################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Jul 27 04:42:04 2021 Date Range Processed: yesterday ( 2021-Jul-26 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [261:261] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 9 sites probed the server 185.142.236.43 205.185.115.135 209.141.50.63 45.146.164.37 5.8.10.202 61.147.15.67 61.219.11.151 62.210.140.247 71.6.199.23 Requests with error response codes 400 Bad Request null: 23 Time(s) /: 13 Time(s) mstshash=Administr: 5 Time(s) /socket.io/?noteId=-UCiB4o_SaOfdBPLYtK8YA& ... l6UI7CFqlOEAAJK: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) /X5q^: 1 Time(s) /manager/html: 1 Time(s) /socket.io/?noteId=-UCiB4o_SaOfdBPLYtK8YA& ... 1uKAMerb716AAJL: 1 Time(s) /socket.io/?noteId=-UCiB4o_SaOfdBPLYtK8YA& ... HW5VYq-7vTRAAJJ: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) 7: 1 Time(s) \x0E\xE2\x13it\xFEPP^L@\x11\xA4\x1D^\x94\x ... 831w:\xBC}-\xDB: 1 Time(s) 404 Not Found /robots.txt: 51 Time(s) /wp-login.php: 6 Time(s) /sitemap_index.xml: 4 Time(s) /reader/SoSe14_AK_Kommentierte_Studienordnungen.pdf: 2 Time(s) /: 1 Time(s) /.env: 1 Time(s) /backup/wp-admin/: 1 Time(s) /download/reader_bw92.pdf: 1 Time(s) /reader/1989-wi-berlin.pdf: 1 Time(s) /reader/1993-wi-reader_st93.pdf: 1 Time(s) /reader/ZiP_Zivilklausel.pdf: 1 Time(s) /reader/commit/da0fd0463ced8baff84cce5549ee7c76a5e7ca05: 1 Time(s) /resolutionen/wise15/Gefl%C3%83%C2%BCchtet ... efluechtete.pdf: 1 Time(s) /sites/default/files/2009_SoSe_G%C3%B6ttingen.pdf: 1 Time(s) /wordpress/wp-admin/: 1 Time(s) 499 (undefined) /socket.io/?noteId=-UCiB4o_SaOfdBPLYtK8YA& ... 0nZ4x7wkkJMAAJM: 1 Time(s) /socket.io/?noteId=-UCiB4o_SaOfdBPLYtK8YA& ... 1uKAMerb716AAJL: 1 Time(s) /socket.io/?noteId=-UCiB4o_SaOfdBPLYtK8YA& ... HW5VYq-7vTRAAJJ: 1 Time(s) /socket.io/?noteId=-UCiB4o_SaOfdBPLYtK8YA& ... l6UI7CFqlOEAAJK: 1 Time(s) 500 Internal Server Error /: 29 Time(s) /.env: 5 Time(s) /robots.txt: 3 Time(s) /.well-known/security.txt: 2 Time(s) /favicon.ico: 2 Time(s) /sitemap.xml: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.DS_Store: 1 Time(s) /.git/config: 1 Time(s) /.json: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /api/search?folderIds=0: 1 Time(s) /config.json: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /idx_config/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /info.php: 1 Time(s) /laravel/.env: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /nginx.conf: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s) /server-status: 1 Time(s) /status: 1 Time(s) /status%3E%3Cscript%3Ealert(31337)%3C%2Fscript%3E: 1 Time(s) /telescope/requests: 1 Time(s) /v2/_catalog: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (114.141.132.88): 70 Time(s) root (190.144.79.157): 70 Time(s) root (211-75-141-112.hinet-ip.hinet.net): 70 Time(s) root (211.173.58.253): 70 Time(s) root (212.33.205.18): 70 Time(s) root (ec2-54-188-203-180.us-west-2.compute.amazonaws.com): 70 Time(s) root (178.62.182.246): 69 Time(s) root (92.80.217.82): 68 Time(s) root (89.219.16.149): 67 Time(s) root (106.75.34.226): 61 Time(s) root (54033b85.catv.pool.telekom.hu): 61 Time(s) root (121.4.225.7): 59 Time(s) root (159.65.11.115): 58 Time(s) root (106.54.68.233): 55 Time(s) root (175.24.249.127): 51 Time(s) root (1.15.50.207): 50 Time(s) root (106.12.209.239): 50 Time(s) root (128.201.99.127): 50 Time(s) root (152.136.124.97): 50 Time(s) root (177.189.244.193): 