################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Jul 15 04:42:05 2021 Date Range Processed: yesterday ( 2021-Jul-14 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [208:208] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 11 sites probed the server 103.145.13.120 103.232.53.229 185.165.190.34 193.169.255.125 198.20.87.98 209.141.41.98 209.141.50.63 46.101.191.201 5.8.10.202 61.219.11.151 62.210.140.161 Requests with error response codes 400 Bad Request null: 24 Time(s) /: 5 Time(s) mstshash=Administr: 3 Time(s) @\xFDzk\x03\x99\xF6\xF01\xB2T\x9B\xC9\xC0\ ... 1\xBA4\x11z\x00: 1 Time(s) HTTP/1.0: 1 Time(s) 404 Not Found /robots.txt: 109 Time(s) /wp-login.php: 4 Time(s) /ads.txt: 2 Time(s) /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 2 Time(s) /download/zapfev_satzung.pdf: 2 Time(s) /user/register?destination=comment/reply/13%23comment-form: 2 Time(s) /user/register?destination=comment/reply/15%23comment-form: 2 Time(s) /user/register?destination=comment/reply/20%23comment-form: 2 Time(s) /user/register?destination=comment/reply/24%23comment-form: 2 Time(s) /user/register?destination=comment/reply/32%23comment-form: 2 Time(s) /user/register?destination=comment/reply/33%23comment-form: 2 Time(s) /user/register?destination=comment/reply/9%23comment-form: 2 Time(s) /Admin/: 1 Time(s) /CMS/: 1 Time(s) /_admin/: 1 Time(s) /_panel/: 1 Time(s) /adm/: 1 Time(s) /admin/: 1 Time(s) /administrator/: 1 Time(s) /administrer/: 1 Time(s) /back/: 1 Time(s) /backoffer/: 1 Time(s) /backoffice/: 1 Time(s) /blog/wp-admin/: 1 Time(s) /cms/: 1 Time(s) /manage/: 1 Time(s) /manager/: 1 Time(s) /media/system/js/core.js: 1 Time(s) /panel/: 1 Time(s) /root/: 1 Time(s) /sites/default/files/2004_WiSe_Hamburg.pdf: 1 Time(s) /sites/default/files/2011_WiSe_Bonn.pdf: 1 Time(s) /system/: 1 Time(s) /verein%7CZaPF: 1 Time(s) /wp-content/plugins/fluid_forms/file-uploa ... ile=tf2rghf.jpg: 1 Time(s) /wp-content/plugins/wp-file-manager/lib/ph ... tor.minimal.php: 1 Time(s) /wp-includes/css/buttons.css: 1 Time(s) 500 Internal Server Error /: 31 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s) /.env: 3 Time(s) /favicon.ico: 3 Time(s) /robots.txt: 3 Time(s) /.well-known/security.txt: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 2 Time(s) /Autodiscover/Autodiscover.xml: 2 Time(s) /_ignition/execute-solution: 2 Time(s) /api/jsonws/invoke: 2 Time(s) /console/: 2 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s) /mifs/.;/services/LogService: 2 Time(s) /sitemap.xml: 2 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s) //login_sid.lua: 1 Time(s) /HNAP1: 1 Time(s) /actuator/health: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /evox/about: 1 Time(s) /laravel/.env: 1 Time(s) /nmaplowercheck1626239970: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /sdk: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (1.179.185.50): 70 Time(s) root (106.53.91.250): 70 Time(s) root (129.226.169.30): 70 Time(s) root (139.217.119.86): 70 Time(s) root (157.230.114.212): 70 Time(s) root (167.99.131.10): 70 Time(s) root (175.6.35.197): 70 Time(s) root (177.4.173.74): 70 Time(s) root (200-101-209-240.user3p.brasiltelecom.net.br): 70 Time(s) root (212.109.207.62): 70 Time(s) root (sf.nowing.com): 70 Time(s) root (223.197.186.7): 69 Time(s) root (45.119.83.114): 69 Time(s) root (49.232.198.139): 