################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Jan 14 04:42:04 2022 Date Range Processed: yesterday ( 2022-Jan-13 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 16:16 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 10 sites probed the server 120.226.28.57 157.230.32.142 159.223.87.166 161.35.230.3 172.104.131.24 212.243.9.107 23.250.19.242 54.36.89.34 64.227.97.195 94.102.56.151 Requests with error response codes 400 Bad Request null: 9 Time(s) /: 6 Time(s) mstshash=Administr: 4 Time(s) mstshash=Domain: 2 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /bag2: 1 Time(s) /c/version.js: 1 Time(s) /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /flu/403.html: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) 7: 1 Time(s) \x00\x00\x00\x00: 1 Time(s) 403 Forbidden /FrcS3CFURGOhH8IZnOVeEw?both: 1 Time(s) 500 Internal Server Error /: 25 Time(s) /.env: 7 Time(s) /robots.txt: 6 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /.DS_Store: 1 Time(s) /.git/config: 1 Time(s) /.well-known/security.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /_profiler/phpinfo: 1 Time(s) /actuator/health: 1 Time(s) /bag2: 1 Time(s) /c/version.js: 1 Time(s) /console/: 1 Time(s) /debug/default/view?panel=config: 1 Time(s) /favicon.ico: 1 Time(s) /flu/403.html: 1 Time(s) /login.action: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /v2/_catalog: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (161.35.45.62): 42 Time(s) root (81.70.6.172): 31 Time(s) root (103.200.31.77): 30 Time(s) root (208.180.16.38): 30 Time(s) root (101.66.172.72): 26 Time(s) root (183.194.212.16): 20 Time(s) root (112.198.27.40): 18 Time(s) root (49.235.98.193): 18 Time(s) root (195.254.135.76): 6 Time(s) root (81.17.18.59): 6 Time(s) root (exitrelay15.medvideos-tor.org): 6 Time(s) root (exitrelay43.medvideos-tor.org): 6 Time(s) root (telf-14-b2-v4wan-163540-cust81.vm31.cable.virginm.net): 5 Time(s) root (118.120.230.76): 4 Time(s) unknown (62.233.50.133): 3 Time(s) root (191.83.210.56): 2 Time(s) unknown (23.red-79-158-56.dynamicip.rima-tde.net): 2 Time(s) unknown (37.34.251.240): 2 Time(s) root (101.69.200.162): 1 Time(s) root (104.131.68.23): 1 Time(s) root (182.32.14.10): 1 Time(s) root (182.74.25.246): 1 Time(s) root (218.94.136.90): 1 Time(s) root (23.247.33.61): 1 Time(s) root (27.254.46.67): 1 Time(s) root (61.177.172.76): 1 Time(s) root (exitrelay71.medvideos-tor.org): 1 Time(s) unknown (118.120.230.76): 1 Time(s) unknown (128.199.19.121): 1 Time(s) unknown (177.222.216.76): 1 Time(s) unknown (211-22-65-18.hinet-ip.hinet.net): 1 Time(s) unknown (221.138.38.85): 1 Time(s) unknown (81.70.6.172): 1 Time(s) unknown (telf-14-b2-v4wan-163540-cust81.vm31.cable.virginm.net): 1 Time(s) Invalid Users: Unknown Account: 14 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 12 Miscellaneous warnings 8.079K Bytes accepted 8,273 8.079K Bytes sent via SMTP 8,273 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 89 Connections 6 Connections lost (inbound) 89 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 4 Time(s) Failed logins from: 23.247.33.61: 1 time 27.254.46.67: 1 time 45.61.187.34 (exitrelay43.medvideos-tor.org): 6 times 49.235.98.193: 18 times 61.177.172.76: 3 times 81.17.18.59 (block1-che.interlayer.co.uk): 6 times 81.70.6.172: 31 times 82.41.6.82 (telf-14-b2-v4wan-163540-cust81.vm31.cable.virginm.net): 5 times 101.66.172.72: 26 times 101.69.200.162: 1 time 103.200.31.77: 30 times 104.131.68.23: 1 time 107.189.14.98 (exitrelay71.medvideos-tor.org): 1 time 112.198.27.40: 18 times 118.120.230.76: 4 times 161.35.45.62: 42 times 182.32.14.10: 1 time 182.74.25.246: 1 time 183.194.212.16 (.): 20 times 191.83.210.56 (191-83-210-56.speedy.com.ar): 2 times 195.254.135.76: 6 times 208.180.16.38 (208-180-16-38.nbrncmtk01.com.sta.suddenlink.net): 30 times 209.141.36.206 (exitrelay15.medvideos-tor.org): 6 times 218.94.136.90: 1 time Illegal users from: 2001:470:1:c84::19: 1 time undef: 10 times 37.34.251.240: 2 times 62.233.50.133: 3 times 64.62.197.212: 1 time 79.158.56.23 (23.red-79-158-56.dynamicip.rima-tde.net): 2 times 81.70.6.172: 1 time 82.41.6.82 (telf-14-b2-v4wan-163540-cust81.vm31.cable.virginm.net): 1 time 118.120.230.76: 1 time 128.199.19.121: 1 time 177.222.216.76: 1 time 178.73.215.171 (178-73-215-171-static.glesys.net): 1 time 211.22.65.18 (211-22-65-18.hinet-ip.hinet.net): 1 time 221.138.38.85: 1 time **Unmatched Entries** fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 7 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################