################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Oct 17 04:42:05 2021 Date Range Processed: yesterday ( 2021-Oct-16 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [103:103] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 45.148.10.241 -> zapf.wiki:443: 1 Time(s) A total of 18 sites probed the server 120.85.92.57 125.64.94.136 143.198.31.5 143.244.45.130 162.62.117.51 172.104.131.24 176.88.89.182 178.239.21.101 198.20.70.114 199.195.248.54 199.195.251.213 2.56.59.237 205.185.113.41 209.141.56.41 34.242.199.94 45.83.67.245 46.249.32.95 5.188.210.227 Requests with error response codes 400 Bad Request null: 23 Time(s) /config/getuser?index=0: 3 Time(s) /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 3 Time(s) /: 2 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) mstshash=Administr: 2 Time(s) /.env: 1 Time(s) /GponForm/diag_Form?style/: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /bag2: 1 Time(s) /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%3 ... 5%%32%65/bin/sh: 1 Time(s) /dnslookup.cgi?host_name=www.google.com;+c ... ookup&ess_=true: 1 Time(s) T\x9C\xA0rw\xFE\xD6: 1 Time(s) \x96\xD0\xFDF\xB7\x1D\xA9\xE1\xB3.\xB9\xE1 ... x09\xC0\x13\xC0: 1 Time(s) \xA4\x81\x19\xCF\xC0\x15\x05\xA2\x97\x05\x ... x09\xC0\x13\xC0: 1 Time(s) \xF6HN\xC7\x9E\xBC\xEB\xC6': 1 Time(s) \xF7t\xA6cw\xB2\xF6l)\x16<O\xA1\xF1k\xFC\x ... x09\xC0\x13\xC0: 1 Time(s) \xFC\xE3Sx\x91N\x15\x95\xF0P\xB68\xD9\xEF\ ... x09\xC0\x13\xC0: 1 Time(s) http://5.188.210.227/echo.php: 1 Time(s) zapf.wiki:443: 1 Time(s) 404 Not Found /konstanz/2016/tagung/app/maps/uni.png: 1 Time(s) /konstanz/2016/tagung/impressum.html: 1 Time(s) /konstanz/2016/tagung/index.html: 1 Time(s) /konstanz/2016/tagung/unterstuetzer/Sponsoren.html: 1 Time(s) /konstanz/2016/unterstuetzer/impressum.html: 1 Time(s) /konstanz/2016/unterstuetzer/index.html: 1 Time(s) /konstanz/2016/unterstuetzer/tagung/programm.html: 1 Time(s) /konstanz/2016/unterstuetzer/willkommen/wasistdiezapf.html: 1 Time(s) /konstanz/2016/unterstuetzer/willkommen/wersindwir.html: 1 Time(s) /konstanz/2016/unterstuetzer/willkommen/willkommen.html: 1 Time(s) /konstanz/2016/willkommen/impressum.html: 1 Time(s) /konstanz/2016/willkommen/index.html: 1 Time(s) /konstanz/2016/willkommen/tagung/programm.html: 1 Time(s) /konstanz/2016/willkommen/unterstuetzer/Sponsoren.html: 1 Time(s) 500 Internal Server Error /: 21 Time(s) /.env: 6 Time(s) /GponForm/diag_Form?style/: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /robots.txt: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /console/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/x.js: 1 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (61.35.57.29): 102 Time(s) root (79.117.141.203): 42 Time(s) root (177.194.53.100): 39 Time(s) root (182.254.212.32): 39 Time(s) root (103.72.147.23): 38 Time(s) root (103.23.244.139): 36 Time(s) root (106.52.30.184): 36 Time(s) root (36.133.35.228): 35 Time(s) root (49.234.13.139): 35 Time(s) root (vmi641976.contaboserver.net): 34 Time(s) root (106.52.59.65): 33 Time(s) root (177.242.147.170): 33 Time(s) root (182.61.3.42): 33 Time(s) root (189.15.10.0): 33 Time(s) root (81.69.163.184): 33 Time(s) root (92.246.89.2): 33 Time(s) root (1.37.33.24): 32 Time(s) root (121.5.252.159): 31 Time(s) root (20.204.62.187): 31 Time(s) root (201.116.12.217): 31 Time(s) root (server-176.53.43.111.as42926.net): 31 Time(s) root (111.120.16.2): 30 Time(s) root (121.5.166.22): 28 Time(s) root (118.195.139.187): 27 Time(s) root (134.209.64.28): 27 Time(s) root (121.5.235.42): 26 Time(s) root (1.116.155.48): 25 Time(s) root (120.92.79.133): 24 Time(s) root (65.52.227.94): 24 Time(s) root (121.5.171.213): 23 Time(s) root (121.5.213.241): 22 Time(s) unknown (142.93.203.254): 22 Time(s) root (125.46.81.106): 20 Time(s) unknown (121.5.171.213): 20 Time(s) root (106.13.34.131): 19 Time(s) root (61.140.92.230): 19 Time(s) root (80.253.31.232): 19 Time(s) unknown (121.5.166.22): 19 Time(s) unknown (20.204.62.187): 19 Time(s) unknown (201.116.12.217): 19 Time(s) root (23.97.240.235): 18 Time(s) unknown (1.37.33.24): 18 Time(s) root (103.75.101.59): 17 Time(s) root (173.136.101.34.bc.googleusercontent.com): 17 Time(s) root (27.156.4.179): 17 Time(s) root (45.119.215.150): 17 Time(s) unknown (177.242.147.170): 17 Time(s) unknown (182.61.3.42): 17 Time(s) unknown (92.246.89.2): 17 Time(s) root (114.67.250.30): 16 Time(s) unknown (189.15.10.0): 16 Time(s) unknown (vmi641976.contaboserver.net): 16 Time(s) unknown (106.52.59.65): 15 Time(s) unknown (173.136.101.34.bc.googleusercontent.com): 15 Time(s) unknown (49.234.13.139): 15 Time(s) unknown (server-176.53.43.111.as42926.net): 15 Time(s) unknown (103.23.244.139): 14 Time(s) unknown (103.72.147.23): 14 Time(s) unknown (106.52.30.184): 14 Time(s) unknown (177.194.53.100): 14 Time(s) root (106.52.83.145): 13 Time(s) root (49.234.88.132): 13 Time(s) unknown (65.52.227.94): 13 Time(s) unknown (134.209.64.28): 11 Time(s) unknown (45.119.215.150): 11 Time(s) unknown (61.140.92.230): 11 Time(s) unknown (61.35.57.29): 11 Time(s) root (159.65.11.227): 10 Time(s) unknown (103.75.101.59): 10 Time(s) unknown (111.120.16.2): 10 Time(s) unknown (121.5.235.42): 10 Time(s) unknown (121.5.252.159): 10 Time(s) unknown (182.254.212.32): 10 Time(s) root (132.232.4.140): 9 Time(s) unknown (106.13.34.131): 9 Time(s) unknown (106.52.83.145): 9 Time(s) unknown (121.5.213.241): 9 Time(s) unknown (81.69.163.184): 9 Time(s) root (139.59.144.149): 8 Time(s) unknown (1.116.155.48): 8 Time(s) unknown (118.195.139.187): 8 Time(s) unknown (120.92.79.133): 8 Time(s) unknown (205.185.121.149): 8 Time(s) unknown (27.156.4.179): 8 Time(s) unknown (79.117.141.203): 8 Time(s) root (106.54.164.19): 7 Time(s) unknown (23.97.240.235): 7 Time(s) unknown (36.133.35.228): 7 Time(s) root (20.195.195.75): 6 Time(s) root (av8337.comex.ru): 6 Time(s) unknown (176.111.173.238): 6 Time(s) unknown (80.253.31.232): 6 Time(s) root (1.193.160.115): 5 Time(s) root (46.118.11.251): 5 Time(s) unknown (114.67.250.30): 5 Time(s) unknown (125.46.81.106): 5 Time(s) unknown (132.232.4.140): 5 Time(s) root (118.195.145.14): 4 Time(s) root (123.9.248.8): 4 Time(s) root (142.93.203.254): 4 Time(s) unknown (118.195.145.14): 4 Time(s) unknown (134.236.247.145): 4 Time(s) unknown (209.141.55.232): 3 Time(s) unknown (45.155.204.39): 3 Time(s) unknown (49.234.88.132): 3 Time(s) unknown (51.15.197.4): 3 Time(s) unknown (av8337.comex.ru): 3 Time(s) unknown (106.54.164.19): 2 Time(s) unknown (116.105.72.49): 2 Time(s) unknown (116.106.19.249): 2 Time(s) unknown (139.59.144.149): 2 Time(s) unknown (172.108.131.86): 2 Time(s) unknown (199.19.224.76): 2 