################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Mar 3 04:42:03 2024 Date Range Processed: yesterday ( 2024-Mar-02 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 6:6 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 10 sites probed the server 107.170.192.30 165.22.29.45 184.105.139.68 192.241.197.5 192.241.209.25 192.241.209.4 205.210.31.192 45.95.169.184 66.240.205.34 86.104.194.190 Requests with error response codes 400 Bad Request mstshash=Administr: 12 Time(s) null: 10 Time(s) *: 5 Time(s) /: 5 Time(s) mstshash=hello: 2 Time(s) '\xAAi\x8D\xCBg%\x12\x9F\xBC#\xE2\xA2@W: 1 Time(s) /.env: 1 Time(s) /dns-query: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 7: 1 Time(s) \x01\x00\x01\x1C\x03\x03x\x91\x11\x1AeX\xF ... NC\xE4\xDB\x18R: 1 Time(s) \x0F\xEE\xF2\x8D\x00\x08\x9Ct=\xF7\xE7\xA0 ... x09\xC0\x13\xC0: 1 Time(s) \x84\xAD[\x00\xFA\xCCE\xD8\xE8\xC35\xBD\xD ... x09\xC0\x13\xC0: 1 Time(s) \xAB\xED\xCA(\x06j\x13\x1B\x89\x86\x84\xA2 ... D\xC0$\xC0(\xC0: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xC46\xBA\x13\xA7P\xCF_\xB2$%\xE7\x182\xB6 ... D\xC0$\xC0(\xC0: 1 Time(s) \xE6n.vv\x11C\x16\xAA\xA7\xAE\x93\xA5\xA0\ ... x09\xC0\x13\xC0: 1 Time(s) 403 Forbidden /FrcS3CFURGOhH8IZnOVeEw: 1 Time(s) 404 Not Found /wp-content/plugins/ai-engine/app/index.js: 1 Time(s) 500 Internal Server Error /: 19 Time(s) /dns-query: 4 Time(s) /.env: 3 Time(s) /favicon.ico: 2 Time(s) /.git/config: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Temporary_Listen_Addresses: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /actuator/health: 1 Time(s) /autodiscove/: 1 Time(s) /autodiscover/autodiscover%20/: 1 Time(s) /autodiscover/autodiscoverrs/: 1 Time(s) /autodiscover/autodiscovers/: 1 Time(s) /cgi-bin/login: 1 Time(s) /dns-query?dns=ZSUBAAABAAAAAAAABmdvb2dsZQNjb20AAAEAAQ: 1 Time(s) /dns-query?dns=yOwBAAABAAAAAAAABHRlc3QJbWV ... 0BHdvcmsAAAEAAQ: 1 Time(s) /ews/%20/: 1 Time(s) /ews/autodiscovers/: 1 Time(s) /ews/ews/: 1 Time(s) /ews/exchange%20/: 1 Time(s) /ews/exchange/: 1 Time(s) /ews/exchanges/: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /webui/: 1 Time(s) 502 Bad Gateway /musterrechtsverordung/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (159.89.95.203): 131 Time(s) unknown (212.70.149.150): 104 Time(s) unknown (165.22.245.164): 56 Time(s) root (212.70.149.150): 32 Time(s) root (221.127.69.149): 6 Time(s) root (45.128.96.51): 6 Time(s) root (50.27.184.8): 6 Time(s) root (198.211.100.121): 5 Time(s) unknown (185.11.61.88): 5 Time(s) unknown (85.209.11.254): 5 Time(s) unknown (211.62.68.204): 4 Time(s) unknown (62.122.184.252): 4 Time(s) root (85.209.11.27): 3 Time(s) unknown (185.196.8.151): 2 Time(s) unknown (31.184.198.71): 2 Time(s) daemon (212.70.149.150): 1 Time(s) mysql (165.22.245.164): 1 Time(s) root (101.127.107.185): 1 Time(s) root (128.199.238.36): 1 Time(s) root (142.171.94.69): 1 Time(s) root (165.22.245.164): 1 Time(s) root (185.216.70.138): 1 Time(s) root (202.58.124.92): 1 Time(s) root (31.184.198.71): 1 Time(s) root (45.95.147.236): 1 Time(s) root (64.20.53.245): 1 Time(s) root (85.198.9.229): 1 Time(s) root (85.209.11.254): 1 Time(s) root (92.118.39.34): 1 Time(s) root (bba-94-59-230-95.alshamil.net.ae): 1 Time(s) root (ec2-3-7-202-2.ap-south-1.compute.amazonaws.com): 1 Time(s) root (ip5f5947e8.dynamic.kabel-deutschland.de): 1 Time(s) root (net-37-119-210-199.cust.vodafonedsl.it): 1 Time(s) root (ns328542.ip-37-187-114.eu): 1 Time(s) root (v133-18-229-190.vir.kagoya.net): 1 Time(s) root (w2wportal.com): 1 Time(s) unknown (210.126.78.57): 1 Time(s) uucp (212.70.149.150): 1 Time(s) Invalid Users: Unknown Account: 187 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 9.168K Bytes accepted 9,388 9.168K Bytes sent via SMTP 9,388 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 140 Connections 15 Connections lost (inbound) 140 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 11 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 3.7.202.2 (ec2-3-7-202-2.ap-south-1.compute.amazonaws.com): 1 time 31.184.198.71: 1 time 37.119.210.199 (net-37-119-210-199.cust.vodafonedsl.it): 1 time 37.187.114.110 (ns328542.ip-37-187-114.eu): 1 time 45.55.47.167 (w2wportal.com): 1 time 45.95.147.236 (hosted-by.as49870.net): 1 time 45.128.96.51: 6 times 50.27.184.8: 6 times 64.20.53.245 (vps2411525.trouble-free.net): 1 time 85.198.9.229 (85.198.9.229.asiatech.cloud): 1 time 85.209.11.27: 3 times 85.209.11.254: 1 time 92.118.39.34: 1 time 94.59.230.95 (bba-94-59-230-95.alshamil.net.ae): 1 time 95.89.71.232 (ip5f5947e8.dynamic.kabel-deutschland.de): 1 time 101.127.107.185: 1 time 128.199.238.36: 1 time 133.18.229.190 (v133-18-229-190.vir.kagoya.net): 1 time 142.171.94.69: 1 time 159.89.95.203 (remiscuba.com): 131 times 165.22.245.164: 2 times 185.216.70.138: 1 time 198.211.100.121: 5 times 202.58.124.92: 1 time 212.70.149.150: 34 times 221.127.69.149: 6 times Illegal users from: 2001:470:1:fb5:714b:1b45:a1b:973d: 1 time undef: 77 times 31.184.198.71: 3 times 62.122.184.252: 4 times 65.49.1.33 (scan-53j.shadowserver.org): 1 time 85.209.11.27: 1 time 85.209.11.254: 5 times 165.22.245.164: 56 times 185.11.61.88: 5 times 185.196.8.151: 2 times 210.126.78.57: 5 times 211.62.68.204: 5 times 212.70.149.150: 107 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (root,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (ubnt,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop59766p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################