################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun May 9 04:42:05 2021 Date Range Processed: yesterday ( 2021-May-08 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [193:194] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 8 sites probed the server 159.65.110.253 198.20.99.130 3.87.34.66 34.123.195.66 5.188.210.227 62.210.178.60 64.227.3.111 80.82.77.33 Requests with error response codes 400 Bad Request null: 28 Time(s) *G_\x9F\xC8\x16\x80\x04jt\x90\xD9\xAB(\x8D ... x13\x97\xB4\xE9: 1 Time(s) /0bef: 1 Time(s) /config/getuser?index=0: 1 Time(s) /robots.txt: 1 Time(s) 7: 1 Time(s) http://5.188.210.227/echo.php: 1 Time(s) mstshash=Administr: 1 Time(s) 403 Forbidden /resolutionen/sose17/gesellschaftlich_verantwortung/: 2 Time(s) /resolutionen/wise17/Pruefungsunfaehigkeit/: 1 Time(s) 404 Not Found /robots.txt: 24 Time(s) /wp-login.php: 2 Time(s) /.env: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //2020/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) /berlin/zapf/apple-touch-icon.png: 1 Time(s) /download/reader_re94.pdf: 1 Time(s) /protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 1 Time(s) /reader/2016_SoSe_Konstanz_lang.pdf%7CLangversion: 1 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf%7C: 1 Time(s) /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 1 Time(s) /resolutionen/sose17/symptompflicht/PosPapier_: 1 Time(s) /sites/default/files/1995_WiSe_Bonn.pdf: 1 Time(s) /sites/default/files/2010-11-26%20vorgesch ... A4nderungen.pdf: 1 Time(s) /sites/default/files/2011_SoSe_Dresden.pdf: 1 Time(s) /xmlrpc.php: 1 Time(s) /zapf/reader/2018_WiSe_Wuerzburg: 1 Time(s) 499 (undefined) /fonts/SourceCodePro-Regular.woff: 2 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 1 Time(s) /build/emojify.js/dist/images/basic/smile.png: 1 Time(s) /build/font-pack.fef3ca2736298be630a4.css: 1 Time(s) /build/index-styles-pack.fef3ca2736298be630a4.css: 1 Time(s) /build/index-styles.fef3ca2736298be630a4.css: 1 Time(s) /build/index.fef3ca2736298be630a4.css: 1 Time(s) 500 Internal Server Error /: 88 Time(s) /favicon.ico: 4 Time(s) /.well-known/security.txt: 2 Time(s) /robots.txt: 2 Time(s) /sitemap.xml: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.env: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /vendor/phpunit/phpunit/phpunit.xml: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (103.108.87.133): 100 Time(s) root (103.69.124.247): 100 Time(s) root (103.7.1.10): 100 Time(s) root (114.67.95.121): 100 Time(s) root (124.205.84.17): 100 Time(s) root (124.205.84.20): 100 Time(s) root (157.245.53.23): 100 Time(s) root (193.233.6.156): 100 Time(s) root (197.5.145.93): 100 Time(s) root (206.189.32.192): 100 Time(s) root (222.191.234.30): 100 Time(s) root (49.51.184.162): 100 Time(s) root (bras-base-mtrlpq3704w-grc-17-174-89-214-176.dsl.bell.ca): 100 Time(s) root (host-79-7-62-60.business.telecomitalia.it): 100 Time(s) root (kzn18.internetdsl.tpnet.pl): 100 Time(s) root (148.70.35.135): 99 Time(s) root (42.194.142.143): 99 Time(s) root (database.inforganic.net): 99 Time(s) root (139.155.35.149): 98 Time(s) root (152.32.216.166): 98 Time(s) root (165.232.111.17): 97 Time(s) root (157.245.124.160): 96 Time(s) root (218.30.91.130): 94 Time(s) root (103.147.4.180): 93 Time(s) root (101.71.3.53): 91 Time(s) root (115.238.97.2): 89 Time(s) root (106.12.106.140): 88 Time(s) root (183.134.65.197): 87 Time(s) root (59.165.161.178): 85 Time(s) root (152.32.190.172): 84 Time(s) root (121.4.71.96): 82 Time(s) root (198.199.97.218): 72 Time(s) root (122.225.55.70): 70 Time(s) root (195-133-216-62.in-addr.mastertelecom.ru): 70 Time(s) root (210.245.92.136): 64 Time(s) root (211.144.68.45): 64 Time(s) root (212.64.95.187): 61 