################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Jul 7 04:42:05 2021 Date Range Processed: yesterday ( 2021-Jul-06 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [217:219] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 11 sites probed the server 101.187.147.238 103.145.13.120 178.128.238.137 20.150.209.28 209.141.41.98 34.86.35.12 5.188.210.227 52.175.72.228 54.86.145.139 62.171.133.153 94.102.49.193 Requests with error response codes 400 Bad Request null: 19 Time(s) mstshash=Administr: 3 Time(s) /: 2 Time(s) /admin/config.php: 2 Time(s) /%00/example.com/: 1 Time(s) /config/getuser?index=0: 1 Time(s) /ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f ... %2fetc%2fpasswd: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) \x84\xB4,\x85\xAFn\xE3Y\xBBbhl\xFF(=':\xA9 ... B9\x90\x00(\xC0: 1 Time(s) http://5.188.210.227/echo.php: 1 Time(s) mstshash=hello: 1 Time(s) 404 Not Found /robots.txt: 33 Time(s) /wp-login.php: 17 Time(s) //2019/wp-includes/wlwmanifest.xml: 2 Time(s) //blog/wp-includes/wlwmanifest.xml: 2 Time(s) //cms/wp-includes/wlwmanifest.xml: 2 Time(s) //news/wp-includes/wlwmanifest.xml: 2 Time(s) //shop/wp-includes/wlwmanifest.xml: 2 Time(s) //site/wp-includes/wlwmanifest.xml: 2 Time(s) //sito/wp-includes/wlwmanifest.xml: 2 Time(s) //test/wp-includes/wlwmanifest.xml: 2 Time(s) //web/wp-includes/wlwmanifest.xml: 2 Time(s) //website/wp-includes/wlwmanifest.xml: 2 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 2 Time(s) //wp-includes/wlwmanifest.xml: 2 Time(s) //wp/wp-includes/wlwmanifest.xml: 2 Time(s) //wp1/wp-includes/wlwmanifest.xml: 2 Time(s) //wp2/wp-includes/wlwmanifest.xml: 2 Time(s) //xmlrpc.php?rsd: 2 Time(s) /wp-content/uploads/upload_index.php?auth=hash: 2 Time(s) /.git/HEAD: 1 Time(s) //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //2020/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) /backup.sql: 1 Time(s) /dump.sql: 1 Time(s) /home/verein: 1 Time(s) /reader/2017_SoSe_Berlin.pdf%7C: 1 Time(s) /resolutionen/wise15/Transparenz_in_der_Dr ... sparenz_in_der_: 1 Time(s) /sites/default/files/1983_WiSe_Darmstadt.pdf: 1 Time(s) /sites/default/files/2001_SoSe_Erlangen.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... Fach_Physik.pdf: 1 Time(s) /zapf/geschaeftsordnung: 1 Time(s) /zapf/resolutionen/%7D%7Bwww.zapfev.de/zapf/resolutionen%7D: 1 Time(s) 500 Internal Server Error /: 77 Time(s) /favicon.ico: 9 Time(s) /.env: 2 Time(s) //: 2 Time(s) /_ignition/execute-solution: 2 Time(s) /admin/config.php: 2 Time(s) /owa/: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /ReportServer: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /login: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /openam/js/openam.js: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (124.152.76.174): 70 Time(s) root (139.59.176.197): 70 Time(s) root (159.75.96.110): 70 Time(s) root (165.227.142.62): 70 Time(s) root (199.115.228.202.16clouds.com): 70 Time(s) root (37.157.212.109): 70 Time(s) root (91.193.103.208): 70 Time(s) root (107.170.113.190): 50 Time(s) root (118.25.74.248): 50 Time(s) root (121.5.21.112): 50 Time(s) root (129.226.159.126): 50 Time(s) root (183.215.169.60): 50 Time(s) root (27.223.89.238): 50 Time(s) root (47.74.49.75): 50 Time(s) root (43.128.73.248): 49 Time(s) root (178.62.2.206): 46 Time(s) root (180.76.156.163): 46 Time(s) root (121.5.197.248): 45 Time(s) root (150.158.165.104): 43 Time(s) root (180.76.141.204): 41 Time(s) root (119.145.191.76): 40 Time(s) root (111.229.213.189): 39 Time(s) root (159.75.21.36): 39 Time(s) root (178.128.148.229): 39 Time(s) root (134.209.39.6): 38 Time(s) root (121.139.69.202): 37 Time(s) root (180.76.100.50): 37 Time(s) root (uku.kg): 36 Time(s) root (119.29.55.113): 34 Time(s) root (161.132.219.125): 34 Time(s) root (183.56.167.10): 34 Time(s) root (178.128.144.227): 30 Time(s) root (45.174.238.30): 30 Time(s) root (91.201.240.153): 30 Time(s) root (180.76.181.193): 29 Time(s) root (107.173.147.59): 28 Time(s) root (167.172.205.116): 28 Time(s) root (138.68.178.64): 26 Time(s) root (139.155.238.47): 26 Time(s) root (167.172.230.14): 26 Time(s) root (190.117.147.185): 26 Time(s) root (106.248.237.218): 25 Time(s) root (sb2.probox.space): 24 Time(s) unknown (49.234.121.124): 24 Time(s) root (49.232.130.105): 23 Time(s) root (61.32.231.155): 23 Time(s) root (134.209.107.228): 22 Time(s) unknown (204.48.20.154): 22 Time(s) root (122.51.154.84): 21 Time(s) unknown (144.168.60.97.16clouds.com): 21 Time(s) unknown (42.194.146.17): 19 Time(s) unknown (49.233.68.90): 19 Time(s) unknown (45.146.166.238): 18 Time(s) unknown (49.248.77.234): 18 Time(s) root (206.189.234.114): 17 Time(s) unknown (1.15.164.32): 17 Time(s) unknown (122.192.87.150): 17 Time(s) unknown (180.76.162.86): 17 Time(s) unknown (static.93.199.216.95.clients.your-server.de): 17 Time(s) unknown (198.199.87.195): 16 Time(s) unknown (49.235.66.183): 16 Time(s) unknown (58.220.24.75): 16 Time(s) unknown (103.84.71.58): 14 Time(s) unknown (122.252.231.138): 14 Time(s) unknown (58.221.204.114): 13 Time(s) unknown (61.155.138.100): 13 Time(s) unknown (67.216.107.242): 13 Time(s) root (103.84.71.58): 12 Time(s) root (58.221.204.114): 12 Time(s) root (144.168.60.97.16clouds.com): 10 Time(s) root (45.146.166.238): 10 Time(s) root (49.235.66.183): 10 Time(s) unknown (161.35.49.78): 10 Time(s) root (198.199.87.195): 9 Time(s) unknown (205.185.125.109): 9 Time(s) root (1.15.164.32): 8 Time(s) root (42.194.146.17): 8 Time(s) root (49.248.77.234): 8 Time(s) root (58.220.24.75): 8 Time(s) root (119.28.235.221): 7 Time(s) root (61.155.138.100): 7 Time(s) unknown (118.89.157.234): 7 Time(s) unknown (ixia.etex.net): 7 Time(s) root (122.252.231.138): 6 Time(s) root (159.75.120.153): 6 Time(s) root (static.93.199.216.95.clients.your-server.de): 6 Time(s) unknown (106.52.141.88): 6 Time(s) unknown (141.98.10.179): 6 Time(s) unknown (199.195.248.154): 6 Time(s) unknown (205.185.127.25): 6 Time(s) root (101.89.162.247): 5 Time(s) root (122.192.87.150): 5 Time(s) root (204.48.20.154): 5 Time(s) root (49.233.68.90): 5 Time(s) unknown (210.212.207.2): 5 Time(s) unknown (web.wicon.ru): 5 Time(s) root (180.76.162.86): 4 Time(s) root (67.216.107.242): 4 Time(s) unknown (115.159.67.200): 4 Time(s) unknown (195.133.40.46): 4 Time(s) root (43.226.41.3): 3 Time(s) root (45.135.232.165): 3 Time(s) root (49.234.121.124): 3 Time(s) root (81.68.83.2): 3 Time(s) root (web.wicon.ru): 3 Time(s) unknown (107.189.29.121): 3 Time(s) unknown (107.189.3.138): 3 Time(s) unknown (141.98.10.203): 3 Time(s) unknown (171.226.7.47): 3 Time(s) unknown (195.133.40.104): 3 Time(s) unknown (200.29.111.71): 3 Time(s) unknown (45.146.165.72): 3 Time(s) unknown (81.68.83.2): 3 Time(s) mysql (180.76.162.86): 2 Time(s) root (125.72.13.21): 2 Time(s) root (161.35.49.78): 2 Time(s) root (tor-exit1-readme.dfri.se): 2 Time(s) unknown (amontpellier-658-1-219-213.w109-210.abo.wanadoo.fr): 2 Time(s) unknown (athedsl-226628.home.otenet.gr): 2 Time(s) unknown (h-85-24-163-127.a147.priv.bahnhof.se): 2 Time(s) bin (198.199.87.195): 1 Time(s) bin (204.48.20.154): 1 Time(s) bin (static.93.199.216.95.clients.your-server.de): 1 Time(s) mysql (static.93.199.216.95.clients.your-server.de): 1 Time(s) postgres (42.194.146.17): 1 Time(s) postgres (49.233.68.90): 1 Time(s) postgres (49.234.121.124): 1 Time(s) postgres (49.235.66.183): 1 Time(s) postgres (61.155.138.100): 1 Time(s) root (1.116.11.135): 1 Time(s) root (103.136.42.83): 1 Time(s) root (106.12.199.117): 1 Time(s) root (106.52.142.156): 1 Time(s) root (106.52.93.202): 1 Time(s) root (106.58.178.14): 1 Time(s) root (107.189.3.138): 1 Time(s) root (121.5.212.182): 1 Time(s) root (124.95.132.151): 1 Time(s) root (138.197.125.199): 1 Time(s) root (140.143.187.54): 1 Time(s) root (155.94.145.191): 1 Time(s) root (178.128.55.198): 1 Time(s) root (185.220.101.218): 1 Time(s) root (185.70.132.114): 1 Time(s) root (189.4.3.44): 1 Time(s) root (200.29.111.71): 1 Time(s) root (222.112.186.86): 1 Time(s) root (43.230.7.65): 1 Time(s) root (45.153.160.136): 1 Time(s) root (51.15.132.43): 1 Time(s) root (61.19.127.228): 1 Time(s) root (79.172.92.162): 1 Time(s) root (tor-exit5-readme.dfri.se): 1 Time(s) unknown (1.117.100.64): 1 Time(s) unknown (116.110.70.132): 1 Time(s) unknown (116.110.70.148): 1 Time(s) unknown (167.71.72.70): 1 Time(s) unknown (170.210.121.208): 1 Time(s) unknown (193.169.254.113): 1 Time(s) unknown (222.24.121.122): 1 Time(s) unknown (42.193.110.36): 1 Time(s) unknown (79.172.92.162): 1 Time(s) www-data (210.212.207.2): 1 Time(s) www-data (49.235.66.183): 1 Time(s) Invalid Users: Unknown Account: 438 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 6 Miscellaneous warnings 23.208K Bytes accepted 23,765 23.208K Bytes sent via SMTP 23,765 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 844 Connections 520 Connections lost (inbound) 844 Disconnections 1 Removed from queue 1 Sent via SMTP 50 Hostname verification errors (FCRDNS) 1 SMTP protocol violations ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.15.164.32: 8 times 1.116.11.135: 1 time 27.223.89.238: 50 times 37.157.212.109 (host-109.212.157.37.ucom.am): 70 times 42.194.146.17: 9 times 43.128.73.248: 49 times 43.226.41.3: 4 times 43.230.7.65: 1 time 45.135.232.165: 3 times 45.146.166.238: 10 times 45.153.160.136: 1 time 45.174.238.30 (45.174.238.30.viutelecom.com.br): 30 times 47.74.49.75: 50 times 49.232.130.105: 23 times 49.233.68.90: 6 times 49.234.121.124: 4 times 49.235.66.183: 12 times 49.248.77.234 (static-234.77.248.49-tataidc.co.in): 8 times 51.15.132.43 (43-132-15-51.instances.scw.cloud): 1 time 58.220.24.75: 8 times 58.221.204.114: 12 times 61.19.127.228: 1 time 61.32.231.155: 23 times 61.155.138.100: 8 times 67.216.107.242 (sandvine.etex.net): 4 times 79.172.92.162 (79-172-92-162.dyn.broadband.iskratelecom.ru): 1 time 81.68.83.2: 3 times 91.193.103.208: 70 times 91.201.240.153: 30 times 95.216.199.93 (static.93.199.216.95.clients.your-server.de): 8 times 101.89.162.247: 6 times 103.84.71.58: 12 times 103.136.42.83 (srv.apeiron.global): 1 time 106.12.199.117: 1 time 106.52.93.202: 1 time 106.52.142.156: 1 time 106.58.178.14: 1 time 106.248.237.218: 25 times 107.170.113.190 (www.flatland-01): 50 times 107.173.147.59 (107-173-147-59-host.colocrossing.com): 28 times 107.189.3.138: 1 time 111.229.213.189: 39 times 118.25.74.248: 50 times 119.28.235.221: 7 times 119.29.55.113: 34 times 