################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Dec 2 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-01 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 43:43 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 7 sites probed the server 103.156.91.51 193.29.14.156 218.255.162.29 23.102.38.254 23.224.186.219 45.134.144.108 66.240.205.34 Requests with error response codes 400 Bad Request null: 9 Time(s) /socket.io/?noteId=D1lk7Eb3Squ7uGiIXiErNg& ... HmYoRyXn9_sAAAT: 4 Time(s) mstshash=Domain: 4 Time(s) /: 2 Time(s) /socket.io/?noteId=nhtPDSPISDGGdnglpZRL0A& ... zbhkpgKUuvvAAAX: 2 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /jjH@: 1 Time(s) /socket.io/?noteId=nhtPDSPISDGGdnglpZRL0A& ... Og6gfnRVMeUAAAY: 1 Time(s) HTTP/1.0: 1 Time(s) 404 Not Found //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) 499 (undefined) /socket.io/?noteId=nhtPDSPISDGGdnglpZRL0A& ... Og6gfnRVMeUAAAY: 1 Time(s) /socket.io/?noteId=nhtPDSPISDGGdnglpZRL0A& ... l6oGH6WT9ejAAAZ: 1 Time(s) /socket.io/?noteId=nhtPDSPISDGGdnglpZRL0A& ... zbhkpgKUuvvAAAX: 1 Time(s) 500 Internal Server Error /: 17 Time(s) /.env: 4 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /owa/auth/logon.aspx: 2 Time(s) /robots.txt: 2 Time(s) ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s) /HNAP1/: 1 Time(s) /ReportServer: 1 Time(s) /admin/.env: 1 Time(s) /api/.env: 1 Time(s) /api/v1/.env: 1 Time(s) /api/v2/.env: 1 Time(s) /api/v3/.env: 1 Time(s) /app/.env: 1 Time(s) /backend/.env: 1 Time(s) /bag2: 1 Time(s) /common/info.cgi: 1 Time(s) /config/.env: 1 Time(s) /core/.env: 1 Time(s) /currentsetting.htm: 1 Time(s) /dev/.env: 1 Time(s) /dniapi/userInfos: 1 Time(s) /epa/scripts/win/nsepa_setup.exe: 1 Time(s) /favicon.ico: 1 Time(s) /laravel/.env: 1 Time(s) /local/.env: 1 Time(s) /login: 1 Time(s) /master/.env: 1 Time(s) /old/.env: 1 Time(s) /oldsite/.env: 1 Time(s) /owa/auth/x.js: 1 Time(s) /portal/.env: 1 Time(s) /prod/.env: 1 Time(s) /production/.env: 1 Time(s) /sitemap.xml: 1 Time(s) /stag/.env: 1 Time(s) /staging/.env: 1 Time(s) /test/.env: 1 Time(s) /tools/.env: 1 Time(s) /web/.env: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (gurlstalk.com): 40 Time(s) root (150.158.173.223): 34 Time(s) root (119.96.175.156): 33 Time(s) root (49.235.78.105): 30 Time(s) root (175.24.152.200): 29 Time(s) root (net-2-45-185-2.cust.vodafonedsl.it): 21 Time(s) root (static.114.139.47.78.clients.your-server.de): 21 Time(s) unknown (93.123.93.104): 19 Time(s) root (168.121.104.224): 17 Time(s) root (vps2.d3soft.ma): 16 Time(s) root (93.123.93.104): 15 Time(s) unknown (119.96.175.156): 15 Time(s) unknown (141.98.10.82): 15 Time(s) unknown (150.158.173.223): 15 Time(s) unknown (49.235.78.105): 15 Time(s) root (182.50.65.146): 14 Time(s) root (ec2-18-162-51-206.ap-east-1.compute.amazonaws.com): 13 Time(s) unknown (net-2-45-185-2.cust.vodafonedsl.it): 11 Time(s) unknown (116.247.81.99): 9 Time(s) unknown (168.121.104.224): 8 Time(s) unknown (175.24.152.200): 8 Time(s) unknown (vps2.d3soft.ma): 8 Time(s) root (116.247.81.99): 7 Time(s) unknown (141.98.10.60): 7 Time(s) root (200.225.216.65): 6 Time(s) unknown (182.50.65.146): 6 Time(s) unknown (static.114.139.47.78.clients.your-server.de): 5 Time(s) root (141.98.10.246): 4 Time(s) unknown (141.98.10.246): 4 Time(s) unknown (209.141.47.245): 4 Time(s) unknown (212.192.241.124): 4 Time(s) unknown (212.192.241.37): 4 Time(s) unknown (23.183.81.227): 4 Time(s) unknown (ec2-18-162-51-206.ap-east-1.compute.amazonaws.com): 4 Time(s) unknown (195.133.18.104): 3 Time(s) unknown (209.141.33.193): 3 Time(s) unknown (31.184.198.71): 