################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Dec 3 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-02 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 60:60 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 10 sites probed the server 103.156.91.51 119.28.114.205 159.223.56.88 161.35.230.183 161.35.236.158 175.183.16.135 178.62.223.215 23.102.38.254 35.172.182.246 45.143.99.69 Requests with error response codes 400 Bad Request null: 15 Time(s) /: 4 Time(s) mstshash=Domain: 4 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... GCvVNZKVqz6AABd: 2 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... PtzOfAce59GAABI: 2 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /bag2: 1 Time(s) /c/version.js: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2 ... %2e/.%2e/bin/sh: 1 Time(s) /flu/403.html: 1 Time(s) /gemini-iptv/get_prc.php: 1 Time(s) /gemini-iptv/vod.json: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... eMT4jTTZ7nTAABx: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... fbD-rEgoTG6AAAy: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... itCw9EUJAbfAABh: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... l3vOKhfWJ0sAABC: 1 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... 4beaDlkZwelAABN: 1 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... DpYu1hzlxeCAABf: 1 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... PgNKFBElyv2AAB4: 1 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... kUOY8_KkekCAABJ: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) \x96\x0F\xFC\xA0\xB9\x1A\x1D\x16\xC0H\x81\ ... x09\xC0\x13\xC0: 1 Time(s) \xB6\xC5\xE7\xFE\x8A\x83(\xDC\xC3\xB2\xFC\ ... DE\x86\xEB\xCA0: 1 Time(s) \xBC\xD4\xC1\xE4A\x9E\x03\xAE\xDFgT\x05: 1 Time(s) \xDA\xB6\x8E83\xBD\xDE\xEDv\xE9\xAD\x1B\xE ... C\x00<\x00/\x00: 1 Time(s) 500 Internal Server Error /: 55 Time(s) /.env: 6 Time(s) /robots.txt: 4 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s) /mifs/.;/services/LogService: 2 Time(s) /.well-known/security.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /HNAP1: 1 Time(s) /actuator/health: 1 Time(s) /c/version.js: 1 Time(s) /console/: 1 Time(s) /evox/about: 1 Time(s) /favicon.ico: 1 Time(s) /flu/403.html: 1 Time(s) /gemini-iptv/get_prc.php: 1 Time(s) /gemini-iptv/vod.json: 1 Time(s) /nmaplowercheck1638456878: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /sdk: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /v2/api-docs: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (46.101.94.164): 39 Time(s) root (186.67.248.6): 38 Time(s) root (1.15.106.44): 34 Time(s) root (103.122.246.125): 32 Time(s) root (82.157.189.241): 32 Time(s) root (211.157.148.2): 31 Time(s) root (91.192.4.91): 30 Time(s) root (218.25.140.72): 26 Time(s) unknown (91.192.4.91): 20 Time(s) root (175.209.89.234): 19 Time(s) root (202.165.25.137): 19 Time(s) root (49.232.210.62): 19 Time(s) root (14.98.54.222): 18 Time(s) root (190.145.12.233): 18 Time(s) unknown (45.80.64.246): 17 Time(s) root (45.80.64.246): 16 Time(s) unknown (82.157.189.241): 16 Time(s) unknown (1.15.106.44): 14 Time(s) unknown (211.157.148.2): 14 Time(s) unknown (218.25.140.72): 14 Time(s) unknown (14.98.54.222): 12 Time(s) unknown (186.67.248.6): 12 Time(s) root (90.189.182.30): 11 Time(s) unknown (103.122.246.125): 11 Time(s) unknown (202.165.25.137): 11 Time(s) unknown (49.232.210.62): 11 Time(s) root (net-2-45-185-2.cust.vodafonedsl.it): 10 Time(s) unknown (90.189.182.30): 10 Time(s) unknown (92.255.85.237): 10 Time(s) root (106.12.179.113): 9 Time(s) unknown (106.12.179.113): 9 Time(s) unknown (141.98.10.82): 9 Time(s) unknown (46.101.94.164): 9 Time(s) unknown (190.145.12.233): 7 Time(s) root (180.215.168.18): 6 Time(s) unknown (209.141.47.245): 6 Time(s) unknown (112.166.133.216): 5 Time(s) unknown (smtp.promedica.com.br): 5 Time(s) root (141.98.10.246): 4 Time(s) unknown (141.98.10.246): 4 Time(s) unknown (195.133.18.104): 4 Time(s) unknown (209.141.33.121): 4 Time(s) unknown (209.141.34.220): 4 Time(s) unknown (209.141.53.74): 4 Time(s) root (112.166.133.216): 3 Time(s) root (91.144.135.82): 3 Time(s) root (smtp.promedica.com.br): 3 Time(s) unknown (116.110.252.176): 3 Time(s) unknown (175.209.89.234): 