################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Jan 4 04:42:03 2024 Date Range Processed: yesterday ( 2024-Jan-03 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [262:261] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 10 sites probed the server 103.187.190.140 103.187.190.7 184.105.247.195 185.100.87.136 198.199.117.141 198.235.24.233 31.41.244.83 66.240.205.34 71.6.199.23 80.66.76.149 Requests with error response codes 400 Bad Request null: 15 Time(s) /: 5 Time(s) mstshash=Administr: 4 Time(s) ../../proc/: 3 Time(s) /.env: 2 Time(s) *: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) ;\xCB\xA0^\x16y\x04',3\x19\x81cQ\xF5\x0E\x ... C0$\xC0\x14\xC0: 1 Time(s) \x01\x00\x01\x1C\x03\x03\xA1\xD1\xBB\xEF\x ... xA1h3U\xD6\xC8I: 1 Time(s) \x11\x07\x83b\xDE\xEF~\x9F'\x0E\x99\xFA\x8 ... 9\xAE\xBE\x89~4: 1 Time(s) \xBC\xE7\x1A%: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xC3V\x0E\xE7\x88\xE0\xD4'TC\xA82O\xF4\x1D: 1 Time(s) \xFE\xE5v}3z\xC5\xED\xC6\x9CW\xC2y\xFA\xDF ... 8\xA0\x16Az\xF6: 1 Time(s) `\xB4a\xD36\xBEf\xEA{P\x06\x9EE\xB83\xA0E\ ... x09\xC0\x13\xC0: 1 Time(s) n\x09\xC6\xCB\xE3\x93\xD2\xE4\xFC\x92\xA2*\xD4: 1 Time(s) 403 Forbidden /.well-known/acme-challenge/: 1 Time(s) 404 Not Found /.well-known/acme-challenge/atomlib.php: 1 Time(s) /.well-known/acme-challenge/bala.php: 1 Time(s) /.well-known/acme-challenge/cloud.php: 1 Time(s) /.well-known/acme-challenge/iR7SzrsOUEP.php: 1 Time(s) /.well-known/acme-challenge/license.php: 1 Time(s) /.well-known/acme-challenge/shell20211028.php: 1 Time(s) /.well-known/acme-challenge/wso112233.php: 1 Time(s) /.well-known/acme-challenge/xmrlpc.php?p=: 1 Time(s) 499 (undefined) /socket.io/?noteId=aa3xNKSxRzuWslSYULFYiw& ... lling&t=OpGPYaO: 1 Time(s) 500 Internal Server Error /: 17 Time(s) /favicon.ico: 4 Time(s) /.env: 2 Time(s) /.git/config: 1 Time(s) /.well-known/security.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /ajax: 1 Time(s) /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s) /geoserver/web/: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /robots.txt: 1 Time(s) /sitemap.xml: 1 Time(s) /vpnsvc/connect.cgi: 1 Time(s) /webui/: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (188.166.176.134): 73 Time(s) unknown (89.190.156.41): 41 Time(s) root (static-192-236-25-46.ipcom.comunitel.net): 36 Time(s) root (196.189.126.230): 32 Time(s) root (110.67.139.85): 31 Time(s) root (175.4.49.172): 30 Time(s) root (189.6.45.130): 30 Time(s) root (139.59.252.217): 27 Time(s) root (52.172.30.44): 27 Time(s) root (96.78.175.39): 24 Time(s) root (89.208.105.254): 23 Time(s) root (103.101.40.156): 22 Time(s) root (196.0.120.6): 22 Time(s) root (43.128.86.28): 22 Time(s) root (43.128.88.156): 22 Time(s) root (43.153.222.129): 22 Time(s) root (43.156.8.244): 22 Time(s) root (123.58.214.42): 21 Time(s) root (131.14.174.178.static.wline.lns.sme.cust.swisscom.ch): 21 Time(s) root (181.204.23.146): 21 Time(s) root (46.47.255.114): 21 Time(s) root (189.225.70.196): 20 Time(s) root (200.148.153.172): 20 Time(s) root (43.153.213.112): 20 Time(s) root (43.156.90.15): 20 Time(s) root (static-47-180-212-134.lsan.ca.frontiernet.net): 20 Time(s) root (128.199.211.78): 19 Time(s) root (14.63.224.17): 