################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Jul 16 04:42:05 2021 Date Range Processed: yesterday ( 2021-Jul-15 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [162:164] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 9 sites probed the server 150.136.141.58 172.105.89.161 185.165.190.17 195.181.170.75 205.185.115.135 209.141.41.98 209.141.54.8 62.210.84.49 76.72.172.162 Requests with error response codes 400 Bad Request null: 18 Time(s) /: 10 Time(s) /_profiler/phpinfo: 1 Time(s) /c/version.js: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) HTTP/1.0: 1 Time(s) \x0B\xFC\xF4(a\xD7m\xDE\xB8\xA4\x5C\x05L\x ... &\xEDj\x03\x9E]: 1 Time(s) mstshash=Administr: 1 Time(s) 404 Not Found /robots.txt: 51 Time(s) /wp-login.php: 11 Time(s) /xmlrpc.php: 8 Time(s) /_profiler/phpinfo: 1 Time(s) /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 1 Time(s) /download/zapfev_satzung.pdf: 1 Time(s) /protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 1 Time(s) /protokolle/Protokoll_MV_12.11.2016.pdf: 1 Time(s) /resolutionen/wise15/che/positionspapier_wise15_che.pdf: 1 Time(s) /wp-content/plugins/formcraft/file-upload/ ... ile=tf2rghf.jpg: 1 Time(s) 500 Internal Server Error /: 21 Time(s) /.env: 2 Time(s) /favicon.ico: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.well-known/security.txt: 1 Time(s) //login_sid.lua: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /c/version.js: 1 Time(s) /cgi-bin/config.exp: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /robots.txt: 1 Time(s) /sitemap.xml: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (120.92.134.94): 70 Time(s) root (154.221.20.149): 70 Time(s) root (179.184.89.228): 70 Time(s) root (185.194.49.132): 70 Time(s) root (211.198.174.72): 70 Time(s) root (27.221.18.27): 70 Time(s) root (static-201-163-1-66.alestra.net.mx): 70 Time(s) root (v118-27-9-23.6lby.static.cnode.io): 70 Time(s) root (119.29.68.123): 66 Time(s) root (104.129.60.33): 63 Time(s) root (182.252.133.56): 58 Time(s) root (212.64.102.106): 57 Time(s) root (ip-148-72-22-191.ip.secureserver.net): 53 Time(s) root (138.68.64.178): 51 Time(s) root (106.13.226.227): 50 Time(s) root (119.204.96.131): 50 Time(s) root (128.199.118.165): 50 Time(s) root (129.204.64.9): 50 Time(s) root (129.226.150.149): 50 Time(s) root (167.71.53.124): 50 Time(s) root (168.234.16.43): 50 Time(s) root (41.76.175.133): 50 Time(s) root (58.32.11.150): 50 Time(s) root (61.51.111.187): 50 Time(s) root (62.234.97.207): 50 Time(s) root (120.132.13.206): 49 Time(s) root (120.70.100.88): 49 Time(s) root (159.65.150.151): 48 Time(s) root (201.32.178.190): 48 Time(s) root (174.138.0.130): 47 Time(s) root (121.4.105.116): 44 Time(s) root (187.157.153.167): 41 Time(s) root (181.49.154.26): 40 Time(s) root (20.83.32.5): 40 Time(s) root (118.194.233.231): 39 Time(s) root (218.90.138.98): 38 Time(s) root (161.35.59.177): 37 Time(s) root (106.13.140.138): 36 Time(s) root (121.141.70.72): 36 Time(s) unknown (176.111.173.212): 36 Time(s) root (111.67.207.156): 35 Time(s) root (111.161.74.118): 34 Time(s) root (121.5.154.247): 34 Time(s) root (116.12.50.133): 32 Time(s) root (167.71.185.113): 32 Time(s) root (138.197.125.199): 30 Time(s) root (42.193.184.229): 30 Time(s) root (cloud.powertel.co.id): 30 Time(s) root (128.199.102.242): 29 Time(s) root (49.232.204.97): 29 Time(s) root (128.199.112.240): 