################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Nov 4 04:42:04 2021 Date Range Processed: yesterday ( 2021-Nov-03 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 59:59 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 143.198.136.88 -> leakix.net:443: 1 Time(s) 185.53.90.24 -> zapf.wiki:443: 2 Time(s) A total of 8 sites probed the server 159.89.197.120 161.35.230.3 185.165.190.17 209.141.51.171 222.114.215.49 5.8.10.202 66.240.205.34 94.102.49.193 Requests with error response codes 400 Bad Request null: 14 Time(s) /ab2g: 5 Time(s) /ab2h: 5 Time(s) /: 4 Time(s) /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 2 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /config/getuser?index=0: 2 Time(s) zapf.wiki:443: 2 Time(s) /.env: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) \x00\x00\x00\x00: 1 Time(s) \xF6N\xC3\x86\xB9\x98\x83\xDC\xE3-k\x08+\x ... x09\xC0\x14\xC0: 1 Time(s) \xFC\xDFM\xCF\x9C\xD2`U\xA6>wR\xD1\x7F;\x8 ... x09\xC0\x14\xC0: 1 Time(s) leakix.net:443: 1 Time(s) }: 1 Time(s) 499 (undefined) /me: 1 Time(s) 500 Internal Server Error /: 18 Time(s) /.env: 5 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.DS_Store: 1 Time(s) /.git/config: 1 Time(s) /.json: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /api/search?folderIds=0: 1 Time(s) /bag2: 1 Time(s) /config.json: 1 Time(s) /console/: 1 Time(s) /debug/default/view?panel=config: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /frontend_dev.php/$: 1 Time(s) /idx_config/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /info.php: 1 Time(s) /login: 1 Time(s) /login.action: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /s/lkx/_/;/META-INF/maven/com.atlassian.ji ... /pom.properties: 1 Time(s) /server-status: 1 Time(s) /telescope/requests: 1 Time(s) /users/sign_in: 1 Time(s) /v2/_catalog: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) /wp-login.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (gurlstalk.com): 69 Time(s) root (103.72.147.23): 40 Time(s) unknown (218.104.225.140): 40 Time(s) root (131.72.127.222): 39 Time(s) root (132.232.230.220): 39 Time(s) root (134.209.64.28): 38 Time(s) root (152.136.129.89): 38 Time(s) root (1.117.12.193): 37 Time(s) root (200.52.80.34): 37 Time(s) root (152.136.107.21): 35 Time(s) root (103.162.196.76): 34 Time(s) root (125.141.139.29): 34 Time(s) root (186.208.114.100): 34 Time(s) root (122.51.145.200): 33 Time(s) root (66.98.45.242): 31 Time(s) root (218.104.225.140): 24 Time(s) root (42.193.104.220): 24 Time(s) root (dsl51b6f8c1.fixip.t-online.hu): 24 Time(s) root (139.198.27.217): 22 Time(s) root (static.48.60.21.65.clients.your-server.de): 21 Time(s) unknown (66.98.45.242): 19 Time(s) root (189.139.65.6): 18 Time(s) unknown (163.172.216.82): 18 Time(s) root (175.42.70.240): 17 Time(s) root (163.172.216.82): 16 Time(s) unknown (125.141.139.29): 16 Time(s) unknown (186.208.114.100): 16 Time(s) unknown (122.51.145.200): 15 Time(s) unknown (141.98.10.60): 15 Time(s) unknown (152.136.107.21): 15 Time(s) root (server.fri.mom.mybluehost.me): 14 Time(s) unknown (141.98.10.63): 14 Time(s) root (138.197.149.97): 13 Time(s) root (36.91.119.221): 13 Time(s) unknown (103.162.196.76): 13 Time(s) root (103.233.1.53): 12 Time(s) unknown (1.117.12.193): 12 Time(s) unknown (134.209.64.28): 12 Time(s) unknown (152.136.129.89): 12 Time(s) unknown (200.52.80.34): 12 Time(s) unknown (static.48.60.21.65.clients.your-server.de): 12 Time(s) root (143.110.248.63): 11 Time(s) root (49.232.223.172): 11 Time(s) unknown (131.72.127.222): 11 Time(s) unknown (175.42.70.240): 11 Time(s) root (v-182-163-90-49.ub-freebit.net): 10 Time(s) unknown (103.72.147.23): 10 Time(s) unknown (139.198.27.217): 10 Time(s) root (106.52.187.68): 9 Time(s) root (c-68-38-202-145.hsd1.in.comcast.net): 9 Time(s) unknown (106.52.187.68): 9 Time(s) unknown (138.197.149.97): 9 Time(s) unknown (49.232.223.172): 9 Time(s) root (117.50.129.4): 8 Time(s) unknown (189.139.65.6): 8 Time(s) unknown (42.193.104.220): 8 Time(s) unknown (103.233.1.53): 7 Time(s) unknown (132.232.230.220): 7 Time(s) unknown (143.110.248.63): 7 Time(s) unknown (36.91.119.221): 5 Time(s) unknown (dsl51b6f8c1.fixip.t-online.hu): 5 Time(s) unknown (205.185.120.180): 4 Time(s) unknown (server.fri.mom.mybluehost.me): 4 Time(s) root (p54b2bab7.dip0.t-ipconnect.de): 3 Time(s) unknown (116.110.121.9): 3 Time(s) unknown (117.50.129.4): 3 Time(s) unknown (117.7.122.163): 3 Time(s) unknown (141.98.10.109): 3 Time(s) unknown (185.90.136.171): 3 Time(s) unknown (209.141.55.232): 3 Time(s) unknown (amazoncojpbation.ga): 3 Time(s) unknown (v-182-163-90-49.ub-freebit.net): 3 Time(s) unknown (116.110.99.56): 2 Time(s) unknown (125.137.212.85): 2 Time(s) unknown (5.206.227.16): 2 Time(s) unknown (ip68-97-206-192.ok.ok.cox.net): 2 Time(s) unknown (lfbn-tln-1-141-109.w90-119.abo.wanadoo.fr): 2 Time(s) unknown (net-109-116-213-77.cust.vodafonedsl.it): 2 Time(s) unknown (p54b2bab7.dip0.t-ipconnect.de): 2 Time(s) irc (200.52.80.34): 1 Time(s) irc (dsl51b6f8c1.fixip.t-online.hu): 1 Time(s) mysql (152.136.107.21): 1 Time(s) root (103.93.17.149): 1 Time(s) root (115.76.92.187): 1 Time(s) root (116.110.69.4): 1 Time(s) root (185.90.136.171): 1 Time(s) root (36.133.216.195): 1 Time(s) unknown (116.105.75.56): 1 Time(s) unknown (116.110.69.4): 1 Time(s) unknown (119.57.156.38): 1 Time(s) unknown (124.41.213.166): 1 Time(s) unknown (188.126.89.58): 1 Time(s) unknown (188.126.89.76): 1 Time(s) unknown (210.211.117.212): 1 Time(s) unknown (213.202.216.189): 1 Time(s) unknown (45.13.104.179): 1 Time(s) unknown (45.153.160.139): 1 Time(s) unknown (49.234.22.220): 1 Time(s) unknown (68.166.134.74): 1 Time(s) unknown (c-68-38-202-145.hsd1.in.comcast.net): 1 Time(s) unknown (tor-exit-relay-5.anonymizing-proxy.digitalcourage.de): 1 Time(s) Invalid Users: Unknown Account: 417 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 15.560K Bytes accepted 15,933 15.560K Bytes sent via SMTP 15,933 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 8 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 8 Total 4xx Rejects 100.00% ======== ================================================== 225 Connections 14 Connections lost (inbound) 225 Disconnections 1 Removed from queue 1 Sent via SMTP 29 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.117.12.193: 37 times 36.91.119.221: 13 times 36.133.216.195: 1 time 42.193.104.220: 24 times 49.232.223.172: 11 times 65.21.60.48 (static.48.60.21.65.clients.your-server.de): 21 times 66.98.45.242 (242.45.98.66.f.static.claro.net.do): 31 times 68.38.202.145 (c-68-38-202-145.hsd1.in.comcast.net): 9 times 81.182.248.193 (dsl51B6F8C1.fixip.t-online.hu): 25 times 84.178.186.183 (p54b2bab7.dip0.t-ipconnect.de): 3 times 103.72.147.23: 40 times 103.93.17.149 (web1.acmepadm.com): 