################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Feb 27 04:42:04 2021 Date Range Processed: yesterday ( 2021-Feb-26 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [186:185] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 113.128.104.245 -> zapf.wiki:443: 1 Time(s) 222.186.136.150 -> zapf.wiki:443: 2 Time(s) A total of 8 sites probed the server 113.87.98.99 172.104.242.173 176.58.124.134 222.186.136.150 46.101.15.242 49.49.237.159 5.188.210.227 61.219.11.153 Requests with error response codes 400 Bad Request null: 10 Time(s) zapf.wiki:443: 3 Time(s) /socket.io/?noteId=0xjIvVp7Q-&EIO=3&transp ... _tItGW_b-ZuADi2: 2 Time(s) /socket.io/?noteId=0xjIvVp7Q-&EIO=3&transp ... oACjQ341e2mADi1: 2 Time(s) ../../proc/: 1 Time(s) /0bef: 1 Time(s) /socket.io/?noteId=0xjIvVp7Q-&EIO=3&transp ... x5Kzpee0UdjADi3: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) G?\xC7)J\x08\xB5+^9\x16j: 1 Time(s) X\xD4>\x12\x98\xC4<\xE0\x13\xCF\x00\xAC\xA ... 5Cs\x9C\xBD\xCB: 1 Time(s) \xDF\xA4\x91\xB1H\xAA\xB4v2\x0E\xAB\x9Fug\ ... x09\xC0\x14\xC0: 1 Time(s) http://5.188.210.227/echo.php: 1 Time(s) 404 Not Found /robots.txt: 59 Time(s) /wp-login.php: 4 Time(s) /.env: 1 Time(s) /berlin/orientierung/apple-touch-icon.png: 1 Time(s) /blog/wp-login.php: 1 Time(s) /reader/2017_SoSe_Berlin.pdf%7C: 1 Time(s) /sites/default/files/2006_SoSe_Dresden.pdf: 1 Time(s) /user: 1 Time(s) /verein/mitgliederver-: 1 Time(s) /wordpress/wp-login.php: 1 Time(s) /wp-content/: 1 Time(s) /wp/wp-login.php: 1 Time(s) 499 (undefined) /: 8 Time(s) /apple-touch-icon.png: 5 Time(s) /build/cover.fef3ca2736298be630a4.css: 2 Time(s) /favicon.png: 2 Time(s) /fonts/SourceSansPro-Regular.woff: 2 Time(s) /build/af7ae505a9eed503f8b8e6982036873e.woff2: 1 Time(s) /build/cover-styles-pack.fef3ca2736298be630a4.css: 1 Time(s) /build/font-pack.fef3ca2736298be630a4.css: 1 Time(s) /fonts/SourceSansPro-Light.woff: 1 Time(s) /fonts/SourceSansPro-Semibold.woff: 1 Time(s) /reso_pruefungsdurchfuehrung?edit: 1 Time(s) /socket.io/?noteId=0xjIvVp7Q-&EIO=3&transp ... _tItGW_b-ZuADi2: 1 Time(s) /socket.io/?noteId=0xjIvVp7Q-&EIO=3&transp ... oACjQ341e2mADi1: 1 Time(s) /socket.io/?noteId=0xjIvVp7Q-&EIO=3&transp ... x5Kzpee0UdjADi3: 1 Time(s) 500 Internal Server Error /: 44 Time(s) /sitemap.txt: 12 Time(s) /atom.xml: 8 Time(s) /robots.txt: 8 Time(s) /sitemap.xml: 6 Time(s) /sitemap_index.xml: 5 Time(s) /.env: 4 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 3 Time(s) /Autodiscover/Autodiscover.xml: 2 Time(s) /api/jsonws/invoke: 2 Time(s) /console/: 2 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s) /mifs/.;/services/LogService: 2 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /admin//config.php: 1 Time(s) /sitemap.xml.gz: 1 Time(s) 502 Bad Gateway /berlin/newsletter/newsletter-subscribe: 1 Time(s) 503 Service Unavailable /robots.txt: 2 Time(s) /ByqMq4yFD: 1 Time(s) /SkopF41FD: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (61.177.172.104): 108 Time(s) root (152.32.174.171): 70 Time(s) root (64.225.20.97): 70 Time(s) root (142.93.63.163): 69 Time(s) root (177.134.162.152): 69 Time(s) root (112.54.37.119): 67 Time(s) root (161.35.47.220): 66 Time(s) root (218.92.0.133): 66 Time(s) root (v133-130-118-86.a049.g.tyo1.static.cnode.io): 66 Time(s) root (128.199.35.202): 64 Time(s) root (195.97.75.174): 64 Time(s) root (199.19.76.101): 64 Time(s) root (vmi527840.contaboserver.net): 64 Time(s) unknown (vmi527840.contaboserver.net): 64 Time(s) root (222.73.62.184): 63 