28 Time(s) root (154.113.0.220): 28 Time(s) root (64.227.29.26): 28 Time(s) root (v133-130-110-249.a039.g.tyo1.static.cnode.io): 28 Time(s) root (165.22.214.1): 27 Time(s) root (121.5.142.231): 26 Time(s) root (183.237.175.97): 26 Time(s) root (111.93.214.67): 22 Time(s) unknown (119.65.3.170): 22 Time(s) root (1.214.245.27): 20 Time(s) root (102.23.132.20): 18 Time(s) root (120.48.5.102): 18 Time(s) root (159.75.106.163): 18 Time(s) root (190.128.171.250): 17 Time(s) root (111.120.16.2): 12 Time(s) root (180.76.137.242): 12 Time(s) unknown (141.98.10.203): 12 Time(s) root (95.213.181.204): 11 Time(s) unknown (141.98.10.29): 9 Time(s) root (96-91-109-121-static.hfc.comcastbusiness.net): 8 Time(s) unknown (106.13.140.138): 7 Time(s) unknown (196.35.41.109): 7 Time(s) root (114.118.27.22): 6 Time(s) root (118.89.164.55): 6 Time(s) root (bras-base-ktnron060ww-grc-13-70-51-89-149.dsl.bell.ca): 6 Time(s) root (196.35.41.109): 5 Time(s) unknown (141.98.10.27): 5 Time(s) unknown (199.195.248.154): 4 Time(s) unknown (107.189.3.151): 3 Time(s) unknown (118.89.164.55): 3 Time(s) unknown (171.251.26.14): 3 Time(s) unknown (205.185.125.109): 3 Time(s) unknown (45.135.232.165): 3 Time(s) root (141.98.10.27): 2 Time(s) root (176.111.173.156): 2 Time(s) root (181.214.243.18): 2 Time(s) unknown (101.144-182-91.adsl-dyn.isp.belgacom.be): 2 Time(s) unknown (105-209-180-19.access.mtnbusiness.co.za): 2 Time(s) unknown (193.169.254.113): 2 Time(s) unknown (195.133.40.104): 2 Time(s) unknown (45.146.165.72): 2 Time(s) unknown (ip24-253-9-24.lv.lv.cox.net): 2 Time(s) backup (176.111.173.212): 1 Time(s) bin (45.146.165.72): 1 Time(s) mail (176.111.173.212): 1 Time(s) postgres (176.111.173.212): 1 Time(s) root (106.13.223.163): 1 Time(s) root (107.189.11.153): 1 Time(s) root (107.189.3.151): 1 Time(s) root (119.65.3.170): 1 Time(s) root (156.250.12.30): 1 Time(s) root (157.230.3.204): 1 Time(s) root (171.251.26.14): 1 Time(s) root (177.200.82.126): 1 Time(s) root (180.76.140.157): 1 Time(s) root (205.185.114.180): 1 Time(s) root (220.78.28.68): 1 Time(s) root (39.105.75.253): 1 Time(s) root (58.246.251.27): 1 Time(s) root (82.156.22.146): 1 Time(s) root (91.185.40.251): 1 Time(s) root (mx.samplejunction.com): 1 Time(s) unknown (116.12.50.133): 1 Time(s) unknown (116.98.169.131): 1 Time(s) unknown (171.232.240.55): 1 Time(s) unknown (176.111.173.156): 1 Time(s) Invalid Users: Unknown Account: 133 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 5 Miscellaneous warnings 18.629K Bytes accepted 19,076 18.629K Bytes sent via SMTP 19,076 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 5 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 5 Total 4xx Rejects 100.00% ======== ================================================== 426 Connections 287 Connections lost (inbound) 426 Disconnections 1 Removed from queue 1 Sent via SMTP 45 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 1.214.245.27: 20 times 20.83.32.5: 40 times 27.221.18.27: 70 times 39.105.75.253: 1 time 41.76.175.133: 50 times 42.193.184.229: 30 times 45.146.165.72: 1 time 49.232.204.97: 29 times 58.32.11.150: 50 times 58.246.251.27: 1 time 61.51.111.187: 50 times 62.234.97.207: 50 times 64.227.29.26: 28 times 70.51.89.149 (bras-base-ktnron060ww-grc-13-70-51-89-149.dsl.bell.ca): 6 times 82.156.22.146: 1 time 91.185.40.251 (91-185-40-251-cheremhovo.dsi.ru): 1 