################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Mar 12 04:42:03 2023 Date Range Processed: yesterday ( 2023-Mar-11 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [257:256] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 140.99.219.26 -> zapf.wiki:443: 1 Time(s) A total of 12 sites probed the server 107.170.226.13 143.244.41.219 172.105.89.161 178.128.25.169 179.43.177.242 18.203.235.136 192.241.225.14 43.132.196.160 52.48.156.233 66.240.205.34 89.248.163.209 94.102.49.193 Requests with error response codes 400 Bad Request null: 15 Time(s) /.env: 4 Time(s) *: 2 Time(s) /: 2 Time(s) mstshash=Administr: 2 Time(s) /cgi-bin/.%%%%32%%65/.%%%%32%%65/.%%%%32%% ... %%32%%65/bin/sh: 1 Time(s) /favicon.ico: 1 Time(s) /geoserver/web/: 1 Time(s) 7: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xE00\xCC\xBAU]<\x15\x14\xBA\xC7W7c\x02\x9 ... 9\x87KE\xE1\x86: 1 Time(s) \xF0\x8A\xB0\x83\xBA\xF34\xB4w\x88/\xC2\xB ... (\xC0#\xC0'\xC0: 1 Time(s) \xF9\xDDe\xB0\xEE\xFA\x19\xF9\xAC\xA6\x00\x02: 1 Time(s) zapf.wiki:443: 1 Time(s) 500 Internal Server Error /: 18 Time(s) /.env: 9 Time(s) /.git/config: 2 Time(s) /favicon.ico: 2 Time(s) /.local: 1 Time(s) /.production: 1 Time(s) /.remote: 1 Time(s) //admin/.env: 1 Time(s) //admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //administrator/.env: 1 Time(s) //api/.env: 1 Time(s) //api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //app/.env: 1 Time(s) //apps/.env: 1 Time(s) //assets/.env: 1 Time(s) //backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //config/.env: 1 Time(s) //core/.env: 1 Time(s) //core/Datavase/.env: 1 Time(s) //core/app/.env: 1 Time(s) //cron/.env: 1 Time(s) //cronlab/.env: 1 Time(s) //database/.env: 1 Time(s) //demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //en/.env: 1 Time(s) //exapi/.env: 1 Time(s) //lab/.env: 1 Time(s) //laravel/.env: 1 Time(s) //laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //lib/.env: 1 Time(s) //lib/phpunit/Util/PHP/eval-stdin.php: 1 Time(s) //lib/phpunit/phpunit/Util/PHP/eval-stdin.php: 1 Time(s) //lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //lib/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //new/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //old/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //phpunit/Util/PHP/eval-stdin.php: 1 Time(s) //phpunit/phpunit/Util/PHP/eval-stdin.php: 1 Time(s) //phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //protected/vendor/phpunit/phpunit/src/Uti ... /eval-stdin.php: 1 Time(s) //psnlink/.env: 1 Time(s) //public/.env: 1 Time(s) //saas/.env: 1 Time(s) //site/.env: 1 Time(s) //sitemaps/.env: 1 Time(s) //sites/all/libraries/mailchimp/vendor/php ... /eval-stdin.php: 1 Time(s) //tools/.env: 1 Time(s) //uploads/.env: 1 Time(s) //v1/.env: 1 Time(s) //v2/.env: 1 Time(s) //vendor/.env: 1 Time(s) //vendor/phpunit/Util/PHP/eval-stdin.php: 1 Time(s) //vendor/phpunit/phpunit/Util/PHP/eval-stdin.php: 1 Time(s) //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //vendor/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) //web/.env: 1 Time(s) //wp-content/plugins/cloudflare/vendor/php ... /eval-stdin.php: 1 Time(s) //wp-content/plugins/dzs-videogallery/clas ... /eval-stdin.php: 1 Time(s) //wp-content/plugins/jekyll-exporter/vendo ... /eval-stdin.php: 1 Time(s) //wp-content/plugins/mm-plugin/inc/vendors ... /eval-stdin.php: 1 Time(s) //www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) /api/v2/cmdb/system/admin: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /exchange/v1/: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /t4: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (61.177.173.13): 95 Time(s) unknown (179.60.147.106): 72 Time(s) root (61.177.173.43): 48 Time(s) unknown (68.183.20.154): 44 Time(s) root (68.183.20.154): 27 Time(s) unknown (62.233.50.86): 27 Time(s) root (61.177.172.61): 24 Time(s) unknown (218.189.100.34.bc.googleusercontent.com): 24 Time(s) unknown (176.65.143.45): 18 Time(s) unknown (64.227.158.57): 17 Time(s) unknown (154.68.39.6): 15 Time(s) unknown (43.156.64.92): 15 Time(s) unknown (115.71.239.208): 14 Time(s) unknown (p5df02e63.dip0.t-ipconnect.de): 14 Time(s) unknown (112.78.146.242): 13 Time(s) unknown (134.209.154.107): 13 Time(s) unknown (36.66.195.234): 13 Time(s) unknown (43.154.161.30): 13 Time(s) root (61.177.173.41): 12 Time(s) root (61.177.173.55): 12 Time(s) unknown (102.128.78.42): 12 Time(s) unknown (103.84.236.222): 12 Time(s) unknown (104.248.146.84): 12 Time(s) unknown (104.248.204.184): 12 Time(s) unknown (114.141.53.82): 12 Time(s) unknown (119.159.226.227): 12 Time(s) unknown (128.199.211.78): 12 Time(s) unknown (13.80.7.122): 12 Time(s) unknown (134.122.56.34): 12 Time(s) unknown (161.10.247.113): 12 Time(s) unknown (162.241.124.124): 12 Time(s) unknown (164.92.189.127): 12 Time(s) unknown (206.189.114.103): 12 Time(s) unknown (207.249.123.183): 12 Time(s) unknown (211.253.27.169): 12 Time(s) unknown (216.93.7.51.dyn.plus.net): 12 Time(s) unknown (43.134.170.7): 12 Time(s) unknown (43.163.195.64): 12 Time(s) unknown (46.101.194.42): 12 Time(s) unknown (58.75.221.5): 12 Time(s) unknown (static-201-163-162-179.alestra.net.mx): 12 Time(s) unknown (49.36.10.86): 10 Time(s) root (64.227.158.57): 9 Time(s) unknown (101.207.113.73): 9 Time(s) unknown (119.203.251.186): 9 Time(s) unknown (134.209.8.231): 9 Time(s) unknown (146.190.132.148): 9 Time(s) unknown (152.32.211.250): 9 Time(s) unknown (154.211.14.105): 9 Time(s) unknown (159.203.10.59): 9 Time(s) unknown (159.223.56.207): 9 Time(s) unknown (164.90.231.253): 9 Time(s) unknown (165.227.84.172): 9 Time(s) unknown (178.62.22.30): 9 Time(s) unknown (187.195.107.236): 9 Time(s) unknown (20.193.148.6): 9 Time(s) unknown (20.193.148.7): 9 Time(s) unknown (207.154.212.67): 9 Time(s) unknown (211.220.47.138): 9 Time(s) unknown (43.153.14.92): 9 Time(s) unknown (43.153.85.127): 9 Time(s) unknown (8.213.129.98): 9 Time(s) unknown (89.208.104.119): 9 Time(s) unknown (vmi1185836.contaboserver.net): 9 Time(s) unknown (103.255.113.94): 8 Time(s) root (62.233.50.86): 7 Time(s) root (104.171.255.72): 6 Time(s) root (211.57.92.209): 6 Time(s) root (218.187.67.136): 6 Time(s) root (49.231.228.181): 6 Time(s) root (62.233.50.248): 6 Time(s) unknown (193.123.114.34): 6 Time(s) unknown (81.17.25.50): 6 Time(s) unknown (81.16.8.207): 5 Time(s) root (198.98.52.86): 4 Time(s) unknown (183.237.20.206): 