Time(s) unknown (2-238-147-10.ip244.fastwebnet.it): 2 Time(s) unknown (209.141.53.99): 2 Time(s) unknown (209.141.54.35): 2 Time(s) unknown (88.160.45.113): 2 Time(s) unknown (89.17.54.18): 2 Time(s) unknown (host-87-11-60-237.retail.telecomitalia.it): 2 Time(s) mail (121.5.213.241): 1 Time(s) postgres (121.5.171.213): 1 Time(s) postgres (65.52.227.94): 1 Time(s) root (116.110.124.53): 1 Time(s) root (134.236.247.145): 1 Time(s) root (36.133.216.195): 1 Time(s) root (36.133.45.135): 1 Time(s) root (51.15.197.4): 1 Time(s) root (81.68.212.201): 1 Time(s) root (epitak.uz): 1 Time(s) root (net-2-34-98-210.cust.vodafonedsl.it): 1 Time(s) unknown (1.193.160.115): 1 Time(s) unknown (116.105.72.40): 1 Time(s) unknown (116.110.124.53): 1 Time(s) unknown (120.211.228.14): 1 Time(s) unknown (123.9.248.8): 1 Time(s) unknown (171.251.20.132): 1 Time(s) unknown (176.111.173.237): 1 Time(s) unknown (185.220.102.242): 1 Time(s) unknown (185.31.175.207): 1 Time(s) unknown (185.38.175.132): 1 Time(s) unknown (188.126.89.88): 1 Time(s) unknown (45.153.160.136): 1 Time(s) unknown (46.118.11.251): 1 Time(s) unknown (5.2.77.22): 1 Time(s) unknown (65.169.39.117): 1 Time(s) unknown (tor-exit-readme.donpablo.me): 1 Time(s) unknown (tor-exit0-readme.dfri.se): 1 Time(s) unknown (torops.cccfr.de): 1 Time(s) Invalid Users: Unknown Account: 613 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 14.566K Bytes accepted 14,916 14.566K Bytes sent via SMTP 14,916 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 145 Connections 90 Connections lost (inbound) 145 Disconnections 1 Removed from queue 1 Sent via SMTP 2 SMTP dialog errors 36 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.37.33.24: 32 times 1.116.155.48: 25 times 1.193.160.115: 5 times 2.34.98.210 (net-2-34-98-210.cust.vodafonedsl.it): 1 time 20.195.195.75: 6 times 20.204.62.187: 31 times 23.97.240.235: 18 times 27.156.4.179 (179.4.156.27.broad.fz.fj.dynamic.163data.com.cn): 17 times 34.101.136.173 (173.136.101.34.bc.googleusercontent.com): 17 times 36.133.35.228: 35 times 36.133.45.135: 1 time 36.133.216.195: 1 time 45.119.215.150: 17 times 46.118.11.251 (46-118-11-251.broadband.kyivstar.net): 5 times 49.234.13.139: 35 times 49.234.88.132: 13 times 51.15.197.4 (4-197-15-51.instances.scw.cloud): 1 time 61.35.57.29: 102 times 61.140.92.230: 19 times 65.52.227.94: 26 times 79.117.141.203 (d-79-117-141-203.craiova.rdsnet.ro): 42 times 80.253.31.232: 19 times 81.68.212.201: 1 time 81.69.163.184: 33 times 92.246.89.2: 33 times 103.23.244.139: 36 times 103.72.147.23: 38 times 103.75.101.59 (ip-103-75-101-59.moratelindo.net.id): 17 times 106.13.34.131: 19 times 106.52.30.184: 36 times 106.52.59.65: 33 times 106.52.83.145: 13 times 106.54.164.19: 7 times 111.120.16.2: 30 times 114.67.250.30: 16 times 116.110.124.53: 1 time 118.195.139.187: 27 times 118.195.145.14: 4 times 120.92.79.133: 24 times 121.5.166.22: 28 times 121.5.171.213: 24 times 121.5.213.241: 23 times 121.5.235.42: 26 times 121.5.252.159: 31 times 123.9.248.8 (hn.kd.ny.adsl): 4 times 125.46.81.106 (hn.kd.ny.adsl): 20 times 132.232.4.140: 9 times 134.209.64.28: 27 times 134.236.247.145: 1 time 139.59.144.149: 8 times 142.93.203.254: 4 times 159.65.11.227: 10 times 176.53.43.111 (server-176.53.43.111.as42926.net): 31 times 177.194.53.100 (b1c23564.virtua.com.br): 39 times 