50 Time(s) root (187.9.78.166): 50 Time(s) root (40.70.0.187): 50 Time(s) root (104.248.243.178): 47 Time(s) root (180.193.221.206): 46 Time(s) root (134.175.121.80): 42 Time(s) root (118.195.141.139): 41 Time(s) root (207.154.239.128): 40 Time(s) root (218.29.128.195): 40 Time(s) root (106.12.114.101): 38 Time(s) root (81.70.58.163): 38 Time(s) root (vmd70298.contaboserver.net): 35 Time(s) root (82.156.238.151): 34 Time(s) root (206.189.91.241): 31 Time(s) root (159.65.51.82): 30 Time(s) root (164.90.191.216): 30 Time(s) root (36.134.130.250): 30 Time(s) root (82-65-158-207.subs.proxad.net): 30 Time(s) root (174.138.182.102): 29 Time(s) root (188.166.215.207): 29 Time(s) root (118.70.233.163): 28 Time(s) unknown (62.109.4.163): 27 Time(s) root (47.245.0.41): 26 Time(s) root (159.75.23.229): 25 Time(s) root (106.75.210.18): 24 Time(s) root (47.254.230.149): 23 Time(s) root (111.229.118.46): 22 Time(s) root (118.70.72.103): 21 Time(s) unknown (188.166.179.79): 21 Time(s) unknown (196.192.103.3): 21 Time(s) root (118.89.157.234): 20 Time(s) unknown (139.59.118.3): 20 Time(s) unknown (140.207.96.235): 20 Time(s) unknown (lvcivs.default.shaun1.uk0.bigv.io): 20 Time(s) unknown (mail.carecomputers.nl): 20 Time(s) unknown (1.15.255.226): 19 Time(s) unknown (121.4.67.79): 19 Time(s) root (1.15.117.189): 18 Time(s) unknown (061093240018.static.ctinets.com): 18 Time(s) unknown (103.120.119.2): 18 Time(s) unknown (159.89.21.232): 18 Time(s) unknown (209.97.147.223): 18 Time(s) unknown (uku.kg): 18 Time(s) root (175.170.149.29): 17 Time(s) unknown (121.201.93.66): 17 Time(s) unknown (36.7.159.17): 17 Time(s) unknown (118-83-180-76.nkno.j-cnet.jp): 16 Time(s) unknown (121.5.206.79): 16 Time(s) unknown (142.93.63.231): 16 Time(s) unknown (221.213.63.210): 16 Time(s) root (137-026-118-022.biz.spectrum.com): 15 Time(s) unknown (121.5.49.217): 15 Time(s) unknown (154.72.192.26): 15 Time(s) unknown (45.55.134.210): 15 Time(s) unknown (210.104.112.207): 13 Time(s) unknown (118.70.72.103): 12 Time(s) root (198.251.68.52): 11 Time(s) unknown (141.98.10.27): 11 Time(s) unknown (41.76.175.133): 11 Time(s) unknown (43.254.158.247): 11 Time(s) root (103.120.119.2): 10 Time(s) root (118-83-180-76.nkno.j-cnet.jp): 9 Time(s) root (196.192.103.3): 9 Time(s) root (36.133.104.101): 9 Time(s) unknown (199.19.224.165): 9 Time(s) root (121.4.67.79): 8 Time(s) root (121.5.206.79): 8 Time(s) root (154.72.192.26): 8 Time(s) root (62.109.4.163): 8 Time(s) root (uku.kg): 8 Time(s) root (142.93.63.231): 7 Time(s) root (159.89.21.232): 7 Time(s) root (36.7.159.17): 7 Time(s) root (1.15.255.226): 6 Time(s) root (157.230.4.6): 6 Time(s) root (45.55.134.210): 6 Time(s) root (lvcivs.default.shaun1.uk0.bigv.io): 6 Time(s) unknown (106.12.58.113): 6 Time(s) unknown (167.99.118.199): 6 Time(s) unknown (195.78.49.59): 6 Time(s) root (121.201.93.66): 5 Time(s) root (217-133-58-148.static.clienti.tiscali.it): 5 Time(s) root (221.213.63.210): 5 Time(s) unknown (118.70.233.163): 5 Time(s) root (107.170.99.119): 4 Time(s) root (139.59.118.3): 4 Time(s) root (140.207.96.235): 4 Time(s) root (183.162.79.39): 4 Time(s) root (41.76.175.133): 4 Time(s) root (43.254.158.247): 4 Time(s) root (81.68.93.27): 4 Time(s) root (mail.carecomputers.nl): 4 Time(s) unknown (104.248.20.236): 4 Time(s) unknown (107.189.1.161): 4 Time(s) unknown (107.189.1.174): 4 Time(s) unknown (107.189.3.138): 4 Time(s) unknown (141.98.10.56): 