################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Jul 3 04:42:05 2021 Date Range Processed: yesterday ( 2021-Jul-02 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [259:265] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 8 sites probed the server 103.72.146.62 198.20.69.98 199.19.224.201 209.141.49.75 34.96.130.10 61.219.11.151 66.240.205.34 89.248.165.80 Requests with error response codes 400 Bad Request null: 14 Time(s) /: 4 Time(s) mstshash=Administr: 2 Time(s) /admin/config.php: 1 Time(s) /robots.txt: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 7: 1 Time(s) \xB9\xDB\x0CEN#5h[\xE4\xC5\x16\xF7wBr=\xB1: 1 Time(s) 403 Forbidden /resolutionen/wise17/Pruefungsunfaehigkeit/: 1 Time(s) /resolutionen/wise17/Zwangsexmatrikulation/: 1 Time(s) /temp: 1 Time(s) 404 Not Found /robots.txt: 115 Time(s) /wp-login.php: 13 Time(s) /reader/1989-wi-berlin.pdf: 3 Time(s) /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 2 Time(s) /download/zapfev_satzung.pdf: 2 Time(s) /sites/default/files/1979_WiSe_Karlsruhe.pdf: 2 Time(s) /.vscode/sftp.json: 1 Time(s) /admin/editor/editor/filemanager/upload/php/upload.php: 1 Time(s) /admin/editor/filemanager/upload/php/upload.php: 1 Time(s) /apple-touch-icon-precomposed.png: 1 Time(s) /berlin/orientierung/apple-touch-icon.png: 1 Time(s) /components/com_jbusinessdirectory/assets/uploadFile.php: 1 Time(s) /reader/1993-so-reader_do93.pdf: 1 Time(s) /reader/1993-wi-reader_st93.pdf: 1 Time(s) /reader/1994-wi-reader_hb94.pdf: 1 Time(s) /reader/1995-so-reader_ha95.pdf: 1 Time(s) /reader/1995-wi-reader_bn95.pdf: 1 Time(s) /reader/1998-so-reader_ro98.pdf: 1 Time(s) /sites/default/files/2005_SoSe_Erlangen.pdf: 1 Time(s) /user/login: 1 Time(s) /wp-admin/: 1 Time(s) /xmlrpc.php: 1 Time(s) /zapf/berichte/zapf-wise-2011: 1 Time(s) /zapf/reader/2018_WiSe_Wuerzburg: 1 Time(s) 500 Internal Server Error /: 54 Time(s) /.env: 4 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s) //: 3 Time(s) /?XDEBUG_SESSION_START=phpstorm: 2 Time(s) /Autodiscover/Autodiscover.xml: 2 Time(s) /HNAP1: 2 Time(s) /_ignition/execute-solution: 2 Time(s) /api/jsonws/invoke: 2 Time(s) /console/: 2 Time(s) /evox/about: 2 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s) /mifs/.;/services/LogService: 2 Time(s) /sdk: 2 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s) /.well-known/security.txt: 1 Time(s) //login_sid.lua: 1 Time(s) /GponForm/diag_Form?style/: 1 Time(s) /actuator/health: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /favicon.ico: 1 Time(s) /nmaplowercheck1625208743: 1 Time(s) /nmaplowercheck1625214499: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /robots.txt: 1 Time(s) /sitemap.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (128.199.95.60): 70 Time(s) root (139.186.133.118): 70 Time(s) root (139.198.30.161): 70 Time(s) root (157.230.42.191): 70 Time(s) root (89-27-10-179.bb.dnainternet.fi): 70 Time(s) root (gw-bell-xen.ll-nsk.zsttk.ru): 70 Time(s) root (179.191.69.146): 66 Time(s) unknown (47.91.95.148): 66 Time(s) root (101.254.233.194): 65 Time(s) root (157.245.218.29): 65 Time(s) root (157.245.100.31): 64 Time(s) root (114.67.87.255): 57 Time(s) root (202.165.123.79): 55 Time(s) unknown (58.56.101.45): 55 Time(s) root (134.175.162.171): 53 Time(s) root (117.50.25.167): 52 Time(s) root (103.39.215.2): 50 Time(s) root (106.54.83.233): 50 Time(s) root (138.68.58.124): 50 Time(s) root (152.136.124.97): 50 Time(s) root (157.245.64.140): 50 Time(s) root (165.232.124.209): 50 Time(s) root (188.166.1.95): 50 Time(s) root (49.233.68.90): 50 Time(s) root (61.32.231.155): 50 Time(s) root (94.159.31.10): 50 Time(s) root (27.151.13.52): 49 Time(s) root (43.226.69.103): 49 Time(s) root (140.249.209.14): 45 Time(s) root (218.75.216.21): 43 Time(s) root (104.131.16.70): 41 Time(s) root (142.93.57.255): 38 Time(s) root (42.192.140.212): 38 Time(s) root (49.233.77.12): 38 Time(s) root (58.56.101.45): 38 Time(s) root (103.129.223.98): 36 Time(s) root (38.91.102.84): 36 Time(s) root (118.193.32.11): 35 Time(s) root (115.159.157.154): 34 Time(s) root (178.128.107.65): 31 Time(s) root (192.144.236.224): 31 Time(s) root (101.32.222.206): 30 Time(s) root (167.71.72.70): 30 Time(s) root (182.148.113.6): 29 Time(s) root (59-126-108-47.hinet-ip.hinet.net): 29 Time(s) root (103.100.210.198): 26 Time(s) root (118.121.57.64): 26 Time(s) root (39.109.122.135): 26 Time(s) root (47.91.95.148): 26 Time(s) root (50.251.216.228): 26 Time(s) root (119.45.60.159): 25 Time(s) root (36.133.112.61): 25 Time(s) root (103.148.79.199): 24 Time(s) root (119.45.208.92): 24 Time(s) unknown (40.115.79.44): 24 Time(s) unknown (46.101.211.196): 24 Time(s) root (81.69.37.85): 23 Time(s) unknown (132.232.77.33): 23 Time(s) root (104.131.174.220): 22 Time(s) root (121.4.233.83): 22 Time(s) unknown (139.59.103.44): 22 Time(s) root (124.95.143.135): 21 Time(s) root (49.234.53.161): 21 Time(s) unknown (104.211.77.169): 21 Time(s) unknown (107.173.155.96): 21 Time(s) root (122.114.189.240): 20 Time(s) root (157.122.149.18): 20 Time(s) root (175.6.99.102): 20 Time(s) unknown (122.51.56.87): 20 Time(s) root (103.106.20.212): 19 Time(s) root (120.92.133.133): 19 Time(s) root (45.64.237.125): 19 Time(s) unknown (106.38.158.131): 19 Time(s) unknown (161.97.96.96): 19 Time(s) unknown (119.45.39.188): 18 Time(s) unknown (122.53.176.252): 18 Time(s) unknown (120.53.245.68): 17 Time(s) unknown (180.215.203.166): 17 Time(s) unknown (157.245.124.160): 16 Time(s) unknown (193.169.255.46): 16 Time(s) unknown (47.74.48.89): 16 Time(s) unknown (101.32.23.32): 15 Time(s) unknown (212.129.242.189): 15 Time(s) root (195.91.137.3): 14 Time(s) root (98.142.143.152.16clouds.com): 14 Time(s) unknown (198.211.121.90): 14 Time(s) unknown (223.197.151.55): 14 Time(s) root (47.74.48.89): 12 Time(s) unknown (116.198.162.65): 12 Time(s) unknown (220.83.211.129): 12 Time(s) unknown (49.233.2.204): 12 Time(s) unknown (157.122.149.18): 11 Time(s) root (209.141.43.233): 10 Time(s) root (122.51.56.87): 9 Time(s) root (140.249.222.242): 9 Time(s) root (49.236.204.37): 9 Time(s) unknown (180.76.96.164): 9 Time(s) unknown (oc-140-86-39-162.compute.oraclecloud.com): 9 Time(s) root (132.232.77.33): 8 Time(s) root (180.215.203.166): 8 Time(s) root (223.197.151.55): 8 Time(s) unknown (167.71.146.237): 8 Time(s) unknown (209.141.43.233): 8 Time(s) unknown (46.101.29.76): 8 Time(s) root (161.97.96.96): 7 Time(s) root (167.71.146.237): 7 