177.242.147.170 (customer-MCA-PUE-147-170.megared.net.mx): 33 times 178.218.207.92 (epitak.uz): 1 time 182.61.3.42: 33 times 182.254.212.32: 39 times 189.15.10.0 (189-015-010-0.xd-dynamic.algarnetsuper.com.br): 33 times 194.163.137.85 (vmi641976.contaboserver.net): 34 times 201.116.12.217 (static.customer-201-116-12-217.uninet-ide.com.mx): 31 times 217.10.40.45 (av8337.comex.ru): 6 times Illegal users from: undef: 400 times 1.37.33.24: 18 times 1.116.155.48: 8 times 1.193.160.115: 1 time 2.238.147.10 (2-238-147-10.ip244.fastwebnet.it): 2 times 5.2.77.22: 1 time 5.255.97.149 (torops.cccfr.de): 1 time 20.204.62.187: 19 times 23.97.240.235: 7 times 27.156.4.179 (179.4.156.27.broad.fz.fj.dynamic.163data.com.cn): 8 times 34.101.136.173 (173.136.101.34.bc.googleusercontent.com): 15 times 36.133.35.228: 7 times 45.119.215.150: 11 times 45.153.160.136: 1 time 45.155.204.39: 3 times 46.118.11.251 (46-118-11-251.broadband.kyivstar.net): 1 time 49.234.13.139: 15 times 49.234.88.132: 3 times 51.15.197.4 (4-197-15-51.instances.scw.cloud): 3 times 61.35.57.29: 11 times 61.140.92.230: 11 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 65.52.227.94: 13 times 65.169.39.117: 1 time 79.117.141.203 (d-79-117-141-203.craiova.rdsnet.ro): 8 times 80.253.31.232: 6 times 81.69.163.184: 9 times 87.11.60.237 (host-87-11-60-237.retail.telecomitalia.it): 2 times 88.160.45.113 (ver73-2_migr-88-160-45-113.fbx.proxad.net): 2 times 89.17.54.18: 2 times 92.246.89.2: 17 times 103.23.244.139: 14 times 103.72.147.23: 14 times 103.75.101.59 (ip-103-75-101-59.moratelindo.net.id): 10 times 106.13.34.131: 9 times 106.52.30.184: 14 times 106.52.59.65: 15 times 106.52.83.145: 9 times 106.54.164.19: 2 times 107.189.10.237 (tor-exit-readme.donpablo.me): 1 time 111.120.16.2: 10 times 114.67.250.30: 5 times 116.105.72.40: 1 time 116.105.72.49: 2 times 116.106.19.249 (dynamic-ip-adsl.viettel.vn): 2 times 116.110.124.53: 1 time 118.195.139.187: 8 times 118.195.145.14: 4 times 120.92.79.133: 8 times 120.211.228.14 (error.arpa): 1 time 121.5.166.22: 19 times 121.5.171.213: 20 times 121.5.213.241: 9 times 121.5.235.42: 10 times 121.5.252.159: 10 times 123.9.248.8 (hn.kd.ny.adsl): 1 time 125.46.81.106 (hn.kd.ny.adsl): 5 times 132.232.4.140: 5 times 134.209.64.28: 11 times 134.236.247.145: 4 times 139.59.144.149: 2 times 142.93.203.254: 22 times 171.25.193.20 (tor-exit0-readme.dfri.se): 1 time 171.251.20.132 (dynamic-adsl.viettel.vn): 1 time 172.108.131.86: 2 times 176.53.43.111 (server-176.53.43.111.as42926.net): 15 times 176.111.173.237: 1 time 176.111.173.238: 6 times 177.194.53.100 (b1c23564.virtua.com.br): 14 times 177.242.147.170 (customer-MCA-PUE-147-170.megared.net.mx): 17 times 182.61.3.42: 17 times 182.254.212.32: 10 times 185.31.175.207: 1 time 185.38.175.132: 1 time 185.220.102.242 (185-220-102-242.torservers.net): 1 time 188.126.89.88: 1 time 189.15.10.0 (189-015-010-0.xd-dynamic.algarnetsuper.com.br): 16 times 194.163.137.85 (vmi641976.contaboserver.net): 16 times 199.19.224.76 (kon.is.hentai): 2 times 201.116.12.217 (static.customer-201-116-12-217.uninet-ide.com.mx): 19 times 205.185.121.149: 8 times 209.141.53.99 (abbrinym.com): 2 times 209.141.54.35 (sp2.sonicinternet.net): 2 times 209.141.55.232: 3 times 217.10.40.45 (av8337.comex.ru): 3 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################