################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Mar 17 04:42:03 2024 Date Range Processed: yesterday ( 2024-Mar-16 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 11:11 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 80.75.212.75 -> api64.ipify.org:443: 2 Time(s) A total of 8 sites probed the server 107.170.252.16 162.243.137.32 166.88.141.168 172.105.128.13 184.105.139.68 185.16.38.158 205.210.31.53 207.90.244.5 Requests with error response codes 400 Bad Request null: 13 Time(s) /: 3 Time(s) *: 2 Time(s) api64.ipify.org:443: 2 Time(s) mstshash=Administr: 2 Time(s) /.env: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) \xC2C\xF8\xA9: 1 Time(s) \xF5\x1C\x9A\x06\xBD@\xF9\xEF\x81<\x175A\x ... x09\xC0\x13\xC0: 1 Time(s) 499 (undefined) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s) 500 Internal Server Error /: 16 Time(s) /.env: 7 Time(s) /config: 6 Time(s) /.git/config: 4 Time(s) /admin: 3 Time(s) /admin/: 3 Time(s) /admin/.git/config: 3 Time(s) /admin/config: 3 Time(s) /api: 3 Time(s) /api/: 3 Time(s) /api/.git/config: 3 Time(s) /api/config: 3 Time(s) /app: 3 Time(s) /app/: 3 Time(s) /app/.git/config: 3 Time(s) /app/config: 3 Time(s) /backend: 3 Time(s) /backend/: 3 Time(s) /backend/.git/config: 3 Time(s) /backend/config: 3 Time(s) /backup: 3 Time(s) /backup/: 3 Time(s) /backup/.git/config: 3 Time(s) /backup/config: 3 Time(s) /bak: 3 Time(s) /bak/: 3 Time(s) /bak/.git/config: 3 Time(s) /bak/config: 3 Time(s) /cfg: 3 Time(s) /cfg/: 3 Time(s) /cfg/.git/config: 3 Time(s) /cfg/config: 3 Time(s) /conf: 3 Time(s) /conf/: 3 Time(s) /conf/.git/config: 3 Time(s) /conf/config: 3 Time(s) /config/: 3 Time(s) /config/.git/config: 3 Time(s) /config/config: 3 Time(s) /cron: 3 Time(s) /cron/: 3 Time(s) /data: 3 Time(s) /data/: 3 Time(s) /data/.git/config: 3 Time(s) /data/config: 3 Time(s) /download: 3 Time(s) /download/: 3 Time(s) /downloads: 3 Time(s) /downloads/: 3 Time(s) /files: 3 Time(s) /files/: 3 Time(s) /git: 3 Time(s) /git/: 3 Time(s) /git/.git/config: 3 Time(s) /git/config: 3 Time(s) /inc: 3 Time(s) /inc/: 3 Time(s) /inc/.git/config: 3 Time(s) /inc/config: 3 Time(s) /include: 3 Time(s) /include/: 3 Time(s) /include/.git/config: 3 Time(s) /include/config: 3 Time(s) /includes: 3 Time(s) /includes/: 3 Time(s) /includes/.git/config: 3 Time(s) /lib: 3 Time(s) /lib/: 3 Time(s) /lib/.git/config: 3 Time(s) /lib/config: 3 Time(s) /libs: 3 Time(s) /libs/: 3 Time(s) /libs/.git/config: 3 Time(s) /libs/config: 3 Time(s) /log: 3 Time(s) /log/: 3 Time(s) /logs: 3 Time(s) /logs/: 3 Time(s) /rest: 3 Time(s) /rest/: 3 Time(s) /rest/.git/config: 3 Time(s) /rest/config: 3 Time(s) /service: 3 Time(s) /service/: 3 Time(s) /service/.git/config: 3 Time(s) /service/config: 3 Time(s) /services: 3 Time(s) /services/: 3 Time(s) /services/.git/config: 3 Time(s) /services/config: 3 Time(s) /source: 3 Time(s) /source/: 3 Time(s) /source/.git/config: 3 Time(s) /source/config: 3 Time(s) /sources: 3 Time(s) /sources/: 3 Time(s) /sources/.git/config: 3 Time(s) /sources/config: 3 Time(s) /src: 3 Time(s) /src/: 3 Time(s) /src/.git/config: 3 Time(s) /src/config: 3 Time(s) /svc: 3 Time(s) /svc/: 3 Time(s) /svc/.git/config: 3 Time(s) /svc/config: 3 Time(s) /temp: 3 Time(s) /temp/: 3 Time(s) /temp/.git/config: 3 Time(s) /temp/config: 3 Time(s) /test: 3 Time(s) /test/: 3 Time(s) /test/.git/config: 3 Time(s) /test/config: 3 Time(s) /tmp: 3 Time(s) /tmp/: 3 Time(s) /tmp/.git/config: 3 Time(s) /tmp/config: 