################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Jan 12 04:42:03 2024 Date Range Processed: yesterday ( 2024-Jan-11 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [324:317] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 193.111.248.5 -> google.com:443: 1 Time(s) 45.15.158.110 -> google.com:443: 4 Time(s) 45.157.232.132 -> google.com:443: 1 Time(s) A total of 10 sites probed the server 138.68.208.10 159.203.240.9 161.35.230.183 162.243.151.12 167.71.102.95 172.104.11.4 198.235.24.40 45.13.119.147 45.95.147.236 66.240.205.34 Requests with error response codes 400 Bad Request null: 10 Time(s) google.com:443: 6 Time(s) /: 5 Time(s) *: 4 Time(s) mstshash=Administr: 3 Time(s) /.env: 2 Time(s) /remote/hostcheck_validate: 1 Time(s) /session: 1 Time(s) 1A\x00\x01<\xCC\x14\xCC\x13\xCC\x15\xC00\x ... C0$\xC0\x14\xC0: 1 Time(s) \xEE\xD0\xFB\xD7\xE5: 1 Time(s) s|\x89^\xC2\xA3\x8F\xA4?\xFDC\xFE#\xB6\x04 ... xC3\xA1\x88\x13: 1 Time(s) 403 Forbidden /FrcS3CFURGOhH8IZnOVeEw: 1 Time(s) 404 Not Found //cdnjs.cloudflare.com/ajax/libs/es5-shim/ ... es5-shim.min.js: 2 Time(s) //cdnjs.cloudflare.com/ajax/libs/html5shiv ... tml5shiv.min.js: 2 Time(s) //cdnjs.cloudflare.com/ajax/libs/respond.j ... /respond.min.js: 2 Time(s) //protokolle.zapf.in/build/6.cover-pack.fe ... 36298be630a4.js: 2 Time(s) //protokolle.zapf.in/build/8.common.fef3ca2736298be630a4.js: 2 Time(s) //protokolle.zapf.in/build/constant.js: 2 Time(s) /wp-content/themes/buddyboss-theme/style.css: 1 Time(s) 500 Internal Server Error /: 23 Time(s) /.env: 5 Time(s) /favicon.ico: 3 Time(s) /login: 3 Time(s) /+CSCOE+/logon.html: 2 Time(s) /Visu/ens/events: 2 Time(s) /admin/index.html: 2 Time(s) /c/msdownload/update/software/update/2021/ ... -967441-x86.cab: 2 Time(s) /cgi-bin/login.cgi: 2 Time(s) /fw6I: 2 Time(s) /index.html: 2 Time(s) /is-bin: 2 Time(s) /jquery-3.3.1.min.js: 2 Time(s) /login.jsp: 2 Time(s) /logon.htm: 2 Time(s) /manage/account/login: 2 Time(s) /.git/config: 1 Time(s) //libs/js/iframe.js: 1 Time(s) /8.bin: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /?lang=../../../../../../../../usr/local/l ... 30='));?>+z.php: 1 Time(s) /Display/chan/IB61I7MYA: 1 Time(s) /Gmail/UnityPlayer.txt: 1 Time(s) /QKBFJBVZsPKeqFS/HAchGeCttVyEtqZ.php: 1 Time(s) /UnityPlayer.dll: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /afLI: 1 Time(s) /categories/Yud: 1 Time(s) /cf_scripts/scripts/ajax/ckeditor/ckeditor.js: 1 Time(s) /dana-na/auth/lastauthserverused.js: 1 Time(s) /e3e7e71a0b28b5e96cc492e636722f73/4sVKAOvu3D/BDyot0NxyG.php: 1 Time(s) /geoserver/web/: 1 Time(s) /hrsgdsb7386wknzms.jpg: 1 Time(s) /jquery.js: 1 Time(s) /nation.php: 1 Time(s) /new/login: 1 Time(s) /news.php: 1 Time(s) /nvidia_license_upd.php: 1 Time(s) /owa/auth/x.js: 1 Time(s) /qd.CHM: 1 Time(s) /search/s.php?i=1&id=APOX8NWOV42320: 1 Time(s) /ttd.exe: 1 Time(s) /viwwwsogou?op=8&query=%E7%A8%8F%E5%BB%BA% ... %BE%90%E1%B7%A2: 1 Time(s) /webui/: 1 Time(s) /wh/glass.php: 1 Time(s) /wp-content/themes/twentytwentyone/inc/block-css.php: 1 Time(s) /z.php: 1 Time(s) /z84v: 1 Time(s) /zMLUH93A: 1 Time(s) 502 Bad Gateway /CWNtLmX2SLelz0pnhfcNyA/pdf: 1 Time(s) /F0wTGo9bRVeZ9MHALPZ6qA/pdf: 1 