################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Jul 17 04:42:05 2021 Date Range Processed: yesterday ( 2021-Jul-16 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [104:104] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 6 sites probed the server 103.145.13.120 20.106.32.146 205.185.115.135 209.141.41.98 34.86.35.6 46.101.191.15 Requests with error response codes 400 Bad Request null: 8 Time(s) /: 5 Time(s) /socket.io/?noteId=tqucabouic.html&EIO=3&t ... k2uXBYTtaQWAAG-: 2 Time(s) /config/getuser?index=0: 1 Time(s) /socket.io/?noteId=tqucabouic.html&EIO=3&t ... 7GeY-m9of66AAHB: 1 Time(s) /socket.io/?noteId=tqucabouic.html&EIO=3&t ... uuS-nIW6rK-AAG_: 1 Time(s) /socket.io/?noteId=tqucabouic.html&EIO=3&t ... yvd0tBnEOiuAAHA: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 403 Forbidden /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s) 404 Not Found /robots.txt: 37 Time(s) /.env: 5 Time(s) /berlin/apple-touch-icon.png: 2 Time(s) /berlin/orientierung/apple-touch-icon.png: 1 Time(s) /install.php: 1 Time(s) /magento_version: 1 Time(s) /protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 1 Time(s) /reader/Deutsche%20Mathematiker-Vereinigun ... Unterrichts.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /util/login.aspx: 1 Time(s) /wp-content/plugins/wp-file-manager-pro/li ... tor.minimal.php: 1 Time(s) /wp-login.php: 1 Time(s) 499 (undefined) /socket.io/?noteId=tqucabouic.html&EIO=3&t ... 7GeY-m9of66AAHB: 1 Time(s) /socket.io/?noteId=tqucabouic.html&EIO=3&t ... k2uXBYTtaQWAAG-: 1 Time(s) /socket.io/?noteId=tqucabouic.html&EIO=3&t ... uuS-nIW6rK-AAG_: 1 Time(s) /socket.io/?noteId=tqucabouic.html&EIO=3&t ... yvd0tBnEOiuAAHA: 1 Time(s) 500 Internal Server Error /: 26 Time(s) /robots.txt: 3 Time(s) /.env: 2 Time(s) /favicon.ico: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.DS_Store: 1 Time(s) /.git/config: 1 Time(s) /.json: 1 Time(s) /.well-known/security.txt: 1 Time(s) //login_sid.lua: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /Telerik.Web.UI.WebResource.axd?type=rau: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /api/search?folderIds=0: 1 Time(s) /bag2: 1 Time(s) /config.json: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /idx_config/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /info.php: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /nginx.conf: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /remote/login: 1 Time(s) /server-status: 1 Time(s) /status: 1 Time(s) /status%3E%3Cscript%3Ealert(31337)%3C%2Fscript%3E: 1 Time(s) /telescope/requests: 1 Time(s) /v2/_catalog: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (101.32.15.39): 70 Time(s) root (103.100.80.244): 70 Time(s) root (103.50.161.84): 70 Time(s) root (121.4.49.146): 70 Time(s) root (128.199.141.33): 70 Time(s) root (211.253.8.225): 70 Time(s) root (23.94.216.121): 70 Time(s) root (95.79.31.128): 70 Time(s) root (ool-4577552b.dyn.optonline.net): 70 Time(s) root (159.75.36.161): 65 Time(s) root (1.15.155.251): 57 Time(s) root (112.54.37.117): 57 Time(s) root (121.4.164.75): 53 Time(s) root (121.4.52.222): 53 Time(s) root (122.54.119.182): 50 Time(s) root (167.172.50.98): 50 Time(s) root (178.128.218.29): 50 Time(s) root (222.255.113.175): 50 Time(s) root (115.159.76.52): 49 Time(s) root (106.52.29.118): 46 Time(s) root (218.92.175.102): 46 Time(s) root (106.55.236.107): 44 Time(s) root (180.76.168.236): 44 Time(s) root (121.4.158.236): 41 Time(s) root (14.63.213.72): 41 Time(s) root (122.51.15.197): 40 Time(s) root (159.89.229.96): 38 Time(s) root (ip-208-109-11-147.ip.secureserver.net): 38 Time(s) root (119.29.170.235): 37 Time(s) root (20.151.0.119): 37 Time(s) root (p54b6a5d1.dip0.t-ipconnect.de): 36 Time(s) root (106.13.177.14): 34 Time(s) root (120.92.133.80): 33 Time(s) root (13.66.131.233): 33 Time(s) root (139.59.18.191): 30 Time(s) root (150.138.178.18): 30 Time(s) root (81.69.0.64): 30 Time(s) root (159.89.202.95): 27 Time(s) root (178.62.195.233): 26 Time(s) root (106.13.74.61): 24 Time(s) root (211.144.221.226): 24 Time(s) root (42.194.173.211): 24 Time(s) root (37-128-119-195.static.ip.netia.com.pl): 23 Time(s) unknown (58.213.84.234): 21 Time(s) root (222.82.214.218): 17 Time(s) unknown (141.98.10.203): 15 Time(s) root (167.99.41.147): 12 Time(s) root (179.43.175.125): 12 Time(s) unknown (141.98.10.29): 12 Time(s) unknown (49.37.219.117): 12 Time(s) root (p5b28c4a9.dip0.t-ipconnect.de): 10 Time(s) unknown (lv01.0wn.net): 7 