Time(s) root (68.183.22.85): 63 Time(s) root (142.93.195.157): 62 Time(s) root (182.254.168.205): 62 Time(s) root (192.241.202.169): 62 Time(s) root (81.69.251.46): 62 Time(s) root (49.235.113.84): 61 Time(s) root (94.159.31.10): 61 Time(s) root (195.70.60.100): 60 Time(s) root (111.67.194.41): 58 Time(s) root (51.103.81.155): 58 Time(s) root (ip146.ip-176-31-69.eu): 58 Time(s) root (138.68.184.70): 57 Time(s) root (140.206.157.242): 57 Time(s) root (159.65.142.192): 57 Time(s) root (159.89.197.1): 57 Time(s) root (187.72.223.203): 57 Time(s) root (27.111.44.196): 57 Time(s) root (39.109.127.162): 57 Time(s) root (101.36.178.48): 56 Time(s) root (139.59.81.182): 56 Time(s) root (175.176.37.136): 56 Time(s) root (114.80.157.205): 55 Time(s) root (159.65.15.143): 55 Time(s) root (178.128.88.244): 55 Time(s) root (106.75.224.132): 54 Time(s) root (120.131.3.91): 54 Time(s) root (134.175.224.105): 54 Time(s) root (167.250.48.115): 54 Time(s) root (218.92.0.184): 54 Time(s) root (221.181.185.237): 54 Time(s) root (104.248.132.227): 53 Time(s) root (122.11.148.38): 53 Time(s) root (119.147.69.184): 52 Time(s) root (128.199.144.54): 52 Time(s) root (168.138.230.95): 52 Time(s) root (115.71.64.117): 51 Time(s) root (124.95.184.43): 51 Time(s) root (154.0.6.24): 50 Time(s) root (host9.190-226-244.telecom.net.ar): 50 Time(s) root (mx1.eitd.gov.kh): 50 Time(s) root (106.75.167.133): 49 Time(s) root (182.254.151.198): 49 Time(s) root (81.71.120.65): 49 Time(s) root (95.85.28.125): 49 Time(s) root (170.254.226.157): 48 Time(s) root (43.245.185.66): 48 Time(s) root (113.87.224.181): 47 Time(s) root (183.129.163.142): 47 Time(s) root (210.56.23.100): 47 Time(s) root (route.datahinge.com): 47 Time(s) root (41.204.7.74): 45 Time(s) root (104.236.72.182): 44 Time(s) root (68.183.134.38): 44 Time(s) root (218.92.0.138): 42 Time(s) root (218.92.0.185): 42 Time(s) root (218.92.0.247): 42 Time(s) root (78.36.152.186): 41 Time(s) root (117.220.15.119): 40 Time(s) root (182.61.19.134): 40 Time(s) root (124.156.155.59): 39 Time(s) root (128.199.177.241): 39 Time(s) root (181.63.248.149): 39 Time(s) root (157.245.252.34): 37 Time(s) root (150.158.172.248): 36 Time(s) root (dsl-emcali-200.29.109.193.emcali.net.co): 36 Time(s) root (119.45.60.204): 35 Time(s) root (132.232.4.140): 35 Time(s) root (206.189.194.249): 35 Time(s) root (42.193.2.20): 35 Time(s) root (106.13.31.93): 34 Time(s) root (110.10.178.51): 33 Time(s) root (1.180.211.139): 32 Time(s) root (201.149.49.146): 31 Time(s) root (81.68.108.77): 31 Time(s) root (117.173.67.119): 26 Time(s) root (201.149.49.162): 26 Time(s) root (218.92.0.171): 24 Time(s) root (104.131.40.125): 23 Time(s) root (91.90.36.174): 21 Time(s) root (221.181.185.143): 20 Time(s) root (222.187.239.31): 20 Time(s) root (120.53.233.197): 18 Time(s) root (178.128.127.126): 18 Time(s) root (218.92.0.145): 18 Time(s) root (221.181.185.140): 18 Time(s) root (218.92.0.165): 17 Time(s) root (190.145.123.26): 14 Time(s) root (vps-58038cba.vps.ovh.net): 14 Time(s) unknown (117.173.67.119): 11 Time(s) root (201.72.190.101): 10 Time(s) root (111.67.204.237): 9 Time(s) root (192.241.209.46): 9 Time(s) root (101.ip-51-91-122.eu): 8 Time(s) root (134.175.236.132): 8 Time(s) root (209.141.45.21): 6 Time(s) root (222.187.238.87): 6 Time(s) root (218.92.0.157): 5 Time(s) root (49.233.54.212): 5 Time(s) root (222.206.231.192): 4 Time(s) unknown (175.176.160.62): 3 Time(s) unknown (185.36.81.52): 3 Time(s) unknown (45.93.201.193): 3 