################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat May 11 04:42:03 2024 Date Range Processed: yesterday ( 2024-May-10 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [185:182] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 141.98.11.79 -> google.com:443: 1 Time(s) 87.121.69.52 -> google.com:443: 2 Time(s) A total of 6 sites probed the server 137.184.255.28 139.162.242.67 172.105.77.209 205.210.31.106 64.62.156.46 66.240.205.34 Requests with error response codes 400 Bad Request null: 5 Time(s) /: 4 Time(s) google.com:443: 3 Time(s) *: 2 Time(s) X\xD4>\x12\x98\xC4<\xE0\x13\xCF\x00\xAC\xA ... 5Cs\x9C\xBD\xCB: 1 Time(s) \x09\xBD;F\xEA\x17\xA3B\xB1\xF2n\x1B\xBB\x ... x00\x01\x02\x00: 1 Time(s) \xCA\xF0\xA2\x15`\xBE}\x1B\xF5\xC9m\xA7{\x ... x09\xC0\x13\xC0: 1 Time(s) icap://icap-server.net/server?arg=87: 1 Time(s) mstshash=Administr: 1 Time(s) q\x8D\x00\xB8\x0Ct\xEF\x16\xA26\xE2\x5C\xE ... x00\x01\x02\x00: 1 Time(s) 499 (undefined) /: 1 Time(s) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s) /socket.io/?noteId=Reso_DigitalePruefungen ... lling&t=OzY4zC1: 1 Time(s) 500 Internal Server Error /: 14 Time(s) /?name=example.com&type=A: 2 Time(s) /dns-query: 2 Time(s) /dns-query?name=example.com&type=A: 2 Time(s) /query: 2 Time(s) /query?name=example.com&type=A: 2 Time(s) /resolve: 2 Time(s) /resolve?name=example.com&type=A: 2 Time(s) /.git/config: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /?dns=gg8BAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE: 1 Time(s) /?dns=ojsBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /cf_scripts/scripts/ajax/ckeditor/ckeditor.js: 1 Time(s) /cgi-bin/luci: 1 Time(s) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s) /cgi-bin/luci/admin: 1 Time(s) /dns-query?dns=EbMBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE: 1 Time(s) /dns-query?dns=q-IBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE: 1 Time(s) /favicon.ico: 1 Time(s) /geoserver/web/: 1 Time(s) /login: 1 Time(s) /query?dns=NroBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE: 1 Time(s) /query?dns=SxUBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE: 1 Time(s) /resolve?dns=N5YBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE: 1 Time(s) /resolve?dns=dLMBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE: 1 Time(s) /webui/: 1 Time(s) 502 Bad Gateway /LXfQG2qcTpSj_0d9YLsf0g/pdf: 1 Time(s) /O2CAPBprSRO1hR9J52_r_w/pdf: 1 Time(s) /XiNWfzB6SouKz0g2FE5_Vg/pdf: 1 Time(s) /Z7JgFtprRTu4mj0ux-SJ3w/pdf: 1 Time(s) /ak_wiki/pdf: 1 Time(s) /features/pdf: 1 Time(s) /musterrechtsverordung/pdf: 1 Time(s) /reso_abschlussarbeiten/pdf: 1 Time(s) /slide-example/pdf: 1 Time(s) /w1op49QpSGyk43xo0up_Aw/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (49.207.1.85): 78 Time(s) root (203.145.138.130): 74 Time(s) unknown (159.223.66.124): 47 Time(s) root (183.81.169.238): 24 Time(s) root (179.43.180.108): 19 Time(s) unknown (g189.124-45-40.ppp.wakwak.ne.jp): 15 Time(s) unknown (43.163.242.195): 13 Time(s) root (43.163.242.195): 12 Time(s) unknown (182.93.50.90): 11 Time(s) root (g189.124-45-40.ppp.wakwak.ne.jp): 10 Time(s) root (43.156.114.195): 9 Time(s) unknown (139.59.10.188): 9 Time(s) unknown (167.71.220.193): 9 Time(s) unknown (170.106.98.234): 9 Time(s) unknown (43.154.179.9): 9 Time(s) root (124.223.195.251): 8 Time(s) unknown (103.101.160.198): 8 Time(s) unknown (155.248.243.251): 8 Time(s) unknown (41.82.208.182): 8 Time(s) unknown (43.128.104.222): 8 Time(s) unknown (43.134.184.137): 8 Time(s) unknown (43.153.195.114): 8 Time(s) unknown (43.155.140.76): 8 Time(s) unknown (47.247.116.211): 8 Time(s) unknown (77.91.78.115): 8 Time(s) unknown (c-71-196-161-148.hsd1.co.comcast.net): 8 Time(s) root (165.154.19.74): 7 Time(s) unknown (113.233.122.206): 7 Time(s) unknown (119.23.227.219): 7 Time(s) unknown (129.204.224.239): 7 Time(s) unknown (137.220.228.87): 7 Time(s) unknown (152.42.246.232): 7 Time(s) unknown (154.73.25.116): 7 Time(s) unknown (162.62.226.7): 7 Time(s) unknown (221.226.183.94): 7 Time(s) unknown (43.128.84.19): 7 Time(s) unknown (43.130.225.212): 7 Time(s) unknown (43.131.255.3): 7 Time(s) unknown (43.134.102.172): 7 Time(s) unknown (43.134.73.223): 7 Time(s) unknown (43.153.186.220): 7 Time(s) unknown (43.156.26.86): 7 Time(s) unknown (43.163.242.250): 7 Time(s) unknown (82.207.8.202): 7 Time(s) root (107.172.190.236): 6 Time(s) root (118.25.94.207): 6 Time(s) root (124.156.199.133): 6 Time(s) root (124.222.175.169): 6 Time(s) root (153.181.194.35.bc.googleusercontent.com): 6 Time(s) root (181.114.232.98): 6 Time(s) root (187.112.129.142): 6 Time(s) root (43.134.101.44): 6 Time(s) unknown (118.25.94.207): 6 Time(s) unknown (120.48.67.215): 6 Time(s) unknown (122.51.246.102): 6 Time(s) unknown (124.156.199.133): 6 Time(s) unknown (153.181.194.35.bc.googleusercontent.com): 6 Time(s) unknown (165.154.19.74): 6 Time(s) unknown (187.112.129.142): 6 Time(s) unknown (43.134.101.44): 6 Time(s) unknown (43.134.85.220): 6 Time(s) unknown (43.155.186.231): 6 Time(s) unknown (49.51.178.89): 6 Time(s) root (119.23.227.219): 5 Time(s) root (124.156.213.101): 5 Time(s) root (154.73.25.116): 5 Time(s) root (235.ip-51-38-39.eu): 5 Time(s) root (43.134.102.172): 5 Time(s) root (43.134.73.223): 5 Time(s) root (47.98.230.152): 5 Time(s) unknown (124.156.213.101): 5 Time(s) unknown (124.222.175.169): 5 Time(s) unknown (124.223.195.251): 5 Time(s) unknown (150.158.99.120): 5 Time(s) unknown (161.35.136.120): 5 Time(s) unknown (170.106.114.187): 5 Time(s) unknown (170.106.65.5): 5 Time(s) unknown (43.157.21.15): 5 Time(s) unknown (91.103.252.1): 5 Time(s) root (103.101.160.198): 4 Time(s) root (124.47.36.58): 4 Time(s) root (137.220.228.87): 4 Time(s) root (152.42.246.232): 4 Time(s) root (167.71.220.193): 4 Time(s) root (170.106.114.187): 4 Time(s) root (182.93.50.90): 4 Time(s) root (221.226.183.94): 4 Time(s) root (43.128.84.19): 4 Time(s) root (43.130.225.212): 4 Time(s) root (43.131.255.3): 4 Time(s) root (43.134.85.220): 4 Time(s) root (43.153.186.220): 4 Time(s) root (43.155.186.231): 4 Time(s) root (43.156.26.86): 4 Time(s) root (49.51.178.89): 4 Time(s) unknown (107.172.190.236): 4 Time(s) unknown (124.47.36.58): 4 Time(s) unknown (181.114.232.98): 4 Time(s) unknown (235.ip-51-38-39.eu): 4 Time(s) unknown (43.156.114.195): 4 Time(s) unknown (47.98.230.152): 4 Time(s) root (119.96.119.161): 3 Time(s) root (170.106.65.5): 3 Time(s) root (43.153.195.114): 3 Time(s) root (43.155.140.76): 3 Time(s) root (43.157.21.15): 