19 Time(s) root (165.154.235.43): 19 Time(s) root (20.241.228.180): 19 Time(s) root (201.124.25.111): 19 Time(s) root (206.189.95.154): 19 Time(s) root (235.ip-51-38-39.eu): 19 Time(s) unknown (172.86.96.156): 19 Time(s) root (106.54.212.205): 18 Time(s) root (111.229.98.54): 18 Time(s) root (112.161.86.234): 18 Time(s) root (154.221.31.213): 18 Time(s) root (189.176.92.28): 18 Time(s) root (202.81.228.29): 18 Time(s) root (fixed-187-251-123-99.totalplay.net): 18 Time(s) root (vmi1453207.contaboserver.net): 18 Time(s) root (110.45.145.182): 17 Time(s) root (119.247.92.34.bc.googleusercontent.com): 17 Time(s) root (14.143.255.43): 17 Time(s) root (157.245.98.154): 17 Time(s) root (167.172.130.30): 17 Time(s) root (mail.digicaveltd.com): 17 Time(s) root (113.142.66.34.bc.googleusercontent.com): 16 Time(s) root (134.209.168.219): 16 Time(s) root (159.75.146.136): 16 Time(s) root (185.74.6.243): 16 Time(s) root (197.5.145.8): 16 Time(s) root (101.43.118.232): 15 Time(s) root (113.106.63.54): 15 Time(s) root (178.22.120.71): 15 Time(s) root (180.76.36.75): 15 Time(s) root (202.178.123.121): 15 Time(s) root (maryfindlay.plus.com): 15 Time(s) root (106.13.1.132): 14 Time(s) root (159.75.179.86): 14 Time(s) root (185.206.92.192): 14 Time(s) root (45.90.97.101): 14 Time(s) root (51.162.190.249): 14 Time(s) root (111.231.164.70): 13 Time(s) root (146.190.216.157): 13 Time(s) root (43.134.35.89): 13 Time(s) root (43.139.93.196): 13 Time(s) root (91.213.99.45): 13 Time(s) root (ec2-44-208-155-41.compute-1.amazonaws.com): 13 Time(s) root (one.ifelsetech.com): 13 Time(s) root (119.45.211.120): 12 Time(s) root (124.221.179.42): 12 Time(s) root (129.226.145.89): 12 Time(s) root (150.223.20.12): 12 Time(s) root (182.18.161.165): 12 Time(s) root (211-21-113-128.hinet-ip.hinet.net): 12 Time(s) root (154.211.15.85): 11 Time(s) root (182.61.147.79): 11 Time(s) root (xhulzo.amitronica.com): 11 Time(s) root (120.48.175.69): 10 Time(s) root (139.59.178.77): 10 Time(s) root (65.42.224.35.bc.googleusercontent.com): 10 Time(s) root (81.68.75.162): 10 Time(s) root (1.14.20.112): 9 Time(s) root (1.14.8.188): 8 Time(s) root (120.53.106.159): 6 Time(s) root (159.65.48.124): 6 Time(s) root (159.65.50.88): 6 Time(s) root (172.86.96.156): 6 Time(s) root (206.81.29.212): 6 Time(s) root (45.15.158.60): 6 Time(s) root (64.226.126.97): 6 Time(s) unknown (110.67.139.85): 6 Time(s) unknown (182.18.161.165): 6 Time(s) unknown (196.189.126.230): 6 Time(s) root (125.141.72.204): 5 Time(s) unknown (150.223.20.12): 5 Time(s) unknown (154.211.15.85): 5 Time(s) unknown (165.154.235.43): 5 Time(s) unknown (178.22.120.71): 5 Time(s) unknown (185.196.8.151): 5 Time(s) unknown (200.148.153.172): 5 Time(s) mysql (89.190.156.41): 4 Time(s) unknown (112.161.86.234): 4 Time(s) unknown (119.247.92.34.bc.googleusercontent.com): 4 Time(s) unknown (175.4.49.172): 4 Time(s) unknown (181.204.23.146): 4 Time(s) unknown (185.74.6.243): 4 Time(s) unknown (210.223.50.218): 4 Time(s) unknown (91.213.99.45): 4 Time(s) unknown (fixed-187-251-123-99.totalplay.net): 4 Time(s) root (1.116.38.108): 3 Time(s) unknown (1.14.8.188): 3 Time(s) unknown (120.53.106.159): 3 Time(s) unknown (123.58.214.42): 3 Time(s) unknown (129.226.145.89): 