Time(s) root (103.131.52.4): 6 Time(s) unknown (193.169.254.113): 6 Time(s) root (lv01.0wn.net): 5 Time(s) unknown (141.98.10.56): 5 Time(s) root (p54ad2b90.dip0.t-ipconnect.de): 4 Time(s) unknown (141.98.10.179): 4 Time(s) unknown (205.185.125.109): 3 Time(s) unknown (205.185.125.24): 3 Time(s) unknown (205.185.127.25): 3 Time(s) unknown (45.135.232.165): 3 Time(s) root (141.98.10.179): 2 Time(s) root (141.98.10.56): 2 Time(s) root (176.111.173.156): 2 Time(s) root (81.4.110.153): 2 Time(s) unknown (117.102.199.15.static.zoot.jp): 2 Time(s) unknown (167.86.205.195): 2 Time(s) unknown (176.111.173.156): 2 Time(s) unknown (199.195.248.154): 2 Time(s) root (1.117.159.215): 1 Time(s) root (103.136.40.17): 1 Time(s) root (104.131.89.180): 1 Time(s) root (115.71.239.208): 1 Time(s) root (129.204.121.245): 1 Time(s) root (138.0.239.70): 1 Time(s) root (138.197.97.212): 1 Time(s) root (150.138.205.199): 1 Time(s) root (168.196.96.37): 1 Time(s) root (172.96.214.107.16clouds.com): 1 Time(s) root (178.128.212.164): 1 Time(s) root (180.76.53.208): 1 Time(s) root (185.247.225.67): 1 Time(s) root (193.169.254.113): 1 Time(s) root (68.183.105.114): 1 Time(s) unknown (195.133.40.104): 1 Time(s) unknown (199.195.253.100): 1 Time(s) unknown (45.146.165.72): 1 Time(s) Invalid Users: Unknown Account: 105 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 15.181K Bytes accepted 15,545 15.181K Bytes sent via SMTP 15,545 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 403 Connections 271 Connections lost (inbound) 403 Disconnections 1 Removed from queue 1 Sent via SMTP 45 Hostname verification errors (FCRDNS) 1 SMTP protocol violations ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 1.15.155.251: 57 times 1.117.159.215: 1 time 13.66.131.233: 33 times 14.63.213.72: 41 times 20.151.0.119: 37 times 23.94.216.121 (23-94-216-121-host.colocrossing.com): 70 times 37.128.119.195 (37-128-119-195.static.ip.netia.com.pl): 23 times 42.194.173.211: 24 times 68.183.105.114: 1 time 69.119.85.43 (ool-4577552b.dyn.optonline.net): 70 times 81.4.110.153 (kirmizi.kurukose.net): 2 times 81.69.0.64: 30 times 84.173.43.144 (p54ad2b90.dip0.t-ipconnect.de): 4 times 84.182.165.209 (p54b6a5d1.dip0.t-ipconnect.de): 36 times 91.40.196.169 (p5b28c4a9.dip0.t-ipconnect.de): 10 times 95.79.31.128 (mail.magol.ru): 70 times 101.32.15.39: 70 times 103.50.161.84: 70 times 103.100.80.244: 70 times 103.131.52.4: 6 times 103.136.40.17 (customer.apeironglobal.co): 1 time 104.131.89.180: 1 time 106.13.74.61: 24 times 106.13.177.14: 34 times 106.52.29.118: 46 times 106.55.236.107: 44 times 112.54.37.117: 57 times 115.71.239.208: 1 time 115.159.76.52: 49 times 119.29.170.235: 37 times 120.92.133.80: 33 times 121.4.49.146: 70 times 121.4.52.222: 53 times 121.4.158.236: 41 times 121.4.164.75: 53 times 122.51.15.197: 40 times 122.54.119.182 (spimail.spisemicon.com.ph): 50 times 128.199.141.33: 70 times 129.204.121.245: 1 time 138.0.239.70: 1 time 138.197.97.212: 1 time 139.59.18.191: 30 times 141.98.10.56: 2 times 141.98.10.179 (er.includeswitche.com): 2 times 150.138.178.18: 30 times 150.138.205.199: 1 time 159.75.36.161: 65 times 159.89.202.95: 27 times 159.89.229.96: 38 times 167.99.41.147: 12 times 167.172.50.98: 50 times 168.196.96.37: 1 time 172.96.214.107 (172.96.214.107.16clouds.com): 1 time 176.111.173.156: 2 times 178.62.195.233: 26 times 178.128.212.164: 1 time 178.128.218.29: 50 times 179.43.175.125: 12 times 180.76.53.208: 1 time 180.76.168.236: 44 times 185.247.225.67: 1 time 193.169.254.113: 1 time 199.19.226.145 (lv01.0wn.net): 5 times 208.109.11.147 (ip-208-109-11-147.ip.secureserver.net): 38 times 211.144.221.226 (221.226.dsnet): 24 times 211.253.8.225: 70 times 218.92.175.102: 46 times 222.82.214.218: 17 times 222.255.113.175 (static.vnpt.vn): 50 times Illegal users from: undef: 49 times 45.135.232.165: 3 times 45.146.165.72: 1 time 49.37.219.117: 15 times 58.213.84.234: 21 times 65.49.20.66 (scan-17.shadowserver.org): 1 time 117.102.199.15 (117.102.199.15.static.zoot.jp): 2 times 141.98.10.29: 12 times 141.98.10.56: 5 times 141.98.10.179 (er.includeswitche.com): 4 times 141.98.10.203: 15 times 167.86.205.195: 2 times 176.111.173.156: 2 times 193.169.254.113: 6 times 195.133.40.104: 1 time 199.19.226.145 (lv01.0wn.net): 7 times 199.195.248.154: 2 times 199.195.253.100: 1 time 205.185.125.24: 3 times 205.185.125.109: 3 times 205.185.127.25 (serveroperations.com): 3 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################