Time(s) root (139.199.74.92): 58 Time(s) root (177.139.163.80): 58 Time(s) root (36.82.106.238): 58 Time(s) root (lonleylion.com): 57 Time(s) root (81.68.244.19): 56 Time(s) root (104.131.88.229): 55 Time(s) root (174.138.0.130): 55 Time(s) root (206.72.194.194): 55 Time(s) root (82.156.205.84): 54 Time(s) root (101.32.48.90): 52 Time(s) root (209.97.163.175): 52 Time(s) root (220.247.246.105): 52 Time(s) root (49.232.223.106): 52 Time(s) root (170.106.153.36): 51 Time(s) root (128.199.129.55): 50 Time(s) root (150.158.110.27): 50 Time(s) root (121.5.137.64): 49 Time(s) root (103.39.215.2): 48 Time(s) root (139.186.133.118): 48 Time(s) root (net-2-45-185-2.cust.vodafonedsl.it): 48 Time(s) root (106.53.136.5): 42 Time(s) root (82-65-203-32.subs.proxad.net): 42 Time(s) root (destek.in): 42 Time(s) root (120.35.26.129): 41 Time(s) root (144.126.210.64): 41 Time(s) root (49.232.12.131): 33 Time(s) root (185.23.201.193): 30 Time(s) root (206.189.126.211): 29 Time(s) root (216.10.242.121): 24 Time(s) root (113.134.211.42): 23 Time(s) root (adsl-72-50-1-35.prtc.net): 23 Time(s) root (113.111.228.153): 21 Time(s) root (142.93.118.252): 21 Time(s) root (adsl-72-50-2-3.prtc.net): 21 Time(s) root (107.182.22.118.16clouds.com): 19 Time(s) root (adsl-72-50-0-18.prtc.net): 18 Time(s) root (122.166.237.117): 16 Time(s) root (193.112.42.13): 15 Time(s) unknown (128-74-229-253.broadband.corbina.ru): 14 Time(s) root (62.234.118.5): 12 Time(s) unknown (45.7.165.87): 11 Time(s) unknown (185.36.81.184): 9 Time(s) unknown (45.146.165.151): 9 Time(s) root (209.141.52.246): 8 Time(s) root (117.158.87.112): 6 Time(s) root (213.74.22.134): 6 Time(s) root (27.110.250.34): 6 Time(s) root (43.226.155.16): 6 Time(s) root (121.4.147.213): 5 Time(s) root (47.92.83.209): 5 Time(s) root (103.147.5.89): 4 Time(s) root (45.146.165.151): 4 Time(s) root (vps-44e877d2.vps.ovh.net): 4 Time(s) unknown (45.133.1.158): 4 Time(s) unknown (136.49.130.150): 2 Time(s) unknown (185.36.81.52): 2 Time(s) unknown (194.165.16.89): 2 Time(s) unknown (82-64-6-18.subs.proxad.net): 2 Time(s) backup (45.146.165.151): 1 Time(s) root (103.91.67.235): 1 Time(s) root (112.64.67.36): 1 Time(s) root (125.124.193.203): 1 Time(s) root (202.115.29.234): 1 Time(s) root (36.112.170.36): 1 Time(s) root (36.94.2.139): 1 Time(s) root (43.128.4.149): 1 Time(s) root (59.72.122.148): 1 Time(s) root (67.pool85-50-13.dynamic.orange.es): 1 Time(s) unknown (193.169.254.220): 1 Time(s) unknown (199.195.254.81): 1 Time(s) unknown (209.141.52.246): 1 Time(s) unknown (23.129.64.203): 1 Time(s) unknown (23.129.64.206): 1 Time(s) unknown (23.129.64.230): 1 Time(s) unknown (23.129.64.251): 1 Time(s) unknown (45.153.160.136): 1 Time(s) unknown (66.230.230.230): 1 Time(s) unknown (tor-exit-ro.letztermensch.com): 1 Time(s) unknown (tor-exit0-readme.dfri.se): 1 Time(s) unknown (vps-44e877d2.vps.ovh.net): 1 Time(s) Invalid Users: Unknown Account: 67 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 4 Miscellaneous warnings 18.170K Bytes accepted 18,606 18.170K Bytes sent via SMTP 18,606 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 9 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 9 Total 4xx Rejects 100.00% ======== ================================================== 392 Connections 56 Connections lost (inbound) 392 Disconnections 1 Removed from queue 1 Sent via SMTP 5 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 48 times 5.196.27.163 (vps-44e877d2.vps.ovh.net): 4 times 27.110.250.34: 6 times 36.82.106.238: 58 times 36.94.2.139: 1 time 36.112.170.36: 1 time 42.194.142.143: 99 times 43.128.4.149: 1 time 43.226.155.16: 6 times 45.146.165.151: 5 times 47.92.83.209: 5 times 49.51.184.162: 100 times 49.232.12.131: 33 times 