Time(s) /IG3YmOkURiiNa4rKfiykew/pdf: 1 Time(s) /LPV5bWb2RHqvHxvRFmHErA/pdf: 1 Time(s) /QINDkUdoTUiAjNuMAyw5OA/pdf: 1 Time(s) /XiNWfzB6SouKz0g2FE5_Vg/pdf: 1 Time(s) /ak_wiki/pdf: 1 Time(s) /features/pdf: 1 Time(s) /r1ttsNytwArbeitspad/pdf: 1 Time(s) /ra096r0rTouv8Ic0qv7NOw/pdf: 1 Time(s) /register/pdf: 1 Time(s) /reso_abschlussarbeiten/pdf: 1 Time(s) /slide-example/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (189.6.45.130): 60 Time(s) root (h-176-10-207-140.a498.priv.bahnhof.se): 52 Time(s) root (v160-251-74-180.6h8d.static.cnode.io): 42 Time(s) root (45.159.209.92): 41 Time(s) root (138.197.161.235): 38 Time(s) root (218.92.0.51): 36 Time(s) root (129.226.144.58): 35 Time(s) root (172.245.210.248): 35 Time(s) root (202.29.229.129): 35 Time(s) root (205.185.127.88): 35 Time(s) root (43.134.79.95): 35 Time(s) root (154.221.16.7): 34 Time(s) root (20.244.134.31): 33 Time(s) root (203.205.37.233): 33 Time(s) root (43.163.217.125): 33 Time(s) root (62.234.21.252): 32 Time(s) root (103.143.11.64): 30 Time(s) root (103.171.84.191): 30 Time(s) root (124.221.203.222): 30 Time(s) root (159.203.60.162): 30 Time(s) root (185.200.64.75): 30 Time(s) root (23.103.199.104.bc.googleusercontent.com): 30 Time(s) root (43.130.61.56): 30 Time(s) root (46.101.5.100): 30 Time(s) root (51.38.46.250): 30 Time(s) root (178.128.93.152): 29 Time(s) root (43.159.132.25): 29 Time(s) root (43.163.229.92): 29 Time(s) root (adsl-49-46-192-81.adsl.iam.net.ma): 29 Time(s) root (104.208.108.166): 28 Time(s) root (198.12.97.246): 28 Time(s) root (43.128.79.198): 28 Time(s) root (43.155.172.6): 28 Time(s) root (119.247.92.34.bc.googleusercontent.com): 27 Time(s) root (43.128.88.156): 27 Time(s) root (43.154.97.145): 27 Time(s) root (61.153.185.123): 27 Time(s) root (107.0.200.227): 26 Time(s) root (42.93.213.203): 26 Time(s) root (58.222.244.226): 26 Time(s) root (43.159.139.131): 25 Time(s) root (192.81.211.213): 24 Time(s) root (49.51.107.203): 24 Time(s) root (51.250.26.68): 24 Time(s) root (38.46.222.229): 23 Time(s) unknown (185.161.248.184): 22 Time(s) root (58.51.121.91): 20 Time(s) root (101.126.5.160): 19 Time(s) root (104.28.222.46): 19 Time(s) root (218.92.0.26): 18 Time(s) unknown (101.32.141.81): 18 Time(s) root (104.28.222.47): 17 Time(s) root (218.92.0.52): 16 Time(s) unknown (fs9f1c4263.knge129.ap.nuro.jp): 15 Time(s) root (139.186.165.100): 14 Time(s) unknown (85.209.11.27): 14 Time(s) root (103.130.212.105): 13 Time(s) unknown (139.59.178.77): 13 Time(s) unknown (85.209.11.254): 13 Time(s) unknown (ip-085-216-004-211.um25.pools.vodafone-ip.de): 13 Time(s) root (159.203.96.83): 12 Time(s) root (218.92.0.43): 12 Time(s) root (218.92.0.59): 12 Time(s) root (ns397054.ip-94-23-34.eu): 12 Time(s) unknown (h-195-178-191-5.na.cust.bahnhof.se): 12 Time(s) root (117.102.82.13): 11 Time(s) root (139.59.46.101): 11 Time(s) root (165.22.96.229): 11 Time(s) root (191.98.191.214): 11 Time(s) root (198.16.63.161): 11 Time(s) root (net77-43-110-154.mclink.it): 11 Time(s) unknown (141.98.11.90): 11 Time(s) root (104.28.254.47): 10 Time(s) root (118-163-63-23.hinet-ip.hinet.net): 10 Time(s) root (43.155.186.52): 10 Time(s) root (80.91.167.80.ipv4.datagroup.ua): 