################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Aug 31 04:42:03 2023 Date Range Processed: yesterday ( 2023-Aug-30 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 57:58 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 19 sites probed the server 106.75.133.231 107.170.241.5 138.68.153.47 146.190.57.24 162.243.139.35 172.104.242.173 179.43.191.194 185.100.87.136 192.241.224.42 205.210.31.93 24.199.98.33 36.225.119.83 64.227.97.195 64.62.197.46 66.240.205.34 68.183.195.82 84.54.51.87 85.208.214.68 95.214.27.160 Requests with error response codes 400 Bad Request null: 29 Time(s) *: 6 Time(s) /: 3 Time(s) [\x22miner1\x22,: 2 Time(s) mstshash=Administr: 2 Time(s) /.env: 1 Time(s) /index.htm: 1 Time(s) /manager/html: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) 7: 1 Time(s) NT: 1 Time(s) Y\xFC\x9DI\xC2s\xA4\xA9\x94\xD4\xE6\x02\xF ... x09\xC0\x14\xC0: 1 Time(s) \x00\x00BBBB\xBA\x8C\xC1\xABDAAA: 1 Time(s) \x00\x00\x00\x00\x00: 1 Time(s) \xA3\xB3x\xA4N\xFC]f\xCF\x00\x00\x1A\xC0/\ ... x09\xC0\x14\xC0: 1 Time(s) \xB5\xD6\xB1\xA6\xB18Y\x07Nn\x1F>8X^\xF1\x95\xABkSb: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xCEK\xA7\x7F\xC3\xE4\xFC\xD5: 1 Time(s) j\xE6\x10\x0C\x8F5\xED`\x12i\x98`\x93\xBB\ ... x09\xC0\x14\xC0: 1 Time(s) 500 Internal Server Error /: 24 Time(s) /favicon.ico: 5 Time(s) /.env: 2 Time(s) /.git/config: 2 Time(s) /robots.txt: 2 Time(s) /.git/credentials: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /actuator/health: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /geoserver/web/: 1 Time(s) /owa/auth/x.js: 1 Time(s) /sitemap.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (84-255-204-251.static.t-2.net): 187 Time(s) root (103.146.140.167): 78 Time(s) root (104.194.242.195): 35 Time(s) unknown (185.161.248.200): 30 Time(s) root (218.145.31.213): 24 Time(s) unknown (193.201.9.109): 23 Time(s) root (185.224.128.142): 18 Time(s) root (185.224.128.141): 12 Time(s) root (95.179.252.232): 12 Time(s) unknown (141.98.11.11): 10 Time(s) unknown (31.41.244.61): 10 Time(s) root (67.207.81.228): 9 Time(s) root (185.161.248.200): 8 Time(s) unknown (31.41.244.62): 7 Time(s) root (141.98.11.11): 6 Time(s) root (141.98.11.90): 6 Time(s) root (193.201.9.109): 6 Time(s) root (218.151.48.16): 6 Time(s) unknown (141.98.11.90): 6 Time(s) root (31.41.244.61): 3 Time(s) unknown (213.33.126.134): 2 Time(s) unknown (31.184.198.71): 2 Time(s) unknown (81.17.22.115): 2 Time(s) backup (185.161.248.200): 1 Time(s) mysql (185.161.248.200): 1 Time(s) nobody (185.161.248.200): 1 Time(s) root (31.184.198.71): 1 Time(s) root (31.41.244.62): 1 Time(s) sshd (141.98.11.11): 1 Time(s) sshd (185.161.248.200): 1 Time(s) sshd (31.41.244.61): 1 Time(s) unknown (119.195.176.185): 1 Time(s) uucp (193.201.9.109): 1 Time(s) uucp (31.41.244.62): 1 Time(s) Invalid Users: Unknown Account: 93 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 24.963K Bytes accepted 25,562 24.963K Bytes sent via SMTP 25,562 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 85 Connections 45 Connections lost (inbound) 85 Disconnections 1 Removed from queue 1 Sent via SMTP 2 SMTP dialog errors 3 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 31.41.244.61: 4 times 31.41.244.62: 2 times 31.184.198.71: 1 time 67.207.81.228: 9 times 84.255.204.251 (84-255-204-251.static.t-2.net): 187 times 95.179.252.232 (95.179.252.232.vultrusercontent.com): 12 times 103.146.140.167: 78 times 104.194.242.195 (www.ofertadasorte.com.br): 35 times 141.98.11.11 (axon-stall.riddlecamera.net): 7 times 141.98.11.90 (lighten.medyamol.com): 6 times 185.161.248.200: 12 times 185.224.128.141 (ihate.feds.kys): 12 times 185.224.128.142 (ihate.feds.kys): 18 times 193.201.9.109: 7 times 218.145.31.213: 24 times 218.151.48.16: 6 times Illegal users from: 2001:470:1:fb5:550c:851d:972a:93a9: 1 time undef: 38 times 31.41.244.61: 10 times 31.41.244.62: 7 times 31.184.198.71: 3 times 64.62.197.89 (scan-46m.shadowserver.org): 1 time 81.17.22.115 (hostedby.privatealps.net): 3 times 119.195.176.185: 2 times 141.98.11.11 (axon-stall.riddlecamera.net): 11 times 141.98.11.90 (lighten.medyamol.com): 6 times 185.161.248.200: 30 times 193.201.9.109: 24 times 213.33.126.134: 2 times **Unmatched Entries** userauth_pubkey: unsupported public key algorithm: rsa-sha2-512 [preauth] : 9 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (ubnt,ssh-connection) [preauth] : 1 time(s) Protocol major versions differ for 107.150.117.107: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Server : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (root,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47383p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################