3 Time(s) root (43.163.242.250): 3 Time(s) root (47.247.116.211): 3 Time(s) root (91.103.252.1): 3 Time(s) unknown (119.96.119.161): 3 Time(s) unknown (159.223.87.140): 3 Time(s) unknown (183.81.169.139): 3 Time(s) unknown (ppp-110-169-222-20.revip5.asianet.co.th): 3 Time(s) root (113.142.54.163): 2 Time(s) root (113.233.122.206): 2 Time(s) root (120.48.95.10): 2 Time(s) root (122.51.246.102): 2 Time(s) root (139.59.10.188): 2 Time(s) root (155.248.243.251): 2 Time(s) root (161.35.136.120): 2 Time(s) root (162.62.226.7): 2 Time(s) root (41.82.208.182): 2 Time(s) root (43.128.104.222): 2 Time(s) root (43.134.183.142): 2 Time(s) root (43.134.184.137): 2 Time(s) root (43.163.228.2): 2 Time(s) root (77.91.78.115): 2 Time(s) root (82.207.8.202): 2 Time(s) root (c-71-196-161-148.hsd1.co.comcast.net): 2 Time(s) unknown (113.142.54.163): 2 Time(s) unknown (119.3.213.219): 2 Time(s) unknown (120.48.95.10): 2 Time(s) unknown (174.138.15.119): 2 Time(s) unknown (43.134.183.142): 2 Time(s) unknown (43.163.228.2): 2 Time(s) unknown (64.23.171.251): 2 Time(s) nobody (181.114.232.98): 1 Time(s) nobody (43.128.104.222): 1 Time(s) nobody (43.134.184.137): 1 Time(s) nobody (43.134.85.220): 1 Time(s) nobody (43.155.186.231): 1 Time(s) root (120.48.67.215): 1 Time(s) root (129.204.224.239): 1 Time(s) temp (43.163.242.195): 1 Time(s) unknown (185.196.8.151): 1 Time(s) unknown (194.24.166.92): 1 Time(s) unknown (209.38.28.156): 1 Time(s) Invalid Users: Unknown Account: 485 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 76 Miscellaneous warnings 89 Connections 66 Connections lost (inbound) 89 Disconnections 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** systemd-logind: New seat seat0.: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Network Read Write Errors: 8 SSHD Started: 2 Time(s) Failed logins from: 35.194.181.153 (153.181.194.35.bc.googleusercontent.com): 6 times 41.82.208.182: 2 times 43.128.84.19: 4 times 43.128.104.222: 3 times 43.130.225.212: 4 times 43.131.255.3: 4 times 43.134.73.223: 5 times 43.134.85.220: 5 times 43.134.101.44: 6 times 43.134.102.172: 5 times 43.134.183.142: 2 times 43.134.184.137: 3 times 43.153.186.220: 4 times 43.153.195.114: 3 times 43.155.140.76: 3 times 43.155.186.231: 5 times 43.156.26.86: 4 times 43.156.114.195: 9 times 43.157.21.15: 3 times 43.163.228.2: 2 times 43.163.242.195: 13 times 43.163.242.250: 3 times 47.98.230.152: 5 times 47.247.116.211: 3 times 49.51.178.89: 4 times 49.207.1.85 (49.207.1.85.actcorp.in): 78 times 51.38.39.235 (235.ip-51-38-39.eu): 5 times 71.196.161.148 (c-71-196-161-148.hsd1.co.comcast.net): 2 times 77.91.78.115 (test.aeza.network): 2 times 82.207.8.202 (202-8-207-82.pool.ukrtel.net): 2 times 91.103.252.1 (noxious-temper.aeza.network): 3 times 103.101.160.198: 4 times 107.172.190.236 (107-172-190-236-host.colocrossing.com): 6 times 113.142.54.163: 2 times 113.233.122.206: 2 times 118.25.94.207: 6 times 119.23.227.219: 5 times 119.96.119.161: 3 times 120.48.67.215: 1 time 120.48.95.10: 2 times 122.51.246.102: 2 times 124.45.40.189 (g189.124-45-40.ppp.wakwak.ne.jp): 10 times 124.47.36.58: 4 times 124.156.199.133: 6 times 124.156.213.101: 5 times 124.222.175.169: 6 times 124.223.195.251: 8 times 129.204.224.239: 1 time 