################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Jul 19 04:42:05 2021 Date Range Processed: yesterday ( 2021-Jul-18 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [115:114] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 13 sites probed the server 120.85.116.131 138.68.129.149 138.68.141.204 159.65.128.175 159.65.30.100 161.35.155.60 20.106.32.146 205.185.115.135 209.141.41.98 27.115.124.9 34.82.21.192 5.188.210.227 85.215.248.161 Requests with error response codes 400 Bad Request null: 21 Time(s) /: 16 Time(s) *G_\x9F\xC8\x16\x80\x04jt\x90\xD9\xAB(\x8D ... x13\x97\xB4\xE9: 4 Time(s) /3000D00E0000FFFF3F00313137443737313436343 ... 000000000000000: 2 Time(s) /socket.io/?noteId=release-notes&EIO=3&tra ... HXO-hIbE2JXAAHP: 2 Time(s) /socket.io/?noteId=release-notes&EIO=3&tra ... EO1vVdsT54MAAHR: 1 Time(s) /socket.io/?noteId=release-notes&EIO=3&tra ... q3PX8X5vGvIAAHQ: 1 Time(s) 7: 1 Time(s) G?\xC7)J\x08\xB5+^9\x16j: 1 Time(s) mstshash=Administr: 1 Time(s) 404 Not Found /robots.txt: 31 Time(s) /wp-login.php: 4 Time(s) /.well-known/security.txt: 2 Time(s) /security.txt: 2 Time(s) /xmlrpc.php: 2 Time(s) /%7C: 1 Time(s) /.env: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //2020/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) /neuigkeiten/einladung-mgv-ws2011: 1 Time(s) /reader/1989-wi-berlin.pdf: 1 Time(s) /reader/1993-so-reader_do93.pdf: 1 Time(s) /reader/1993-wi-reader_st93.pdf: 1 Time(s) /reader/1994-wi-reader_hb94.pdf: 1 Time(s) /reader/1995-so-reader_ha95.pdf: 1 Time(s) /reader/1995-wi-reader_bn95.pdf: 1 Time(s) /reader/1998-so-reader_ro98.pdf: 1 Time(s) 499 (undefined) /socket.io/?noteId=release-notes&EIO=3&tra ... CB5Vzi2BP3ZAAHS: 1 Time(s) /socket.io/?noteId=release-notes&EIO=3&tra ... EO1vVdsT54MAAHR: 1 Time(s) /socket.io/?noteId=release-notes&EIO=3&tra ... HXO-hIbE2JXAAHP: 1 Time(s) /socket.io/?noteId=release-notes&EIO=3&tra ... q3PX8X5vGvIAAHQ: 1 Time(s) 500 Internal Server Error /: 26 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s) /?XDEBUG_SESSION_START=phpstorm: 2 Time(s) /Autodiscover/Autodiscover.xml: 2 Time(s) /_ignition/execute-solution: 2 Time(s) /api/jsonws/invoke: 2 Time(s) /console/: 2 Time(s) /favicon.ico: 2 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s) /mifs/.;/services/LogService: 2 Time(s) /robots.txt: 2 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s) //login_sid.lua: 1 Time(s) /actuator/health: 1 Time(s) /dns-query: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /public/.env: 1 Time(s) /sitemap.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (52.131.246.255): 70 Time(s) root (117.211.126.230): 51 Time(s) root (190.66.54.181): 50 Time(s) root (ip-208-109-11-147.ip.secureserver.net): 50 Time(s) root (180.76.246.38): 48 Time(s) root (120.52.93.191): 47 Time(s) root (106.13.123.239): 45 Time(s) root (121.227.16.206): 44 Time(s) root (103.167.53.253): 40 Time(s) root (49.232.142.213): 37 Time(s) root (121.5.55.208): 36 Time(s) root (210.12.168.79): 35 Time(s) root (106.53.229.213): 30 Time(s) root (198.251.68.52): 28 Time(s) root (119.84.128.24): 27 Time(s) root (163.172.169.92): 26 Time(s) root (58.147.187.38): 26 Time(s) root (220.225.126.55): 23 Time(s) unknown (106.75.236.116): 21 Time(s) unknown (170.106.153.172): 21 Time(s) unknown (188.166.229.193): 19 Time(s) unknown (59-125-129-47.hinet-ip.hinet.net): 18 Time(s) unknown (dev1.voipe.cc): 18 Time(s) unknown (139.59.103.44): 16 Time(s) unknown (ppp-124-122-128-27.revip2.asianet.co.th): 15 Time(s) root (59-125-129-47.hinet-ip.hinet.net): 14 Time(s) root (103.86.180.10): 13 Time(s) root (58.32.11.150): 13 Time(s) root (115.182.105.68): 12 Time(s) root (89.219.16.149): 12 Time(s) unknown (141.98.10.27): 12 Time(s) root (218.153.89.102): 11 Time(s) unknown (141.98.10.203): 11 Time(s) unknown (45.146.166.111): 11 Time(s) root (da.up2uhost.com): 9 Time(s) unknown (14.98.82.230): 9 Time(s) unknown (141.98.10.56): 9 Time(s) unknown (209.141.55.110): 9 Time(s) root (213.174.106.178): 8 Time(s) unknown (199.195.248.154): 8 Time(s) root (131.1.245.34): 6 Time(s) root (app1.qbmatic.com): 6 Time(s) unknown (205.185.127.25): 6 Time(s) root (123.127.237.43): 5 Time(s) root (149.129.214.115): 5 Time(s) root (176.122.149.209.16clouds.com): 5 Time(s) root (188.166.229.193): 5 Time(s) root (212.64.71.254): 5 Time(s) root (dev1.voipe.cc): 5 Time(s) root (123.139.240.10): 4 Time(s) root (139.59.103.44): 4 Time(s) root (170.106.153.172): 4 Time(s) root (45.146.166.111): 4 Time(s) unknown (123.127.237.43): 4 Time(s) unknown (104.236.42.124): 3 Time(s) unknown (141.98.10.179): 3 Time(s) unknown (app1.qbmatic.com): 3 Time(s) mysql (14.98.82.230): 2 Time(s) root (104.244.72.34): 2 Time(s) root (106.75.236.116): 2 Time(s) unknown (104.244.72.34): 2 Time(s) unknown (142.93.97.193): 2 Time(s) unknown (186.227.150.54): 2 Time(s) unknown (193.169.254.113): 2 Time(s) unknown (45.135.232.165): 2 Time(s) unknown (6.41.99.84.rev.sfr.net): 2 Time(s) mysql (139.59.103.44): 1 Time(s) postgres (188.166.229.193): 1 Time(s) postgres (45.135.232.165): 1 Time(s) root (1.116.68.197): 1 Time(s) root (103.219.112.88): 1 Time(s) root (128.199.133.125): 1 Time(s) root (14.98.82.230): 1 Time(s) root (185.100.87.72): 1 Time(s) root (195.154.35.52): 1 Time(s) root (36.110.114.29): 1 Time(s) root (36.91.119.221): 1 Time(s) unknown (123.139.240.10): 1 Time(s) unknown (195.133.40.104): 1 Time(s) Invalid Users: Unknown Account: 230 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 18.567K Bytes accepted 19,013 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 339 Connections 229 Connections lost (inbound) 339 Disconnections 1 Removed from queue 1 Sent via SMTP 45 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 1.116.68.197: 1 time 14.98.82.230 (static-230.82.98.14-tataidc.co.in): 3 times 36.91.119.221: 1 time 36.110.114.29 (29.114.110.36.static.bjtelecom.net): 1 time 45.135.232.165: 1 time 45.146.166.111: 4 times 49.232.142.213: 37 times 52.131.246.255: 70 times 58.32.11.150: 13 times 58.147.187.38: 26 times 59.125.129.47 (59-125-129-47.HINET-IP.hinet.net): 14 times 89.219.16.149: 12 times 103.86.180.10: 13 times 103.167.53.253: 40 times 103.219.112.88: 1 time 104.244.72.34: 2 times 106.13.123.239: 45 times 106.53.229.213: 30 times 106.75.236.116: 2 times 115.182.105.68: 11 times 117.211.126.230: 51 times 119.84.128.24: 27 times 120.52.93.191: 47 times 121.5.55.208: 36 times 121.227.16.206: 44 times 123.127.237.43: 5 times 123.139.240.10: 4 times 128.199.133.125: 1 time 128.199.154.15 (app1.qbmatic.com): 6 times 131.1.245.34: 6 times 139.59.103.44: 5 times 149.129.214.115: 5 times 163.172.169.92 (92-169-172-163.instances.scw.cloud): 26 times 170.106.153.172: 4 times 176.122.149.209 (176.122.149.209.16clouds.com): 5 times 178.128.197.132 (dev1.voipe.cc): 5 times 180.76.246.38: 48 times 185.100.87.72 (iclnm.worlpeed.net): 1 time 188.166.229.193: 6 times 190.66.54.181: 50 times 195.154.35.52 (195-154-35-52.rev.poneytelecom.eu): 1 time 198.251.68.52: 28 times 203.151.21.252 (da.up2uhost.com): 9 times 208.109.11.147 (ip-208-109-11-147.ip.secureserver.net): 50 times 210.12.168.79: 35 times 212.64.71.254: 5 times 213.174.106.178 (178-106-174-213.dsl.hubone.fr): 8 times 218.153.89.102: 11 times 220.225.126.55: 23 times Illegal users from: undef: 120 times 14.98.82.230 (static-230.82.98.14-tataidc.co.in): 9 times 45.135.232.165: 2 times 45.146.166.111: 11 times 59.125.129.47 (59-125-129-47.HINET-IP.hinet.net): 18 times 65.49.20.66 (scan-17.shadowserver.org): 1 time 84.99.41.6 (6.41.99.84.rev.sfr.net): 2 times 104.236.42.124: 3 times 104.244.72.34: 2 times 106.75.236.116: 21 times 123.127.237.43: 4 times 123.139.240.10: 1 time 124.122.128.27 (ppp-124-122-128-27.revip2.asianet.co.th): 15 times 128.199.154.15 (app1.qbmatic.com): 3 times 139.59.103.44: 16 times 141.98.10.27: 12 times 141.98.10.56: 9 times 141.98.10.179 (er.includeswitche.com): 3 times 141.98.10.203: 11 times 142.93.97.193: 2 times 170.106.153.172: 21 times 178.128.197.132 (dev1.voipe.cc): 18 times 186.227.150.54 (186.227.150.54.interone.com.br): 2 times 188.166.229.193: 19 times 193.169.254.113: 2 times 195.133.40.104: 1 time 199.195.248.154: 8 times 205.185.127.25 (serveroperations.com): 6 times 209.141.55.110: 9 times **Unmatched Entries** fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 6 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################