################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Nov 12 04:42:05 2021 Date Range Processed: yesterday ( 2021-Nov-11 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 65:65 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 8 sites probed the server 122.51.162.65 163.125.211.28 178.239.21.162 185.163.109.66 198.98.56.220 205.185.124.100 209.97.140.27 34.230.15.115 Requests with error response codes 400 Bad Request null: 15 Time(s) mstshash=Administr: 6 Time(s) /: 2 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /config/getuser?index=0: 2 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 499 (undefined) /config.json: 1 Time(s) 500 Internal Server Error /: 57 Time(s) /.env: 7 Time(s) /robots.txt: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.DS_Store: 1 Time(s) /.json: 1 Time(s) /.well-known/security.txt: 1 Time(s) ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /autodiscover/autodiscover.json?(a)evil.corp ... on%3F(a)evil.corp: 1 Time(s) /console/: 1 Time(s) /debug/default/view?panel=config: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /favicon.ico: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /login.action: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /s/lkx/_/;/META-INF/maven/com.atlassian.ji ... /pom.properties: 1 Time(s) /server-status: 1 Time(s) /sitemap.xml: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) /wp-login.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (8.225.226.100): 60 Time(s) root (139.59.102.170): 30 Time(s) root (122.160.82.93): 29 Time(s) unknown (82.156.110.55): 29 Time(s) root (49.233.44.150): 28 Time(s) root (59-124-157-10.hinet-ip.hinet.net): 26 Time(s) unknown (195.54.166.135): 25 Time(s) root (122.51.52.154): 24 Time(s) root (186.16.210.34): 19 Time(s) root (60.30.98.194): 19 Time(s) unknown (176.111.173.237): 17 Time(s) root (45.114.192.154): 16 Time(s) root (43.129.221.217): 15 Time(s) unknown (122.160.82.93): 15 Time(s) root (113.120.25.144): 14 Time(s) unknown (59-124-157-10.hinet-ip.hinet.net): 14 Time(s) root (3.35.199.104.bc.googleusercontent.com): 12 Time(s) unknown (122.51.52.154): 12 Time(s) root (176.111.173.237): 11 Time(s) unknown (186.16.210.34): 11 Time(s) unknown (45.114.192.154): 10 Time(s) unknown (49.233.44.150): 10 Time(s) unknown (139.59.102.170): 9 Time(s) unknown (3.35.199.104.bc.googleusercontent.com): 9 Time(s) unknown (60.30.98.194): 9 Time(s) unknown (141.98.10.142): 8 Time(s) root (195.54.166.135): 7 Time(s) root (119.96.173.87): 6 Time(s) root (189.28.246.10): 6 Time(s) unknown (136.144.41.253): 6 Time(s) unknown (141.98.10.81): 6 Time(s) root (82.156.110.55): 5 Time(s) unknown (43.129.221.217): 5 Time(s) root (113.128.27.100): 4 Time(s) root (113.128.8.243): 4 Time(s) root (122.4.41.126): 4 Time(s) unknown (194.61.26.211): 4 Time(s) unknown (2.56.59.39): 4 Time(s) unknown (117.7.122.163): 3 Time(s) unknown (119.96.173.87): 3 Time(s) unknown (185.217.1.246): 3 Time(s) unknown (193.169.254.138): 3 Time(s) unknown (203.128.242.166): 3 Time(s) unknown (209.141.33.121): 3 Time(s) unknown (8.225.226.100): 3 Time(s) unknown (smtp4.achtungumbedingt.de): 3 Time(s) root (113.120.31.172): 2 Time(s) root (113.128.25.197): 2 Time(s) root (157.38.40.69): 2 Time(s) unknown (113.120.31.172): 2 Time(s) unknown (116.98.173.197): 2 Time(s) unknown (119.131.209.186): 2 Time(s) unknown (185.31.175.220): 2 Time(s) unknown (187.169.52.254): 2 Time(s) unknown (2-238-147-10.ip244.fastwebnet.it): 2 Time(s) unknown (205.185.120.180): 2 Time(s) unknown (37.34.251.240): 2 Time(s) unknown (46.210.27.89): 2 Time(s) postfix (195.54.166.135): 1 Time(s) root (116.105.172.27): 1 Time(s) root (116.52.144.172): 1 Time(s) root (117.197.14.64): 1 Time(s) root (117.50.129.4): 1 Time(s) root (203.128.242.166): 1 Time(s) root (39.98.41.130): 1 Time(s) root (cpe-76-176-69-186.san.res.rr.com): 1 Time(s) unknown (113.120.25.144): 1 