10 Time(s) root (85.209.11.27): 10 Time(s) root (erp.kkontech.com): 10 Time(s) unknown (141.98.11.11): 10 Time(s) unknown (49.232.245.34): 10 Time(s) root (185.27.120.149): 9 Time(s) root (96-67-59-65-static.hfc.comcastbusiness.net): 9 Time(s) unknown (139.59.16.139): 9 Time(s) root (103.59.94.75): 8 Time(s) root (104.28.254.46): 8 Time(s) root (117.72.17.146): 8 Time(s) root (141.98.11.90): 8 Time(s) root (120.71.1.169): 7 Time(s) root (139.59.16.139): 7 Time(s) root (165.22.242.64): 7 Time(s) root (59.110.172.170): 7 Time(s) unknown (38.55.104.31): 7 Time(s) root (124.221.76.85): 6 Time(s) root (131.153.22.240): 6 Time(s) root (15.126.101.34.bc.googleusercontent.com): 6 Time(s) root (150.109.24.40): 6 Time(s) root (155.94.154.222): 6 Time(s) root (156.232.6.239): 6 Time(s) root (157.245.50.198): 6 Time(s) root (161.35.192.95): 6 Time(s) root (165.154.236.203): 6 Time(s) root (167.172.250.78): 6 Time(s) root (167.71.187.245): 6 Time(s) root (172.82.16.221): 6 Time(s) root (185.224.128.142): 6 Time(s) root (196.196.253.2): 6 Time(s) root (198.16.63.251): 6 Time(s) root (218.92.0.28): 6 Time(s) root (218.92.0.33): 6 Time(s) root (218.92.0.40): 6 Time(s) root (218.92.0.47): 6 Time(s) root (222.186.16.198): 6 Time(s) root (222.186.16.214): 6 Time(s) root (43.142.130.127): 6 Time(s) root (43.153.112.182): 6 Time(s) root (43.153.119.179): 6 Time(s) root (43.153.24.65): 6 Time(s) root (43.156.113.254): 6 Time(s) root (43.156.7.240): 6 Time(s) root (58.186.161.180): 6 Time(s) root (59.34.217.89): 6 Time(s) root (64.227.122.198): 6 Time(s) root (85.209.11.254): 6 Time(s) root (bl21-155-73.dsl.telepac.pt): 6 Time(s) root (fixed-186-96-156-95.totalplay.net): 6 Time(s) unknown (117.247.118.35): 6 Time(s) unknown (165.232.178.146): 6 Time(s) unknown (210-71-170-80.hinet-ip.hinet.net): 6 Time(s) unknown (211.199.187.14): 6 Time(s) unknown (43.156.150.246): 6 Time(s) root (111.229.125.161): 5 Time(s) unknown (137.184.38.234): 5 Time(s) unknown (185.196.8.151): 5 Time(s) unknown (206.81.26.134): 5 Time(s) unknown (89.190.203.54): 5 Time(s) root (141.98.11.11): 4 Time(s) root (142.93.187.71): 4 Time(s) unknown (101.89.113.198): 4 Time(s) unknown (111.229.185.196): 4 Time(s) unknown (14.46.116.243): 4 Time(s) unknown (147.182.180.7): 4 Time(s) unknown (175.24.172.220): 4 Time(s) unknown (220.74.78.244): 4 Time(s) unknown (51.38.46.250): 4 Time(s) unknown (185.224.128.142): 3 Time(s) unknown (2.56.247.173): 3 Time(s) unknown (47.110.241.117): 3 Time(s) unknown (59.2.248.106): 3 Time(s) unknown (68.168.142.91.16clouds.com): 3 Time(s) mysql (49.232.245.34): 2 Time(s) root (146.19.24.23): 2 Time(s) root (185.161.248.184): 2 Time(s) unknown (109.130.122.122): 2 Time(s) unknown (146.19.24.23): 2 Time(s) unknown (183.98.107.63): 2 Time(s) backup (185.161.248.184): 1 Time(s) mysql (185.161.248.184): 1 Time(s) mysql (h-195-178-191-5.na.cust.bahnhof.se): 1 Time(s) mysql (ip-085-216-004-211.um25.pools.vodafone-ip.de): 1 Time(s) postgres (117.247.118.35): 1 Time(s) postgres (139.59.178.77): 1 Time(s) root (2.56.247.173): 1 Time(s) unknown (119.247.92.34.bc.googleusercontent.com): 1 Time(s) unknown (142.93.187.71): 1 Time(s) unknown (171.214.195.33): 