49.232.223.106: 52 times 59.72.122.148: 1 time 59.165.161.178 (59.165.161.178.man-static.vsnl.net.in): 85 times 62.234.118.5: 12 times 72.50.0.18 (adsl-72-50-0-18.prtc.net): 18 times 72.50.1.35 (adsl-72-50-1-35.prtc.net): 23 times 72.50.2.3 (adsl-72-50-2-3.prtc.net): 21 times 79.7.62.60 (host-79-7-62-60.business.telecomitalia.it): 100 times 81.68.244.19: 56 times 82.65.203.32 (82-65-203-32.subs.proxad.net): 42 times 82.156.205.84: 54 times 85.50.13.67 (67.pool85-50-13.dynamic.orange.es): 1 time 91.217.83.61 (lonleylion.com): 57 times 95.50.91.18 (kzn18.internetdsl.tpnet.pl): 100 times 101.32.48.90: 52 times 101.71.3.53: 91 times 103.7.1.10 (dukungjokowiamin.com): 100 times 103.39.215.2: 48 times 103.69.124.247: 100 times 103.91.67.235 (chaoslow.lostlast.com): 1 time 103.108.87.133 (103-108-87-133.poltekkesjogja.ac.id): 100 times 103.147.4.180: 93 times 103.147.5.89: 4 times 104.131.88.229: 55 times 106.12.106.140: 88 times 106.53.136.5: 42 times 107.182.22.118 (107.182.22.118.16clouds.com): 19 times 112.64.67.36: 1 time 113.111.228.153: 21 times 113.134.211.42: 23 times 114.67.95.121: 100 times 115.238.97.2: 89 times 117.158.87.112: 6 times 120.35.26.129: 41 times 121.4.71.96: 82 times 121.4.147.213: 5 times 121.5.137.64: 49 times 122.166.237.117 (abts-kk-static-117.237.166.122.airtelbroadband.in): 16 times 122.225.55.70: 70 times 124.205.84.17: 100 times 124.205.84.20: 100 times 125.124.193.203: 1 time 128.199.129.55: 50 times 139.155.35.149: 98 times 139.186.133.118: 48 times 139.199.74.92: 58 times 142.93.118.252: 21 times 142.93.211.36 (destek.in): 42 times 143.110.157.115 (database.inforganic.net): 99 times 144.126.210.64: 41 times 148.70.35.135: 99 times 150.158.110.27: 50 times 152.32.190.172: 84 times 152.32.216.166: 98 times 157.245.53.23: 100 times 157.245.124.160: 96 times 165.232.111.17: 97 times 170.106.153.36: 51 times 174.89.214.176 (bras-base-mtrlpq3704w-grc-17-174-89-214-176.dsl.bell.ca): 100 times 174.138.0.130: 55 times 177.139.163.80 (177-139-163-80.dsl.telesp.net.br): 58 times 183.134.65.197: 87 times 185.23.201.193: 30 times 193.112.42.13: 15 times 193.233.6.156: 100 times 195.133.216.62 (195-133-216-62.in-addr.mastertelecom.ru): 70 times 197.5.145.93: 100 times 198.199.97.218: 72 times 202.115.29.234: 1 time 206.72.194.194 (Akpa.Java.com): 55 times 206.189.32.192: 100 times 206.189.126.211: 29 times 209.97.163.175: 52 times 209.141.52.246 (lab.lv.dgv.dev.br): 8 times 210.245.92.136: 64 times 211.144.68.45 (reserve.cableplus.com.cn): 64 times 212.64.95.187: 61 times 213.74.22.134 (host-213-74-22-134.superonline.net): 6 times 216.10.242.121 (server.nyaadaur.com): 24 times 218.30.91.130: 94 times 220.247.246.105 (1.246.247.220.unassigned.sltnet.lk): 52 times 222.191.234.30: 100 times Illegal users from: undef: 20 times 5.196.27.163 (vps-44e877d2.vps.ovh.net): 1 time 23.129.64.203: 1 time 23.129.64.206: 1 time 23.129.64.230: 1 time 23.129.64.251: 1 time 45.7.165.87 (45-7-165-87.static.reallifetelecom.com.br): 12 times 45.133.1.158: 4 times 45.146.165.151: 9 times 45.153.160.136: 1 time 65.49.20.67 (scan-18.shadowserver.org): 1 time 66.230.230.230: 1 time 82.64.6.18 (82-64-6-18.subs.proxad.net): 2 times 128.74.229.253 (128-74-229-253.broadband.corbina.ru): 15 times 136.49.130.150 (136-49-130-150.googlefiber.net): 2 times 171.25.193.20 (tor-exit0-readme.dfri.se): 1 time 185.36.81.52 (sterharvest.com): 2 times 185.36.81.184: 9 times 185.247.224.14 (tor-exit-ro.letztermensch.com): 1 time 193.169.254.220: 1 time 194.165.16.89: 2 times 199.195.254.81 (NewYorkTor1.uk): 1 time 209.141.52.246 (lab.lv.dgv.dev.br): 1 time ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47755p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################