Time(s) root (177.202.61.70): 7 Time(s) root (23.94.179.29): 7 Time(s) root (120.53.245.68): 6 Time(s) root (179.43.175.125): 6 Time(s) root (212.129.242.189): 6 Time(s) unknown (141.98.10.179): 6 Time(s) root (106.38.158.131): 5 Time(s) root (119.45.39.188): 5 Time(s) root (157.245.124.160): 5 Time(s) root (184.70.244.67): 5 Time(s) root (46.101.211.196): 5 Time(s) root (101.32.23.32): 4 Time(s) root (116.198.162.65): 4 Time(s) root (180.76.96.164): 4 Time(s) root (46.101.29.76): 4 Time(s) unknown (1.15.54.102): 4 Time(s) unknown (199.195.248.154): 4 Time(s) root (1.15.54.102): 3 Time(s) root (122.53.176.252): 3 Time(s) root (139.59.103.44): 3 Time(s) root (198.211.121.90): 3 Time(s) root (220.83.211.129): 3 Time(s) root (40.115.79.44): 3 Time(s) unknown (194.61.25.28): 3 Time(s) unknown (205.185.127.25): 3 Time(s) unknown (209.97.141.112): 3 Time(s) unknown (45.146.165.72): 3 Time(s) mysql (47.91.95.148): 2 Time(s) postgres (47.91.95.148): 2 Time(s) postgres (58.56.101.45): 2 Time(s) root (104.211.77.169): 2 Time(s) root (209.141.46.134): 2 Time(s) root (81.161.63.100): 2 Time(s) root (oc-140-86-39-162.compute.oraclecloud.com): 2 Time(s) root (tor-exit1-readme.dfri.se): 2 Time(s) unknown (107.189.1.161): 2 Time(s) unknown (186.227.146.174): 2 Time(s) unknown (193.169.252.151): 2 Time(s) unknown (195.133.40.214): 2 Time(s) unknown (199.76.38.123): 2 Time(s) unknown (205.185.118.227): 2 Time(s) unknown (205.185.125.109): 2 Time(s) unknown (209.141.46.134): 2 Time(s) unknown (255.80-178-91.adsl-dyn.isp.belgacom.be): 2 Time(s) unknown (45.135.232.165): 2 Time(s) unknown (47-208-249-199.abrncmtc01.res.dyn.suddenlink.net): 2 Time(s) bin (46.101.211.196): 1 Time(s) bin (58.56.101.45): 1 Time(s) daemon (45.135.232.165): 1 Time(s) daemon (58.56.101.45): 1 Time(s) mail (47.91.95.148): 1 Time(s) mysql (107.173.155.96): 1 Time(s) mysql (107.189.1.161): 1 Time(s) mysql (157.245.124.160): 1 Time(s) mysql (167.71.146.237): 1 Time(s) mysql (193.169.255.46): 1 Time(s) mysql (46.101.211.196): 1 Time(s) postgres (1.15.54.102): 1 Time(s) postgres (107.189.1.161): 1 Time(s) postgres (116.198.162.65): 1 Time(s) postgres (120.53.245.68): 1 Time(s) postgres (180.215.203.166): 1 Time(s) postgres (193.169.255.46): 1 Time(s) postgres (205.185.118.227): 1 Time(s) postgres (212.129.242.189): 1 Time(s) postgres (40.115.79.44): 1 Time(s) root (1.116.120.34): 1 Time(s) root (103.75.34.218): 1 Time(s) root (106.13.87.145): 1 Time(s) root (107.173.155.96): 1 Time(s) root (107.189.1.161): 1 Time(s) root (107.189.30.23): 1 Time(s) root (109.106.255.37): 1 Time(s) root (111.13.102.195): 1 Time(s) root (115.42.44.26): 1 Time(s) root (159.65.136.44): 1 Time(s) root (182.253.117.99): 1 Time(s) root (185.191.124.143): 1 Time(s) root (190.104.190.15): 1 Time(s) root (192.144.217.143): 1 Time(s) root (195.78.49.68): 1 Time(s) root (205.185.118.227): 1 Time(s) root (219.151.151.35): 1 Time(s) root (45.153.160.132): 1 Time(s) root (49.233.2.204): 1 Time(s) root (5.3.6.82): 1 Time(s) root (61.155.167.4): 1 Time(s) root (82.156.29.24): 1 Time(s) root (83.69.211.198): 1 Time(s) root (mariellefranco.tor-exit.calyxinstitute.org): 1 Time(s) root (tor-exit5-readme.dfri.se): 1 Time(s) sshd (58.56.101.45): 1 