################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Jan 28 04:42:05 2021 Date Range Processed: yesterday ( 2021-Jan-27 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [114:115] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 110.177.176.230 -> zapf.wiki:443: 1 Time(s) 221.213.75.163 -> zapf.wiki:443: 1 Time(s) 222.186.136.150 -> ip.ws.126.net:443: 1 Time(s) 60.13.7.57 -> zapf.wiki:443: 1 Time(s) A total of 6 sites probed the server 161.35.230.3 163.172.70.88 40.114.116.212 61.219.11.153 64.227.97.78 64.227.99.233 Requests with error response codes 400 Bad Request null: 12 Time(s) zapf.wiki:443: 3 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) /: 1 Time(s) /c/version.js: 1 Time(s) /client_area/: 1 Time(s) /config/getuser?index=0: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) /stalker_portal/c/: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) HTTP/1.0: 1 Time(s) http://dyn.epicgifs.net/test6956.php: 1 Time(s) ip.ws.126.net:443: 1 Time(s) 404 Not Found /robots.txt: 120 Time(s) /sitemap.txt: 2 Time(s) /sites/default/files/2012_11_Stellungnahme_OpenAcces.pdf: 2 Time(s) /wp-login.php: 2 Time(s) /.env: 1 Time(s) /.well-known/security.txt: 1 Time(s) //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) /adminer.php: 1 Time(s) /berlin/apple-touch-icon.png: 1 Time(s) /download/reader_hb02.pdf: 1 Time(s) /protokolle/Protokoll_MV_12.11.2016.pdf: 1 Time(s) /protokolle/Protokoll_MV_2019_01_11_Freiburg.pdf: 1 Time(s) /reader/2018_SoSe_Heidelberg/: 1 Time(s) /sites/default/files/1981_WiSe_K%C3%B6ln.pdf: 1 Time(s) /sites/default/files/2009_SoSe_G%C3%B6ttingen.pdf: 1 Time(s) /sites/default/files/2011_WiSe_Bonn.pdf: 1 Time(s) /sites/default/files/Bericht_SommerZaPF13_Jena.pdf: 1 Time(s) 405 Method Not Allowed /: 1 Time(s) 499 (undefined) /socket.io/?noteId=Kuijb60cRk-4HM8bDFY--A& ... Gzdz52PRUXpABvT: 1 Time(s) 500 Internal Server Error /: 33 Time(s) /robots.txt: 29 Time(s) /atom.xml: 5 Time(s) /sitemap.xml: 5 Time(s) /sitemap.xml.gz: 5 Time(s) /sitemap_index.xml: 5 Time(s) /sitemaps.xml: 4 Time(s) /.env: 3 Time(s) /admin//config.php: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) //login_sid.lua: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /Telerik.Web.UI.WebResource.axd?type=rau: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /c/version.js: 1 Time(s) /client_area/: 1 Time(s) /console/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /remote/login: 1 Time(s) /stalker_portal/c/: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (61.177.172.104): 96 Time(s) root (68.183.108.46): 80 Time(s) root (redmine.whitelynx.center): 80 Time(s) root (120.92.134.19): 70 Time(s) root (46.101.173.231): 70 Time(s) root (120.132.106.211): 66 Time(s) root (121.4.55.205): 64 Time(s) root (206.189.127.6): 64 Time(s) root (49.234.43.224): 64 Time(s) root (129.204.33.4): 63 Time(s) root (61.155.217.77): 63 Time(s) root (157.230.109.166): 62 Time(s) root (46.101.194.220): 62 Time(s) root (220.85.104.202): 61 Time(s) root (103.136.40.88): 60 Time(s) root (202.99.48.132): 60 Time(s) root (34.ip-54-38-240.eu): 60 Time(s) root (42.192.88.77): 60 Time(s) root (134.209.248.200): 59 Time(s) root (118-163-91-125.hinet-ip.hinet.net): 58 Time(s) root (143.110.208.158): 58 Time(s) root (66-207-69-154.unassigned.ntelos.net): 58 Time(s) root (106.75.224.132): 56 Time(s) root (157.230.190.90): 55 Time(s) root (69.194.8.237.16clouds.com): 55 Time(s) root (76.108.109.69): 55 Time(s) root (117.239.153.219): 54 Time(s) root (124.156.134.69): 53 Time(s) root (181.129.167.166): 53 Time(s) root (36.7.159.60): 53 Time(s) root (104.248.170.169): 52 Time(s) root (177.200.82.126): 52 Time(s) root (81.68.226.158): 52 Time(s) root (139.59.79.207): 50 Time(s) root (49.232.198.139): 50 Time(s) root (119.29.63.216): 49 Time(s) root (219.150.93.157): 49 Time(s) root (120.32.75.221): 48 Time(s) root (124.152.76.174): 48 Time(s) root (159.226.73.77): 47 Time(s) root (212.64.4.3): 47 Time(s) root (221.141.253.171): 47 Time(s) root (60.10.193.68): 47 Time(s) root (log.haupcar.com): 47 Time(s) root (122.165.194.191): 45 Time(s) root (182.201.242.129): 44 Time(s) root (218.76.69.43): 43 Time(s) root (195.3.225.35.bc.googleusercontent.com): 42 Time(s) root (43.254.153.79): 42 Time(s) root (80.169.225.123): 42 Time(s) root (212.64.13.147): 41 Time(s) root (49.232.151.155): 41 Time(s) root (ns3033121.ip-5-39-88.eu): 39 Time(s) root (ns3147459.ip-5-135-184.eu): 37 Time(s) root (134.175.70.122): 35 Time(s) root (81.70.170.184): 35 Time(s) root (177.17.174.190.dynamic.adsl.gvt.net.br): 34 Time(s) root (h-85-24-194-41.na.cust.bahnhof.se): 33 Time(s) root (113.200.60.74): 32 Time(s) root (178.62.37.78): 32 Time(s) root (221.181.185.143): 30 Time(s) root (45.14.150.223): 30 Time(s) root (103.36.192.189): 28 Time(s) root (70.37.75.157): 27 Time(s) root (221.181.185.140): 26 Time(s) root (119.29.74.28): 23 Time(s) root (112.85.42.119): 22 Time(s) root (45.78.79.218): 22 Time(s) root (194.5.177.98): 20 Time(s) root (net-188-217-181-18.cust.vodafonedsl.it): 20 Time(s) root (150.158.172.248): 17 Time(s) root (112.85.42.184): 16 Time(s) root (202.110.125.217): 16 Time(s) root (112.85.42.110): 15 Time(s) root (24.92.187.5): 15 Time(s) root (220-132-75-140.hinet-ip.hinet.net): 12 Time(s) root (222.187.238.97): 12 Time(s) unknown (193.27.229.200): 12 Time(s) root (112.85.42.13): 10 Time(s) root (112.85.42.183): 10 Time(s) root (42.248.78.142): 10 Time(s) root (139.155.34.181): 8 Time(s) root (49.235.86.2): 8 Time(s) root (112.85.42.174): 6 Time(s) root (120.29.125.240): 6 Time(s) root (122.194.229.122): 6 Time(s) root (174-124-47-228.dyn.centurytel.net): 6 Time(s) root (218.92.0.248): 6 Time(s) root (67.7.52.28): 6 Time(s) root (71.214.59.235): 6 Time(s) root (112.85.42.151): 5 Time(s) root (112.85.42.172): 5 Time(s) root (112.85.42.230): 5 Time(s) root (112.85.42.98): 5 Time(s) root (122.194.229.54): 5 Time(s) root (122.194.229.59): 5 Time(s) root (188.126.89.28): 2 Time(s) root (193.27.229.200): 2 Time(s) unknown (141.98.80.69): 2 Time(s) unknown (141.98.80.71): 2 Time(s) unknown (141.98.80.82): 2 Time(s) unknown (141.98.80.85): 2 Time(s) unknown (145.40.33.205): 2 Time(s) unknown (185.247.224.14): 2 Time(s) unknown (188.126.89.28): 2 Time(s) unknown (217-104-91-86.cable.dynamic.v4.ziggo.nl): 2 Time(s) unknown (69.176.44.192): 2 Time(s) root (0854458994.static.corbina.ru): 1 Time(s) root (104.211.34.53): 1 Time(s) root (111.229.181.175): 1 Time(s) root (122.51.168.254): 1 Time(s) root (124.205.84.14): 1 Time(s) root (125.163.160.229): 1 Time(s) root (128.199.31.95): 1 Time(s) root (139.186.161.167): 1 Time(s) root (141.98.80.70): 1 Time(s) root (141.98.80.83): 1 Time(s) root (152.136.128.30): 1 Time(s) root (185.194.49.132): 1 Time(s) root (190.145.81.37): 1 Time(s) root (200.46.22.187): 1 Time(s) root (202.85.222.190): 1 Time(s) root (209.97.160.168): 1 Time(s) root (223.213.112.88): 1 Time(s) root (230.ip-51-68-212.eu): 1 Time(s) root (49.232.213.140): 1 Time(s) root (81.161.63.100): 1 Time(s) root (81.71.129.100): 1 Time(s) root (92.86.127.175): 1 Time(s) unknown (176.74.153.104): 1 Time(s) unknown (220-132-75-140.hinet-ip.hinet.net): 1 Time(s) Invalid Users: Unknown Account: 32 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 10 Miscellaneous warnings 17.074K Bytes accepted 17,484 17.074K Bytes sent via SMTP 17,484 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 101 Connections 34 Connections lost (inbound) 101 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 43 Time(s) Failed logins from: 5.39.88.60 (ns3033121.ip-5-39-88.eu): 39 times 5.135.184.72 (ns3147459.ip-5-135-184.eu): 37 times 24.92.187.5: 15 times 35.225.3.195 (195.3.225.35.bc.googleusercontent.com): 42 times 36.7.159.60: 53 times 42.192.88.77: 60 times 42.248.78.142: 10 times 43.254.153.79: 42 times 45.14.150.223: 30 times 45.78.79.218 (liumingdong.com): 22 times 46.101.173.231: 70 times 46.101.194.220: 62 times 49.232.151.155: 41 times 49.232.198.139: 50 times 49.232.213.140: 1 time 49.234.43.224: 64 times 49.235.86.2: 8 times 51.68.212.230 (230.ip-51-68-212.eu): 1 time 54.38.240.34 (34.ip-54-38-240.eu): 60 times 60.10.193.68: 47 times 61.155.217.77: 63 times 61.177.172.104: 96 times 64.225.20.153 (redmine.whitelynx.center): 80 times 66.207.69.154 (66-207-69-154.unassigned.ntelos.net): 58 times 67.7.52.28 (67-7-52-28.frgo.qwest.net): 6 times 68.183.108.46: 80 times 69.194.8.237 (69.194.8.237.16clouds.com): 55 times 70.37.75.157: 27 times 71.214.59.235 (71-214-59-235.orlf.qwest.net): 6 times 76.108.109.69 (c-76-108-109-69.hsd1.fl.comcast.net): 55 times 80.169.225.123: 42 times 81.68.226.158: 52 times 81.70.170.184: 35 times 81.71.129.100: 1 time 81.161.63.100: 1 time 85.24.194.41 (h-85-24-194-41.NA.cust.bahnhof.se): 33 times 89.179.126.155 (0854458994.static.corbina.ru): 1 time 92.86.127.175 (adsl92-86-127-175.romtelecom.net): 1 time 103.36.192.189: 28 times 103.136.40.88 (srv.apeiron.global): 60 times 104.211.34.53: 1 time 104.248.170.169: 52 times 106.75.224.132: 56 times 111.229.181.175: 