################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Nov 9 04:42:05 2021 Date Range Processed: yesterday ( 2021-Nov-08 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 35:36 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 34.150.118.61 -> www.ebay.com:443: 1 Time(s) A total of 8 sites probed the server 185.156.72.52 195.189.249.246 20.113.84.200 20.115.45.159 45.134.225.20 51.132.227.163 66.240.205.34 87.251.64.122 Requests with error response codes 400 Bad Request null: 9 Time(s) /ab2g: 8 Time(s) /ab2h: 8 Time(s) /: 2 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /socket.io/?noteId=eYfmXWgBQ0yVAUU-_38aXw& ... 5uYE7rgXY0tAAF4: 2 Time(s) /socket.io/?noteId=robots.txt&EIO=3&transp ... 77f1FLvAMlgAAF6: 2 Time(s) mstshash=Administr: 2 Time(s) /.env: 1 Time(s) /bag2: 1 Time(s) /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... l0eQVkYZoxxAAFt: 1 Time(s) /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... myop0b5ea-OAAFv: 1 Time(s) /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... p9d-x8zk7hDAAFu: 1 Time(s) /socket.io/?noteId=eYfmXWgBQ0yVAUU-_38aXw& ... 0bpxpBbHbJeAAF2: 1 Time(s) /socket.io/?noteId=eYfmXWgBQ0yVAUU-_38aXw& ... nEzjtiC1X2hAAF3: 1 Time(s) /socket.io/?noteId=qXBbf3-lTLeNXg6uA9YKsA& ... 1yMmQ4WESKAAAFz: 1 Time(s) /socket.io/?noteId=qXBbf3-lTLeNXg6uA9YKsA& ... 939FMadchMnAAFy: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) www.ebay.com:443: 1 Time(s) 404 Not Found /berlin/team/apple-touch-icon.png: 1 Time(s) 499 (undefined) /: 1 Time(s) /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... iPhqir18xm0AAFw: 1 Time(s) /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... l0eQVkYZoxxAAFt: 1 Time(s) /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... myop0b5ea-OAAFv: 1 Time(s) /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... p9d-x8zk7hDAAFu: 1 Time(s) /socket.io/?noteId=eYfmXWgBQ0yVAUU-_38aXw& ... 0bpxpBbHbJeAAF2: 1 Time(s) /socket.io/?noteId=eYfmXWgBQ0yVAUU-_38aXw& ... 5uYE7rgXY0tAAF4: 1 Time(s) /socket.io/?noteId=eYfmXWgBQ0yVAUU-_38aXw& ... nEzjtiC1X2hAAF3: 1 Time(s) /socket.io/?noteId=qXBbf3-lTLeNXg6uA9YKsA& ... 1yMmQ4WESKAAAFz: 1 Time(s) /socket.io/?noteId=qXBbf3-lTLeNXg6uA9YKsA& ... 939FMadchMnAAFy: 1 Time(s) /socket.io/?noteId=qXBbf3-lTLeNXg6uA9YKsA& ... qG4quJC-lgEAAF0: 1 Time(s) 500 Internal Server Error /: 55 Time(s) /.env: 46 Time(s) /robots.txt: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /favicon.ico: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s) /solr/: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (137.184.201.209): 44 Time(s) root (46.242.131.56): 39 Time(s) root (104.248.162.212): 37 Time(s) root (112.216.122.83): 35 Time(s) root (175.27.228.193): 35 Time(s) root (softbank126077170137.bbtec.net): 35 Time(s) root (103.70.244.85): 32 Time(s) root (42.193.96.15): 30 Time(s) root (49.81.233.127): 30 Time(s) root (167.99.67.92): 29 Time(s) root (121.4.94.81): 26 Time(s) unknown (167.99.67.92): 21 Time(s) root (61.250.146.12): 20 Time(s) root (106.54.147.141): 19 Time(s) root (168.121.104.115): 18 Time(s) unknown (103.70.244.85): 18 Time(s) root (49.234.105.203): 15 Time(s) unknown (112.216.122.83): 15 Time(s) unknown (softbank126077170137.bbtec.net): 15 Time(s) root (202.192.34.106): 14 Time(s) root (159.75.125.15): 13 Time(s) unknown (104.248.162.212): 13 Time(s) unknown (175.27.228.193): 13 Time(s) unknown (195.54.166.135): 13 Time(s) root (167.172.145.53): 11 Time(s) unknown (46.242.131.56): 11 Time(s) root (106.37.183.34): 10 Time(s) root (110.45.147.77): 10 Time(s) unknown (110.45.147.77): 10 Time(s) unknown (121.4.94.81): 10 Time(s) unknown (159.75.125.15): 10 Time(s) unknown (49.81.233.127): 9 Time(s) unknown (42.193.96.15): 8 Time(s) unknown (49.234.105.203): 8 Time(s) unknown (168.121.104.115): 7 Time(s) root (123.185.222.171): 6 Time(s) root (123.185.222.194): 6 Time(s) root (177.249.47.177): 6 Time(s) unknown (61.250.146.12): 6 Time(s) root (115.159.90.189): 5 Time(s) root (36.133.83.144): 5 Time(s) unknown (202.192.34.106): 5 Time(s) unknown (36.133.83.144): 5 Time(s) root (cpe-24-208-240-75.columbus.res.rr.com): 4 Time(s) unknown (106.37.183.34): 4 Time(s) unknown (141.98.10.60): 4 Time(s) root (195.54.166.135): 3 Time(s) unknown (106.54.147.141): 3 Time(s) unknown (116.98.171.40): 3 Time(s) unknown (117.7.122.163): 3 Time(s) unknown (123.185.222.171): 3 Time(s) unknown (167.172.145.53): 3 Time(s) unknown (199.19.224.231): 3 Time(s) unknown (45.155.204.39): 3 Time(s) unknown (amazoncojpbation.ga): 3 Time(s) root (94.232.46.202): 2 Time(s) unknown (115.159.90.189): 2 Time(s) unknown (141.98.10.63): 2 Time(s) unknown (141.98.10.81): 2 Time(s) unknown (141.98.10.82): 2 Time(s) unknown (59.46.229.165): 2 Time(s) mysql (167.172.145.53): 1 Time(s) postgres (36.133.83.144): 1 Time(s) root (116.98.171.40): 1 Time(s) root (79.120.54.174): 1 Time(s) unknown (176.111.173.237): 1 Time(s) unknown (176.111.173.238): 1 Time(s) unknown (185.100.87.72): 1 Time(s) unknown (27.64.28.130): 1 Time(s) unknown (45.153.160.132): 1 Time(s) unknown (cpe-24-208-240-75.columbus.res.rr.com): 1 Time(s) Invalid Users: Unknown Account: 245 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 23 Miscellaneous warnings 15.281K Bytes accepted 15,648 15.281K Bytes sent via SMTP 15,648 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 54 Connections 39 Connections lost (inbound) 54 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 24.208.240.75 (cpe-24-208-240-75.columbus.res.rr.com): 4 times 36.133.83.144: 6 times 42.193.96.15: 30 times 46.242.131.56 (1540105-667.iaas.home-whs.pl): 39 times 49.81.233.127: 30 times 49.234.105.203: 15 times 61.250.146.12: 20 times 79.120.54.174: 1 time 94.232.46.202: 2 times 103.70.244.85: 32 times 104.248.162.212: 37 times 106.37.183.34 (34.183.37.106.static.bjtelecom.net): 10 times 106.54.147.141: 19 times 110.45.147.77: 10 times 112.216.122.83: 35 times 115.159.90.189: 5 times 116.98.171.40 (dynamic-ip-adsl.viettel.vn): 1 time 121.4.94.81: 26 times 123.185.222.171 (171.222.185.123.broad.dl.ln.dynamic.163data.com.cn): 6 times 123.185.222.194 (194.222.185.123.broad.dl.ln.dynamic.163data.com.cn): 6 times 126.77.170.137 (softbank126077170137.bbtec.net): 35 times 137.184.201.209 (wwweducontrol.cl): 44 times 159.75.125.15: 13 times 167.99.67.92: 29 times 167.172.145.53: 12 times 168.121.104.115: 18 times 175.27.228.193: 35 times 177.249.47.177 (177.249.47.177-clientes-zap-izzi.mx): 6 times 195.54.166.135: 3 times 202.192.34.106: 14 times Illegal users from: 2001:470:1:c84::18: 1 time undef: 146 times 24.208.240.75 (cpe-24-208-240-75.columbus.res.rr.com): 1 time 27.64.28.130 (localhost): 1 time 36.133.83.144: 5 times 42.193.96.15: 8 times 45.153.160.132: 1 time 45.155.204.39: 3 times 46.242.131.56 (1540105-667.iaas.home-whs.pl): 11 times 49.81.233.127: 9 times 49.234.105.203: 8 times 59.46.229.165: 2 times 61.250.146.12: 6 times 65.49.20.66 (scan-17.shadowserver.org): 1 time 103.70.244.85: 18 times 104.248.162.212: 13 times 106.37.183.34 (34.183.37.106.static.bjtelecom.net): 4 times 106.54.147.141: 3 times 110.45.147.77: 10 times 112.216.122.83: 15 times 115.159.90.189: 2 times 116.98.171.40 (dynamic-ip-adsl.viettel.vn): 3 times 117.7.122.163 (localhost): 3 times 121.4.94.81: 10 times 123.185.222.171 (171.222.185.123.broad.dl.ln.dynamic.163data.com.cn): 3 times 126.77.170.137 (softbank126077170137.bbtec.net): 15 times 141.98.10.60: 4 times 141.98.10.63: 2 times 141.98.10.81: 2 times 141.98.10.82: 2 times 159.75.125.15: 10 times 167.99.67.92: 21 times 167.172.145.53: 3 times 168.121.104.115: 7 times 175.27.228.193: 13 times 176.111.173.237: 1 time 176.111.173.238: 1 time 185.100.87.72 (iclnm.worlpeed.net): 1 time 195.54.166.135: 13 times 199.19.224.231 (server.thewelloff.us): 3 times 202.192.34.106: 5 times 209.141.59.184 (amazoncojpbation.ga): 3 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################