1 Time(s) unknown (38.46.222.229): 1 Time(s) unknown (adsl-49-46-192-81.adsl.iam.net.ma): 1 Time(s) unknown (vps-c3dafa63.vps.ovh.net): 1 Time(s) Invalid Users: Unknown Account: 273 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 28.653K Bytes accepted 29,341 28.653K Bytes sent via SMTP 29,341 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 184 Connections 7 Connections lost (inbound) 184 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 22 Time(s) Failed logins from: 2.56.247.173: 1 time 2.82.155.73 (bl21-155-73.dsl.telepac.pt): 6 times 20.244.134.31: 33 times 34.92.247.119 (119.247.92.34.bc.googleusercontent.com): 27 times 34.101.126.15 (15.126.101.34.bc.googleusercontent.com): 6 times 38.46.222.229: 23 times 41.223.66.18 (erp.kkontech.com): 10 times 42.93.213.203: 26 times 43.128.79.198: 28 times 43.128.88.156: 27 times 43.130.61.56: 30 times 43.134.79.95: 35 times 43.142.130.127: 6 times 43.153.24.65: 6 times 43.153.112.182: 6 times 43.153.119.179: 6 times 43.154.97.145: 27 times 43.155.172.6: 28 times 43.155.186.52: 10 times 43.156.7.240: 6 times 43.156.113.254: 6 times 43.159.132.25: 29 times 43.159.139.131: 25 times 43.163.217.125: 33 times 43.163.229.92: 29 times 45.159.209.92: 41 times 46.101.5.100: 30 times 49.51.107.203: 24 times 49.232.245.34: 2 times 51.38.46.250: 30 times 51.250.26.68: 24 times 58.51.121.91: 20 times 58.186.161.180: 6 times 58.222.244.226: 26 times 59.34.217.89: 6 times 59.110.172.170: 7 times 61.153.185.123: 27 times 62.234.21.252: 32 times 64.227.122.198: 6 times 77.43.110.154 (net77-43-110-154.mclink.it): 11 times 80.91.167.80 (80.91.167.80.ipv4.datagroup.ua): 10 times 81.192.46.49 (adsl-49-46-192-81.adsl.iam.net.ma): 29 times 85.209.11.27: 10 times 85.209.11.254: 6 times 85.216.4.211 (ip-085-216-004-211.um25.pools.vodafone-ip.de): 1 time 94.23.34.95 (ns397054.ip-94-23-34.eu): 12 times 96.67.59.65 (96-67-59-65-static.hfc.comcastbusiness.net): 9 times 101.126.5.160: 19 times 103.59.94.75 (ip103-59-94-75.cloudhost.web.id): 8 times 103.130.212.105 (ip.bkhost.vn): 13 times 103.143.11.64: 30 times 103.171.84.191 (ip103-171-84-191.cloudhost.web.id): 30 times 104.28.222.46: 19 times 104.28.222.47: 17 times 104.28.254.46: 8 times 104.28.254.47: 10 times 104.199.103.23 (23.103.199.104.bc.googleusercontent.com): 30 times 104.208.108.166: 28 times 107.0.200.227 (smtp.nationaltubesupply.com): 26 times 111.229.125.161: 5 times 117.72.17.146: 8 times 117.102.82.13 (mail.pinusmerahabadi.co.id): 11 times 117.247.118.35: 1 time 118.163.63.23 (118-163-63-23.hinet-ip.hinet.net): 10 times 120.71.1.169: 7 times 124.221.76.85: 6 times 124.221.203.222: 30 times 129.226.144.58: 35 times 131.153.22.240 (vps.harmonica-passion.com): 6 times 138.197.161.235: 38 times 139.59.16.139: 7 times 139.59.46.101: 11 times 139.59.178.77: 1 time 139.186.165.100: 14 times 141.98.11.11 (axon-stall.riddlecamera.net): 4 times 141.98.11.90 (lighten.medyamol.com): 8 times 142.93.187.71: 4 times 146.19.24.23: 2 times 150.109.24.40: 6 times 154.221.16.7: 34 times 155.94.154.222 (155.94.154.222.static.quadranet.com): 6 times 156.232.6.239: 6 times 157.245.50.198: 6 times 159.203.60.162: 30 times 159.203.96.83: 12 