4 Time(s) unknown (199.195.248.154): 4 Time(s) root (104.244.76.206): 3 Time(s) root (121.5.49.217): 3 Time(s) root (188.166.179.79): 3 Time(s) root (209.97.147.223): 3 Time(s) root (210.104.112.207): 3 Time(s) root (42.192.47.188): 3 Time(s) unknown (119.28.4.87): 3 Time(s) unknown (121.5.100.116): 3 Time(s) unknown (157.230.4.6): 3 Time(s) unknown (179.43.175.105): 3 Time(s) unknown (203.159.80.76): 3 Time(s) unknown (37.0.11.249): 3 Time(s) unknown (45.146.165.72): 3 Time(s) unknown (81.69.0.64): 3 Time(s) mysql (36.7.159.17): 2 Time(s) postgres (154.72.192.26): 2 Time(s) root (061093240018.static.ctinets.com): 2 Time(s) root (121.5.27.216): 2 Time(s) unknown (104.244.76.206): 2 Time(s) unknown (104.248.243.178): 2 Time(s) unknown (142.93.105.220): 2 Time(s) unknown (205.185.125.109): 2 Time(s) backup (196.192.103.3): 1 Time(s) mysql (118-83-180-76.nkno.j-cnet.jp): 1 Time(s) mysql (121.5.100.116): 1 Time(s) news (195.78.49.59): 1 Time(s) postgres (121.5.206.79): 1 Time(s) postgres (139.59.118.3): 1 Time(s) postgres (140.207.96.235): 1 Time(s) postgres (159.89.21.232): 1 Time(s) postgres (62.109.4.163): 1 Time(s) postgres (mail.carecomputers.nl): 1 Time(s) root (103.72.172.20): 1 Time(s) root (106.12.58.113): 1 Time(s) root (119.28.4.87): 1 Time(s) root (119.45.158.22): 1 Time(s) root (120.202.27.64): 1 Time(s) root (121.5.100.116): 1 Time(s) root (121.5.163.128): 1 Time(s) root (175.24.125.231): 1 Time(s) root (175.24.30.26): 1 Time(s) root (180.184.66.118): 1 Time(s) root (210.212.207.129): 1 Time(s) root (81.69.0.64): 1 Time(s) root (tor-exit-relay-2.anonymizing-proxy.digitalcourage.de): 1 Time(s) root (tor-exit4-readme.dfri.se): 1 Time(s) temp (142.93.63.231): 1 Time(s) unknown (115.159.40.69): 1 Time(s) unknown (175.24.123.25): 1 Time(s) unknown (42.192.209.86): 1 Time(s) Invalid Users: Unknown Account: 569 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 27.088K Bytes accepted 27,738 27.088K Bytes sent via SMTP 27,738 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 373 Connections 264 Connections lost (inbound) 373 Disconnections 1 Removed from queue 1 Sent via SMTP 46 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.15.50.207: 50 times 1.15.117.189: 18 times 1.15.255.226: 6 times 36.7.159.17: 9 times 36.133.104.101: 9 times 36.134.130.250: 30 times 40.70.0.187: 50 times 41.76.175.133: 4 times 42.192.47.188: 3 times 43.254.158.247: 4 times 45.55.134.210: 6 times 46.43.0.171 (lvcivs.default.shaun1.uk0.bigv.io): 6 times 47.245.0.41: 26 times 47.254.230.149: 23 times 54.188.203.180 (ec2-54-188-203-180.us-west-2.compute.amazonaws.com): 70 times 61.93.240.18 (061093240018.static.ctinets.com): 2 times 62.109.4.163 (darkserver.ru): 9 times 81.68.93.27: 5 times 81.69.0.64: 1 time 81.70.58.163: 38 times 82.65.158.207 (82-65-158-207.subs.proxad.net): 30 times 82.156.238.151: 34 times 84.3.59.133 (54033B85.catv.pool.telekom.hu): 61 times 89.219.16.149: 67 times 91.192.36.151 (mail.carecomputers.nl): 5 times 92.80.217.82: 68 times 103.72.172.20: 1 time 103.120.119.2: 10 times 104.244.76.206: 3 times 104.248.243.178: 47 times 106.12.58.113: 1 time 106.12.114.101: 38 times 106.12.209.239: 50 times 106.54.68.233: 55 times 106.75.34.226: 61 times 106.75.210.18: 24 times 107.170.99.119: 4 times 111.229.118.46: 22 times 114.141.132.88: 70 times 118.70.72.103: 21 times 118.70.233.163: 28 times 118.83.180.76 (118-83-180-76.nkno.j-cnet.jp): 10 times 