################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Nov 15 04:42:04 2021 Date Range Processed: yesterday ( 2021-Nov-14 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 44:44 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 222.186.19.235 -> zapf.wiki:443: 2 Time(s) 45.81.234.73 -> 84.153.66.200:4444: 1 Time(s) A total of 11 sites probed the server 161.35.230.3 167.71.102.181 185.254.31.134 188.166.151.235 188.166.235.173 195.133.18.100 198.20.69.98 20.83.148.119 209.141.53.177 222.186.19.235 64.227.97.195 Requests with error response codes 400 Bad Request null: 18 Time(s) /: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) zapf.wiki:443: 2 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /login: 1 Time(s) /manager/text/list: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) 84.153.66.200:4444: 1 Time(s) K\xC1k\x9F\xC1\x9D\x0C\xCF\xC9\xD7\xA8\xBA ... C0$\xC0\x14\xC0: 1 Time(s) \x04B!^\x85\xC2x\x98H\xFEG\xCF\xE6\x0B\xEE ... x09\xC0\x14\xC0: 1 Time(s) mstshash=Administr: 1 Time(s) 404 Not Found //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) 500 Internal Server Error /: 65 Time(s) /.env: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /favicon.ico: 2 Time(s) /.DS_Store: 1 Time(s) /.git/config: 1 Time(s) /.json: 1 Time(s) /HNAP1: 1 Time(s) /actuator/health: 1 Time(s) /api/search?folderIds=0: 1 Time(s) /config.json: 1 Time(s) /debug/default/view?panel=config: 1 Time(s) /evox/about: 1 Time(s) /frontend_dev.php/$: 1 Time(s) /idx_config/: 1 Time(s) /info.php: 1 Time(s) /login.action: 1 Time(s) /nmaplowercheck1636865864: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /s/lkx/_/;/META-INF/maven/com.atlassian.ji ... /pom.properties: 1 Time(s) /sdk: 1 Time(s) /server-status: 1 Time(s) /telescope/requests: 1 Time(s) /v2/_catalog: 1 Time(s) 502 Bad Gateway /HZorDIqkSuaId6RfPo7k1w/pdf: 1 Time(s) /build/constant.js: 1 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 1 Time(s) /js/mathjax-config-extra.js: 1 Time(s) /socket.io/?noteId=HZorDIqkSuaId6RfPo7k1w& ... lling&t=NqUGo-D: 1 Time(s) /socket.io/?noteId=HZorDIqkSuaId6RfPo7k1w& ... lling&t=NqUGokb: 1 Time(s) /socket.io/?noteId=HZorDIqkSuaId6RfPo7k1w& ... lling&t=NqUGpDv: 1 Time(s) /socket.io/?noteId=HZorDIqkSuaId6RfPo7k1w& ... lling&t=NqUGpTX: 1 Time(s) /socket.io/?noteId=HZorDIqkSuaId6RfPo7k1w& ... lling&t=NqUGpj9: 1 Time(s) /socket.io/?noteId=HZorDIqkSuaId6RfPo7k1w& ... lling&t=NqUGpyp: 1 Time(s) /socket.io/?noteId=HZorDIqkSuaId6RfPo7k1w& ... lling&t=NqUGqCR: 1 Time(s) /socket.io/?noteId=HZorDIqkSuaId6RfPo7k1w& ... lling&t=NqUGqS5: 1 Time(s) /socket.io/?noteId=HZorDIqkSuaId6RfPo7k1w& ... lling&t=NqUGqhj: 1 Time(s) /socket.io/?noteId=HZorDIqkSuaId6RfPo7k1w& ... lling&t=NqUGqxM: 1 Time(s) /socket.io/?noteId=HZorDIqkSuaId6RfPo7k1w& ... lling&t=NqUGrB0: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (5.181.80.180): 39 Time(s) root (103.219.112.1): 35 Time(s) root (210-71-232-236.hinet-ip.hinet.net): 27 Time(s) root (90.189.182.30): 23 Time(s) root (116.117.157.69): 20 Time(s) unknown (210-71-232-236.hinet-ip.hinet.net): 19 Time(s) root (138.197.203.168): 18 Time(s) root (176.111.173.237): 16 Time(s) root (175.209.89.234): 15 Time(s) unknown (103.219.112.1): 15 Time(s) unknown (128.199.247.40): 15 Time(s) root (81.70.160.99): 14 Time(s) root (106.12.140.168): 13 Time(s) root (mail.wooree42.com): 13 Time(s) unknown (mail.wooree42.com): 10 Time(s) unknown (106.12.140.168): 9 Time(s) unknown (138.197.203.168): 9 Time(s) unknown (175.209.89.234): 8 Time(s) unknown (209.141.43.8): 8 Time(s) root (101.69.200.162): 7 Time(s) root (159.223.16.53): 7 Time(s) unknown (101.69.200.162): 7 Time(s) unknown (106.12.179.113): 7 Time(s) unknown (116.117.157.69): 7 Time(s) unknown (209.141.62.233): 7 Time(s) unknown (81.70.160.99): 7 Time(s) root (106.12.179.113): 6 Time(s) unknown (195.133.18.210): 