1 time 112.85.42.13: 10 times 112.85.42.98: 5 times 112.85.42.110: 15 times 112.85.42.119: 22 times 112.85.42.151: 5 times 112.85.42.172: 5 times 112.85.42.174: 6 times 112.85.42.183: 10 times 112.85.42.184: 16 times 112.85.42.230: 5 times 113.200.60.74: 32 times 117.239.153.219: 54 times 118.163.91.125 (118-163-91-125.HINET-IP.hinet.net): 58 times 119.29.63.216: 49 times 119.29.74.28: 23 times 120.29.125.240: 6 times 120.32.75.221 (221.75.32.120.broad.fz.fj.dynamic.163data.com.cn): 48 times 120.92.134.19: 70 times 120.132.106.211: 66 times 121.4.55.205: 64 times 122.51.168.254: 1 time 122.165.194.191 (abts-tn-static-191.194.165.122.airtelbroadband.in): 45 times 122.194.229.54: 5 times 122.194.229.59: 5 times 122.194.229.122: 6 times 124.152.76.174: 48 times 124.156.134.69: 53 times 124.205.84.14: 1 time 125.163.160.229 (229.subnet125-163-160.speedy.telkom.net.id): 1 time 128.199.31.95: 1 time 129.204.33.4: 63 times 134.175.70.122: 35 times 134.209.248.200: 59 times 139.59.79.207: 50 times 139.155.34.181: 8 times 139.186.161.167: 1 time 141.98.80.70: 1 time 141.98.80.83: 1 time 143.110.208.158: 58 times 150.158.172.248: 17 times 152.136.128.30: 1 time 157.230.109.166: 62 times 157.230.190.90: 55 times 159.226.73.77: 47 times 167.172.78.207 (log.haupcar.com): 47 times 174.124.47.228 (174-124-47-228.dyn.centurytel.net): 6 times 177.17.174.190 (177.17.174.190.dynamic.adsl.gvt.net.br): 34 times 177.200.82.126: 52 times 178.62.37.78: 32 times 181.129.167.166 (static-bafo-181-129-167-166.une.net.co): 53 times 182.201.242.129: 44 times 185.194.49.132: 1 time 188.126.89.28: 2 times 188.217.181.18 (net-188-217-181-18.cust.vodafonedsl.it): 20 times 190.145.81.37: 1 time 193.27.229.200: 2 times 194.5.177.98: 20 times 200.46.22.187: 1 time 202.85.222.190: 1 time 202.99.48.132: 60 times 202.110.125.217 (217.125.110.202.ha.cnc): 16 times 206.189.127.6: 64 times 209.97.160.168: 1 time 212.64.4.3: 47 times 212.64.13.147: 41 times 218.76.69.43: 43 times 218.92.0.248: 6 times 219.150.93.157: 49 times 220.85.104.202: 61 times 220.132.75.140 (220-132-75-140.HINET-IP.hinet.net): 12 times 221.141.253.171: 47 times 221.181.185.140: 30 times 221.181.185.143: 36 times 222.187.238.97: 12 times 223.213.112.88: 1 time Illegal users from: undef: 14 times 65.49.20.67 (scan-18.shadowserver.org): 1 time 69.176.44.192 (69.176.44.192.dhcp.prtcnet.org): 2 times 141.98.80.69: 2 times 141.98.80.70: 1 time 141.98.80.71: 2 times 141.98.80.82: 2 times 141.98.80.83: 1 time 141.98.80.85: 2 times 145.40.33.205 (145-40-33-205.power-speed.at): 2 times 176.74.153.104 (176-74-153-104.netdatacomm.cz): 1 time 185.247.224.14: 2 times 188.126.89.28: 2 times 193.27.229.200: 12 times 217.104.91.86 (217-104-91-86.cable.dynamic.v4.ziggo.nl): 2 times 220.132.75.140 (220-132-75-140.HINET-IP.hinet.net): 1 time **Unmatched Entries** Protocol major versions differ for 139.162.247.102: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47755p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################