################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Nov 10 04:42:04 2021 Date Range Processed: yesterday ( 2021-Nov-09 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 47:46 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 222.186.19.235 -> zapf.wiki:443: 2 Time(s) A total of 12 sites probed the server 143.110.159.135 143.110.178.150 159.65.10.39 193.142.146.242 205.185.124.100 222.186.19.235 34.77.162.7 40.76.56.186 5.188.210.227 66.240.205.34 66.240.219.146 89.248.165.210 Requests with error response codes 400 Bad Request null: 24 Time(s) /: 4 Time(s) /ab2g: 2 Time(s) /ab2h: 2 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) http://fuwu.sogou.com/404/index.html: 2 Time(s) zapf.wiki:443: 2 Time(s) /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) G\xA4\x18\x85|\xADS\xB4\xCF\x1C\x89\xAD\xA ... xFD\x83\xFC\xAF: 1 Time(s) http://5.188.210.227/echo.php: 1 Time(s) 404 Not Found /404: 1 Time(s) 500 Internal Server Error /: 83 Time(s) /robots.txt: 7 Time(s) /.env: 4 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /favicon.ico: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.DS_Store: 1 Time(s) /.git/config: 1 Time(s) /.json: 1 Time(s) /.well-known/security.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /ReportServer: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /analytics/jbips/: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /config.json: 1 Time(s) /console/: 1 Time(s) /frontend_dev.php/$: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /login.action: 1 Time(s) /manager/html: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /s/lkx/_/;/META-INF/maven/com.atlassian.ji ... /pom.properties: 1 Time(s) /server-status: 1 Time(s) /sitecore/shell/ClientBin/Reporting/Report.ashx: 1 Time(s) /sitemap.xml: 1 Time(s) /v2/_catalog: 1 Time(s) /webadmin/Index.action: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (159.65.11.227): 212 Time(s) root (137.184.201.209): 83 Time(s) root (121.4.15.16): 33 Time(s) root (fixed-186-96-159-6.totalplay.net): 31 Time(s) root (128.134.30.40): 28 Time(s) root (114-32-240-231.hinet-ip.hinet.net): 27 Time(s) root (202.165.25.137): 26 Time(s) unknown (195.54.166.135): 26 Time(s) root (194.170.156.9): 23 Time(s) unknown (128.134.30.40): 22 Time(s) root (122.51.77.182): 19 Time(s) root (106.54.147.141): 18 Time(s) root (124.160.96.249): 18 Time(s) root (223.240.103.88): 18 Time(s) unknown (176.111.173.237): 18 Time(s) root (106.244.10.2): 17 Time(s) root (175.42.70.240): 16 Time(s) unknown (121.4.15.16): 16 Time(s) unknown (fixed-186-96-159-6.totalplay.net): 16 Time(s) root (host-79-8-65-109.business.telecomitalia.it): 14 Time(s) root (106.51.80.198): 13 Time(s) root (190.145.224.18): 13 Time(s) root (58.58.133.130): 13 Time(s) unknown (141.98.10.81): 12 Time(s) unknown (114-32-240-231.hinet-ip.hinet.net): 10 Time(s) root (111.93.214.67): 9 Time(s) unknown (106.54.147.141): 9 Time(s) unknown (122.51.77.182): 9 Time(s) unknown (141.98.10.60): 9 Time(s) unknown (175.42.70.240): 9 Time(s) root (148.70.241.56): 8 Time(s) root (205.185.120.183): 8 Time(s) unknown (202.165.25.137): 8 Time(s) unknown (223.240.103.88): 8 Time(s) unknown (205.185.120.180): 7 Time(s) root (119.147.184.22): 6 Time(s) unknown (194.170.156.9): 6 Time(s) unknown (199.19.224.231): 6 Time(s) unknown (45.155.204.39): 6 Time(s) root (42.192.125.230): 5 Time(s) root (94.232.46.202): 5 Time(s) unknown (141.98.10.109): 5 Time(s) unknown (148.70.241.56): 5 Time(s) unknown (205.185.120.183): 5 Time(s) unknown (42.192.125.230): 5 Time(s) unknown (host-79-8-65-109.business.telecomitalia.it): 5 Time(s) unknown (111.93.214.67): 4 Time(s) unknown (119.147.184.22): 4 Time(s) unknown (124.160.96.249): 4 Time(s) unknown (94.153.161.234): 4 Time(s) root (139.198.121.86): 3 Time(s) root (195.54.166.135): 3 Time(s) unknown (106.51.80.198): 3 Time(s) unknown (116.110.121.105): 3 Time(s) unknown (190.145.224.18): 3 Time(s) unknown (45.135.232.159): 