Time(s) root (163.172.60.154): 2 Time(s) root (42.193.181.249): 2 Time(s) unknown (141.98.80.29): 2 Time(s) unknown (141.98.80.90): 2 Time(s) unknown (141.98.80.93): 2 Time(s) unknown (185.220.102.243): 2 Time(s) unknown (86-94-73-194.fixed.kpn.net): 2 Time(s) unknown (91-173-12-250.subs.proxad.net): 2 Time(s) unknown (n106-70-8-107.rdl1.qld.optusnet.com.au): 2 Time(s) root (102.ip-51-254-32.eu): 1 Time(s) root (104.248.203.117): 1 Time(s) root (113.161.174.240): 1 Time(s) root (119.29.18.39): 1 Time(s) root (121.226.166.244): 1 Time(s) root (124.156.214.135): 1 Time(s) root (130.ip-92-222-90.eu): 1 Time(s) root (141.98.80.89): 1 Time(s) root (141.98.80.91): 1 Time(s) root (141.98.80.92): 1 Time(s) root (149.129.136.55): 1 Time(s) root (156.ip-51-77-146.eu): 1 Time(s) root (159.89.132.200): 1 Time(s) root (161.35.17.214): 1 Time(s) root (178.128.221.85): 1 Time(s) root (180.166.114.14): 1 Time(s) root (180.250.97.19): 1 Time(s) root (181.123.13.77): 1 Time(s) root (185.36.81.52): 1 Time(s) root (202.28.221.106): 1 Time(s) root (202.51.74.123): 1 Time(s) root (49.233.2.204): 1 Time(s) root (51.159.35.29): 1 Time(s) root (52.172.170.61): 1 Time(s) root (ip-160-153-235-106.ip.secureserver.net): 1 Time(s) unknown (141.98.80.89): 1 Time(s) unknown (141.98.80.91): 1 Time(s) unknown (141.98.80.92): 1 Time(s) unknown (218.23.156.227): 1 Time(s) unknown (41.204.7.74): 1 Time(s) unknown (81.214.63.228): 1 Time(s) Invalid Users: Unknown Account: 104 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 14 Miscellaneous warnings 16.365K Bytes accepted 16,758 16.365K Bytes sent via SMTP 16,758 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 76 Connections 13 Connections lost (inbound) 76 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 70 Time(s) Failed logins from: 1.180.211.139: 32 times 27.111.44.196: 57 times 39.109.127.162: 57 times 41.204.7.74: 45 times 42.193.2.20: 35 times 42.193.181.249: 2 times 43.245.185.66 (ip66-185-245-43.as131755.net): 48 times 49.233.2.204: 1 time 49.233.54.212: 5 times 49.235.113.84: 61 times 51.77.146.156 (156.ip-51-77-146.eu): 1 time 51.83.132.153 (vps-58038cba.vps.ovh.net): 14 times 51.91.122.101 (101.ip-51-91-122.eu): 8 times 51.103.81.155: 58 times 51.159.35.29 (51-159-35-29.rev.poneytelecom.eu): 1 time 51.254.32.102 (102.ip-51-254-32.eu): 1 time 52.172.170.61: 1 time 61.177.172.104: 108 times 64.225.20.97: 70 times 68.183.22.85: 63 times 68.183.134.38: 44 times 78.36.152.186 (78-36-152-186.novgorod-avto.ru): 41 times 81.68.108.77: 31 times 81.69.251.46: 62 times 81.71.120.65: 49 times 91.90.36.174 (174-36-90-91.omsk.mts.mkc-omsk.ru): 21 times 92.222.90.130 (130.ip-92-222-90.eu): 1 time 94.159.31.10: 61 times 95.85.28.125: 49 times 101.36.178.48: 56 times 103.134.177.163 (mx1.eitd.gov.kh): 50 times 104.131.40.125: 23 times 104.236.72.182: 44 times 104.248.132.227: 53 times 104.248.203.117: 1 time 106.13.31.93: 34 times 106.75.167.133: 49 times 106.75.224.132: 54 times 110.10.178.51: 33 times 111.67.194.41: 58 times 111.67.204.237: 9 times 112.54.37.119: 67 times 113.87.224.181: 47 times 113.161.174.240 (static.vnpt.vn): 1 time 114.80.157.205: 55 times 115.71.64.117: 51 times 117.173.67.119: 26 times 117.220.15.119: 40 times 119.29.18.39: 1 time 119.45.60.204: 35 times 119.147.69.184: 52 times 120.53.233.197: 18 times 120.131.3.91: 54 times 121.226.166.244: 1 time 122.11.148.38: 53 times 124.95.184.43: 51 times 124.156.155.59: 39 times 124.156.214.135: 1 time 128.199.35.202: 64 times 128.199.144.54: 