3 Time(s) /upload: 3 Time(s) /upload/: 3 Time(s) /uploads: 3 Time(s) /uploads/: 3 Time(s) /wallet: 3 Time(s) /wallet/: 3 Time(s) /wallets: 3 Time(s) /wallets/: 3 Time(s) /favicon.ico: 2 Time(s) /includes/config: 2 Time(s) /.well-known/security.txt: 1 Time(s) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s) /geoserver/web/: 1 Time(s) /robots.txt: 1 Time(s) /sitemap.xml: 1 Time(s) /webui/: 1 Time(s) 502 Bad Gateway /DigitalZaPF:Anforderungen_an_psychologisc ... ungsstellen/pdf: 1 Time(s) /NDAi3L_fSz2XYjfxzaCc_Q/pdf: 1 Time(s) /WS22_nachhaltigkeitsresolution/pdf: 1 Time(s) /_2VggSWpTGiqgb_nGCCc8A/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (194.169.175.106): 18 Time(s) root (mail.rokor.kz): 18 Time(s) root (179.43.180.106): 14 Time(s) unknown (85.209.11.254): 8 Time(s) root (119.188.169.9): 6 Time(s) root (216.126.68.10): 6 Time(s) unknown (175.206.96.66): 5 Time(s) unknown (194.169.175.35): 3 Time(s) unknown (202.165.16.209): 3 Time(s) root (85.209.11.27): 2 Time(s) unknown (152.42.200.242): 2 Time(s) unknown (203-59-73-76.perm.iinet.net.au): 2 Time(s) unknown (85.209.11.27): 2 Time(s) nobody (124.89.116.178): 1 Time(s) nobody (178.182.233.186): 1 Time(s) nobody (65.20.192.5): 1 Time(s) nobody (65.20.194.204): 1 Time(s) root (103.127.8.226): 1 Time(s) root (109.202.173.227): 1 Time(s) root (152.42.200.242): 1 Time(s) root (180.150.243.126): 1 Time(s) root (194.169.175.35): 1 Time(s) root (85.209.11.254): 1 Time(s) sshd (194.169.175.35): 1 Time(s) sshd (85.209.11.254): 1 Time(s) unknown (103.127.8.226): 1 Time(s) unknown (103.129.220.143): 1 Time(s) unknown (103.157.114.202): 1 Time(s) unknown (103.157.114.242): 1 Time(s) unknown (103.157.115.106): 1 Time(s) unknown (103.35.169.154): 1 Time(s) unknown (103.38.12.236): 1 Time(s) unknown (108-254-167-57.lightspeed.livnmi.sbcglobal.net): 1 Time(s) unknown (110.39.182.66): 1 Time(s) unknown (110.39.55.182): 1 Time(s) unknown (112.26.65.51): 1 Time(s) unknown (122.14.197.21): 1 Time(s) unknown (122.53.57.33): 1 Time(s) unknown (136.232.68.50): 1 Time(s) unknown (14.98.73.66): 1 Time(s) unknown (141.148.226.227): 1 Time(s) unknown (152.230.106.235): 1 Time(s) unknown (183.236.187.172): 1 Time(s) unknown (185.196.8.151): 1 Time(s) unknown (19010730117.ip71.static.mediacommerce.com.co): 1 Time(s) unknown (19010730120.ip71.static.mediacommerce.com.co): 1 Time(s) unknown (194.169.175.36): 1 Time(s) unknown (198.11.78.181.ufinet.com.co): 1 Time(s) unknown (203.134.219.10): 1 Time(s) unknown (31-10-205-51.static.upc.ch): 1 Time(s) unknown (41.2.31.31.dyn.idknet.com): 1 Time(s) unknown (41.207.248.204): 1 Time(s) unknown (42-2-251-116.static.netvigator.com): 1 Time(s) unknown (59-120-179-121.hinet-ip.hinet.net): 1 Time(s) unknown (59.94.35.242): 1 Time(s) unknown (62.116.243.192): 1 Time(s) unknown (65.20.143.189): 1 Time(s) unknown (65.20.189.109): 1 Time(s) unknown (65.20.194.27): 1 Time(s) unknown (65.20.195.95): 1 Time(s) unknown (65.20.250.215): 1 Time(s) unknown (69.79.197.196): 1 Time(s) unknown (82.67.30.217): 1 Time(s) unknown (94.204.204.226): 1 Time(s) unknown (94.206.67.82): 1 Time(s) unknown (c83-254-230-160.bredband.tele2.se): 1 Time(s) unknown (ip85-215-77-41.pbiaas.com): 1 Time(s) unknown (ool-45716aae.dyn.optonline.net): 1 Time(s) unknown (ppp-vpdn-92.242.51.118.yarnet.ru): 1 Time(s) Invalid Users: Unknown Account: 69 Time(s) systemd-user: Unknown Entries: session opened for user root by (uid=0): 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 