58 Time(s) root (150.109.67.224): 57 Time(s) root (42.193.179.232): 55 Time(s) root (1.245.61.144): 50 Time(s) root (101.32.192.63): 50 Time(s) root (106.13.28.142): 50 Time(s) root (106.52.17.213): 50 Time(s) root (113.31.117.79): 50 Time(s) root (128.199.143.19): 50 Time(s) root (188.166.22.79): 50 Time(s) root (209.97.186.17): 50 Time(s) root (42.193.186.214): 50 Time(s) root (68.183.82.97): 50 Time(s) root (clientanalyticscampaigns.com): 50 Time(s) root (msr-france.com): 50 Time(s) root (121.5.243.218): 49 Time(s) root (129.28.103.85): 48 Time(s) root (157.245.100.31): 47 Time(s) root (119.45.62.172): 46 Time(s) root (123.127.237.41): 46 Time(s) root (139.199.5.50): 46 Time(s) root (106.12.97.46): 44 Time(s) root (188.131.249.234): 44 Time(s) root (190.128.171.250): 43 Time(s) root (49.235.11.137): 43 Time(s) root (58.87.69.15): 43 Time(s) root (36.133.29.121): 42 Time(s) root (81.68.97.72): 42 Time(s) root (218.18.161.186): 41 Time(s) root (111.67.205.111): 40 Time(s) root (140.249.205.231): 40 Time(s) root (176.122.166.133.16clouds.com): 40 Time(s) root (121.4.127.114): 39 Time(s) root (45.55.134.210): 39 Time(s) root (111.120.16.2): 38 Time(s) root (104.236.244.98): 37 Time(s) root (81.68.82.251): 37 Time(s) root (42-200-78-78.static.imsbiz.com): 36 Time(s) root (42.192.127.194): 36 Time(s) root (106.54.97.249): 35 Time(s) root (117.50.118.158): 35 Time(s) root (120.48.13.82): 35 Time(s) root (120.53.10.40): 33 Time(s) root (122.192.87.150): 33 Time(s) root (128.199.193.246): 32 Time(s) root (114.118.27.22): 31 Time(s) root (4.7.94.244): 31 Time(s) root (95.213.181.204): 31 Time(s) root (178.62.117.106): 30 Time(s) root (196.35.41.109): 30 Time(s) root (104.248.236.10): 29 Time(s) unknown (180.76.57.58): 26 Time(s) root (113.118.45.3): 25 Time(s) root (113.118.47.246): 25 Time(s) root (116.196.69.144): 25 Time(s) unknown (42.194.146.118): 25 Time(s) root (188.166.177.147): 24 Time(s) root (58.220.10.210): 24 Time(s) unknown (correo.grupoplumas.net): 24 Time(s) root (112.95.225.158): 22 Time(s) unknown (106.13.31.198): 22 Time(s) root (119.45.202.179): 21 Time(s) unknown (104.225.236.41.16clouds.com): 21 Time(s) unknown (82.156.12.198): 21 Time(s) unknown (192.144.186.150): 20 Time(s) unknown (ec2-18-221-104-12.us-east-2.compute.amazonaws.com): 20 Time(s) root (111.67.204.220): 19 Time(s) root (1.15.137.210): 18 Time(s) root (112.33.113.165): 18 Time(s) unknown (210.211.116.80): 17 Time(s) unknown (81.69.36.223): 17 Time(s) root (116.12.50.133): 14 Time(s) root (129.204.228.234): 14 Time(s) unknown (103.123.25.80): 14 Time(s) unknown (92.36.168.113): 13 Time(s) root (125.77.30.117): 12 Time(s) root (64.227.29.26): 12 Time(s) unknown (141.98.10.203): 12 Time(s) root (typed.timeline.mysoft.co.jp): 9 Time(s) root (139.198.13.109): 8 Time(s) unknown (107.189.3.151): 8 Time(s) root (104.225.236.41.16clouds.com): 6 Time(s) root (197.153.47.49): 6 Time(s) root (81.69.36.223): 6 Time(s) root (82.156.12.198): 6 Time(s) unknown (141.98.10.29): 6 Time(s) unknown (171.251.26.14): 6 Time(s) unknown (45.135.232.165): 6 Time(s) unknown (58.32.11.150): 6 Time(s) root (103.123.25.80): 5 Time(s) root (110.78.208.28): 5 Time(s) root (192.144.186.150): 5 Time(s) root (42.194.146.118): 5 Time(s) root (92.36.168.113): 5 Time(s) root (ec2-18-221-104-12.us-east-2.compute.amazonaws.com): 5 Time(s) root (106.13.31.198): 