Time(s) unknown (113.128.27.100): 1 Time(s) unknown (113.128.8.243): 1 Time(s) unknown (115.76.90.178): 1 Time(s) unknown (116.105.172.27): 1 Time(s) unknown (122.4.41.126): 1 Time(s) unknown (190.107.171.105): 1 Time(s) unknown (201.137.76.128): 1 Time(s) unknown (209.141.44.165): 1 Time(s) unknown (212.192.246.95): 1 Time(s) unknown (23.129.64.137): 1 Time(s) unknown (61.163.197.177): 1 Time(s) uucp (176.111.173.237): 1 Time(s) uucp (195.54.166.135): 1 Time(s) Invalid Users: Unknown Account: 257 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 39 Miscellaneous warnings 14.982K Bytes accepted 15,342 14.982K Bytes sent via SMTP 15,342 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 5 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 5 Total 4xx Rejects 100.00% ======== ================================================== 226 Connections 45 Connections lost (inbound) 226 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 8.225.226.100: 60 times 39.98.41.130: 1 time 43.129.221.217: 15 times 45.114.192.154 (154-192-114-45.intechonline.net): 16 times 49.233.44.150: 28 times 59.124.157.10 (59-124-157-10.hinet-ip.hinet.net): 26 times 60.30.98.194 (no-data): 19 times 76.176.69.186 (cpe-76-176-69-186.san.res.rr.com): 1 time 82.156.110.55: 5 times 104.199.35.3 (3.35.199.104.bc.googleusercontent.com): 12 times 113.120.25.144: 14 times 113.120.31.172: 2 times 113.128.8.243: 4 times 113.128.25.197: 2 times 113.128.27.100: 4 times 116.52.144.172: 1 time 116.105.172.27: 1 time 117.50.129.4: 1 time 117.197.14.64: 1 time 119.96.173.87: 6 times 122.4.41.126 (126.41.4.122.broad.jn.sd.dynamic.163data.com.cn): 4 times 122.51.52.154: 24 times 122.160.82.93 (abts-north-static-093.82.160.122.airtelbroadband.in): 29 times 139.59.102.170: 30 times 157.38.40.69: 2 times 176.111.173.237: 12 times 186.16.210.34 (pool-34-210-16-186.telecel.com.py): 19 times 189.28.246.10 (189-28-246-10.clientes.cilnet.com.br): 6 times 195.54.166.135: 9 times 203.128.242.166: 1 time Illegal users from: 2001:470:1:c84::30: 1 time undef: 167 times 2.56.59.39 (branewsinfos.ddns.net): 4 times 2.238.147.10 (2-238-147-10.ip244.fastwebnet.it): 2 times 8.225.226.100: 3 times 23.129.64.137: 1 time 37.34.251.240: 2 times 43.129.221.217: 5 times 45.114.192.154 (154-192-114-45.intechonline.net): 10 times 46.210.27.89: 2 times 49.233.44.150: 10 times 59.124.157.10 (59-124-157-10.hinet-ip.hinet.net): 14 times 60.30.98.194 (no-data): 9 times 61.163.197.177 (hn.ly.kd.adsl): 1 time 65.49.20.69 (scan-20.shadowserver.org): 1 time 82.156.110.55: 29 times 104.199.35.3 (3.35.199.104.bc.googleusercontent.com): 9 times 107.189.30.134 (smtp4.achtungumbedingt.de): 3 times 113.120.25.144: 1 time 113.120.31.172: 2 times 113.128.8.243: 1 time 113.128.27.100: 1 time 115.76.90.178 (adsl.viettel.vn): 1 time 116.98.173.197 (dynamic-ip-adsl.viettel.vn): 2 times 116.105.172.27: 1 time 117.7.122.163 (localhost): 3 times 119.96.173.87: 3 times 119.131.209.186: 2 times 122.4.41.126 (126.41.4.122.broad.jn.sd.dynamic.163data.com.cn): 1 time 122.51.52.154: 12 times 122.160.82.93 (abts-north-static-093.82.160.122.airtelbroadband.in): 15 times 136.144.41.253: 6 times 139.59.102.170: 9 times 141.98.10.81: 6 times 141.98.10.142 (rectum-bounders.oinkhow.net): 8 times 176.111.173.237: 17 times 178.73.215.171 (178-73-215-171-static.glesys.net): 1 time 185.31.175.220: 2 times 185.217.1.246: 3 times 186.16.210.34 (pool-34-210-16-186.telecel.com.py): 11 times 187.169.52.254 (dsl-187-169-52-254-dyn.prod-infinitum.com.mx): 2 times 190.107.171.105: 1 time 193.169.254.138: 3 times 194.61.26.211: 4 times 195.54.166.135: 25 times 201.137.76.128 (dsl-201-137-76-128-dyn.prod-infinitum.com.mx): 1 time 203.128.242.166: 3 times 205.185.120.180: 2 times 209.141.33.121: 3 times 209.141.44.165: 1 time 212.192.246.95 (programssearch.earacheevince.com): 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################