52 times 128.199.177.241: 39 times 132.232.4.140: 35 times 133.130.118.86 (v133-130-118-86.a049.g.tyo1.static.cnode.io): 66 times 134.175.224.105: 54 times 134.175.236.132: 8 times 138.68.184.70: 57 times 139.59.81.182: 56 times 140.206.157.242: 57 times 141.98.80.89: 1 time 141.98.80.91: 1 time 141.98.80.92: 1 time 142.93.63.163: 69 times 142.93.195.157: 62 times 149.129.136.55: 1 time 150.158.172.248: 36 times 152.32.174.171: 70 times 154.0.6.24: 50 times 157.245.252.34 (dev.pana): 37 times 159.65.15.143: 55 times 159.65.142.192: 57 times 159.65.245.182 (route.datahinge.com): 47 times 159.89.132.200: 1 time 159.89.197.1: 57 times 160.153.235.106 (ip-160-153-235-106.ip.secureserver.net): 1 time 161.35.17.214: 1 time 161.35.47.220: 66 times 163.172.60.154 (cutslimier.com): 2 times 167.86.90.235 (vmi527840.contaboserver.net): 64 times 167.250.48.115: 54 times 168.138.230.95: 52 times 170.254.226.157 (157.226.254.170.ciotec.com.br): 48 times 175.176.37.136: 56 times 176.31.69.146 (ip146.ip-176-31-69.eu): 58 times 177.134.162.152 (177.134.162.152.dynamic.adsl.gvt.net.br): 69 times 178.128.88.244: 55 times 178.128.127.126: 18 times 178.128.221.85: 1 time 180.166.114.14: 1 time 180.250.97.19: 1 time 181.63.248.149 (static-ip-cr18163248149.cable.net.co): 39 times 181.123.13.77 (pool-77-13-123-181.telecel.com.py): 1 time 182.61.19.134: 40 times 182.254.151.198: 49 times 182.254.168.205: 62 times 183.129.163.142: 47 times 185.36.81.52 (sterharvest.com): 1 time 187.72.223.203 (187-072-223-203.static.ctbctelecom.com.br): 57 times 190.145.123.26: 14 times 190.226.244.9 (host9.190-226-244.telecom.net.ar): 50 times 192.241.202.169: 62 times 192.241.209.46: 9 times 195.70.60.100: 60 times 195.97.75.174: 64 times 199.19.76.101 (76-19-199.unassigned.userdns.com): 64 times 200.29.109.193 (dsl-emcali-200.29.109.193.emcali.net.co): 36 times 201.72.190.101: 10 times 201.149.49.146 (146.49.149.201.in-addr.arpa): 31 times 201.149.49.162 (162.49.149.201.in-addr.arpa): 26 times 202.28.221.106: 1 time 202.51.74.123 (mail.subendramaharjan.com.np): 1 time 206.189.194.249: 35 times 209.141.45.21: 6 times 210.56.23.100 (discozdata.org): 47 times 218.92.0.133: 66 times 218.92.0.138: 42 times 218.92.0.145: 18 times 218.92.0.157: 5 times 218.92.0.165: 17 times 218.92.0.171: 24 times 218.92.0.184: 54 times 218.92.0.185: 42 times 218.92.0.247: 42 times 221.181.185.140: 18 times 221.181.185.143: 24 times 221.181.185.237: 60 times 222.73.62.184: 63 times 222.187.238.87: 6 times 222.187.239.31: 24 times 222.206.231.192: 4 times Illegal users from: undef: 81 times 41.204.7.74: 1 time 45.93.201.193: 3 times 65.49.20.67 (scan-18.shadowserver.org): 1 time 81.214.63.228 (81.214.63.228.dynamic.ttnet.com.tr): 1 time 86.94.73.194 (86-94-73-194.fixed.kpn.net): 2 times 91.173.12.250 (91-173-12-250.subs.proxad.net): 2 times 106.70.8.107 (n106-70-8-107.rdl1.qld.optusnet.com.au): 2 times 117.173.67.119: 11 times 141.98.80.29: 2 times 141.98.80.89: 1 time 141.98.80.90: 2 times 141.98.80.91: 1 time 141.98.80.92: 1 time 141.98.80.93: 2 times 167.86.90.235 (vmi527840.contaboserver.net): 64 times 175.176.160.62 (host.176.160.62.varnion.com): 3 times 178.73.215.171 (178-73-215-171-static.glesys.net): 1 time 185.36.81.52 (sterharvest.com): 3 times 185.220.102.243 (185-220-102-243.torservers.net): 2 times 205.185.125.54: 14 times 218.23.156.227: 1 time ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47755p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################