3 Time(s) root (210.211.116.80): 3 Time(s) unknown (107.189.3.138): 3 Time(s) unknown (116.98.169.131): 3 Time(s) unknown (171.235.80.218): 3 Time(s) unknown (193.169.254.113): 3 Time(s) unknown (209.97.141.112): 3 Time(s) unknown (45.146.165.72): 3 Time(s) mysql (210.211.116.80): 2 Time(s) root (134.122.103.82): 2 Time(s) root (159.65.150.151): 2 Time(s) root (180.76.57.58): 2 Time(s) root (58.32.11.150): 2 Time(s) unknown (111.205.46.46): 2 Time(s) unknown (116.106.17.79): 2 Time(s) unknown (185.36.81.56): 2 Time(s) unknown (195.133.40.104): 2 Time(s) unknown (199.195.248.154): 2 Time(s) unknown (93.51.127.23): 2 Time(s) mysql (180.76.57.58): 1 Time(s) mysql (correo.grupoplumas.net): 1 Time(s) news (42.194.146.118): 1 Time(s) postgres (104.225.236.41.16clouds.com): 1 Time(s) postgres (180.76.57.58): 1 Time(s) postgres (81.69.36.223): 1 Time(s) postgres (82.156.12.198): 1 Time(s) root (1.116.234.14): 1 Time(s) root (1.117.221.13): 1 Time(s) root (101.227.251.235): 1 Time(s) root (106-69-235-5.dyn.iinet.net.au): 1 Time(s) root (106.55.243.175): 1 Time(s) root (117.35.118.42): 1 Time(s) root (143.110.254.142): 1 Time(s) root (148.70.250.254): 1 Time(s) root (165.22.214.1): 1 Time(s) root (185.191.124.153): 1 Time(s) root (200.92.200.222): 1 Time(s) root (201.30.84.242): 1 Time(s) root (36.84.217.74): 1 Time(s) root (45.153.160.129): 1 Time(s) root (45.153.160.140): 1 Time(s) root (82.117.196.30): 1 Time(s) root (91.250.242.12): 1 Time(s) root (correo.grupoplumas.net): 1 Time(s) root (pool-108-16-0-72.phlapa.fios.verizon.net): 1 Time(s) temp (82.156.12.198): 1 Time(s) unknown (176.111.173.156): 1 Time(s) unknown (200.170.218.132): 1 Time(s) unknown (49.235.125.17): 1 Time(s) unknown (82.156.24.34): 1 Time(s) Invalid Users: Unknown Account: 318 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 19.612K Bytes accepted 20,083 19.612K Bytes sent via SMTP 20,083 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 329 Connections 213 Connections lost (inbound) 329 Disconnections 1 Removed from queue 1 Sent via SMTP 48 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.15.137.210: 18 times 1.116.234.14: 1 time 1.117.221.13: 1 time 1.179.185.50: 70 times 1.245.61.144: 50 times 4.7.94.244: 31 times 18.221.104.12 (ec2-18-221-104-12.us-east-2.compute.amazonaws.com): 5 times 36.84.217.74: 1 time 36.133.29.121: 42 times 42.192.127.194: 36 times 42.193.179.232: 55 times 42.193.186.214: 50 times 42.194.146.118: 6 times 42.200.78.78 (42-200-78-78.static.imsbiz.com): 36 times 45.55.134.210: 39 times 45.119.83.114: 69 times 45.153.160.129: 1 time 45.153.160.140: 1 time 49.232.198.139: 58 times 49.235.11.137: 43 times 51.158.107.168 (msr-france.com): 50 times 58.32.11.150: 2 times 58.87.69.15: 43 times 58.220.10.210: 24 times 64.227.29.26: 12 times 68.183.82.97: 50 times 81.68.82.251: 37 times 81.68.97.72: 42 times 81.69.36.223: 7 times 82.117.196.30: 1 time 82.156.12.198: 8 times 91.250.242.12: 1 time 92.36.168.113: 5 times 95.213.181.204: 31 times 101.32.192.63: 50 times 101.227.251.235: 1 time 103.123.25.80 (host-103-123-25-80.pky.kalteng.go.id): 5 times 104.225.236.41 (104.225.236.41.16clouds.com): 7 times 104.236.244.98: 37 times 104.248.236.10: 29 times 106.12.97.46: 44 times 106.13.28.142: 50 times 106.13.31.198: 3 times 106.52.17.213: 50 times 106.53.91.250: 70 times 106.54.97.249: 35 times 106.55.243.175: 