3 Time(s) unknown (139.59.252.217): 3 Time(s) unknown (14.143.255.43): 3 Time(s) unknown (146.190.216.157): 3 Time(s) unknown (189.176.92.28): 3 Time(s) unknown (189.6.45.130): 3 Time(s) unknown (197.5.145.8): 3 Time(s) unknown (42-200-36-179.static.imsbiz.com): 3 Time(s) unknown (one.ifelsetech.com): 3 Time(s) unknown (101.43.118.232): 2 Time(s) unknown (111.229.98.54): 2 Time(s) unknown (128.199.211.78): 2 Time(s) unknown (14.63.224.17): 2 Time(s) unknown (157.245.98.154): 2 Time(s) unknown (159.75.146.136): 2 Time(s) unknown (180.76.36.75): 2 Time(s) unknown (182.61.147.79): 2 Time(s) unknown (196.0.120.6): 2 Time(s) unknown (20.241.228.180): 2 Time(s) unknown (202.178.123.121): 2 Time(s) unknown (235.ip-51-38-39.eu): 2 Time(s) unknown (43.153.213.112): 2 Time(s) unknown (43.156.90.15): 2 Time(s) unknown (46.47.255.114): 2 Time(s) unknown (mail.digicaveltd.com): 2 Time(s) unknown (static-47-180-212-134.lsan.ca.frontiernet.net): 2 Time(s) unknown (vmi1453207.contaboserver.net): 2 Time(s) mysql (154.221.31.213): 1 Time(s) mysql (43.128.88.156): 1 Time(s) postgres (134.209.168.219): 1 Time(s) postgres (139.59.252.217): 1 Time(s) postgres (180.76.36.75): 1 Time(s) postgres (189.6.45.130): 1 Time(s) postgres (196.0.120.6): 1 Time(s) postgres (202.81.228.29): 1 Time(s) postgres (81.68.75.162): 1 Time(s) postgres (96.78.175.39): 1 Time(s) postgres (maryfindlay.plus.com): 1 Time(s) root (107.172.201.142): 1 Time(s) root (147.139.47.17): 1 Time(s) root (180.76.105.165): 1 Time(s) root (190.215.107.20): 1 Time(s) unknown (1.14.20.112): 1 Time(s) unknown (103.101.40.156): 1 Time(s) unknown (112.166.4.64): 1 Time(s) unknown (113.142.66.34.bc.googleusercontent.com): 1 Time(s) unknown (120.48.175.69): 1 Time(s) unknown (121.136.155.165): 1 Time(s) unknown (124.221.179.42): 1 Time(s) unknown (131.14.174.178.static.wline.lns.sme.cust.swisscom.ch): 1 Time(s) unknown (134.209.168.219): 1 Time(s) unknown (139.59.178.77): 1 Time(s) unknown (154.221.31.213): 1 Time(s) unknown (159.75.179.86): 1 Time(s) unknown (167.172.130.30): 1 Time(s) unknown (185.206.92.192): 1 Time(s) unknown (201.124.25.111): 1 Time(s) unknown (206.189.95.154): 1 Time(s) unknown (222.251.143.248): 1 Time(s) unknown (43.128.86.28): 1 Time(s) unknown (43.128.88.156): 1 Time(s) unknown (43.139.93.196): 1 Time(s) unknown (43.153.222.129): 1 Time(s) unknown (43.156.8.244): 1 Time(s) unknown (51.162.190.249): 1 Time(s) unknown (52.172.30.44): 1 Time(s) unknown (65.42.224.35.bc.googleusercontent.com): 1 Time(s) unknown (81.68.75.162): 1 Time(s) unknown (89.208.105.254): 1 Time(s) unknown (96.78.175.39): 1 Time(s) unknown (ec2-44-208-155-41.compute-1.amazonaws.com): 1 Time(s) unknown (maryfindlay.plus.com): 1 Time(s) unknown (xhulzo.amitronica.com): 1 Time(s) Invalid Users: Unknown Account: 253 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 20.692K Bytes accepted 21,189 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 20 Connections 15 Connections lost (inbound) 20 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 1.14.8.188: 8 times 1.14.20.112: 9 times 1.116.38.108: 3 times 14.63.224.17: 19 times 14.143.255.43 (14.143.255.43.static-vsnl.net.in): 17 times 20.241.228.180: 19 times 34.66.142.113 (113.142.66.34.bc.googleusercontent.com): 16 times 34.92.247.119 (119.247.92.34.bc.googleusercontent.com): 17 times 35.224.42.65 (65.42.224.35.bc.googleusercontent.com): 10 times 43.128.86.28: 22 times 43.128.88.156: 23 times 43.134.35.89: 13 times 43.139.93.196: 13 times 43.153.213.112: 20 times 43.153.222.129: 22 times 43.156.8.244: 22 times 43.156.90.15: 20 times 44.208.155.41 (ec2-44-208-155-41.compute-1.amazonaws.com): 13 times 45.15.158.60 (e-1802786079-10.aeza.network): 6 times 45.90.97.101 (static.45.90.97.101.ht-hosting.de): 14 times 46.25.236.192 (static-192-236-25-46.ipcom.comunitel.net): 36 times 46.47.255.114: 21 times 47.180.212.134 (static-47-180-212-134.lsan.ca.frontiernet.net): 20 times 51.38.39.235 (235.ip-51-38-39.eu): 19 times 51.162.190.249: 14 times 52.172.30.44: 27 times 64.226.126.97: 6 times 66.94.123.247 (vmi1453207.contaboserver.net): 18 times 67.205.134.93: 11 times 80.229.18.62 (maryfindlay.plus.com): 16 times 81.68.75.162: 11 times 89.190.156.41 (smtp-10.goinbox.in): 4 times 89.208.105.254 (Based.aeza.network): 23 times 91.213.99.45: 13 times 96.78.175.39 (96-78-175-39-static.hfc.comcastbusiness.net): 25 times 101.43.118.232: 15 times 103.101.40.156: 22 times 106.13.1.132: 14 times 106.54.212.205: 18 times 107.172.201.142 (107-172-201-142-host.colocrossing.com): 1 time 110.45.145.182: 17 times 110.67.139.85: 31 times 111.229.98.54: 18 times 111.231.164.70: 13 times 112.161.86.234: 18 times 113.106.63.54: 15 times 119.45.211.120: 12 times 120.48.175.69: 10 times 120.53.106.159: 6 times 123.58.214.42: 21 times 124.221.179.42: 12 times 125.141.72.204: 6 times 128.199.211.78: 19 times 129.226.145.89: 12 times 134.209.168.219: 17 times 139.59.0.113 (one.ifelsetech.com): 13 times 139.59.178.77: 10 times 139.59.252.217: 28 times 146.190.216.157: 13 times 147.139.47.17: 1 time 150.223.20.12: 12 times 154.211.15.85: 11 times 154.221.31.213: 19 times 157.245.98.154: 17 times 159.65.48.124: 6 times 159.65.50.88: 6 times 159.75.146.136: 16 times 159.75.179.86: 14 times 165.154.235.43: 19 times 167.172.130.30: 17 times 172.86.96.156 (172-86-96-156.static.cloudzy.com): 6 times 175.4.49.172: 30 times 178.22.120.71: 15 times 178.174.14.131 (131.14.174.178.static.wline.lns.sme.cust.swisscom.ch): 21 times 180.76.36.75: 16 times 180.76.105.165: 1 time 181.204.23.146 (Static-BA-181-204-23-146.tigoune.com.co): 21 times 182.18.161.165 (static-182-18-161-165.ctrls.in): 12 times 182.61.147.79: 11 times 185.74.6.243: 16 times 185.196.20.125 (mail.digicaveltd.com): 17 times 185.206.92.192: 14 times 187.251.123.99 (fixed-187-251-123-99.totalplay.net): 18 times 188.166.176.134: 73 times 189.6.45.130 (bd062d82.virtua.com.br): 31 times 189.176.92.28 (dsl-189-176-92-28-dyn.prod-infinitum.com.mx): 18 times 189.225.70.196 (dsl-189-225-70-196-dyn.prod-infinitum.com.mx): 20 times 190.215.107.20 (static.190.215.107.20.gtdinternet.com): 1 time 196.0.120.6: 23 times 196.189.126.230: 32 times 197.5.145.8: 16 times 200.148.153.172 (Intranet.frioplast.com.br): 20 times 201.124.25.111 (dsl-201-124-25-111-dyn.prod-infinitum.com.mx): 19 times 202.81.228.29 (228-029.ha.hosting.netfront.net): 19 times 202.178.123.121: 15 times 206.81.29.212: 6 times 206.189.95.154: 19 times 211.21.113.128 (211-21-113-128.hinet-ip.hinet.net): 12 times Illegal users from: 2001:470:1:332::6 (scan-40af.shadowserver.org): 1 time undef: 66 times 1.14.8.188: 3 times 1.14.20.112: 1 time 14.63.224.17: 2 times 14.143.255.43 (14.143.255.43.static-vsnl.net.in): 3 times 20.241.228.180: 2 times 34.66.142.113 (113.142.66.34.bc.googleusercontent.com): 1 time 34.92.247.119 (119.247.92.34.bc.googleusercontent.com): 4 times 35.224.42.65 (65.42.224.35.bc.googleusercontent.com): 1 time 42.200.36.179 (42-200-36-179.static.imsbiz.com): 3 times 43.128.86.28: 1 time 43.128.88.156: 1 time 43.139.93.196: 1 time 43.153.213.112: 2 times 43.153.222.129: 1 time 43.156.8.244: 1 time 43.156.90.15: 2 times 44.208.155.41 (ec2-44-208-155-41.compute-1.amazonaws.com): 1 time 46.47.255.114: 2 times 47.180.212.134 (static-47-180-212-134.lsan.ca.frontiernet.net): 2 times 51.38.39.235 (235.ip-51-38-39.eu): 2 times 51.162.190.249: 1 time 52.172.30.44: 1 time 64.62.197.109 (scan-47c.shadowserver.org): 1 time 66.94.123.247 (vmi1453207.contaboserver.net): 2 times 67.205.134.93: 1 time 80.229.18.62 (maryfindlay.plus.com): 1 time 81.68.75.162: 1 time 89.190.156.41 (smtp-10.goinbox.in): 42 times 89.208.105.254 (Based.aeza.network): 1 time 91.213.99.45: 4 times 96.78.175.39 (96-78-175-39-static.hfc.comcastbusiness.net): 1 time 101.43.118.232: 2 times 103.101.40.156: 1 time 110.67.139.85: 6 times 111.229.98.54: 2 times 112.161.86.234: 4 times 112.166.4.64: 5 times 120.48.175.69: 1 time 120.53.106.159: 3 times 120.84.9.232: 6 times 121.136.155.165: 5 times 123.58.214.42: 3 times 124.221.179.42: 1 time 128.199.211.78: 2 times 129.226.145.89: 3 times 134.209.168.219: 1 time 139.59.0.113 (one.ifelsetech.com): 3 times 139.59.178.77: 1 time 139.59.252.217: 3 times 146.190.216.157: 3 times 150.223.20.12: 5 times 154.211.15.85: 5 times 154.221.31.213: 1 time 157.245.98.154: 2 times 159.75.146.136: 2 times 159.75.179.86: 1 time 165.154.235.43: 5 times 167.172.130.30: 1 time 172.86.96.156 (172-86-96-156.static.cloudzy.com): 20 times 175.4.49.172: 4 times 178.22.120.71: 5 times 178.174.14.131 (131.14.174.178.static.wline.lns.sme.cust.swisscom.ch): 1 time 180.76.36.75: 2 times 181.204.23.146 (Static-BA-181-204-23-146.tigoune.com.co): 4 times 182.18.161.165 (static-182-18-161-165.ctrls.in): 6 times 182.61.147.79: 2 times 185.74.6.243: 4 times 185.196.8.151: 5 times 185.196.20.125 (mail.digicaveltd.com): 2 times 185.206.92.192: 1 time 187.251.123.99 (fixed-187-251-123-99.totalplay.net): 4 times 188.166.176.134: 17 times 189.6.45.130 (bd062d82.virtua.com.br): 3 times 189.176.92.28 (dsl-189-176-92-28-dyn.prod-infinitum.com.mx): 3 times 196.0.120.6: 2 times 196.189.126.230: 6 times 197.5.145.8: 3 times 200.148.153.172 (Intranet.frioplast.com.br): 5 times 201.124.25.111 (dsl-201-124-25-111-dyn.prod-infinitum.com.mx): 1 time 202.178.123.121: 2 times 206.189.95.154: 1 time 210.223.50.218: 4 times 222.251.143.248: 5 times **Unmatched Entries** error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 3 time(s) Disconnecting: Corrupted padlen 0 on input. [preauth] : 1 time(s) fatal: buffer_get_string: buffer error [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop65010p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################