3 Time(s) unknown (194.85.248.40): 3 Time(s) unknown (212.192.241.37): 3 Time(s) unknown (h2877746.stratoserver.net): 3 Time(s) unknown (net-2-45-185-2.cust.vodafonedsl.it): 3 Time(s) root (45.88.137.100): 2 Time(s) root (61.135.152.226): 2 Time(s) root (92.255.85.237): 2 Time(s) unknown (141.98.10.60): 2 Time(s) unknown (179.162.111.189): 2 Time(s) unknown (209.141.32.141): 2 Time(s) mysql (46.101.94.164): 1 Time(s) postgres (211.157.148.2): 1 Time(s) root (20.124.202.143): 1 Time(s) unknown (119.42.101.47): 1 Time(s) unknown (136.144.41.3): 1 Time(s) unknown (141.98.10.202): 1 Time(s) unknown (190.107.170.11): 1 Time(s) unknown (20.124.202.143): 1 Time(s) unknown (205.185.115.39): 1 Time(s) unknown (209.141.33.193): 1 Time(s) unknown (23.183.81.54): 1 Time(s) unknown (41.137.137.92): 1 Time(s) unknown (60.19.20.235): 1 Time(s) unknown (61.135.152.226): 1 Time(s) unknown (91.144.135.82): 1 Time(s) Invalid Users: Unknown Account: 278 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 12.091K Bytes accepted 12,381 12.091K Bytes sent via SMTP 12,381 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 731 Connections 558 Connections lost (inbound) 731 Disconnections 1 Removed from queue 1 Sent via SMTP 3 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Network Read Write Errors: 1 Failed logins from: 1.15.106.44: 34 times 2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 10 times 14.98.54.222 (static-222.54.98.14-tataidc.co.in): 18 times 20.124.202.143: 1 time 45.80.64.246: 16 times 45.88.137.100: 2 times 46.101.94.164: 40 times 49.232.210.62: 19 times 61.135.152.226: 2 times 82.157.189.241: 32 times 90.189.182.30 (b-internet.90.189.182.30.snt.ru): 11 times 91.144.135.82 (91x144x135x82.static-business.chel.ertelecom.ru): 3 times 91.192.4.91: 30 times 92.255.85.237: 2 times 103.122.246.125: 32 times 106.12.179.113: 9 times 112.166.133.216: 3 times 141.98.10.246 (while-alerte.flightcrown.com): 4 times 175.209.89.234: 19 times 180.215.168.18: 6 times 186.67.248.6: 38 times 190.145.12.233: 18 times 200.215.168.145 (smtp.promedica.com.br): 3 times 202.165.25.137: 19 times 211.157.148.2: 32 times 218.25.140.72: 26 times Illegal users from: 2001:470:1:332::7: 1 time undef: 167 times 1.15.106.44: 14 times 2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 3 times 14.98.54.222 (static-222.54.98.14-tataidc.co.in): 12 times 20.124.202.143: 1 time 23.183.81.54: 1 time 41.137.137.92: 1 time 45.80.64.246: 17 times 46.101.94.164: 9 times 49.232.210.62: 11 times 60.19.20.235: 1 time 61.135.152.226: 1 time 65.49.20.67 (scan-18.shadowserver.org): 1 time 81.169.193.87 (h2877746.stratoserver.net): 3 times 82.157.189.241: 16 times 90.189.182.30 (b-internet.90.189.182.30.snt.ru): 10 times 91.144.135.82 (91x144x135x82.static-business.chel.ertelecom.ru): 1 time 91.192.4.91: 20 times 92.255.85.237: 10 times 103.122.246.125: 11 times 106.12.179.113: 9 times 112.166.133.216: 5 times 116.110.252.176: 3 times 119.42.101.47: 1 time 136.144.41.3: 1 time 141.98.10.60: 2 times 141.98.10.82: 9 times 141.98.10.202: 1 time 141.98.10.246 (while-alerte.flightcrown.com): 4 times 152.32.170.230: 1 time 175.209.89.234: 3 times 178.73.215.171 (178-73-215-171-static.glesys.net): 1 time 179.162.111.189 (179.162.111.189.dynamic.adsl.gvt.net.br): 2 times 186.67.248.6: 12 times 190.107.170.11: 1 time 190.145.12.233: 7 times 194.85.248.40: 3 times 195.133.18.104: 4 times 200.215.168.145 (smtp.promedica.com.br): 5 times 202.165.25.137: 11 times 205.185.115.39 (mx.learnmorefun.org): 1 time 209.141.32.141 (smtp9.dfsfasfasf.xyz): 2 times 209.141.33.121: 4 times 209.141.33.193 (mx.chinadomainregistry.org): 1 time 209.141.34.220 (meshlv02.oxds.org): 4 times 209.141.47.245: 6 times 209.141.53.74: 4 times 211.157.148.2: 14 times 212.192.241.37: 3 times 218.25.140.72: 14 times **Unmatched Entries** error: Received disconnect from 20.124.202.143: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] : 2 time(s) error: Received disconnect from 200.215.168.145: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] : 6 time(s) Protocol major versions differ for 154.88.26.229: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Server : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################