################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Nov 16 04:42:04 2021 Date Range Processed: yesterday ( 2021-Nov-15 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 53:53 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 222.186.19.235 -> zapf.wiki:443: 1 Time(s) A total of 5 sites probed the server 178.239.21.102 212.193.30.245 222.186.19.235 45.146.164.160 45.86.74.235 Requests with error response codes 400 Bad Request null: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /.env: 1 Time(s) /manager/html: 1 Time(s) HTTP/1.0: 1 Time(s) \x1D3QA\x8C\x18\xB21\xF47)\xC3\xF3J\xC3\xB ... x09\xC0\x14\xC0: 1 Time(s) zapf.wiki:443: 1 Time(s) 500 Internal Server Error /: 42 Time(s) /robots.txt: 4 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /favicon.ico: 2 Time(s) /tmui/login.jsp/..;/tmui/locallb/workspace ... ame=/etc/passwd: 2 Time(s) /.env: 1 Time(s) /.well-known/security.txt: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /autodiscover/autodiscover.json?(a)evil.corp ... on%3F(a)evil.corp: 1 Time(s) /bag2: 1 Time(s) /mgmt/tm/util/bash: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (81.68.84.91): 38 Time(s) root (134.209.241.15): 33 Time(s) root (113.57.109.73): 30 Time(s) unknown (net-2-45-185-2.cust.vodafonedsl.it): 30 Time(s) unknown (121.5.107.215): 29 Time(s) root (101.69.200.162): 27 Time(s) root (59.29.227.55): 23 Time(s) root (81.70.160.99): 21 Time(s) root (117.50.119.185): 20 Time(s) root (165.227.196.43): 20 Time(s) unknown (113.57.109.73): 18 Time(s) unknown (134.209.241.15): 17 Time(s) root (143.244.136.52): 16 Time(s) root (49.233.203.30): 16 Time(s) root (178.62.78.193): 14 Time(s) root (90.189.182.30): 13 Time(s) unknown (81.68.84.91): 11 Time(s) unknown (143.244.136.52): 9 Time(s) unknown (101.69.200.162): 8 Time(s) unknown (178.62.78.193): 8 Time(s) unknown (81.70.160.99): 8 Time(s) unknown (90.189.182.30): 8 Time(s) root (176.111.173.237): 7 Time(s) unknown (49.233.203.30): 7 Time(s) unknown (59.29.227.55): 7 Time(s) unknown (117.50.119.185): 6 Time(s) unknown (165.227.196.43): 6 Time(s) unknown (smtp4.achtungumbedingt.de): 6 Time(s) unknown (141.98.10.142): 4 Time(s) unknown (slot0.epaperitaliait.com): 4 Time(s) root (121.5.107.215): 3 Time(s) unknown (199.19.225.172): 3 Time(s) unknown (209.141.32.141): 3 Time(s) unknown (209.141.33.193): 3 Time(s) unknown (smtp17.mib360realestate.com): 3 Time(s) root (net-2-45-185-2.cust.vodafonedsl.it): 2 Time(s) unknown (205.185.114.87): 2 Time(s) unknown (205.185.119.112): 2 Time(s) unknown (host-94-109-136-83.retail.pianetafibra.it): 2 Time(s) unknown (i59f4cc80.versanet.de): 2 Time(s) unknown (ip-176-198-213-74.hsi05.unitymediagroup.de): 2 Time(s) root (211.220.27.191): 1 Time(s) root (38.130.243.175): 1 Time(s) root (jpn2-exit.privateinternetaccess.com): 1 Time(s) unknown (141.98.10.63): 1 Time(s) unknown (186.179.100.86): 1 Time(s) unknown (205.185.115.39): 1 Time(s) unknown (209.141.43.8): 1 Time(s) unknown (211.45.247.122): 1 Time(s) unknown (61.148.90.118): 1 Time(s) unknown (adsl-186-159-1-121.edatel.net.co): 1 Time(s) unknown (torexit.orwell.syndicateguys.com): 1 Time(s) Invalid Users: Unknown Account: 216 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 51 Miscellaneous warnings 12.744K Bytes accepted 13,050 12.744K Bytes sent via SMTP 13,050 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 354 Connections 53 Connections lost (inbound) 354 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 2 times 38.130.243.175: 1 time 49.233.203.30: 16 times 59.29.227.55: 23 times 81.68.84.91: 38 times 81.70.160.99: 21 times 90.189.182.30 (b-internet.90.189.182.30.snt.ru): 13 times 101.69.200.162: 27 times 113.57.109.73: 30 times 117.50.119.185: 20 times 121.5.107.215: 3 times 134.209.241.15: 33 times 143.244.136.52: 16 times 156.146.34.193 (jpn2-exit.privateinternetaccess.com): 1 time 165.227.196.43: 20 times 176.111.173.237: 7 times 178.62.78.193: 14 times 211.220.27.191: 1 time Illegal users from: undef: 146 times 2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 30 times 49.233.203.30: 7 times 59.29.227.55: 7 times 61.148.90.118: 1 time 65.49.20.67 (scan-18.shadowserver.org): 1 time 81.68.84.91: 11 times 81.70.160.99: 8 times 83.136.109.94 (host-94-109-136-83.retail.pianetafibra.it): 2 times 89.244.204.128 (i59F4CC80.versanet.de): 2 times 90.189.182.30 (b-internet.90.189.182.30.snt.ru): 8 times 101.69.200.162: 8 times 107.189.30.134 (smtp4.achtungumbedingt.de): 6 times 113.57.109.73: 18 times 117.50.119.185: 6 times 121.5.107.215: 29 times 134.209.241.15: 17 times 141.98.10.63: 1 time 141.98.10.142 (rectum-bounders.oinkhow.net): 4 times 143.244.136.52: 9 times 165.227.196.43: 6 times 176.198.213.74 (ip-176-198-213-74.hsi05.unitymediagroup.de): 2 times 178.62.78.193: 8 times 185.112.146.73 (torexit.orwell.syndicateguys.com): 1 time 186.159.1.121 (adsl-186-159-1-121.edatel.net.co): 1 time 186.179.100.86 (azteca-comunicaciones.com): 1 time 195.133.18.24 (slot0.epaperitaliait.com): 4 times 199.19.225.172: 3 times 205.185.114.87: 2 times 205.185.115.39 (mx.learnmorefun.org): 1 time 205.185.119.40 (smtp17.mib360realestate.com): 3 times 205.185.119.112: 2 times 209.141.32.141 (smtp9.dfsfasfasf.xyz): 3 times 209.141.33.193 (mx.chinadomainregistry.org): 3 times 209.141.43.8 (mx09.hcx8.top): 1 time 211.45.247.122: 1 time ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################