6 Time(s) unknown (209.141.33.193): 6 Time(s) unknown (90.189.182.30): 6 Time(s) root (128.199.247.40): 5 Time(s) root (123.9.235.229): 4 Time(s) root (124-145-74-224.rev.home.ne.jp): 4 Time(s) root (166.90.116.107): 4 Time(s) unknown (199.19.224.157): 4 Time(s) unknown (141.98.10.63): 3 Time(s) unknown (171.227.203.183): 3 Time(s) unknown (205.185.120.71): 3 Time(s) unknown (38.143.137.90): 3 Time(s) unknown (5.181.80.180): 3 Time(s) unknown (116.110.213.215): 2 Time(s) unknown (116.121.174.213): 2 Time(s) unknown (136.144.41.68): 2 Time(s) unknown (136.37.6.214): 2 Time(s) unknown (141.98.10.142): 2 Time(s) unknown (82.66.59.170): 2 Time(s) root (117.7.122.163): 1 Time(s) root (175.186.0.161): 1 Time(s) root (23.247.33.61): 1 Time(s) root (36.133.45.135): 1 Time(s) unknown (103.254.198.67): 1 Time(s) unknown (116.110.121.105): 1 Time(s) unknown (117.7.122.163): 1 Time(s) unknown (123.9.235.229): 1 Time(s) unknown (124-145-74-224.rev.home.ne.jp): 1 Time(s) unknown (136.144.41.36): 1 Time(s) unknown (166.90.116.107): 1 Time(s) unknown (177.53.70.205): 1 Time(s) unknown (186.179.100.61): 1 Time(s) unknown (199.19.225.172): 1 Time(s) unknown (smtp17.mib360realestate.com): 1 Time(s) Invalid Users: Unknown Account: 188 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 39 Miscellaneous warnings 10.949K Bytes accepted 11,212 10.949K Bytes sent via SMTP 11,212 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 233 Connections 52 Connections lost (inbound) 233 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Illegal address syntax in SMTP command 2 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 5.181.80.180 (ip-80-180-bullethost.net): 39 times 23.247.33.61: 1 time 36.133.45.135: 1 time 81.70.160.99: 14 times 90.189.182.30 (b-internet.90.189.182.30.snt.ru): 23 times 101.69.200.162: 7 times 103.219.112.1: 35 times 106.12.140.168: 13 times 106.12.179.113: 6 times 116.117.157.69: 20 times 117.7.122.163 (localhost): 1 time 123.9.235.229 (hn.kd.ny.adsl): 4 times 124.145.74.224 (124-145-74-224.rev.home.ne.jp): 4 times 128.199.247.40: 5 times 138.197.203.168: 18 times 159.223.16.53: 7 times 166.90.116.107 (unknown.Level3.net): 4 times 175.186.0.161: 1 time 175.209.89.234: 15 times 176.111.173.237: 16 times 210.71.232.236 (210-71-232-236.hinet-ip.hinet.net): 27 times 211.238.111.61 (mail.wooree42.com): 13 times Illegal users from: 2001:470:1:332::5: 1 time undef: 106 times 5.181.80.180 (ip-80-180-bullethost.net): 3 times 38.143.137.90: 3 times 81.70.160.99: 7 times 82.66.59.170 (mar92-2_migr-82-66-59-170.fbx.proxad.net): 2 times 90.189.182.30 (b-internet.90.189.182.30.snt.ru): 6 times 101.69.200.162: 7 times 103.219.112.1: 15 times 103.254.198.67: 1 time 106.12.140.168: 9 times 106.12.179.113: 7 times 116.110.121.105: 1 time 116.110.213.215: 2 times 116.117.157.69: 7 times 116.121.174.213: 2 times 117.7.122.163 (localhost): 1 time 123.9.235.229 (hn.kd.ny.adsl): 1 time 124.145.74.224 (124-145-74-224.rev.home.ne.jp): 1 time 128.199.247.40: 15 times 136.37.6.214 (136-37-6-214.googlefiber.net): 2 times 136.144.41.36: 1 time 136.144.41.68: 2 times 138.197.203.168: 9 times 141.98.10.63: 3 times 141.98.10.142 (rectum-bounders.oinkhow.net): 2 times 166.90.116.107 (unknown.Level3.net): 1 time 171.227.203.183 (dynamic-ip-adsl.viettel.vn): 3 times 175.209.89.234: 8 times 177.53.70.205: 1 time 186.179.100.61 (azteca-comunicaciones.com): 1 time 195.133.18.210: 6 times 199.19.224.157: 4 times 199.19.225.172: 1 time 205.185.119.40 (smtp17.mib360realestate.com): 1 time 205.185.120.71: 3 times 209.141.33.193 (mx.chinadomainregistry.org): 6 times 209.141.43.8 (mx09.hcx8.top): 8 times 209.141.62.233 (hhb8.cn): 7 times 210.71.232.236 (210-71-232-236.hinet-ip.hinet.net): 19 times 211.238.111.61 (mail.wooree42.com): 10 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################