times 160.251.74.180 (v160-251-74-180.6h8d.static.cnode.io): 42 times 161.35.192.95: 6 times 165.22.96.229: 11 times 165.22.242.64: 7 times 165.154.236.203: 6 times 167.71.187.245: 6 times 167.172.250.78: 6 times 172.82.16.221: 6 times 172.245.210.248 (172-245-210-248-host.colocrossing.com): 35 times 176.10.207.140 (h-176-10-207-140.A498.priv.bahnhof.se): 52 times 178.128.93.152: 29 times 185.27.120.149: 9 times 185.161.248.184: 4 times 185.200.64.75 (s30020.vps.hosting): 30 times 185.224.128.142 (ihate.feds.kys): 6 times 186.96.156.95 (fixed-186-96-156-95.totalplay.net): 6 times 189.6.45.130 (bd062d82.virtua.com.br): 60 times 191.98.191.214: 11 times 192.81.211.213: 24 times 195.178.191.5 (h-195-178-191-5.NA.cust.bahnhof.se): 1 time 196.196.253.2: 6 times 198.12.97.246 (198-12-97-246-host.colocrossing.com): 28 times 198.16.63.161: 11 times 198.16.63.251: 6 times 202.29.229.129: 35 times 203.205.37.233 (static.cmcti.vn): 33 times 205.185.127.88 (mx.houliy.us): 35 times 218.92.0.26: 18 times 218.92.0.28: 6 times 218.92.0.33: 6 times 218.92.0.40: 6 times 218.92.0.43: 12 times 218.92.0.47: 6 times 218.92.0.51: 36 times 218.92.0.52: 16 times 218.92.0.59: 12 times 222.186.16.198: 6 times 222.186.16.214: 6 times Illegal users from: 2001:470:1:c84::20 (scan-10p.shadowserver.org): 1 time undef: 120 times 2.56.247.173: 6 times 14.46.116.243: 5 times 34.92.247.119 (119.247.92.34.bc.googleusercontent.com): 1 time 38.46.222.229: 1 time 38.55.104.31: 7 times 43.156.150.246: 6 times 47.110.241.117: 3 times 49.232.245.34: 10 times 51.38.46.250: 4 times 51.195.138.37 (vps-c3dafa63.vps.ovh.net): 1 time 59.2.248.106: 3 times 64.62.197.212 (scan-43a.shadowserver.org): 1 time 65.49.1.53 (scan-55b.shadowserver.org): 1 time 68.168.142.91 (68.168.142.91.16clouds.com): 3 times 81.192.46.49 (adsl-49-46-192-81.adsl.iam.net.ma): 1 time 85.209.11.27: 16 times 85.209.11.254: 13 times 85.216.4.211 (ip-085-216-004-211.um25.pools.vodafone-ip.de): 13 times 89.190.203.54: 5 times 101.32.141.81: 18 times 101.89.113.198: 4 times 104.250.53.226: 6 times 109.130.122.122: 2 times 111.229.185.196: 4 times 117.247.118.35: 6 times 137.184.38.234: 5 times 139.19.117.195 (inet-research-scan-1.mpi-inf.mpg.de): 24 times 139.59.16.139: 9 times 139.59.178.77: 13 times 141.98.11.11 (axon-stall.riddlecamera.net): 11 times 141.98.11.90 (lighten.medyamol.com): 12 times 142.93.187.71: 1 time 146.19.24.23: 2 times 147.182.180.7: 4 times 159.28.66.99 (fs9f1c4263.knge129.ap.nuro.jp): 15 times 165.232.178.146: 6 times 171.214.195.33: 1 time 175.24.172.220: 4 times 183.98.107.63: 2 times 185.161.248.184: 22 times 185.196.8.151: 5 times 185.224.128.142 (ihate.feds.kys): 3 times 195.178.191.5 (h-195-178-191-5.NA.cust.bahnhof.se): 12 times 206.81.26.134: 5 times 210.71.170.80 (210-71-170-80.hinet-ip.hinet.net): 6 times 211.199.187.14: 6 times 220.74.78.244: 4 times **Unmatched Entries** Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 4 time(s) Protocol major versions differ for 101.36.113.66: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Server : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop26376p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################