3 Time(s) unknown (77.81.151.203.sta.inet.co.th): 3 Time(s) root (77.81.151.203.sta.inet.co.th): 2 Time(s) unknown (106.244.10.2): 2 Time(s) unknown (117.7.122.163): 2 Time(s) unknown (141.98.10.121): 2 Time(s) unknown (141.98.10.63): 2 Time(s) unknown (171.227.197.219): 2 Time(s) unknown (2.56.59.39): 2 Time(s) unknown (h-155-4-0-67.a147.priv.bahnhof.se): 2 Time(s) backup (176.111.173.237): 1 Time(s) nobody (195.54.166.135): 1 Time(s) root (171.227.197.219): 1 Time(s) root (176.111.173.237): 1 Time(s) root (36.110.228.254): 1 Time(s) root (41.137.137.92): 1 Time(s) sshd (176.111.173.237): 1 Time(s) unknown (178.62.123.167): 1 Time(s) unknown (198.98.62.88): 1 Time(s) unknown (36.91.125.173): 1 Time(s) unknown (45.61.184.82.polisystems.cloud): 1 Time(s) unknown (5.2.69.50): 1 Time(s) www-data (176.111.173.237): 1 Time(s) Invalid Users: Unknown Account: 272 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 36 Miscellaneous warnings 12.479K Bytes accepted 12,779 12.479K Bytes sent via SMTP 12,779 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 6 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 6 Total 4xx Rejects 100.00% ======== ================================================== 70 Connections 50 Connections lost (inbound) 70 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 36.110.228.254: 1 time 41.137.137.92: 1 time 42.192.125.230: 5 times 58.58.133.130: 13 times 79.8.65.109 (host-79-8-65-109.business.telecomitalia.it): 14 times 94.232.46.202: 5 times 106.51.80.198 (106.51.80.198.actcorp.in): 13 times 106.54.147.141: 18 times 106.244.10.2: 17 times 111.93.214.67 (static-67.214.93.111-tataidc.co.in): 9 times 114.32.240.231 (114-32-240-231.hinet-ip.hinet.net): 27 times 119.147.184.22: 6 times 121.4.15.16: 33 times 122.51.77.182: 19 times 124.160.96.249: 18 times 128.134.30.40: 28 times 137.184.201.209 (wwweducontrol.cl): 83 times 139.198.121.86: 3 times 148.70.241.56: 8 times 159.65.11.227: 212 times 171.227.197.219 (dynamic-ip-adsl.viettel.vn): 1 time 175.42.70.240: 16 times 176.111.173.237: 4 times 186.96.159.6 (fixed-186-96-159-6.totalplay.net): 31 times 190.145.224.18: 13 times 194.170.156.9: 23 times 195.54.166.135: 4 times 202.165.25.137: 26 times 203.151.81.77 (77.81.151.203.sta.inet.co.th): 2 times 205.185.120.183 (torexit.pirate.biz): 8 times 223.240.103.88: 18 times Illegal users from: 2001:470:1:332::8: 1 time undef: 137 times 2.56.59.39 (branewsinfos.ddns.net): 2 times 2.57.122.233: 1 time 5.2.69.50: 1 time 36.91.125.173: 1 time 42.192.125.230: 5 times 45.61.184.82 (45.61.184.82.polisystems.cloud): 1 time 45.135.232.159: 3 times 45.155.204.39: 6 times 65.49.20.68 (scan-19.shadowserver.org): 1 time 79.8.65.109 (host-79-8-65-109.business.telecomitalia.it): 5 times 94.153.161.234 (94-153-161-234.ip.kyivstar.net): 4 times 106.51.80.198 (106.51.80.198.actcorp.in): 3 times 106.54.147.141: 9 times 106.244.10.2: 2 times 111.93.214.67 (static-67.214.93.111-tataidc.co.in): 4 times 114.32.240.231 (114-32-240-231.hinet-ip.hinet.net): 10 times 116.110.121.105: 3 times 117.7.122.163 (localhost): 2 times 119.147.184.22: 4 times 121.4.15.16: 16 times 122.51.77.182: 9 times 124.160.96.249: 4 times 128.134.30.40: 22 times 141.98.10.60: 9 times 141.98.10.63: 2 times 141.98.10.81: 12 times 141.98.10.109: 5 times 141.98.10.121: 2 times 148.70.241.56: 5 times 155.4.0.67 (h-155-4-0-67.A147.priv.bahnhof.se): 2 times 171.227.197.219 (dynamic-ip-adsl.viettel.vn): 2 times 175.42.70.240: 9 times 176.111.173.237: 19 times 178.62.123.167: 1 time 186.96.159.6 (fixed-186-96-159-6.totalplay.net): 16 times 190.145.224.18: 3 times 194.170.156.9: 6 times 195.54.166.135: 26 times 198.98.62.88: 1 time 199.19.224.231 (server.thewelloff.us): 6 times 202.165.25.137: 8 times 203.151.81.77 (77.81.151.203.sta.inet.co.th): 3 times 205.185.120.180: 7 times 205.185.120.183 (torexit.pirate.biz): 5 times 223.240.103.88: 8 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################