4 Time(s) unknown (112.30.163.76): 3 Time(s) unknown (195.3.147.77): 3 Time(s) unknown (31.184.198.71): 3 Time(s) postgres (218.189.100.34.bc.googleusercontent.com): 2 Time(s) unknown (112.185.210.208): 2 Time(s) unknown (14.39.41.44): 2 Time(s) unknown (194.169.175.102): 2 Time(s) unknown (209.141.56.48): 2 Time(s) unknown (27.64.234.248): 2 Time(s) unknown (50.233.227.170): 2 Time(s) unknown (ip-094-114-220-205.um31.pools.vodafone-ip.de): 2 Time(s) mail (218.189.100.34.bc.googleusercontent.com): 1 Time(s) mysql (218.189.100.34.bc.googleusercontent.com): 1 Time(s) postgres (68.183.20.154): 1 Time(s) root (103.54.134.29): 1 Time(s) root (106.105.3.209): 1 Time(s) root (112.164.236.13): 1 Time(s) root (119.198.219.193): 1 Time(s) root (121.100.123.49): 1 Time(s) root (195.3.147.77): 1 Time(s) root (218.154.31.185): 1 Time(s) root (218.189.100.34.bc.googleusercontent.com): 1 Time(s) root (31.184.198.71): 1 Time(s) root (59.22.201.194): 1 Time(s) root (81.17.25.50): 1 Time(s) unknown (107.189.30.59): 1 Time(s) unknown (114-32-241-52.hinet-ip.hinet.net): 1 Time(s) unknown (114.199.56.92): 1 Time(s) unknown (121.178.129.172): 1 Time(s) unknown (125.134.168.105): 1 Time(s) unknown (14.162.189.11): 1 Time(s) unknown (152.67.219.52): 1 Time(s) unknown (185.225.74.53): 1 Time(s) unknown (189.176.93.21): 1 Time(s) unknown (197.255.222.35): 1 Time(s) unknown (205.185.113.129): 1 Time(s) unknown (211.225.18.232): 1 Time(s) unknown (220.118.225.128): 1 Time(s) unknown (220.77.30.5): 1 Time(s) unknown (221.162.238.34): 1 Time(s) unknown (36.33.43.197): 1 Time(s) unknown (61.59.4.18): 1 Time(s) unknown (77.39.186.114): 1 Time(s) unknown (smtp5.antaresbc.com): 1 Time(s) uucp (81.17.25.50): 1 Time(s) www-data (smtp5.antaresbc.com): 1 Time(s) Invalid Users: Unknown Account: 846 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 24.191K Bytes accepted 24,772 24.191K Bytes sent via SMTP 24,772 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 54 Connections 6 Connections lost (inbound) 54 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 20 Time(s) Failed logins from: 31.184.198.71: 1 time 34.100.189.218 (218.189.100.34.bc.googleusercontent.com): 5 times 49.231.228.181: 6 times 59.22.201.194: 1 time 61.177.172.61: 24 times 61.177.173.13: 99 times 61.177.173.41: 12 times 61.177.173.43: 48 times 61.177.173.55: 12 times 62.233.50.86: 7 times 62.233.50.248: 6 times 64.227.158.57: 9 times 68.183.20.154: 28 times 81.17.25.50 (hostedby.privatealps.net): 2 times 103.54.134.29: 1 time 104.171.255.72 (host-104-171-255-72.WISOLT6.epbfi.com): 6 times 104.244.74.6 (smtp5.antaresbc.com): 1 time 106.105.3.209 (106.105.3.209.adsl.dynamic.seed.net.tw): 1 time 112.164.236.13: 1 time 119.198.219.193: 1 time 121.100.123.49 (127.0.0.1): 1 time 195.3.147.77: 1 time 198.98.52.86 (bvm.manalshaikh.info): 4 times 211.57.92.209: 6 times 218.154.31.185: 1 time 218.187.67.136: 6 times Illegal users from: 2001:470:1:c84::11: 1 time undef: 598 times 8.213.129.98: 9 times 13.80.7.122: 12 times 14.39.41.44: 2 times 14.162.189.11 (static.vnpt.vn): 1 time 20.193.148.6: 9 times 20.193.148.7: 9 times 27.64.234.248 (localhost): 4 times 31.184.198.71: 3 times 34.100.189.218 (218.189.100.34.bc.googleusercontent.com): 24 times 36.33.43.197 (197.43.33.36.adsl-pool.ah.cnuninet.net): 1 time 36.66.195.234: 13 times 43.134.170.7: 12 times 43.153.14.92: 9 times 43.153.85.127: 9 times 43.154.161.30: 13 times 43.156.64.92: 15 times 43.163.195.64: 12 times 46.101.194.42: 12 times 49.36.10.86: 10 times 50.233.227.170: 2 times 51.7.93.216 (216.93.7.51.dyn.plus.net): 12 times 58.75.221.5: 12 times 61.59.4.18 (h18-61-59-4.seed.net.tw): 3 times 62.233.50.86: 27 times 64.62.197.7 (scan-36f.shadowserver.org): 1 time 64.227.158.57: 17 times 68.183.20.154: 44 times 77.39.186.114: 1 time 81.16.8.207 (host-207.8.16.81.ucom.am): 6 times 81.17.25.50 (hostedby.privatealps.net): 6 times 89.208.104.119 (richbaseball.aeza.network): 9 times 93.240.46.99 (p5df02e63.dip0.t-ipconnect.de): 14 times 94.114.220.205 (ip-094-114-220-205.um31.pools.vodafone-ip.de): 2 times 101.207.113.73: 9 times 102.128.78.42: 12 times 103.84.236.222: 12 times 103.255.113.94: 8 times 104.244.74.6 (smtp5.antaresbc.com): 1 time 104.248.146.84: 12 times 104.248.204.184: 12 times 107.189.30.59: 1 time 112.30.163.76: 3 times 112.78.146.242: 13 times 112.185.210.208: 4 times 114.32.241.52 (114-32-241-52.hinet-ip.hinet.net): 5 times 114.141.53.82 (host53-82.seskoau.cyberplus.net.id): 12 times 114.199.56.92: 5 times 115.71.239.208: 14 times 119.159.226.227: 12 times 119.203.251.186: 9 times 121.178.129.172: 1 time 125.134.168.105: 2 times 128.199.211.78: 12 times 134.122.56.34: 12 times 134.209.8.231: 9 times 134.209.154.107: 13 times 146.190.132.148: 9 times 152.32.211.250: 9 times 152.67.219.52: 1 time 154.68.39.6 (wimax-154.68.39.6.aviso.ci): 15 times 154.211.14.105: 9 times 159.203.10.59: 9 times 159.223.56.207: 9 times 161.10.247.113: 12 times 161.97.140.229 (vmi1185836.contaboserver.net): 9 times 162.241.124.124 (162-241-124-124.webhostbox.net): 12 times 164.90.231.253: 9 times 164.92.189.127: 12 times 165.227.84.172: 9 times 176.65.143.45: 18 times 178.62.22.30: 9 times 179.60.147.106: 72 times 183.237.20.206: 4 times 185.225.74.53: 1 time 187.195.107.236 (dsl-187-195-107-236-dyn.prod-infinitum.com.mx): 9 times 189.176.93.21 (dsl-189-176-93-21-dyn.prod-infinitum.com.mx): 1 time 193.123.114.34: 6 times 194.169.175.102 (net-194-169-175-102.cust.as211760.net): 2 times 195.3.147.77: 3 times 197.255.222.35: 1 time 201.163.162.179 (static-201-163-162-179.alestra.net.mx): 12 times 205.185.113.129 (sv01.xclips4u.tk): 1 time 206.189.114.103: 12 times 207.154.212.67: 9 times 207.249.123.183: 12 times 209.141.56.48: 2 times 211.220.47.138: 9 times 211.225.18.232: 2 times 211.253.27.169: 12 times 220.77.30.5: 1 time 220.118.225.128: 1 time 221.162.238.34: 5 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (uucp,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (root,ssh-connection) [preauth] : 3 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (ubnt,ssh-connection) [preauth] : 3 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth] : 3 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (adm,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (adm,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop48368p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################