################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Mar 5 04:42:03 2024 Date Range Processed: yesterday ( 2024-Mar-04 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 70:72 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 87.121.69.25 -> google.com:443: 1 Time(s) A total of 7 sites probed the server 103.183.121.244 107.170.245.5 162.243.133.40 184.105.139.68 185.100.87.136 205.210.31.42 45.79.181.223 Requests with error response codes 400 Bad Request null: 7 Time(s) *: 6 Time(s) mstshash=Administr: 5 Time(s) /: 2 Time(s) /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 2 Time(s) 12.1.2: 1 Time(s) U\x7F\xEA\xCBl\xB9\xA3\x8C\x95|V\x17\x9B\x ... x09\xC0\x13\xC0: 1 Time(s) \x14BX\xA4n\xC4?\x86<\x94\x03\xB4\xF9Y\xF5 ... D\xC0$\xC0(\xC0: 1 Time(s) \xBA\xDD\xD4\x04G,U\xDDf{E\x8C\x13<=\x85!/ ... x09\xC0\x13\xC0: 1 Time(s) \xF4'\xD5\x0E\xB5d\x9C,6\xE7\x99f\x1A\xDE0 ... xDB@\xC9(7]\xB1: 1 Time(s) google.com:443: 1 Time(s) login.cgi: 1 Time(s) 500 Internal Server Error /: 25 Time(s) /.env: 6 Time(s) /favicon.ico: 3 Time(s) /robots.txt: 2 Time(s) /.git/config: 1 Time(s) /.well-known/security.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /GponForm/diag_Form?style/: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /cgi-bin/authLogin.cgi: 1 Time(s) /dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 1 Time(s) /geoserver/web/: 1 Time(s) /owa/auth/x.js: 1 Time(s) /sitemap.xml: 1 Time(s) /webui/: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (165.22.245.164): 61 Time(s) root (218.92.0.43): 60 Time(s) root (218.92.0.55): 48 Time(s) root (218.92.0.33): 42 Time(s) root (218.92.0.28): 36 Time(s) root (218.92.0.51): 30 Time(s) root (218.92.0.52): 30 Time(s) root (218.92.0.59): 29 Time(s) root (218.92.0.26): 28 Time(s) root (218.92.0.53): 24 Time(s) root (218.92.0.45): 18 Time(s) root (218.92.0.40): 12 Time(s) root (218.92.0.47): 12 Time(s) root (mail.rokor.kz): 7 Time(s) root (211.223.96.54): 6 Time(s) root (h-37-123-139-202.a350.priv.bahnhof.se): 6 Time(s) unknown (185.11.61.88): 5 Time(s) root (165.22.245.164): 4 Time(s) root (47.243.82.146): 4 Time(s) unknown (164.92.133.216): 3 Time(s) unknown (186.155.227.234): 3 Time(s) unknown (2.57.122.127): 3 Time(s) unknown (31.184.198.71): 3 Time(s) unknown (185.196.8.151): 2 Time(s) unknown (222.108.186.205): 2 Time(s) unknown (62.122.184.252): 2 Time(s) mysql (62.122.184.252): 1 Time(s) root (31.184.198.71): 1 Time(s) root (62.122.184.252): 1 Time(s) unknown (103.147.34.150): 1 Time(s) unknown (112.173.174.97): 1 Time(s) unknown (118.41.128.150): 1 Time(s) unknown (221.162.209.158): 1 Time(s) unknown (47.243.82.146): 1 Time(s) Invalid Users: Unknown Account: 94 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 9.217K Bytes accepted 9,438 9.217K Bytes sent via SMTP 9,438 ======== ================================================== 2 Accepted 100.00% -------- -------------------------------------------------- 2 Total 100.00% ======== ================================================== 135 Connections 9 Connections lost (inbound) 135 Disconnections 2 Removed from queue 2 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 63 Time(s) Failed logins from: 31.184.198.71: 1 time 37.123.139.202 (h-37-123-139-202.A350.priv.bahnhof.se): 6 times 47.243.82.146: 4 times 62.122.184.252: 2 times 165.22.245.164: 4 times 178.88.167.38 (mail.rokor.kz): 7 times 211.223.96.54: 6 times 218.92.0.26: 28 times 218.92.0.28: 36 times 218.92.0.33: 42 times 218.92.0.40: 12 times 218.92.0.43: 60 times 218.92.0.45: 18 times 218.92.0.47: 12 times 218.92.0.51: 30 times 218.92.0.52: 30 times 218.92.0.53: 24 times 218.92.0.55: 48 times 218.92.0.59: 29 times Illegal users from: 2001:470:1:fb5:1d96:6066:7b6e:88ec: 1 time undef: 56 times 2.57.122.127: 3 times 31.184.198.71: 3 times 44.220.185.204 (ec2-44-220-185-204.compute-1.amazonaws.com): 1 time 47.243.82.146: 2 times 62.122.184.252: 2 times 64.62.197.106 (scan-39o.shadowserver.org): 1 time 103.147.34.150: 1 time 112.173.174.97: 1 time 118.41.128.150: 2 times 164.92.133.216: 3 times 165.22.245.164: 61 times 178.88.167.38 (mail.rokor.kz): 11 times 185.11.61.88: 5 times 185.196.8.151: 2 times 186.155.227.234 (geobis_international): 3 times 221.162.209.158: 5 times 222.108.186.205: 2 times **Unmatched Entries** error: buffer_get_string_ret: incomplete message [preauth] : 2 time(s) error: Received disconnect from 186.155.227.234: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] : 3 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (test,ssh-connection) [preauth] : 1 time(s) fatal: buffer_get_string: buffer error [preauth] : 2 time(s) Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (root,ssh-connection) [preauth] : 1 time(s) Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (ubnt,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop59766p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################