16 times 140.207.100.82: 2 times 141.98.10.27: 12 times 141.98.10.29: 9 times 141.98.10.56: 9 times 141.98.10.203: 9 times 142.93.105.220: 1 time 154.0.6.24 (u17c-cust.coolideas.co.za): 15 times 157.230.12.188: 9 times 159.65.84.183 (kroki.om): 15 times 167.99.229.57 (refundus.online): 1 time 171.227.24.66 (dynamic-ip-adsl.viettel.vn): 4 times 171.251.26.14 (dynamic-adsl.viettel.vn): 3 times 175.27.189.179: 15 times 178.73.215.171 (178-73-215-171-static.glesys.net): 1 time 180.168.168.58: 8 times 180.250.115.121: 1 time 187.69.182.44 (187-69-182-44.3g.claro.net.br): 1 time 189.79.193.173 (189-79-193-173.dsl.telesp.net.br): 28 times 199.195.248.154: 4 times 203.159.80.131: 7 times 203.172.76.4 (reverse-203-172-76-4.csloxinfo.net): 29 times 205.185.125.109: 3 times 205.185.126.160: 3 times 205.185.127.25 (serveroperations.com): 3 times 221.143.42.71: 1 time 222.128.14.106: 12 times 223.71.127.194: 11 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################