################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Oct 28 04:42:05 2021 Date Range Processed: yesterday ( 2021-Oct-27 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 48:49 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 192.109.243.253 -> www.msftncsi.com:443: 184 Time(s) A total of 12 sites probed the server 134.209.184.214 167.71.102.95 172.104.131.24 178.239.21.161 193.142.146.242 209.141.51.171 222.186.19.235 45.146.55.40 51.103.24.29 64.227.104.148 66.240.205.34 93.174.95.106 Requests with error response codes 400 Bad Request www.msftncsi.com:443: 184 Time(s) null: 22 Time(s) /ab2g: 6 Time(s) /ab2h: 6 Time(s) /config/getuser?index=0: 4 Time(s) /: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s) http://fuwu.sogou.com/404/index.html: 2 Time(s) /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) \x00\x00\x00\x00: 1 Time(s) 500 Internal Server Error /: 29 Time(s) /.env: 27 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s) /?XDEBUG_SESSION_START=phpstorm: 2 Time(s) /Autodiscover/Autodiscover.xml: 2 Time(s) /_ignition/execute-solution: 2 Time(s) /api/jsonws/invoke: 2 Time(s) /console/: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s) /mifs/.;/services/LogService: 2 Time(s) /robots.txt: 2 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s) /.well-known/security.txt: 1 Time(s) ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s) /GponForm/diag_Form?style/: 1 Time(s) /HNAP1/: 1 Time(s) /ReportServer: 1 Time(s) /actuator/health: 1 Time(s) /bag2: 1 Time(s) /favicon.ico: 1 Time(s) /login: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /sitemap.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (138.68.172.66): 400 Time(s) root (170.106.115.41): 149 Time(s) root (167.71.164.127): 92 Time(s) root (49.235.187.75): 36 Time(s) root (122.51.146.36): 33 Time(s) root (159.89.115.126): 31 Time(s) root (183.92.214.38): 31 Time(s) root (219.232.48.190): 27 Time(s) root (mail.cdrossi.com): 25 Time(s) root (81.70.203.83): 22 Time(s) unknown (180.250.248.170): 22 Time(s) root (218.39.130.113): 21 Time(s) root (143.110.212.213): 20 Time(s) unknown (159.89.115.126): 19 Time(s) unknown (183.92.214.38): 19 Time(s) unknown (122.51.146.36): 17 Time(s) root (42.159.80.91): 15 Time(s) unknown (mail.cdrossi.com): 15 Time(s) unknown (219.232.48.190): 14 Time(s) unknown (49.235.187.75): 14 Time(s) root (180.250.248.170): 13 Time(s) root (58.22.61.212): 12 Time(s) unknown (42.159.80.91): 12 Time(s) root (106.75.135.64): 11 Time(s) unknown (143.110.212.213): 10 Time(s) root (179.43.175.26): 9 Time(s) unknown (218.39.130.113): 9 Time(s) root (250-72-182-201.provedornetlux.com.br): 8 Time(s) unknown (106.75.135.64): 8 Time(s) unknown (141.98.10.63): 8 Time(s) unknown (81.70.203.83): 8 Time(s) root (198.98.54.17): 6 Time(s) unknown (141.98.10.60): 6 Time(s) unknown (179.43.175.26): 5 Time(s) unknown (198.98.54.17): 5 Time(s) root (139.59.144.149): 4 Time(s) root (159.223.24.19): 4 Time(s) root (180.250.115.121): 4 Time(s) root (47.200.116.91): 4 Time(s) unknown (167.88.161.219): 4 Time(s) unknown (116.105.30.143): 3 Time(s) unknown (209.141.55.232): 3 Time(s) unknown (212.193.30.101): 3 Time(s) unknown (45.155.204.39): 3 Time(s) unknown (51.15.197.4): 3 Time(s) unknown (58.22.61.212): 3 Time(s) postgres (134.236.247.145): 2 Time(s) unknown (116.110.150.255): 2 Time(s) unknown (134.236.247.145): 2 Time(s) unknown (141.98.10.121): 2 Time(s) unknown (171.254.193.197): 2 Time(s) unknown (217.96.224.128.ipv4.supernova.orange.pl): 2 Time(s) unknown (219-122-236-73f1.kyt1.eonet.ne.jp): 2 Time(s) unknown (250-72-182-201.provedornetlux.com.br): 2 Time(s) unknown (45.135.232.159): 2 Time(s) unknown (78.141.159.160): 2 Time(s) unknown (86.33.58.235): 2 Time(s) postgres (45.135.232.159): 1 Time(s) postgres (51.15.197.4): 1 Time(s) root (1.117.176.198): 1 Time(s) root (116.105.171.159): 1 Time(s) root (182.74.25.246): 1 Time(s) root (196.11.184.2): 1 Time(s) unknown (139.59.144.149): 1 Time(s) unknown (159.223.24.19): 1 Time(s) unknown (180.250.115.121): 1 Time(s) unknown (188.126.89.79): 1 Time(s) unknown (198.98.54.56): 1 Time(s) unknown (212.193.30.32): 1 Time(s) unknown (47.200.116.91): 1 Time(s) unknown (94.232.46.202): 1 Time(s) unknown (tor-exit1-readme.dfri.se): 1 Time(s) Invalid Users: Unknown Account: 242 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 13.578K Bytes accepted 13,904 13.578K Bytes sent via SMTP 13,904 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 1002 Connections 48 Connections lost (inbound) 1002 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.117.176.198: 1 time 42.159.80.91: 15 times 45.135.232.159: 1 time 47.200.116.91: 4 times 49.235.187.75: 36 times 51.15.197.4 (4-197-15-51.instances.scw.cloud): 1 time 58.22.61.212: 12 times 81.70.203.83: 22 times 106.75.135.64: 11 times 116.105.171.159: 1 time 122.51.146.36: 33 times 134.236.247.145: 2 times 138.68.172.66: 400 times 139.59.144.149: 4 times 143.110.212.213: 20 times 159.89.115.126: 31 times 159.223.24.19: 4 times 167.71.164.127 (creactivate.mx): 92 times 170.106.115.41: 149 times 179.43.175.26: 9 times 180.250.115.121: 4 times 180.250.248.170: 13 times 182.74.25.246: 1 time 183.92.214.38: 31 times 196.11.184.2: 1 time 198.98.54.17: 6 times 200.69.141.210 (mail.cdrossi.com): 25 times 201.182.72.250 (250-72-182-201.provedornetlux.com.br): 8 times 218.39.130.113: 21 times 219.232.48.190: 27 times Illegal users from: 2001:470:1:332::7: 1 time undef: 159 times 42.159.80.91: 12 times 45.135.232.159: 2 times 45.155.204.39: 3 times 47.200.116.91: 1 time 49.235.187.75: 14 times 51.15.197.4 (4-197-15-51.instances.scw.cloud): 3 times 58.22.61.212: 3 times 78.141.159.160 (ip-78-141-159-160.dyn.luxdsl.pt.lu): 2 times 81.70.203.83: 8 times 86.33.58.235: 2 times 94.232.46.202: 1 time 106.75.135.64: 8 times 116.105.30.143: 3 times 116.110.150.255: 2 times 122.51.146.36: 17 times 134.236.247.145: 2 times 139.59.144.149: 1 time 141.98.10.60: 6 times 141.98.10.63: 8 times 141.98.10.121: 2 times 143.110.212.213: 10 times 159.89.115.126: 19 times 159.223.24.19: 1 time 167.88.161.219 (smtp21.gftvrsr.xyz): 4 times 171.25.193.77 (tor-exit1-readme.dfri.se): 1 time 171.254.193.197 (dynamic-ip-adsl.viettel.vn): 2 times 179.43.175.26: 5 times 180.250.115.121: 1 time 180.250.248.170: 22 times 183.92.214.38: 19 times 188.126.89.79: 1 time 198.98.54.17: 5 times 198.98.54.56: 1 time 200.69.141.210 (mail.cdrossi.com): 15 times 201.182.72.250 (250-72-182-201.provedornetlux.com.br): 2 times 209.141.55.232: 3 times 212.193.30.32: 1 time 212.193.30.101 (slot0.iglogi-camo.com): 3 times 217.96.224.128 (217.96.224.128.ipv4.supernova.orange.pl): 2 times 218.39.130.113: 9 times 219.122.236.73 (219-122-236-73f1.kyt1.eonet.ne.jp): 2 times 219.232.48.190: 14 times **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 1 time(s) error: Received disconnect from 196.11.184.2: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################