time 95.213.181.204: 11 times 96.91.109.121 (96-91-109-121-static.hfc.comcastbusiness.net): 8 times 102.23.132.20: 18 times 104.129.60.33 (104.129.60.33.static.quadranet.com): 63 times 106.13.140.138: 36 times 106.13.223.163: 1 time 106.13.226.227: 50 times 107.189.3.151: 1 time 107.189.11.153 (LuxembourgTor2): 1 time 111.67.207.156: 35 times 111.93.214.67 (static-67.214.93.111-tataidc.co.in): 22 times 111.120.16.2: 12 times 111.161.74.118 (dns118.online.tj.cn): 34 times 114.118.27.22: 6 times 116.12.50.133 (area.clanstergoog.com): 32 times 118.27.9.23 (v118-27-9-23.6lby.static.cnode.io): 70 times 118.89.164.55: 6 times 118.194.233.231: 39 times 119.29.68.123: 66 times 119.65.3.170: 1 time 119.204.96.131: 50 times 120.48.5.102: 18 times 120.70.100.88: 49 times 120.92.134.94: 70 times 120.132.13.206: 49 times 121.4.105.116: 44 times 121.5.142.231: 26 times 121.5.154.247: 34 times 121.141.70.72: 36 times 128.199.102.242: 29 times 128.199.112.240: 28 times 128.199.118.165: 50 times 129.204.64.9: 50 times 129.226.150.149: 50 times 133.130.110.249 (v133-130-110-249.a039.g.tyo1.static.cnode.io): 28 times 138.68.64.178: 51 times 138.197.125.199: 30 times 141.98.10.27: 2 times 148.72.22.191 (ip-148-72-22-191.ip.secureserver.net): 53 times 154.113.0.220 (www.mainone.net): 28 times 154.221.20.149: 70 times 156.250.12.30: 1 time 157.230.3.204: 1 time 159.65.150.151: 48 times 159.75.106.163: 18 times 161.35.59.177: 37 times 165.22.214.1: 27 times 167.71.53.124: 50 times 167.71.185.113: 32 times 168.234.16.43: 50 times 171.251.26.14 (dynamic-ip-adsl.viettel.vn): 1 time 174.138.0.130: 47 times 176.111.173.156: 2 times 176.111.173.212: 3 times 177.200.82.126: 1 time 179.184.89.228 (unimedcascavel.static.gvt.net.br): 70 times 180.76.137.242: 12 times 180.76.140.157: 1 time 181.49.154.26: 40 times 181.214.243.18: 2 times 182.252.133.56: 58 times 183.237.175.97: 26 times 185.194.49.132: 70 times 187.157.153.167 (customer-187-157-153-167-sta.uninet-ide.com.mx): 41 times 190.128.171.250 (static-250-171-128-190.telecel.com.py): 17 times 196.35.41.109: 5 times 201.32.178.190 (20132178190.telemar.net.br): 48 times 201.163.1.66 (static-201-163-1-66.alestra.net.mx): 70 times 203.190.55.213 (cloud.powertel.co.id): 30 times 205.185.114.180: 1 time 206.189.183.27 (mx.samplejunction.com): 1 time 211.198.174.72: 70 times 212.64.102.106: 57 times 218.90.138.98: 38 times 220.78.28.68: 1 time Illegal users from: undef: 87 times 24.253.9.24 (ip24-253-9-24.lv.lv.cox.net): 2 times 45.135.232.165: 3 times 45.146.165.72: 2 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 91.182.144.101 (101.144-182-91.adsl-dyn.isp.belgacom.be): 2 times 105.209.180.19 (105-209-180-19.access.mtnbusiness.co.za): 2 times 106.13.140.138: 7 times 107.189.3.151: 3 times 116.12.50.133 (area.clanstergoog.com): 1 time 116.98.169.131 (dynamic-ip-adsl.viettel.vn): 1 time 118.89.164.55: 3 times 119.65.3.170: 22 times 141.98.10.27: 5 times 141.98.10.29: 9 times 141.98.10.203: 12 times 171.232.240.55 (dynamic-ip-adsl.viettel.vn): 1 time 171.251.26.14 (dynamic-ip-adsl.viettel.vn): 3 times 176.111.173.156: 1 time 176.111.173.212: 36 times 178.73.215.171 (178-73-215-171-static.glesys.net): 1 time 193.169.254.113: 2 times 195.133.40.104: 2 times 196.35.41.109: 7 times 199.195.248.154: 4 times 205.185.125.109: 3 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################