118.89.157.234: 20 times 118.195.141.139: 41 times 119.28.4.87: 1 time 119.45.158.22: 1 time 120.202.27.64: 1 time 121.4.67.79: 8 times 121.4.225.7: 59 times 121.5.27.216: 2 times 121.5.49.217: 3 times 121.5.100.116: 2 times 121.5.163.128: 1 time 121.5.206.79: 9 times 121.201.93.66 (121.201.93.66): 5 times 128.201.99.127: 50 times 134.175.121.80: 42 times 137.26.118.22 (137-026-118-022.biz.spectrum.com): 15 times 139.59.118.3: 5 times 140.207.96.235: 5 times 142.93.63.231: 8 times 152.136.124.97: 50 times 154.72.192.26 (h1a.gou.go.ug): 10 times 157.230.4.6: 6 times 159.65.11.115: 58 times 159.65.51.82: 30 times 159.75.23.229: 25 times 159.89.21.232: 8 times 161.97.169.42 (vmd70298.contaboserver.net): 35 times 164.90.191.216: 30 times 167.71.67.196 (uku.kg): 8 times 171.25.193.78 (tor-exit4-readme.dfri.se): 1 time 174.138.182.102 (server.healmeroot.com): 29 times 175.24.30.26: 1 time 175.24.125.231: 1 time 175.24.249.127: 51 times 175.170.149.29: 17 times 177.189.244.193 (177-189-244-193.dsl.telesp.net.br): 50 times 178.62.182.246: 69 times 180.184.66.118: 1 time 180.193.221.206: 46 times 183.162.79.39: 4 times 185.220.102.248 (tor-exit-relay-2.anonymizing-proxy.digitalcourage.de): 1 time 187.9.78.166 (187-9-78-166.customer.tdatabrasil.net.br): 50 times 188.166.179.79: 3 times 188.166.215.207 (usmh.dev): 29 times 190.144.79.157: 70 times 195.78.49.59: 1 time 196.192.103.3 (ADSL-TPLUS-103-3.telecomplus.net): 10 times 198.251.68.52: 11 times 206.189.91.241: 31 times 207.154.239.128 (myqwerty.net): 40 times 209.97.147.223: 3 times 210.104.112.207: 3 times 210.212.207.129: 1 time 211.75.141.112 (211-75-141-112.HINET-IP.hinet.net): 70 times 211.173.58.253: 70 times 212.33.205.18: 70 times 217.133.58.148 (217-133-58-148.static.clienti.tiscali.it): 5 times 218.29.128.195 (hn.kd.ny.adsl): 40 times 221.213.63.210: 5 times Illegal users from: undef: 303 times 1.15.255.226: 19 times 36.7.159.17: 17 times 37.0.11.249: 3 times 41.76.175.133: 11 times 42.192.209.86: 1 time 43.254.158.247: 11 times 45.55.134.210: 15 times 45.146.165.72: 3 times 46.43.0.171 (lvcivs.default.shaun1.uk0.bigv.io): 20 times 61.93.240.18 (061093240018.static.ctinets.com): 18 times 62.109.4.163 (darkserver.ru): 27 times 81.69.0.64: 3 times 91.192.36.151 (mail.carecomputers.nl): 20 times 103.120.119.2: 18 times 104.244.76.206: 2 times 104.248.20.236: 4 times 104.248.243.178: 2 times 106.12.58.113: 6 times 107.189.1.161: 4 times 107.189.1.174: 4 times 107.189.3.138: 4 times 115.159.40.69: 1 time 118.70.72.103: 12 times 118.70.233.163: 5 times 118.83.180.76 (118-83-180-76.nkno.j-cnet.jp): 16 times 119.28.4.87: 3 times 121.4.67.79: 19 times 121.5.49.217: 15 times 121.5.100.116: 3 times 121.5.206.79: 16 times 121.201.93.66 (121.201.93.66): 17 times 139.59.118.3: 20 times 140.207.96.235: 20 times 141.98.10.27: 11 times 141.98.10.56: 4 times 142.93.63.231: 16 times 142.93.105.220: 2 times 154.72.192.26 (h1a.gou.go.ug): 15 times 157.230.4.6: 3 times 159.89.21.232: 18 times 167.71.67.196 (uku.kg): 18 times 167.99.118.199: 6 times 175.24.123.25: 1 time 179.43.175.105: 3 times 188.166.179.79: 21 times 195.78.49.59: 6 times 196.192.103.3 (ADSL-TPLUS-103-3.telecomplus.net): 21 times 199.19.224.165: 9 times 199.195.248.154: 4 times 203.159.80.76: 3 times 205.185.125.109: 2 times 209.97.147.223: 18 times 210.104.112.207: 13 times 221.213.63.210: 16 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################