################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Jan 12 04:42:04 2022 Date Range Processed: yesterday ( 2022-Jan-11 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 11:11 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 106.45.9.128 -> zapf.wiki:443: 1 Time(s) 161.97.119.209 -> 161.97.119.209:7144: 1 Time(s) 222.186.19.235 -> zapf.wiki:443: 2 Time(s) A total of 5 sites probed the server 120.85.98.194 185.142.236.41 222.186.19.235 34.96.130.16 5.188.210.227 Requests with error response codes 400 Bad Request null: 6 Time(s) /phpmyadmin/scripts/setup.php: 4 Time(s) mstshash=Domain: 4 Time(s) /: 3 Time(s) zapf.wiki:443: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /.env: 1 Time(s) /KBif: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /evox/about: 1 Time(s) 161.97.119.209:7144: 1 Time(s) \x00\x00\x00\x00: 1 Time(s) ^\xB03: 1 Time(s) http://5.188.210.227/echo.php: 1 Time(s) mstshash=Administr: 1 Time(s) 500 Internal Server Error /: 18 Time(s) /.env: 6 Time(s) /robots.txt: 6 Time(s) /?XDEBUG_SESSION_START=phpstorm: 2 Time(s) /Autodiscover/Autodiscover.xml: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /mifs/.;/services/LogService: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /admin: 1 Time(s) /console/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /storage-center.png: 1 Time(s) 502 Bad Gateway /berlin/newsletter/newsletter-subscribe: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (46-13-36-189.customers.tmcz.cz): 60 Time(s) root (115.231.73.154): 30 Time(s) root (freenet0.afn.org): 30 Time(s) root (114.67.171.67): 29 Time(s) root (122.51.52.154): 19 Time(s) root (128.199.247.40): 16 Time(s) root (212.64.75.189): 14 Time(s) root (81.68.84.91): 14 Time(s) root (125.red-81-36-216.dynamicip.rima-tde.net): 12 Time(s) root (183.240.157.2): 12 Time(s) root (113.128.29.31): 8 Time(s) root (113.128.38.160): 8 Time(s) root (113.120.61.116): 6 Time(s) root (186.67.248.6): 6 Time(s) root (113.120.63.175): 4 Time(s) root (211.36.141.69): 4 Time(s) root (dhcp78-152-11-193.eaw.com.pl): 4 Time(s) root (92.255.85.135): 2 Time(s) unknown (182.66.193.220): 2 Time(s) unknown (cpe2-28-55.static.triera.net): 2 Time(s) unknown (host-176-36-35-4.b024.la.net.ua): 2 Time(s) root (114.67.104.59): 1 Time(s) root (114.80.85.75): 1 Time(s) root (120.41.239.36): 1 Time(s) root (144.123.70.77): 1 Time(s) root (175.126.73.16): 1 Time(s) root (203.95.212.41): 1 Time(s) root (221.195.1.201): 1 Time(s) root (27.254.46.67): 1 Time(s) root (45.80.64.246): 1 Time(s) root (61.177.172.175): 1 Time(s) unknown (141.98.10.63): 1 Time(s) unknown (162.216.204.92): 1 Time(s) unknown (211.36.141.69): 1 Time(s) unknown (45.141.84.10): 1 Time(s) unknown (dhcp78-152-11-193.eaw.com.pl): 1 Time(s) unknown (fixed-186-96-173-144.totalplay.net): 1 Time(s) unknown (ip164.ip-51-255-26.eu): 1 Time(s) Invalid Users: Unknown Account: 13 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 240 Miscellaneous warnings 9.764K Bytes accepted 9,998 9.764K Bytes sent via SMTP 9,998 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 10 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 10 Total 4xx Rejects 100.00% ======== ================================================== 351 Connections 61 Connections lost (inbound) 351 Disconnections 1 Removed from queue 1 Sent via SMTP 10 Timeouts (inbound) 1 Illegal address syntax in SMTP command 44 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 27.254.46.67: 1 time 45.80.64.246: 1 time 46.13.36.189 (46-13-36-189.customers.tmcz.cz): 60 times 61.177.172.175: 1 time 78.152.11.193 (dhcp78-152-11-193.eaw.com.pl): 4 times 81.36.216.125 (125.red-81-36-216.dynamicip.rima-tde.net): 12 times 81.68.84.91: 14 times 92.255.85.135: 2 times 113.120.61.116: 6 times 113.120.63.175: 4 times 113.128.29.31: 8 times 113.128.38.160: 8 times 114.67.104.59: 1 time 114.67.171.67: 29 times 114.80.85.75: 1 time 115.231.73.154: 30 times 120.41.239.36 (36.239.41.120.broad.xm.fj.dynamic.163data.com.cn): 1 time 122.51.52.154: 19 times 128.199.247.40: 16 times 128.227.163.10 (freenet0.afn.org): 30 times 144.123.70.77: 1 time 175.126.73.16: 1 time 183.240.157.2: 12 times 186.67.248.6: 6 times 203.95.212.41: 1 time 211.36.141.69: 4 times 212.64.75.189: 14 times 221.195.1.201: 1 time Illegal users from: 2001:470:1:c84::21: 1 time undef: 8 times 45.141.84.10: 1 time 51.255.26.164 (ip164.ip-51-255-26.eu): 1 time 64.62.197.62: 1 time 78.152.11.193 (dhcp78-152-11-193.eaw.com.pl): 1 time 82.149.28.55 (cpe2-28-55.static.triera.net): 2 times 141.98.10.63: 1 time 162.216.204.92 (204.216.162.in-addr.arpa): 1 time 176.36.35.4 (host-176-36-35-4.b024.la.net.ua): 2 times 182.66.193.220: 2 times 186.96.173.144 (fixed-186-96-173-144.totalplay.net): 1 time 211.36.141.69: 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################