################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Nov 18 04:42:04 2021 Date Range Processed: yesterday ( 2021-Nov-17 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 49:48 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 60.191.125.35 -> zapf.wiki:443: 1 Time(s) 60.216.134.51 -> zapf.wiki:443: 1 Time(s) A total of 10 sites probed the server 159.223.44.222 172.104.131.24 194.67.205.181 219.139.40.10 23.23.6.16 37.0.8.133 45.86.74.235 5.188.210.227 87.251.64.122 91.134.146.186 Requests with error response codes 400 Bad Request null: 14 Time(s) mstshash=Administr: 2 Time(s) zapf.wiki:443: 2 Time(s) /: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /config/getuser?index=0: 1 Time(s) /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s) /socket.io/?noteId=D1lk7Eb3Squ7uGiIXiErNg& ... VVse6cDq_3VAAAS: 1 Time(s) /socket.io/?noteId=D1lk7Eb3Squ7uGiIXiErNg& ... kH9lxVZ5wkRAAAU: 1 Time(s) /socket.io/?noteId=D1lk7Eb3Squ7uGiIXiErNg& ... llpgPHcNjaiAAAT: 1 Time(s) http://5.188.210.227/echo.php: 1 Time(s) 404 Not Found //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) 499 (undefined) /socket.io/?noteId=D1lk7Eb3Squ7uGiIXiErNg& ... 769gATVvhkxAAAV: 1 Time(s) /socket.io/?noteId=D1lk7Eb3Squ7uGiIXiErNg& ... VVse6cDq_3VAAAS: 1 Time(s) /socket.io/?noteId=D1lk7Eb3Squ7uGiIXiErNg& ... kH9lxVZ5wkRAAAU: 1 Time(s) /socket.io/?noteId=D1lk7Eb3Squ7uGiIXiErNg& ... llpgPHcNjaiAAAT: 1 Time(s) 500 Internal Server Error /: 37 Time(s) /.env: 4 Time(s) /robots.txt: 3 Time(s) /console/: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /ReportServer: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /cgi-bin: 1 Time(s) /favicon.ico: 1 Time(s) /login: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/x.js: 1 Time(s) /servlets/com.adventnet.tools.sum.transpor ... nicationServlet: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (gurlstalk.com): 60 Time(s) root (209.14.131.233): 39 Time(s) root (152.136.181.121): 36 Time(s) root (102.223.75.234): 32 Time(s) root (1.15.106.44): 31 Time(s) root (81.70.163.61): 29 Time(s) root (115.246.73.210): 27 Time(s) root (183.134.78.94): 27 Time(s) root (186.67.248.5): 26 Time(s) unknown (209.14.131.233): 22 Time(s) root (143.244.136.52): 17 Time(s) unknown (1.15.106.44): 17 Time(s) unknown (115.246.73.210): 17 Time(s) unknown (102.223.75.234): 16 Time(s) root (171.39.0.3): 14 Time(s) root (176.111.173.238): 13 Time(s) root (210.25.189.14): 13 Time(s) unknown (152.136.181.121): 13 Time(s) root (114.67.179.239): 12 Time(s) unknown (183.134.78.94): 12 Time(s) unknown (186.67.248.5): 12 Time(s) root (112.33.16.34): 11 Time(s) unknown (81.70.163.61): 11 Time(s) root (40.73.119.184): 8 Time(s) unknown (143.244.136.52): 8 Time(s) root (202.83.16.8): 7 Time(s) unknown (212.192.241.37): 7 Time(s) unknown (40.73.119.184): 7 Time(s) root (128.187.26.211.sta.commander.net.au): 6 Time(s) root (bras-base-mtrlpq02xew-grc-14-64-229-166-89.dsl.bell.ca): 6 Time(s) unknown (171.39.0.3): 6 Time(s) unknown (slot0.epaperitaliait.com): 6 Time(s) unknown (202.83.16.8): 5 Time(s) unknown (209.141.32.141): 5 Time(s) root (183.157.169.245): 4 Time(s) unknown (112.33.16.34): 4 Time(s) unknown (128.187.26.211.sta.commander.net.au): 4 Time(s) unknown (210.25.189.14): 4 Time(s) unknown (212.192.241.124): 4 Time(s) root (176.111.173.237): 3 Time(s) unknown (114.67.179.239): 3 Time(s) unknown (141.98.10.92): 3 Time(s) unknown (205.185.114.87): 3 Time(s) unknown (205.185.120.71): 3 Time(s) unknown (209.141.62.185): 3 Time(s) unknown (45.155.204.39): 3 Time(s) unknown (097-097-177-058.res.spectrum.com): 2 Time(s) unknown (121.166.68.59): 2 Time(s) unknown (199.19.225.172): 2 Time(s) unknown (200.73.129.37): 2 Time(s) unknown (58.124.118.121): 2 Time(s) unknown (81.68.212.201): 2 Time(s) unknown (c-73-115-100-136.hsd1.tx.comcast.net): 2 Time(s) root (139.198.109.155): 1 Time(s) root (212.192.241.124): 1 Time(s) root (39.170.80.185): 1 Time(s) root (45.153.160.139): 1 Time(s) root (81.68.212.201): 1 Time(s) root (tor-exit1-readme.dfri.se): 1 Time(s) unknown (103.98.79.46): 1 Time(s) unknown (111.67.193.133): 1 Time(s) unknown (175.209.89.234): 1 Time(s) unknown (183.157.169.245): 1 Time(s) unknown (198.98.62.88): 1 Time(s) unknown (205.185.115.39): 1 Time(s) unknown (209.141.43.8): 1 Time(s) unknown (smtp17.mib360realestate.com): 1 Time(s) Invalid Users: Unknown Account: 220 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 43 Miscellaneous warnings 10.325K Bytes accepted 10,573 10.325K Bytes sent via SMTP 10,573 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 262 Connections 45 Connections lost (inbound) 262 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 1.15.106.44: 31 times 39.170.80.185: 1 time 40.73.119.184: 8 times 45.153.160.139: 1 time 64.229.166.89 (bras-base-mtrlpq02xew-grc-14-64-229-166-89.dsl.bell.ca): 6 times 81.68.212.201: 1 time 81.70.163.61: 29 times 102.223.75.234: 32 times 104.248.168.195 (gurlstalk.com): 60 times 112.33.16.34: 11 times 114.67.179.239: 12 times 115.246.73.210 (115.246.73.210.static.jio.com): 27 times 139.198.109.155: 1 time 143.244.136.52: 17 times 152.136.181.121: 36 times 171.25.193.77 (tor-exit1-readme.dfri.se): 1 time 171.39.0.3: 14 times 176.111.173.237: 3 times 176.111.173.238: 13 times 183.134.78.94: 27 times 183.157.169.245: 4 times 186.67.248.5: 26 times 202.83.16.8 (act20283168.broadband.actcorp.in): 7 times 209.14.131.233 (209-14-131-233.as270353.com.br): 39 times 210.25.189.14: 13 times 211.26.187.128 (128.187.26.211.sta.commander.net.au): 6 times 212.192.241.124: 1 time Illegal users from: 2001:470:1:c84::13: 1 time undef: 122 times 1.15.106.44: 17 times 40.73.119.184: 7 times 45.155.204.39: 3 times 58.124.118.121: 2 times 65.49.20.67 (scan-18.shadowserver.org): 1 time 73.115.100.136 (c-73-115-100-136.hsd1.tx.comcast.net): 2 times 81.68.212.201: 2 times 81.70.163.61: 11 times 97.97.177.58 (097-097-177-058.res.spectrum.com): 2 times 102.223.75.234: 16 times 103.98.79.46: 1 time 111.67.193.133: 1 time 112.33.16.34: 4 times 114.67.179.239: 3 times 115.246.73.210 (115.246.73.210.static.jio.com): 17 times 121.166.68.59: 2 times 141.98.10.92: 3 times 143.244.136.52: 8 times 152.136.181.121: 13 times 171.39.0.3: 6 times 175.209.89.234: 1 time 183.134.78.94: 12 times 183.157.169.245: 1 time 186.67.248.5: 12 times 195.133.18.24 (slot0.epaperitaliait.com): 6 times 198.98.62.88: 1 time 199.19.225.172: 2 times 200.73.129.37 (37.129.73.200.cab.prima.net.ar): 2 times 202.83.16.8 (act20283168.broadband.actcorp.in): 5 times 205.185.114.87: 3 times 205.185.115.39 (mx.learnmorefun.org): 1 time 205.185.119.40 (smtp17.mib360realestate.com): 1 time 205.185.120.71: 3 times 209.14.131.233 (209-14-131-233.as270353.com.br): 22 times 209.141.32.141 (smtp9.dfsfasfasf.xyz): 5 times 209.141.43.8 (mx09.hcx8.top): 1 time 209.141.62.185: 3 times 210.25.189.14: 4 times 211.26.187.128 (128.187.26.211.sta.commander.net.au): 4 times 212.192.241.37: 7 times 212.192.241.124: 4 times **Unmatched Entries** fatal: Unable to negotiate a key exchange method [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################