################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Aug 23 04:42:03 2023 Date Range Processed: yesterday ( 2023-Aug-22 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [172:171] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 84.54.51.12 -> google.com:443: 1 Time(s) 91.224.92.110 -> api.findip.net:443: 2 Time(s) A total of 13 sites probed the server 104.131.128.22 107.170.242.14 165.22.223.158 170.64.154.131 178.128.95.222 179.43.191.194 18.170.39.68 184.72.71.99 205.210.31.213 45.79.181.94 45.95.169.184 60.217.75.70 65.49.1.39 Requests with error response codes 400 Bad Request null: 28 Time(s) *: 5 Time(s) /: 3 Time(s) mstshash=Administr: 3 Time(s) api.findip.net:443: 2 Time(s) /18844285: 1 Time(s) /favicon.ico: 1 Time(s) /index.htm: 1 Time(s) 2\xE3: 1 Time(s) 7: 1 Time(s) A@BAE@FAI: 1 Time(s) \x00\x00BBBB\xBA\x8C\xC1\xABDAAA: 1 Time(s) \x7FV\x00\x00\x1A\xC0/\xC0+\xC0\x11\xC0\x0 ... x09\xC0\x14\xC0: 1 Time(s) \x85\x88!\x9Ci\x15\xD8{\x8D\xE1\xB8\xD5\x8 ... x09\xC0\x14\xC0: 1 Time(s) \x97`\x90\xE5\xC90\xF6a\x00\x00\x1A\xC0/\x ... x09\xC0\x14\xC0: 1 Time(s) \xD3[\xD3R]Xt\xF7\x06+;\xA3\xDCj?G\x0E\xA5 ... C0$\xC0\x14\xC0: 1 Time(s) google.com:443: 1 Time(s) 403 Forbidden /temp: 1 Time(s) 404 Not Found /wp-content/plugins/core-plugin/include.php: 1 Time(s) 500 Internal Server Error /: 31 Time(s) /.env: 5 Time(s) /.git/config: 3 Time(s) /favicon.ico: 3 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /_profiler/phpinfo: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /actuator/health: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /dns-query?dns=wpgBAAABAAAAAAAABmdvb2dsZQNjb20AAAEAAQ: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /geoserver/web/: 1 Time(s) /owa/auth/x.js: 1 Time(s) /restore.php: 1 Time(s) /robots.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (v-192-223-27-251.unman-vds.inap-nyc.nfoservers.com): 104 Time(s) unknown (185.161.248.200): 33 Time(s) root (185.216.119.133): 30 Time(s) root (45.180.219.203): 21 Time(s) root (64.227.178.234): 20 Time(s) root (185.33.169.123): 18 Time(s) root (189.7.17.61): 18 Time(s) root (101.36.151.78): 17 Time(s) root (107.189.1.231): 17 Time(s) root (139.59.250.246): 17 Time(s) root (189.244.120.61): 17 Time(s) root (195.158.5.3): 17 Time(s) root (23-126-62-36.lightspeed.lsvlky.sbcglobal.net): 17 Time(s) root (vps-5c6fcd10.vps.ovh.net): 17 Time(s) root (118.69.77.88): 16 Time(s) root (185.218.6.114): 16 Time(s) root (154.82.76.28): 15 Time(s) root (14.99.34.118): 14 Time(s) root (159.203.102.107): 14 Time(s) root (178.128.98.121): 14 Time(s) root (179.185.90.114): 14 Time(s) root (212.49.70.200): 14 Time(s) root (41.209.62.8): 14 Time(s) root (43.156.124.108): 14 Time(s) root (94.180.247.20): 14 Time(s) root (bl7-58-125.dsl.telepac.pt): 14 Time(s) root (host-87-27-205-141.business.telecomitalia.it): 14 Time(s) root (43.156.4.142): 13 Time(s) root (64.227.133.219): 13 Time(s) root (107.175.44.163): 12 Time(s) root (128.199.33.46): 12 Time(s) root (143.244.134.243): 12 Time(s) root (167.172.99.191): 12 Time(s) root (170-187-139-208.ip.linodeusercontent.com): 12 Time(s) root (172.245.5.163): 12 Time(s) root (178.22.168.219): 12 Time(s) root (185.224.128.141): 12 Time(s) root (185.224.128.142): 12 Time(s) root (205.185.123.242): 12 Time(s) root (43.131.232.3): 12 Time(s) root (43.154.154.86): 12 Time(s) root (51.250.89.11): 12 Time(s) root (95.179.252.232): 12 Time(s) root (agf03.livelogopontos.com): 12 Time(s) unknown (197.248.117.226): 12 Time(s) unknown (210.17.195.178): 12 Time(s) root (185.161.248.200): 11 Time(s) unknown (45.119.85.88): 11 Time(s) unknown (119.28.52.230): 9 Time(s) unknown (128.199.73.168): 9 Time(s) unknown (137.184.50.151): 9 Time(s) unknown (144.22.215.0): 9 Time(s) unknown (154.72.194.207): 9 Time(s) unknown (159.65.133.50): 9 Time(s) unknown (166.162.193.35.bc.googleusercontent.com): 9 Time(s) unknown (196.189.187.106): 9 Time(s) unknown (43.154.143.144): 9 Time(s) unknown (43.156.237.23): 9 Time(s) unknown (43.157.29.245): 9 Time(s) unknown (43.159.39.194): 9 Time(s) unknown (46.245.74.75): 9 Time(s) unknown (85.208.253.209): 9 Time(s) unknown (business-90-187-219-149.pool2.vodafone-ip.de): 9 Time(s) root (ip82-165-34-181.pbiaas.com): 8 Time(s) unknown (125-228-68-53.hinet-ip.hinet.net): 8 Time(s) unknown (pool-72-94-158-191.phlapa.fios.verizon.net): 8 Time(s) root (119.28.52.230): 7 Time(s) root (222.168.30.19): 6 Time(s) unknown (81.17.22.114): 4 Time(s) root (141.147.47.32): 3 Time(s) unknown (31.184.198.71): 2 Time(s) unknown (82.66.143.175): 2 Time(s) daemon (166.162.193.35.bc.googleusercontent.com): 1 Time(s) daemon (210.17.195.178): 1 Time(s) lp (43.159.39.194): 1 Time(s) mail (144.22.215.0): 1 Time(s) mail (154.72.194.207): 1 Time(s) root (185.184.88.68): 1 Time(s) root (31.184.198.71): 1 Time(s) root (c83-249-87-19.bredband.tele2.se): 1 Time(s) root (ns3088759.ip-145-239-244.eu): 1 Time(s) sshd (185.161.248.200): 1 Time(s) unknown (14.29.218.130): 1 Time(s) unknown (175.196.121.27): 1 Time(s) unknown (181.197.29.152): 1 Time(s) unknown (220.71.151.30): 1 Time(s) unknown (220.78.241.152): 1 Time(s) unknown (36.88.51.182): 1 Time(s) unknown (41.175.21.114): 1 Time(s) unknown (45-26-194-101.lightspeed.cicril.sbcglobal.net): 1 Time(s) unknown (59.92.120.37): 1 Time(s) unknown (85.239.34.105): 1 Time(s) unknown (n11923734222.netvigator.com): 1 Time(s) www-data (185.161.248.200): 1 Time(s) Invalid Users: Unknown Account: 260 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 4 Miscellaneous warnings 15.250K Bytes accepted 15,616 15.250K Bytes sent via SMTP 15,616 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 301 Connections 19 Connections lost (inbound) 301 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 3 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 14.99.34.118 (static-118.34.99.14-tataidc.co.in): 14 times 23.126.62.36 (23-126-62-36.lightspeed.lsvlky.sbcglobal.net): 17 times 31.184.198.71: 1 time 35.193.162.166 (166.162.193.35.bc.googleusercontent.com): 1 time 37.152.181.117 (agf03.livelogopontos.com): 12 times 41.209.62.8: 14 times 43.131.232.3: 12 times 43.154.154.86: 12 times 43.156.4.142: 13 times 43.156.124.108: 14 times 43.159.39.194: 1 time 45.180.219.203 (45-180-219-203.st1internet.com.br): 21 times 51.75.78.120 (vps-5c6fcd10.vps.ovh.net): 17 times 51.250.89.11: 12 times 64.227.133.219: 13 times 64.227.178.234: 20 times 82.165.34.181 (ip82-165-34-181.pbiaas.com): 8 times 83.249.87.19 (c83-249-87-19.bredband.tele2.se): 1 time 85.240.58.125 (bl7-58-125.dsl.telepac.pt): 14 times 87.27.205.141 (host-87-27-205-141.business.telecomitalia.it): 14 times 94.180.247.20 (94x180x247x20.static-business.kzn.ertelecom.ru): 14 times 95.179.252.232 (95.179.252.232.vultrusercontent.com): 12 times 101.36.151.78: 17 times 107.175.44.163: 12 times 107.189.1.231: 17 times 118.69.77.88: 16 times 119.28.52.230: 7 times 128.199.33.46: 12 times 139.59.250.246: 17 times 141.147.47.32: 3 times 143.244.134.243: 12 times 144.22.215.0: 1 time 145.239.244.34 (ns3088759.ip-145-239-244.eu): 1 time 154.72.194.207 (hcf.gou.go.ug): 1 time 154.82.76.28: 15 times 159.203.102.107: 14 times 167.172.99.191: 12 times 170.187.139.208 (170-187-139-208.ip.linodeusercontent.com): 12 times 172.245.5.163 (172-245-5-163-host.colocrossing.com): 12 times 178.22.168.219: 12 times 178.128.98.121: 14 times 179.185.90.114 (179.185.90.114.static.gvt.net.br): 14 times 185.33.169.123 (dcc-185-33-169-123.north-cust.dcc.ps): 18 times 185.161.248.200: 13 times 185.184.88.68 (185.184.88.68.dyn.user.innovatelekom.com): 1 time 185.216.119.133: 30 times 185.218.6.114: 16 times 185.224.128.141 (ihate.feds.kys): 12 times 185.224.128.142 (ihate.feds.kys): 12 times 189.7.17.61 (bd07113d.virtua.com.br): 18 times 189.244.120.61 (dsl-189-244-120-61-dyn.prod-infinitum.com.mx): 17 times 192.223.27.251 (v-192-223-27-251.unman-vds.inap-nyc.nfoservers.com): 104 times 195.158.5.3: 17 times 205.185.123.242 (lab.texacrox.com): 12 times 210.17.195.178: 1 time 212.49.70.200 (autodiscover.interdistalliances.com): 14 times 222.168.30.19: 6 times Illegal users from: 2001:470:1:332::a: 1 time undef: 181 times 14.29.218.130: 5 times 31.184.198.71: 3 times 35.193.162.166 (166.162.193.35.bc.googleusercontent.com): 9 times 36.88.51.182: 1 time 41.175.21.114: 1 time 43.154.143.144: 9 times 43.156.237.23: 9 times 43.157.29.245: 9 times 43.159.39.194: 9 times 45.26.194.101 (45-26-194-101.lightspeed.cicril.sbcglobal.net): 1 time 45.119.85.88: 11 times 45.129.14.51 (sanchez.explorethebest.com): 1 time 46.245.74.75: 9 times 59.92.120.37 (static.bb.ill.59.92.120.37.bsnl.in): 1 time 64.62.197.136 (scan-40o.shadowserver.org): 1 time 72.94.158.191 (pool-72-94-158-191.phlapa.fios.verizon.net): 8 times 81.17.22.114 (hostedby.privatelayer.com): 20 times 82.66.143.175 (gra94-2_migr-82-66-143-175.fbx.proxad.net): 2 times 82.162.69.205: 1 time 85.208.253.209 (static.209.253.208.85.clients.irandns.com): 9 times 85.239.34.105 (pr0ntr0n9002): 1 time 90.187.219.149 (business-90-187-219-149.pool2.vodafone-ip.de): 9 times 119.28.52.230: 9 times 119.237.34.222 (n11923734222.netvigator.com): 1 time 125.228.68.53 (125-228-68-53.hinet-ip.hinet.net): 8 times 128.199.73.168: 9 times 137.184.50.151: 9 times 144.22.215.0: 9 times 154.72.194.207 (hcf.gou.go.ug): 9 times 159.65.133.50: 9 times 175.196.121.27: 2 times 181.197.29.152: 1 time 185.161.248.200: 33 times 192.223.27.251 (v-192-223-27-251.unman-vds.inap-nyc.nfoservers.com): 16 times 196.189.187.106: 9 times 197.248.117.226 (197-248-117-226.safaricombusiness.co.ke): 12 times 210.17.195.178: 12 times 220.71.151.30: 5 times 220.78.241.152: 5 times **Unmatched Entries** fatal: buffer_get_string: buffer error [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (root,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (ubnt,ssh-connection) [preauth] : 1 time(s) error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47383p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################