################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Dec 1 04:42:03 2022 Date Range Processed: yesterday ( 2022-Nov-30 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 70:70 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 15 sites probed the server 103.114.107.34 103.89.89.46 118.123.105.85 141.255.166.2 152.32.150.188 173.255.221.212 178.128.82.146 194.55.186.124 194.55.186.216 207.154.217.99 37.44.238.183 45.79.128.205 66.240.205.34 84.21.172.128 85.31.44.178 Requests with error response codes 400 Bad Request null: 23 Time(s) /: 5 Time(s) mstshash=Domain: 2 Time(s) &m\xA0O\x84\xD1\x816\x83\xA0\xEB\x80c\xDF+ ... x09\xC0\x13\xC0: 1 Time(s) /.env: 1 Time(s) /aaaaaaaaaaaaaaaaaaaaaaaaaqr: 1 Time(s) /admin/console/: 1 Time(s) /socket.io/?noteId=Reso_DigitalePruefungen ... 3tSndeMNh7wAAAI: 1 Time(s) /socket.io/?noteId=Reso_DigitalePruefungen ... rP6juPV-r7fAAAH: 1 Time(s) /socket.io/?noteId=u24dL2y8RIGSpTp_YM-pCQ& ... -JvyEZfQ6kyAAAK: 1 Time(s) /socket.io/?noteId=u24dL2y8RIGSpTp_YM-pCQ& ... i4xbJNMlbeIAAAL: 1 Time(s) N\xF9\x8D`d\xEAas\xF3%~\xF6/\xF8P\xE9h\x1F\x9C\xB8K: 1 Time(s) O\xF7\x229\xBE\x03-\x9Cy\xD7\xD08=\xCD\xDF ... x09\xC0\x13\xC0: 1 Time(s) \xB3\x16c\x03\xAC\xABQ\x04C\x1E]\x9BO\x15\ ... x09\xC0\x13\xC0: 1 Time(s) \xB3\xC7v\xE69\xDFh\x14n<C\x07;\x17\x10\xE ... x09\xC0\x13\xC0: 1 Time(s) \xBD\xB7\xDB[\xC5\xC2\xA5\xFD\x0E&5\xCF\xB ... x09\xC0\x14\xC0: 1 Time(s) \xBE\xF6\x8C\xD8\xEAG\x8E\x98\x02\xA5\xD8\ ... 1+\x02\xAD\x99F: 1 Time(s) \xC4\x10T\x0E$\xCE_x\x92\x19P\xA6\xD1t\xD1 ... x09\xC0\x13\xC0: 1 Time(s) ~?\x97\x22\xD2A\xB8\x7F\xF0_\x8ER\x86: 1 Time(s) 499 (undefined) /socket.io/?noteId=Reso_DigitalePruefungen ... 3tSndeMNh7wAAAI: 1 Time(s) /socket.io/?noteId=Reso_DigitalePruefungen ... mCUOnGxDMhBAAAJ: 1 Time(s) /socket.io/?noteId=Reso_DigitalePruefungen ... rP6juPV-r7fAAAH: 1 Time(s) /socket.io/?noteId=u24dL2y8RIGSpTp_YM-pCQ& ... -JvyEZfQ6kyAAAK: 1 Time(s) /socket.io/?noteId=u24dL2y8RIGSpTp_YM-pCQ& ... 0yZx6nHODtAAAAM: 1 Time(s) /socket.io/?noteId=u24dL2y8RIGSpTp_YM-pCQ& ... i4xbJNMlbeIAAAL: 1 Time(s) 500 Internal Server Error /: 16 Time(s) /.env: 2 Time(s) /favicon.ico: 2 Time(s) /.git/config: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Electron/download/windows/\x5CProgram%20F ... C16384\x5C16393: 1 Time(s) /ReportServer: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /actuator/health: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /login: 1 Time(s) /oam/server/opensso/sessionservice: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /robots.txt: 1 Time(s) /version: 1 Time(s) /webclient/: 1 Time(s) /wp-content/.git/config: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (191.232.49.146): 160 Time(s) root (61.177.173.61): 60 Time(s) root (61.177.173.56): 48 Time(s) root (61.177.173.43): 36 Time(s) root (61.177.173.55): 36 Time(s) root (61.177.173.42): 35 Time(s) root (61.177.172.61): 24 Time(s) root (61.177.172.76): 18 Time(s) root (61.177.172.87): 18 Time(s) root (tor-project-exit10.dotsrc.org): 12 Time(s) root (103-29-69-29.ip.linodeusercontent.com): 6 Time(s) root (103.251.167.20): 6 Time(s) root (179.43.159.195): 6 Time(s) root (179.43.159.198): 6 Time(s) root (185.220.102.245): 6 Time(s) root (185.220.102.246): 6 Time(s) root (46.182.21.248): 6 Time(s) root (5.2.77.22): 6 Time(s) root (61.177.172.160): 6 Time(s) root (61.177.173.54): 6 Time(s) root (djb.tor-exit.calyxinstitute.org): 6 Time(s) root (master-of-disaster.tor-exit.laarnes.nl): 6 Time(s) root (phoolandevi.tor-exit.calyxinstitute.org): 6 Time(s) root (this-is-a-tor-exit-node-hviv119.hviv.nl): 6 Time(s) root (tor-exit-at-the.quesadilla.party): 6 Time(s) root (tor-exit-relay-3.anonymizing-proxy.digitalcourage.de): 6 Time(s) root (tor02.zencurity.com): 6 Time(s) unknown (141.98.10.158): 5 Time(s) root (this-is-a-tor-exit-node-hviv124.hviv.nl): 4 Time(s) unknown (91.240.118.172): 4 Time(s) root (192.241.145.39): 3 Time(s) unknown (62.204.41.176): 3 Time(s) root (141.98.10.158): 2 Time(s) root (194.169.175.102): 2 Time(s) unknown (241.20.238.89.static.smgr.pl): 2 Time(s) unknown (81.17.25.50): 2 Time(s) root (123.15.34.67): 1 Time(s) root (123.150.229.61): 1 Time(s) root (136.185.9.152): 1 Time(s) root (188.72.120.38): 1 Time(s) root (36.110.228.254): 1 Time(s) unknown (122.168.123.136): 1 Time(s) unknown (157.122.183.220): 1 Time(s) unknown (183.107.195.8): 1 Time(s) unknown (193.169.255.30): 1 Time(s) unknown (194.146.234.43): 1 Time(s) unknown (194.169.175.102): 1 Time(s) unknown (213.108.160.39): 1 Time(s) unknown (65.132.7.148): 1 Time(s) unknown (78.197.6.173): 1 Time(s) unknown (82.66.59.170): 1 Time(s) unknown (ec2-44-197-228-13.compute-1.amazonaws.com): 1 Time(s) unknown (m002140.ppp.asahi-net.or.jp): 1 Time(s) Invalid Users: Unknown Account: 36 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 41.848K Bytes accepted 42,852 41.848K Bytes sent via SMTP 42,852 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 171 Connections 6 Connections lost (inbound) 171 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 64 Time(s) Failed logins from: 5.2.77.22: 6 times 36.110.228.254: 1 time 46.182.21.248 (tor-exit-relay.anonymizing-proxy.digitalcourage.de): 6 times 61.177.172.61: 24 times 61.177.172.76: 18 times 61.177.172.87: 18 times 61.177.172.160: 6 times 61.177.173.42: 35 times 61.177.173.43: 36 times 61.177.173.54: 6 times 61.177.173.55: 36 times 61.177.173.56: 48 times 61.177.173.61: 60 times 103.29.69.29 (103-29-69-29.ip.linodeusercontent.com): 6 times 103.251.167.20: 6 times 103.251.167.21 (tor-exit-at-the.quesadilla.party): 6 times 123.15.34.67 (hn.kd.ny.adsl): 1 time 123.150.229.61: 1 time 136.185.9.152 (abts-tn-static-152.9.185.136.airtelbroadband.in): 1 time 141.98.10.158: 2 times 162.247.74.202 (djb.tor-exit.calyxinstitute.org): 6 times 162.247.74.216 (phoolandevi.tor-exit.calyxinstitute.org): 6 times 167.86.94.107 (master-of-disaster.tor-exit.laarnes.nl): 6 times 179.43.159.195 (hostedby.privatelayer.com): 6 times 179.43.159.198 (hostedby.privatelayer.com): 6 times 185.129.61.10 (tor-project-exit10.dotsrc.org): 12 times 185.129.62.63 (tor02.zencurity.com): 6 times 185.220.102.245 (185-220-102-245.torservers.net): 6 times 185.220.102.246 (185-220-102-246.torservers.net): 6 times 185.220.102.249 (tor-exit-relay-3.anonymizing-proxy.digitalcourage.de): 6 times 188.72.120.38 (dyn-188-72-120-38.net.wt-tech.it): 1 time 191.232.49.146: 160 times 192.42.116.19 (this-is-a-tor-exit-node-hviv119.hviv.nl): 6 times 192.42.116.24 (this-is-a-tor-exit-node-hviv124.hviv.nl): 4 times 192.241.145.39: 3 times 194.169.175.102 (net-194-169-175-102.cust.as211760.net): 2 times Illegal users from: 2001:470:1:c84::12: 1 time 2001:470:1:c84::28: 1 time undef: 19 times 44.197.228.13 (ec2-44-197-228-13.compute-1.amazonaws.com): 1 time 62.204.41.176: 3 times 64.62.197.166 (scan-41o.shadowserver.org): 1 time 65.132.7.148: 5 times 78.197.6.173 (bry22-1_migr-78-197-6-173.fbx.proxad.net): 1 time 81.17.25.50 (hostedby.privatealps.net): 4 times 82.66.59.170 (mar92-2_migr-82-66-59-170.fbx.proxad.net): 1 time 89.238.20.241 (241.20.238.89.static.smgr.pl): 4 times 91.240.118.172: 4 times 122.168.123.136 (abts-mp-static-136.123.168.122.airtelbroadband.in): 1 time 141.98.10.158: 5 times 157.122.183.220: 1 time 183.107.195.8: 1 time 193.169.255.30: 5 times 194.146.234.43: 1 time 194.169.175.102 (net-194-169-175-102.cust.as211760.net): 1 time 213.108.160.39 (39-160-108-213-static.pro-com.cz): 1 time 219.121.2.140 (m002140.ppp.asahi-net.or.jp): 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth] : 1 time(s) userauth_pubkey: unsupported public key algorithm: rsa-sha2-512 [preauth] : 3 time(s) Disconnecting: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop48368p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################