119.145.191.76: 40 times 121.5.21.112: 50 times 121.5.197.248: 45 times 121.5.212.182: 1 time 121.139.69.202: 37 times 122.51.154.84: 21 times 122.192.87.150: 5 times 122.252.231.138 (ws138-231-252-122.rcil.gov.in): 6 times 124.95.132.151: 1 time 124.152.76.174: 70 times 125.72.13.21 (21.13.72.125.dial.xn.qh.dynamic.163data.com.cn): 2 times 129.226.159.126: 50 times 134.209.39.6: 38 times 134.209.107.228: 22 times 138.68.178.64: 26 times 138.197.125.199: 1 time 139.59.176.197: 70 times 139.155.238.47: 26 times 140.143.187.54: 1 time 144.168.60.97 (144.168.60.97.16clouds.com): 10 times 150.158.165.104: 43 times 155.94.145.191: 1 time 159.75.21.36: 39 times 159.75.96.110: 70 times 159.75.120.153: 6 times 161.35.49.78: 2 times 161.132.219.125: 34 times 163.172.222.208 (sb2.probox.space): 24 times 165.227.142.62: 70 times 167.71.67.196 (uku.kg): 36 times 167.172.205.116: 28 times 167.172.230.14 (bizdebthelpers.netssl): 26 times 171.25.193.25 (tor-exit5-readme.dfri.se): 1 time 171.25.193.77 (tor-exit1-readme.dfri.se): 2 times 178.62.2.206: 46 times 178.128.55.198: 1 time 178.128.144.227: 30 times 178.128.148.229: 39 times 180.76.100.50: 37 times 180.76.141.204: 41 times 180.76.156.163: 46 times 180.76.162.86: 6 times 180.76.181.193: 29 times 183.56.167.10: 34 times 183.215.169.60: 50 times 185.70.132.114: 1 time 185.220.101.218: 1 time 188.166.164.10 (web.wicon.ru): 3 times 189.4.3.44 (mail.robosystem.com.br): 1 time 190.117.147.185: 26 times 198.199.87.195: 10 times 199.115.228.202 (199.115.228.202.16clouds.com): 70 times 200.29.111.71 (special.products1.emcali.net.co): 1 time 204.48.20.154: 6 times 206.189.234.114: 17 times 210.212.207.2: 1 time 222.112.186.86: 1 time Illegal users from: undef: 254 times 1.15.164.32: 17 times 1.117.100.64: 1 time 42.193.110.36: 1 time 42.194.146.17: 19 times 45.146.165.72: 3 times 45.146.166.238: 18 times 49.233.68.90: 19 times 49.234.121.124: 24 times 49.235.66.183: 16 times 49.248.77.234 (static-234.77.248.49-tataidc.co.in): 18 times 58.220.24.75: 16 times 58.221.204.114: 13 times 61.155.138.100: 13 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 67.216.107.242 (sandvine.etex.net): 20 times 79.172.92.162 (79-172-92-162.dyn.broadband.iskratelecom.ru): 1 time 81.68.83.2: 3 times 85.24.163.127 (h-85-24-163-127.A147.priv.bahnhof.se): 2 times 85.74.204.226 (athedsl-226628.home.otenet.gr): 2 times 95.216.199.93 (static.93.199.216.95.clients.your-server.de): 17 times 103.84.71.58: 14 times 106.52.141.88: 6 times 107.189.3.138: 3 times 107.189.29.121: 3 times 109.210.118.213 (amontpellier-658-1-219-213.w109-210.abo.wanadoo.fr): 2 times 115.159.67.200: 4 times 116.110.70.132: 1 time 116.110.70.148: 1 time 118.89.157.234: 7 times 122.192.87.150: 17 times 122.252.231.138 (ws138-231-252-122.rcil.gov.in): 14 times 141.98.10.179 (er.includeswitche.com): 6 times 141.98.10.203: 3 times 144.168.60.97 (144.168.60.97.16clouds.com): 21 times 161.35.49.78: 10 times 167.71.72.70: 1 time 170.210.121.208: 1 time 171.226.7.47 (dynamic-adsl.viettel.vn): 3 times 180.76.162.86: 17 times 188.166.164.10 (web.wicon.ru): 5 times 193.169.254.113: 1 time 195.133.40.46: 4 times 195.133.40.104: 3 times 198.199.87.195: 16 times 199.195.248.154: 6 times 200.29.111.71 (special.products1.emcali.net.co): 3 times 204.48.20.154: 22 times 205.185.125.109: 9 times 205.185.127.25 (serveroperations.com): 6 times 210.212.207.2: 5 times 222.24.121.122: 1 time ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################