1 time 106.69.235.5 (106-69-235-5.dyn.iinet.net.au): 1 time 108.16.0.72 (pool-108-16-0-72.phlapa.fios.verizon.net): 1 time 110.78.208.28: 5 times 111.67.204.220: 19 times 111.67.205.111: 40 times 111.120.16.2: 38 times 112.33.113.165: 18 times 112.95.225.158: 22 times 113.31.117.79: 50 times 113.118.45.3: 25 times 113.118.47.246: 25 times 114.118.27.22: 31 times 116.12.50.133 (area.clanstergoog.com): 14 times 116.196.69.144: 25 times 117.35.118.42: 1 time 117.50.118.158: 35 times 119.45.62.172: 46 times 119.45.202.179: 21 times 120.48.13.82: 35 times 120.53.10.40: 33 times 121.4.127.114: 39 times 121.5.243.218: 49 times 122.192.87.150: 33 times 123.127.237.41: 46 times 125.77.30.117: 12 times 128.199.143.19: 50 times 128.199.193.246: 32 times 129.28.103.85: 48 times 129.204.228.234: 14 times 129.226.169.30: 70 times 134.122.103.82: 2 times 139.198.13.109: 8 times 139.199.5.50: 46 times 139.217.119.86: 70 times 140.249.205.231: 40 times 143.110.254.142: 1 time 148.70.250.254: 1 time 150.109.67.224: 57 times 157.230.114.212: 70 times 157.245.100.31: 47 times 159.65.150.151: 2 times 162.243.73.244 (clientanalyticscampaigns.com): 50 times 165.22.214.1: 1 time 167.99.131.10: 70 times 175.6.35.197: 70 times 176.122.166.133 (176.122.166.133.16clouds.com): 40 times 177.4.173.74: 70 times 178.62.117.106: 30 times 180.76.57.58: 4 times 185.191.124.153: 1 time 188.131.249.234: 44 times 188.166.22.79: 50 times 188.166.177.147: 24 times 190.128.171.250 (static-250-171-128-190.telecel.com.py): 43 times 190.202.124.93 (correo.grupoplumas.net): 2 times 192.144.186.150: 5 times 196.35.41.109: 30 times 197.153.47.49: 6 times 198.199.97.174 (sf.nowing.com): 70 times 200.92.200.222 (customer-PUE-MCA-200-222.megared.net.mx): 1 time 200.101.209.240 (200-101-209-240.user3p.brasiltelecom.net.br): 70 times 201.30.84.242: 1 time 209.97.186.17: 50 times 210.211.116.80: 5 times 212.109.207.62 (host-212-109-207-62.sib.mts.ru): 70 times 218.18.161.186: 41 times 220.110.145.22 (typed.timeline.mysoft.co.jp): 9 times 223.197.186.7 (223-197-186-7.static.imsbiz.com): 69 times Illegal users from: undef: 191 times 18.221.104.12 (ec2-18-221-104-12.us-east-2.compute.amazonaws.com): 20 times 42.194.146.118: 25 times 45.135.232.165: 6 times 45.146.165.72: 3 times 49.235.125.17: 1 time 58.32.11.150: 6 times 65.49.20.68 (scan-19.shadowserver.org): 1 time 81.69.36.223: 17 times 82.156.12.198: 21 times 82.156.24.34: 1 time 92.36.168.113: 13 times 93.51.127.23: 2 times 103.123.25.80 (host-103-123-25-80.pky.kalteng.go.id): 14 times 104.225.236.41 (104.225.236.41.16clouds.com): 21 times 106.13.31.198: 22 times 107.189.3.138: 3 times 107.189.3.151: 8 times 111.205.46.46: 2 times 116.98.169.131 (dynamic-ip-adsl.viettel.vn): 3 times 116.106.17.79 (dynamic-ip-adsl.viettel.vn): 2 times 141.98.10.29: 6 times 141.98.10.203: 12 times 171.235.80.218 (dynamic-ip-adsl.viettel.vn): 3 times 171.251.26.14 (dynamic-ip-adsl.viettel.vn): 6 times 176.111.173.156: 1 time 180.76.57.58: 26 times 185.36.81.56 (55v.biz): 2 times 190.202.124.93 (correo.grupoplumas.net): 24 times 192.144.186.150: 20 times 193.169.254.113: 3 times 195.133.40.104: 2 times 199.195.248.154: 2 times 200.170.218.132 (200-170-218-132.static.telium.net.br): 1 time 209.97.141.112 (abrus.cloud): 3 times 210.211.116.80: 17 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################