################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Aug 2 04:42:04 2023 Date Range Processed: yesterday ( 2023-Aug-01 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 81:82 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 144.126.230.122 -> google.com:443: 1 Time(s) 172.233.208.171 -> google.com:443: 1 Time(s) 185.224.128.151 -> www.apple.com:443: 1 Time(s) 45.128.232.84 -> www.twitch.tv:443: 1 Time(s) 91.224.92.110 -> api.findip.net:443: 2 Time(s) A total of 9 sites probed the server 13.40.98.37 158.255.82.135 162.243.145.50 179.43.145.122 192.241.212.52 198.235.24.216 205.210.31.131 36.225.124.27 65.49.1.94 Requests with error response codes 400 Bad Request null: 9 Time(s) /: 7 Time(s) mstshash=Administr: 4 Time(s) /aaa9: 3 Time(s) /aab8: 3 Time(s) /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 2 Time(s) api.findip.net:443: 2 Time(s) google.com:443: 2 Time(s) *: 1 Time(s) /.env: 1 Time(s) /manager/html: 1 Time(s) A@BAE@FAI: 1 Time(s) \x97\x96\xA8\xE0\xDE\xBA5\xE5\x1BZ\x09\xF0 ... \xAE\xA1=\xABsW: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) www.apple.com:443: 1 Time(s) www.twitch.tv:443: 1 Time(s) 500 Internal Server Error /: 39 Time(s) /.env: 5 Time(s) /robots.txt: 3 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 3 Time(s) /?XDEBUG_SESSION_START=phpstorm: 2 Time(s) /favicon.ico: 2 Time(s) /.git/config: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /SQLiteManager/: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /console/: 1 Time(s) /dns-query: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /epa/scripts/win/nsepa_setup.exe: 1 Time(s) /geoserver: 1 Time(s) /geoserver/web/: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/x.js: 1 Time(s) /phpinfo.php: 1 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s) /restore.php: 1 Time(s) /sitemap.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (24.199.87.170): 144 Time(s) root (139.59.23.204): 84 Time(s) root (213.190.30.112): 62 Time(s) root (31.145.142.206): 44 Time(s) unknown (134.122.88.190): 37 Time(s) unknown (170.64.183.7): 37 Time(s) unknown (165.227.133.208): 28 Time(s) root (202.139.217.204): 23 Time(s) root (185.224.128.142): 18 Time(s) root (134.122.88.190): 15 Time(s) root (170.64.183.7): 15 Time(s) root (165.227.133.208): 14 Time(s) unknown (118.31.38.199): 14 Time(s) unknown (31.145.142.206): 14 Time(s) unknown (141.98.11.11): 13 Time(s) root (118.31.38.199): 11 Time(s) root (217.160.49.181): 10 Time(s) unknown (176.113.115.211): 10 Time(s) unknown (141.98.11.113): 8 Time(s) root (176.113.115.211): 7 Time(s) unknown (202.139.217.204): 7 Time(s) root (141.98.11.11): 6 Time(s) root (125.136.203.14): 5 Time(s) root (141.98.11.113): 5 Time(s) unknown (176.113.115.210): 5 Time(s) root (193.169.255.233): 4 Time(s) unknown (vmi1374414.contaboserver.net): 4 Time(s) root (36.110.228.254): 3 Time(s) unknown (81.17.22.114): 3 Time(s) postgres (118.31.38.199): 2 Time(s) root (176.113.115.210): 2 Time(s) root (59.173.31.105): 2 Time(s) unknown (192.141.149.82): 2 Time(s) unknown (59.173.31.105): 2 Time(s) postgres (134.122.88.190): 1 Time(s) postgres (141.98.11.113): 1 Time(s) postgres (165.227.133.208): 1 Time(s) postgres (170.64.183.7): 1 Time(s) root (170.245.133.129): 1 Time(s) root (188.255.158.174): 1 Time(s) root (217.144.74.112): 1 Time(s) root (80.240.206.14): 1 Time(s) root (cpe-76-91-64-101.socal.res.rr.com): 1 Time(s) root (fixed-187-251-244-234.totalplay.net): 1 Time(s) root (r201-217-144-237.ir-static.anteldata.net.uy): 1 Time(s) sync (141.98.11.11): 1 Time(s) unknown (103.157.104.248): 1 Time(s) unknown (103.235.3.225): 1 Time(s) unknown (103.25.81.147): 1 Time(s) unknown (121.188.160.55): 1 Time(s) unknown (123.252.209.150): 1 Time(s) unknown (174.138.27.86): 1 Time(s) unknown (176-35-70-13.xdsl.murphx.net): 1 Time(s) unknown (176.113.126.213): 1 Time(s) unknown (179.5.193.196): 1 Time(s) unknown (180.175.121.110): 1 Time(s) unknown (181.212.64.195): 1 Time(s) unknown (183.171.213.138): 1 Time(s) unknown (185.69.165.124): 1 Time(s) unknown (189.179.64.37): 1 Time(s) unknown (195.242.233.154): 1 Time(s) unknown (202.53.41.215): 1 Time(s) unknown (212-114-23-29.box.freepro.com): 1 Time(s) unknown (212.33.205.62): 1 Time(s) unknown (41.74.129.85): 1 Time(s) unknown (50.80.113.126): 1 Time(s) unknown (60-248-91-59.hinet-ip.hinet.net): 1 Time(s) unknown (62.84.112.69): 1 Time(s) unknown (65-102-181-141.tukw.qwest.net): 1 Time(s) unknown (78-106-43-241.broadband.corbina.ru): 1 Time(s) unknown (80.240.206.17): 1 Time(s) unknown (88.82.204.14): 1 Time(s) unknown (91-113-62-243.adsl.highway.telekom.at): 1 Time(s) unknown (c-67-176-78-57.hsd1.co.comcast.net): 1 Time(s) unknown (c188-150-228-81.bredband.tele2.se): 1 Time(s) unknown (c83-255-40-130.bredband.tele2.se): 1 Time(s) unknown (c91-130-51-190.bredband.tele2.se): 1 Time(s) unknown (d5152b305.access.telenet.be): 1 Time(s) unknown (m90-140-0-138.cust.tele2.lt): 1 Time(s) unknown (net-93-148-121-255.cust.dsl.teletu.it): 1 Time(s) unknown (p5b27618e.dip0.t-ipconnect.de): 1 Time(s) unknown (p5b28349f.dip0.t-ipconnect.de): 1 Time(s) uucp (206.74.214.208): 1 Time(s) Invalid Users: Unknown Account: 378 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 14.548K Bytes accepted 14,897 14.548K Bytes sent via SMTP 14,897 ======== ================================================== 2 Accepted 100.00% -------- -------------------------------------------------- 2 Total 100.00% ======== ================================================== 5 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 5 Total 4xx Rejects 100.00% ======== ================================================== 365 Connections 96 Connections lost (inbound) 365 Disconnections 2 Removed from queue 2 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 31.145.142.206: 44 times 36.110.228.254: 3 times 59.173.31.105: 2 times 76.91.64.101 (cpe-76-91-64-101.socal.res.rr.com): 1 time 80.240.206.14: 1 time 118.31.38.199: 13 times 125.136.203.14: 6 times 134.122.88.190: 16 times 139.59.23.204: 84 times 141.98.11.11 (axon-stall.riddlecamera.net): 7 times 141.98.11.113 (annoying.medyamol.com): 6 times 165.227.133.208: 15 times 