3 Time(s) unknown (91.223.67.146): 3 Time(s) unknown (115.95.69.205): 2 Time(s) unknown (199.76.38.123): 2 Time(s) unknown (200.225.216.65): 2 Time(s) unknown (209.141.33.121): 2 Time(s) unknown (23.183.81.136): 2 Time(s) unknown (23.183.81.54): 2 Time(s) unknown (23.183.82.135): 2 Time(s) unknown (23.183.82.180): 2 Time(s) unknown (host-24-224-178-87.public.eastlink.ca): 2 Time(s) unknown (host-5-58-49-173.bitternet.ua): 2 Time(s) unknown (slot0.epaperitaliait.com): 2 Time(s) postgres (93.123.93.104): 1 Time(s) root (1.85.218.150): 1 Time(s) unknown (1.15.181.252): 1 Time(s) unknown (103.127.67.54): 1 Time(s) unknown (136.144.41.3): 1 Time(s) unknown (151.1.177.22): 1 Time(s) unknown (194.85.248.40): 1 Time(s) unknown (198.98.62.88): 1 Time(s) unknown (209.141.34.220): 1 Time(s) unknown (23.183.81.249): 1 Time(s) Invalid Users: Unknown Account: 207 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 12.487K Bytes accepted 12,787 12.487K Bytes sent via SMTP 12,787 ======== ================================================== 2 Accepted 100.00% -------- -------------------------------------------------- 2 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 484 Connections 311 Connections lost (inbound) 484 Disconnections 2 Removed from queue 2 Sent via SMTP 3 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.85.218.150: 1 time 2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 21 times 18.162.51.206 (ec2-18-162-51-206.ap-east-1.compute.amazonaws.com): 13 times 49.235.78.105: 30 times 78.47.139.114 (static.114.139.47.78.clients.your-server.de): 21 times 93.123.93.104 (mail.motolife.bg): 16 times 104.248.168.195 (gurlstalk.com): 40 times 116.247.81.99: 7 times 119.96.175.156: 33 times 141.98.10.246 (while-alerte.flightcrown.com): 4 times 150.158.173.223: 34 times 168.121.104.224: 17 times 175.24.152.200: 29 times 178.33.67.12 (vps2.d3soft.ma): 16 times 182.50.65.146: 14 times 200.225.216.65 (mluiza-200-225-216-065.static.ctbctelecom.com.br): 6 times Illegal users from: 2001:470:1:c84::27: 1 time undef: 105 times 1.15.181.252: 1 time 2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 11 times 5.58.49.173 (host-5-58-49-173.bitternet.ua): 2 times 18.162.51.206 (ec2-18-162-51-206.ap-east-1.compute.amazonaws.com): 4 times 23.183.81.54: 2 times 23.183.81.136: 2 times 23.183.81.227: 4 times 23.183.81.249: 1 time 23.183.82.135: 2 times 23.183.82.180: 2 times 24.224.178.87 (host-24-224-178-87.public.eastlink.ca): 2 times 31.184.198.71: 3 times 49.235.78.105: 15 times 65.49.20.68 (scan-19.shadowserver.org): 1 time 78.47.139.114 (static.114.139.47.78.clients.your-server.de): 5 times 91.223.67.146: 3 times 93.123.93.104 (mail.motolife.bg): 19 times 103.127.67.54: 1 time 115.95.69.205: 2 times 116.247.81.99: 9 times 119.96.175.156: 15 times 136.144.41.3: 1 time 141.98.10.60: 7 times 141.98.10.82: 15 times 141.98.10.246 (while-alerte.flightcrown.com): 4 times 150.158.173.223: 15 times 151.1.177.22: 1 time 168.121.104.224: 8 times 175.24.152.200: 8 times 178.33.67.12 (vps2.d3soft.ma): 8 times 182.50.65.146: 6 times 194.85.248.40: 1 time 195.133.18.24 (slot0.epaperitaliait.com): 2 times 195.133.18.104: 3 times 198.98.62.88: 1 time 199.76.38.123: 2 times 200.225.216.65 (mluiza-200-225-216-065.static.ctbctelecom.com.br): 2 times 209.141.33.121: 2 times 209.141.33.193 (mx.chinadomainregistry.org): 3 times 209.141.34.220 (meshlv02.oxds.org): 1 time 209.141.47.245: 4 times 212.192.241.37: 4 times 212.192.241.124: 4 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (!root,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################