Time(s) temp (1.15.54.102): 1 Time(s) temp (119.45.39.188): 1 Time(s) unknown (129.226.170.141): 1 Time(s) unknown (187.157.153.167): 1 Time(s) unknown (190.42.250.16): 1 Time(s) unknown (193.169.254.113): 1 Time(s) unknown (209.141.47.35): 1 Time(s) unknown (49.234.58.18): 1 Time(s) www-data (167.71.146.237): 1 Time(s) Invalid Users: Unknown Account: 633 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 4 Miscellaneous warnings 28.530K Bytes accepted 29,215 28.530K Bytes sent via SMTP 29,215 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 6 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 6 Total 4xx Rejects 100.00% ======== ================================================== 1571 Connections 1514 Connections lost (inbound) 1571 Disconnections 1 Removed from queue 1 Sent via SMTP 5 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.15.54.102: 5 times 1.116.120.34: 1 time 5.3.6.82 (5x3x6x82.static.ertelecom.ru): 1 time 23.94.179.29 (yezishurb.site): 7 times 27.151.13.52: 49 times 36.133.112.61: 25 times 38.91.102.84 (84-102-91-38.clients.gthost.com): 36 times 39.109.122.135: 26 times 40.115.79.44: 4 times 42.192.140.212: 38 times 43.226.69.103: 49 times 45.64.237.125 (node-45-64-237-125.alliancebroadband.in): 19 times 45.135.232.165: 1 time 45.153.160.132: 1 time 46.101.29.76: 4 times 46.101.211.196: 7 times 47.74.48.89: 12 times 47.91.95.148: 31 times 49.233.2.204: 1 time 49.233.68.90: 50 times 49.233.77.12: 38 times 49.234.53.161: 21 times 49.236.204.37: 9 times 50.251.216.228 (mail.bellnw.com.216.251.50.in-addr.arpa): 26 times 58.56.101.45: 43 times 59.126.108.47 (59-126-108-47.HINET-IP.hinet.net): 29 times 61.32.231.155: 50 times 61.155.167.4: 1 time 81.69.37.85: 23 times 81.161.63.100: 2 times 82.156.29.24: 1 time 82.200.65.218 (gw-bell-xen.ll-nsk.zsttk.ru): 70 times 83.69.211.198 (83.69.211-198.in-addr.mastertelecom.ru): 1 time 89.27.10.179 (89-27-10-179.bb.dnainternet.fi): 70 times 94.159.31.10: 50 times 98.142.143.152 (98.142.143.152.16clouds.com): 14 times 101.32.23.32: 4 times 101.32.222.206: 30 times 101.254.233.194: 65 times 103.39.215.2: 50 times 103.75.34.218: 1 time 103.100.210.198: 26 times 103.106.20.212: 19 times 103.129.223.98: 36 times 103.148.79.199: 24 times 104.131.16.70: 41 times 104.131.174.220: 22 times 104.211.77.169: 2 times 106.13.87.145: 1 time 106.38.158.131: 5 times 106.54.83.233: 50 times 107.173.155.96 (107-173-155-96-host.colocrossing.com): 2 times 107.189.1.161: 3 times 107.189.30.23 (LuxembourgTor13.lu): 1 time 109.106.255.37: 1 time 111.13.102.195: 1 time 114.67.87.255: 57 times 115.42.44.26: 1 time 115.159.157.154: 34 times 116.198.162.65: 5 times 117.50.25.167: 52 times 118.121.57.64: 26 times 118.193.32.11: 35 times 119.45.39.188: 6 times 119.45.60.159: 25 times 119.45.208.92: 24 times 120.53.245.68: 7 times 120.92.133.133: 19 times 121.4.233.83: 22 times 122.51.56.87: 9 times 122.53.176.252 (host.5.static.bridgestone.net.ph): 3 times 122.114.189.240: 20 times 124.95.143.135: 21 times 128.199.95.60: 70 times 132.232.77.33: 8 times 134.175.162.171: 53 times 138.68.58.124: 50 times 139.59.103.44: 3 times 139.186.133.118: 70 times 139.198.30.161: 70 times 140.86.39.162 (oc-140-86-39-162.compute.oraclecloud.com): 