170.64.183.7: 16 times 170.245.133.129: 1 time 176.113.115.210: 2 times 176.113.115.211: 7 times 185.224.128.142: 18 times 187.251.244.234 (fixed-187-251-244-234.totalplay.net): 1 time 188.255.158.174 (free-158-174.mediaworksit.net): 1 time 193.169.255.233: 4 times 201.217.144.237 (r201-217-144-237.ir-static.anteldata.net.uy): 1 time 202.139.217.204: 23 times 206.74.214.208 (206-74-214-208.fttp.ftmlsc.dyn.comporium.net): 1 time 213.190.30.112 (ds.besthomesideas.com): 62 times 217.144.74.112 (217144074112.vdc-ndc.trd.as44381.net): 1 time 217.160.49.181: 10 times Illegal users from: 2001:470:1:332::4: 1 time undef: 98 times 24.199.87.170: 144 times 31.145.142.206: 14 times 31.187.74.176 (vmi1374414.contaboserver.net): 4 times 41.74.129.85 (bl3.41.74.129.85.dynamic.dsl.cvmultimedia.cv): 1 time 50.80.113.126 (50-80-113-126.client.mchsi.com): 1 time 59.173.31.105: 2 times 60.248.91.59 (60-248-91-59.hinet-ip.hinet.net): 1 time 62.84.112.69: 1 time 65.49.1.20: 1 time 65.102.181.141 (65-102-181-141.tukw.qwest.net): 1 time 67.176.78.57 (c-67-176-78-57.hsd1.co.comcast.net): 1 time 78.106.43.241 (78-106-43-241.broadband.corbina.ru): 1 time 80.240.206.17: 1 time 81.17.22.114 (hostedby.privatelayer.com): 15 times 81.82.179.5 (d5152b305.access.telenet.be): 1 time 83.255.40.130 (c83-255-40-130.bredband.tele2.se): 1 time 88.82.204.14: 1 time 90.140.0.138 (m90-140-0-138.cust.tele2.lt): 1 time 91.39.97.142 (p5b27618e.dip0.t-ipconnect.de): 1 time 91.40.52.159 (p5b28349f.dip0.t-ipconnect.de): 1 time 91.113.62.243 (91-113-62-243.adsl.highway.telekom.at): 1 time 91.130.51.190 (c91-130-51-190.bredband.tele2.se): 1 time 93.148.121.255 (net-93-148-121-255.cust.vodafonedsl.it): 1 time 103.25.81.147: 1 time 103.157.104.248: 1 time 103.235.3.225: 1 time 118.31.38.199: 14 times 121.188.160.55: 5 times 123.252.209.150 (static-150.209.252.123-tataidc.co.in): 1 time 134.122.88.190: 37 times 141.98.11.11 (axon-stall.riddlecamera.net): 13 times 141.98.11.113 (annoying.medyamol.com): 9 times 165.227.133.208: 28 times 170.64.183.7: 37 times 174.138.27.86: 1 time 176.35.70.13 (176-35-70-13.xdsl.murphx.net): 1 time 176.113.115.210: 5 times 176.113.115.211: 10 times 176.113.126.213: 1 time 179.5.193.196: 1 time 180.175.121.110: 1 time 181.212.64.195 (181-212-64-195.baf.movistar.cl): 1 time 183.171.213.138: 1 time 185.69.165.124: 1 time 188.150.228.81 (c188-150-228-81.bredband.tele2.se): 1 time 189.179.64.37 (dsl-189-179-64-37-dyn.prod-infinitum.com.mx): 1 time 192.141.149.82: 2 times 195.242.233.154 (host-195.242.233.154.c3.net.pl): 1 time 202.53.41.215 (202-53-41-215.tpgi.com.au): 1 time 202.139.217.204: 7 times 212.33.205.62: 1 time 212.114.23.29 (212-114-23-29.box.freepro.com): 1 time 213.190.30.112 (ds.besthomesideas.com): 16 times **Unmatched Entries** fatal: buffer_get_string: buffer error [preauth] : 1 time(s) Protocol major versions differ for 152.32.227.23: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Server : 1 time(s) error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47383p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################