17.634K Bytes accepted 18,057 17.634K Bytes sent via SMTP 18,057 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 24 Connections 2 Connections lost (inbound) 24 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors ---------------------- Postfix End ------------------------- --------------------- rsyslogd Begin ------------------------ **** Unmatched entries **** [origin software="rsyslogd" swVersion="8.4.2" x-pid="195" x-info="http://www.rsyslog.com"] exiting on signal 15. : 1 Times ---------------------- rsyslogd End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 65.20.192.5: 1 time 65.20.194.204: 1 time 85.209.11.27: 2 times 85.209.11.254: 2 times 103.127.8.226: 1 time 109.202.173.227: 1 time 119.188.169.9: 6 times 124.89.116.178: 1 time 152.42.200.242: 1 time 178.88.167.38 (mail.rokor.kz): 18 times 178.182.233.186 (178.182.233.186.mobile.static.t-mobile.pl): 1 time 179.43.180.106 (hostedby.privatelayer.com): 14 times 180.150.243.126 (undefined.hostname.localhost): 1 time 194.169.175.35: 2 times 194.169.175.106: 18 times 216.126.68.10: 6 times Illegal users from: undef: 22 times 14.98.73.66: 1 time 31.10.205.51 (31-10-205-51.static.upc.ch): 1 time 31.31.2.41 (41.2.31.31.dyn.idknet.com): 1 time 41.207.248.204: 1 time 42.2.251.116 (42-2-251-116.static.netvigator.com): 1 time 59.94.35.242: 1 time 59.120.179.121 (59-120-179-121.hinet-ip.hinet.net): 1 time 62.116.243.192 (192.fttbcentrum2.gavlenet.com): 1 time 65.20.143.189: 1 time 65.20.189.109: 1 time 65.20.194.27: 1 time 65.20.195.95: 1 time 65.20.250.215: 1 time 69.79.197.196 (196-197-79-69-static.flowja.com): 1 time 69.113.106.174 (ool-45716aae.dyn.optonline.net): 1 time 82.67.30.217 (ril69-1_migr-82-67-30-217.fbx.proxad.net): 1 time 83.254.230.160 (c83-254-230-160.bredband.tele2.se): 1 time 85.209.11.27: 2 times 85.209.11.254: 8 times 85.215.77.41 (ip85-215-77-41.pbiaas.com): 1 time 92.242.51.118 (ppp-vpdn-92.242.51.118.yarnet.ru): 1 time 94.204.204.226: 1 time 94.206.67.82: 1 time 103.35.169.154 (103.35.169-154.cyberwaybd.net): 1 time 103.38.12.236 (static-12.38.103.extranet.co.in): 1 time 103.127.8.226: 1 time 103.129.220.143: 1 time 103.157.114.202 (202.114.157.103.Ai-bkti-hts.iforte.net.id): 1 time 103.157.114.242 (242.114.157.103.Ai-bkti-hts.iforte.net.id): 1 time 103.157.115.106 (106.115.157.103.Ai-bkti-hts.iforte.net.id): 1 time 108.254.167.57 (108-254-167-57.lightspeed.livnmi.sbcglobal.net): 1 time 110.39.55.182 (WGPON-3955-182.wateen.net): 1 time 110.39.182.66 (WGPON-39182-66.wateen.net): 1 time 112.26.65.51: 1 time 122.14.197.21: 1 time 122.53.57.33 (122.53.57.33.static.pldt.net): 1 time 136.232.68.50: 1 time 141.148.226.227: 1 time 152.42.200.242: 2 times 152.230.106.235 (static.152.230.106.235.gtdinternet.com): 1 time 175.206.96.66: 5 times 181.78.11.198 (198.11.78.181.ufinet.com.co): 1 time 183.236.187.172: 1 time 185.196.8.151: 1 time 190.107.30.117 (19010730117.ip71.static.mediacommerce.com.co): 1 time 190.107.30.120 (19010730120.ip71.static.mediacommerce.com.co): 1 time 194.169.175.35: 3 times 194.169.175.36: 1 time 194.169.175.106: 1 time 202.165.16.209: 3 times 203.59.73.76 (203-59-73-76.perm.iinet.net.au): 2 times 203.134.219.10: 1 time Users logging in through sshd: root: 77.12.46.215 (dynamic-077-012-046-215.77.12.pool.telefonica.de): 1 time **Unmatched Entries** Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop19598p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################