137.220.228.87: 4 times 139.59.10.188: 2 times 152.42.246.232: 4 times 154.73.25.116: 5 times 155.248.243.251: 2 times 161.35.136.120: 2 times 162.62.226.7: 2 times 165.154.19.74: 7 times 167.71.220.193: 4 times 170.106.65.5: 3 times 170.106.114.187: 4 times 179.43.180.108 (hostedby.privatelayer.com): 19 times 181.114.232.98: 7 times 182.93.50.90 (n18293z50l90.static.ctmip.net): 4 times 183.81.169.238: 24 times 187.112.129.142 (187.112.129.142.static.host.gvt.net.br): 6 times 203.145.138.130: 74 times 221.226.183.94: 4 times Illegal users from: 2001:470:1:c84::28 (scan-18o.shadowserver.org): 1 time undef: 197 times 35.194.181.153 (153.181.194.35.bc.googleusercontent.com): 6 times 41.82.208.182: 8 times 43.128.84.19: 7 times 43.128.104.222: 8 times 43.130.225.212: 7 times 43.131.255.3: 7 times 43.134.73.223: 7 times 43.134.85.220: 6 times 43.134.101.44: 6 times 43.134.102.172: 7 times 43.134.183.142: 2 times 43.134.184.137: 8 times 43.153.186.220: 7 times 43.153.195.114: 8 times 43.154.179.9: 9 times 43.155.140.76: 8 times 43.155.186.231: 6 times 43.156.26.86: 7 times 43.156.114.195: 4 times 43.157.21.15: 5 times 43.163.228.2: 2 times 43.163.242.195: 13 times 43.163.242.250: 7 times 47.98.230.152: 4 times 47.247.116.211: 8 times 49.51.178.89: 6 times 49.207.1.85 (49.207.1.85.actcorp.in): 6 times 51.38.39.235 (235.ip-51-38-39.eu): 4 times 64.23.171.251: 2 times 65.49.1.28 (scan-53e.shadowserver.org): 1 time 71.196.161.148 (c-71-196-161-148.hsd1.co.comcast.net): 8 times 77.91.78.115 (test.aeza.network): 8 times 82.207.8.202 (202-8-207-82.pool.ukrtel.net): 7 times 91.103.252.1 (noxious-temper.aeza.network): 5 times 103.101.160.198: 8 times 107.172.190.236 (107-172-190-236-host.colocrossing.com): 4 times 110.169.222.20 (ppp-110-169-222-20.revip5.asianet.co.th): 3 times 113.142.54.163: 2 times 113.233.122.206: 7 times 118.25.94.207: 6 times 119.3.213.219 (ecs-119-3-213-219.compute.hwclouds-dns.com): 2 times 119.23.227.219: 7 times 119.96.119.161: 3 times 120.48.67.215: 6 times 120.48.95.10: 2 times 122.51.246.102: 6 times 124.45.40.189 (g189.124-45-40.ppp.wakwak.ne.jp): 15 times 124.47.36.58: 4 times 124.156.199.133: 6 times 124.156.213.101: 5 times 124.222.175.169: 5 times 124.223.195.251: 5 times 129.204.224.239: 7 times 137.220.228.87: 7 times 139.59.10.188: 9 times 150.158.99.120: 5 times 152.42.246.232: 7 times 154.73.25.116: 7 times 155.248.243.251: 8 times 159.223.66.124: 48 times 159.223.87.140: 3 times 161.35.136.120: 5 times 162.62.226.7: 7 times 165.154.19.74: 6 times 167.71.220.193: 9 times 170.106.65.5: 5 times 170.106.98.234: 9 times 170.106.114.187: 5 times 171.211.106.121: 6 times 174.138.15.119: 2 times 181.114.232.98: 4 times 182.93.50.90 (n18293z50l90.static.ctmip.net): 11 times 183.81.169.139: 3 times 185.196.8.151: 1 time 187.112.129.142 (187.112.129.142.static.host.gvt.net.br): 6 times 194.24.166.92 (39networks.net): 1 time 203.145.138.130: 10 times 209.38.28.156: 1 time 221.226.183.94: 7 times **Unmatched Entries** fatal: buffer_get_string: buffer error [preauth] : 1 time(s) Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 3 time(s) error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop22185p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################