1 time 103.162.196.76: 34 times 103.233.1.53 (server.vps.ull): 12 times 104.248.168.195 (gurlstalk.com): 69 times 106.52.187.68: 9 times 115.76.92.187 (adsl.viettel.vn): 1 time 116.110.69.4: 1 time 117.50.129.4: 8 times 122.51.145.200: 33 times 125.141.139.29: 34 times 131.72.127.222 (131-72-127-222.speedzone.com.br): 39 times 132.232.230.220: 39 times 134.209.64.28: 38 times 138.197.149.97: 13 times 139.198.27.217: 22 times 143.110.248.63 (lpsonline.in): 11 times 152.136.107.21: 36 times 152.136.129.89: 38 times 162.241.94.40 (server.fri.mom.mybluehost.me): 14 times 163.172.216.82 (163-172-216-82.rev.poneytelecom.eu): 16 times 175.42.70.240: 17 times 182.163.90.49 (v-182-163-90-49.ub-freebit.net): 10 times 185.90.136.171: 1 time 186.208.114.100 (186-208-114-100.gotelecom.com.br): 34 times 189.139.65.6 (dsl-189-139-65-6-dyn.prod-infinitum.com.mx): 18 times 200.52.80.34 (34.80.52.200.in-addr.arpa): 38 times 218.104.225.140: 24 times Illegal users from: 2001:470:1:c84::23: 1 time undef: 273 times 1.117.12.193: 12 times 5.206.227.16 (blackslaves): 2 times 36.91.119.221: 5 times 42.193.104.220: 8 times 45.13.104.179 (nosoignons.cust.milkywan.net): 1 time 45.153.160.139: 1 time 49.232.223.172: 9 times 49.234.22.220: 1 time 65.21.60.48 (static.48.60.21.65.clients.your-server.de): 12 times 65.49.20.68 (scan-19.shadowserver.org): 1 time 66.98.45.242 (242.45.98.66.f.static.claro.net.do): 19 times 68.38.202.145 (c-68-38-202-145.hsd1.in.comcast.net): 1 time 68.97.206.192 (ip68-97-206-192.ok.ok.cox.net): 2 times 68.166.134.74 (h-68-166-134-74.lsan.ca.dynamic.globalcapacity.com): 1 time 81.182.248.193 (dsl51B6F8C1.fixip.t-online.hu): 5 times 84.178.186.183 (p54b2bab7.dip0.t-ipconnect.de): 2 times 90.119.109.109 (lfbn-tln-1-141-109.w90-119.abo.wanadoo.fr): 2 times 103.72.147.23: 10 times 103.162.196.76: 13 times 103.233.1.53 (server.vps.ull): 7 times 106.52.187.68: 9 times 109.116.213.77 (net-109-116-213-77.cust.vodafonedsl.it): 2 times 116.105.75.56: 1 time 116.110.69.4: 1 time 116.110.99.56: 2 times 116.110.121.9: 3 times 117.7.122.163 (localhost): 3 times 117.50.6.160: 1 time 117.50.129.4: 3 times 119.57.156.38: 1 time 122.51.145.200: 15 times 124.41.213.166: 1 time 125.137.212.85: 2 times 125.141.139.29: 16 times 131.72.127.222 (131-72-127-222.speedzone.com.br): 11 times 132.232.230.220: 7 times 134.209.64.28: 12 times 138.197.149.97: 9 times 139.198.27.217: 10 times 141.98.10.60: 15 times 141.98.10.63: 14 times 141.98.10.109: 3 times 143.110.248.63 (lpsonline.in): 7 times 152.136.107.21: 15 times 152.136.129.89: 12 times 154.89.5.43: 1 time 162.241.94.40 (server.fri.mom.mybluehost.me): 4 times 163.172.216.82 (163-172-216-82.rev.poneytelecom.eu): 18 times 165.227.137.85: 1 time 175.42.70.240: 11 times 182.163.90.49 (v-182-163-90-49.ub-freebit.net): 3 times 185.90.136.171: 3 times 185.220.102.251 (tor-exit-relay-5.anonymizing-proxy.digitalcourage.de): 1 time 186.208.114.100 (186-208-114-100.gotelecom.com.br): 16 times 188.126.89.58: 1 time 188.126.89.76: 1 time 189.139.65.6 (dsl-189-139-65-6-dyn.prod-infinitum.com.mx): 8 times 200.52.80.34 (34.80.52.200.in-addr.arpa): 12 times 205.185.120.180: 4 times 209.141.55.232: 3 times 209.141.59.184 (amazoncojpbation.ga): 3 times 210.211.117.212: 1 time 213.202.216.189 (h176.helix.dedi.server-hosting.expert): 1 time 218.104.225.140: 40 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################