################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Dec 6 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-05 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [104:106] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 7 sites probed the server 143.198.187.111 159.223.13.107 188.165.185.110 209.97.164.92 23.225.180.206 45.95.169.199 66.240.205.34 Requests with error response codes 400 Bad Request null: 14 Time(s) /: 4 Time(s) mstshash=Domain: 4 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s) /config/getuser?index=0: 2 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /c/version.js: 1 Time(s) /favicon.ico: 1 Time(s) /flu/403.html: 1 Time(s) /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s) /manager/text/list: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 404 Not Found //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //2020/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) 500 Internal Server Error /: 25 Time(s) /dns-query: 3 Time(s) /query: 3 Time(s) /resolve: 3 Time(s) /.env: 2 Time(s) /?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /autodiscover/autodiscover.json?(a)test.com/ ... son%3F(a)test.com: 2 Time(s) /dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /resolve?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 2 Time(s) /robots.txt: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /?dns=DUIBAAABAAAAAAAABWJhaWR1A2NvbQAAAQAB: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /ads: 1 Time(s) /ads?dns=DUIBAAABAAAAAAAABWJhaWR1A2NvbQAAAQAB: 1 Time(s) /c/version.js: 1 Time(s) /console/: 1 Time(s) /dns-query?dns=DUIBAAABAAAAAAAABWJhaWR1A2NvbQAAAQAB: 1 Time(s) /doh: 1 Time(s) /doh/family-filter: 1 Time(s) /doh/family-filter?dns=DUIBAAABAAAAAAAABWJhaWR1A2NvbQAAAQAB: 1 Time(s) /doh/secure-filter: 1 Time(s) /doh/secure-filter?dns=DUIBAAABAAAAAAAABWJhaWR1A2NvbQAAAQAB: 1 Time(s) /doh?dns=DUIBAAABAAAAAAAABWJhaWR1A2NvbQAAAQAB: 1 Time(s) /ecp/lkd.js: 1 Time(s) /flu/403.html: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /query?dns=DUIBAAABAAAAAAAABWJhaWR1A2NvbQAAAQAB: 1 Time(s) /resolve?dns=DUIBAAABAAAAAAAABWJhaWR1A2NvbQAAAQAB: 1 Time(s) /stalker_portal/c/version.js: 1 Time(s) /stream/live.php: 1 Time(s) /streaming/clients_live.php: 1 Time(s) /system_api.php: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (142.93.65.72): 128 Time(s) root (211.159.147.235): 32 Time(s) root (114.113.238.195): 31 Time(s) root (185.98.26.254): 30 Time(s) root (36.91.119.221): 28 Time(s) root (38.91.102.77): 28 Time(s) unknown (36.133.83.172): 26 Time(s) unknown (183.107.127.135): 25 Time(s) root (187.32.84.234): 24 Time(s) root (92.255.85.237): 24 Time(s) unknown (92.255.85.37): 24 Time(s) root (36.133.83.172): 23 Time(s) unknown (159.223.85.219): 23 Time(s) root (92.255.85.37): 22 Time(s) unknown (111.93.235.74): 20 Time(s) unknown (170.245.14.173): 20 Time(s) unknown (92.255.85.237): 19 Time(s) unknown (114.113.238.195): 18 Time(s) unknown (141.98.10.82): 18 Time(s) root (165.232.172.181): 17 Time(s) root (178.154.204.1): 16 Time(s) root (183.107.127.135): 16 Time(s) root (61.175.198.155): 16 Time(s) root (167.172.230.14): 15 Time(s) unknown (138.197.149.97): 15 Time(s) unknown (static.105.206.63.178.clients.your-server.de): 15 Time(s) unknown (36.91.119.221): 13 Time(s) root (144.135.85.184): 12 Time(s) root (165.232.105.80): 12 Time(s) root (168.196.96.37): 12 Time(s) unknown (211.159.147.235): 11 Time(s) unknown (61.175.198.155): 10 Time(s) root (45.124.144.116): 9 Time(s) unknown (165.232.105.80): 9 Time(s) root (134.209.198.229): 8 Time(s) unknown (165.232.172.181): 8 Time(s) unknown (167.172.230.14): 8 Time(s) unknown (178.154.204.1): 8 Time(s) unknown (38.91.102.77): 8 Time(s) root (138.197.149.97): 7 Time(s) unknown (168.196.96.37): 7 Time(s) root (170.245.14.173): 6 Time(s) root (209.141.42.136): 6 Time(s) unknown (134.236.247.145): 6 Time(s) unknown (141.98.10.202): 6 Time(s) unknown (185.98.26.254): 6 Time(s) root (111.93.235.74): 5 Time(s) unknown (144.135.85.184): 5 Time(s) root (8.214.28.133): 4 Time(s) unknown (23.183.81.249): 4 Time(s) unknown (141.98.10.60): 3 Time(s) unknown (146.185.79.101): 3 Time(s) unknown (165.22.195.82): 3 Time(s) unknown (185.217.1.246): 3 Time(s) unknown (194.85.248.40): 3 Time(s) unknown (209.141.34.220): 3 Time(s) unknown (23.183.81.227): 3 Time(s) unknown (45.124.144.116): 3 Time(s) unknown (45.155.204.39): 3 Time(s) postgres (159.223.85.219): 2 Time(s) root (141.98.10.246): 2 Time(s) root (212.192.241.95): 2 Time(s) unknown (134.209.198.229): 2 Time(s) unknown (141.98.10.246): 2 Time(s) unknown (187.32.84.234): 2 Time(s) unknown (195.133.18.104): 2 Time(s) unknown (212.192.241.124): 2 Time(s) unknown (23.183.81.54): 2 Time(s) unknown (23.183.82.180): 2 Time(s) unknown (91.223.67.146): 2 Time(s) unknown (net-5-94-39-32.cust.vodafonedsl.it): 2 Time(s) unknown (slot0.epaperitaliait.com): 2 Time(s) bin (185.98.26.254): 1 Time(s) postgres (38.91.102.77): 1 Time(s) root (165.22.195.82): 1 Time(s) root (69.75.142.34.bc.googleusercontent.com): 1 Time(s) root (91.223.67.146): 1 Time(s) temp (92.255.85.37): 1 Time(s) unknown (106.171.77.34.bc.googleusercontent.com): 1 Time(s) unknown (110.77.176.163): 1 Time(s) unknown (209.244.159.34.bc.googleusercontent.com): 1 Time(s) unknown (212.192.241.95): 1 Time(s) unknown (23.183.82.135): 1 Time(s) unknown (69.75.142.34.bc.googleusercontent.com): 1 Time(s) unknown (v150-95-143-105.a088.g.tyo1.static.cnode.io): 1 Time(s) www-data (114.113.238.195): 1 Time(s) Invalid Users: Unknown Account: 386 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 13.396K Bytes accepted 13,718 13.396K Bytes sent via SMTP 13,718 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 184 Connections 32 Connections lost (inbound) 184 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 8.214.28.133: 4 times 34.142.75.69 (69.75.142.34.bc.googleusercontent.com): 1 time 36.91.119.221: 28 times 36.133.83.172: 23 times 38.91.102.77 (77-102-91-38.clients.gthost.com): 29 times 45.124.144.116: 9 times 61.175.198.155: 16 times 91.223.67.146: 1 time 92.255.85.37: 23 times 92.255.85.237: 24 times 111.93.235.74 (static-74.235.93.111-tataidc.co.in): 5 times 114.113.238.195: 32 times 134.209.198.229: 8 times 138.197.149.97: 7 times 141.98.10.246 (while-alerte.flightcrown.com): 2 times 142.93.65.72: 128 times 144.135.85.184 (144-135-85-184.tpips.telstra.com): 12 times 159.223.85.219: 2 times 165.22.195.82: 1 time 165.232.105.80 (health-hub.ie): 12 times 165.232.172.181: 17 times 167.172.230.14 (bizdebthelpers.netssl): 15 times 168.196.96.37: 12 times 170.245.14.173 (neorede.com.br): 6 times 178.154.204.1: 16 times 183.107.127.135: 16 times 185.98.26.254: 31 times 187.32.84.234 (187-032-084-234.static.ctbctelecom.com.br): 24 times 209.141.42.136 (dns10.hichina.com): 6 times 211.159.147.235: 32 times 212.192.241.95: 2 times Illegal users from: 2001:470:1:332::2 (the-shadow-server-foundation.e0-1.core1.sfo2.he.net): 1 time undef: 248 times 5.94.39.32 (net-5-94-39-32.cust.vodafonedsl.it): 2 times 23.183.81.54: 2 times 23.183.81.227: 3 times 23.183.81.249: 4 times 23.183.82.135: 1 time 23.183.82.180: 2 times 34.77.171.106 (106.171.77.34.bc.googleusercontent.com): 1 time 34.142.75.69 (69.75.142.34.bc.googleusercontent.com): 1 time 34.159.244.209 (209.244.159.34.bc.googleusercontent.com): 1 time 36.91.119.221: 13 times 36.133.83.172: 26 times 38.91.102.77 (77-102-91-38.clients.gthost.com): 8 times 45.124.144.116: 3 times 45.155.204.39: 3 times 61.175.198.155: 10 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 91.223.67.146: 2 times 92.255.85.37: 24 times 92.255.85.237: 19 times 110.77.176.163: 1 time 111.93.235.74 (static-74.235.93.111-tataidc.co.in): 20 times 114.113.238.195: 18 times 134.209.198.229: 2 times 134.236.247.145: 6 times 138.197.149.97: 15 times 141.98.10.60: 3 times 141.98.10.82: 18 times 141.98.10.202: 6 times 141.98.10.246 (while-alerte.flightcrown.com): 2 times 144.135.85.184 (144-135-85-184.tpips.telstra.com): 5 times 146.185.79.101: 3 times 150.95.143.105 (v150-95-143-105.a088.g.tyo1.static.cnode.io): 1 time 159.223.85.219: 23 times 165.22.195.82: 3 times 165.232.105.80 (health-hub.ie): 9 times 165.232.172.181: 8 times 167.172.230.14 (bizdebthelpers.netssl): 8 times 168.196.96.37: 7 times 170.245.14.173 (neorede.com.br): 20 times 178.63.206.105 (static.105.206.63.178.clients.your-server.de): 15 times 178.154.204.1: 8 times 183.107.127.135: 25 times 185.98.26.254: 6 times 185.217.1.246: 3 times 187.32.84.234 (187-032-084-234.static.ctbctelecom.com.br): 2 times 194.85.248.40: 3 times 195.133.18.24 (slot0.epaperitaliait.com): 2 times 195.133.18.104: 2 times 209.141.34.220 (meshlv02.oxds.org): 3 times 211.159.147.235: 11 times 212.192.241.95: 1 time 212.192.241.124: 2 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (!root,ssh-connection) [preauth] : 1 time(s) Protocol major versions differ for 125.64.94.145: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################