2 times 140.249.209.14: 45 times 140.249.222.242: 9 times 142.93.57.255: 38 times 152.136.124.97: 50 times 157.122.149.18: 20 times 157.230.42.191: 70 times 157.245.64.140: 50 times 157.245.100.31: 64 times 157.245.124.160: 6 times 157.245.218.29: 65 times 159.65.136.44: 1 time 161.97.96.96 (srv.d3n.it): 7 times 165.232.124.209: 50 times 167.71.72.70: 30 times 167.71.146.237: 9 times 171.25.193.25 (tor-exit5-readme.dfri.se): 1 time 171.25.193.77 (tor-exit1-readme.dfri.se): 2 times 175.6.99.102: 20 times 177.202.61.70: 7 times 178.128.107.65: 31 times 179.43.175.125: 6 times 179.191.69.146 (mvx-179-191-69-146.mundivox.com): 66 times 180.76.96.164: 4 times 180.215.203.166: 9 times 182.148.113.6: 29 times 182.253.117.99: 1 time 184.70.244.67: 5 times 185.191.124.143: 1 time 185.220.103.8 (mariellefranco.tor-exit.calyxinstitute.org): 1 time 188.166.1.95: 50 times 190.104.190.15: 1 time 192.144.217.143: 1 time 192.144.236.224: 31 times 193.169.255.46: 2 times 195.78.49.68: 1 time 195.91.137.3 (h195-91-137-3.ln.rinet.ru): 14 times 198.211.121.90: 3 times 202.165.123.79: 55 times 205.185.118.227 (google.com): 2 times 209.141.43.233: 10 times 209.141.46.134: 2 times 212.129.242.189: 7 times 218.75.216.21: 43 times 219.151.151.35: 1 time 220.83.211.129: 3 times 223.197.151.55 (223-197-151-55.static.imsbiz.com): 8 times Illegal users from: undef: 390 times 1.15.54.102: 4 times 40.115.79.44: 24 times 45.135.232.165: 2 times 45.146.165.72: 3 times 46.101.29.76: 8 times 46.101.211.196: 24 times 47.74.48.89: 16 times 47.91.95.148: 66 times 47.208.249.199 (47-208-249-199.abrncmtc01.res.dyn.suddenlink.net): 2 times 49.233.2.204: 12 times 49.234.58.18: 1 time 58.56.101.45: 55 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 91.178.80.255 (255.80-178-91.adsl-dyn.isp.belgacom.be): 2 times 101.32.23.32: 16 times 104.211.77.169: 21 times 106.38.158.131: 19 times 107.173.155.96 (107-173-155-96-host.colocrossing.com): 21 times 107.189.1.161: 2 times 116.198.162.65: 12 times 119.45.39.188: 18 times 120.53.245.68: 17 times 122.51.56.87: 20 times 122.53.176.252 (host.5.static.bridgestone.net.ph): 18 times 129.226.170.141: 1 time 132.232.77.33: 23 times 139.59.103.44: 22 times 140.86.39.162 (oc-140-86-39-162.compute.oraclecloud.com): 9 times 141.98.10.179 (er.includeswitche.com): 6 times 157.122.149.18: 11 times 157.245.124.160: 16 times 161.97.96.96 (srv.d3n.it): 19 times 167.71.146.237: 8 times 180.76.96.164: 9 times 180.215.203.166: 17 times 186.227.146.174 (186.227.146.174.interone.com.br): 2 times 187.157.153.167 (customer-187-157-153-167-sta.uninet-ide.com.mx): 1 time 190.42.250.16: 1 time 193.169.252.151: 2 times 193.169.254.113: 1 time 193.169.255.46: 16 times 194.61.25.28: 3 times 195.133.40.214: 2 times 198.211.121.90: 14 times 199.76.38.123: 2 times 199.195.248.154: 4 times 205.185.118.227 (google.com): 2 times 205.185.125.109: 2 times 205.185.127.25 (serveroperations.com): 3 times 209.97.141.112 (abrus.cloud): 3 times 209.141.43.233: 8 times 209.141.46.134: 2 times 209.141.47.35: 1 time 212.129.242.189: 15 times 220.83.211.129: 12 times 223.197.151.55 (223-197-151-55.static.imsbiz.com): 14 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################