################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Sep 3 04:42:03 2023 Date Range Processed: yesterday ( 2023-Sep-02 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 78:79 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 185.91.127.13 -> judge.9000.co.in:443: 1 Time(s) A total of 11 sites probed the server 107.170.230.31 179.43.191.194 185.142.236.40 185.91.127.13 192.241.227.37 193.141.60.71 198.199.105.41 205.210.31.216 222.94.140.84 43.134.108.109 45.128.232.12 Requests with error response codes 400 Bad Request null: 17 Time(s) /: 5 Time(s) *: 3 Time(s) mstshash=Administr: 3 Time(s) /.env: 1 Time(s) /api/v1: 1 Time(s) /cgi-bin/.%%%%32%%65/.%%%%32%%65/.%%%%32%% ... %%32%%65/bin/sh: 1 Time(s) /private/api/v1/service/premaster: 1 Time(s) \x5C\xD9\xD8\xB1\x8Bkk\xEC(\xFC\x8C\xA4: 1 Time(s) \x8E;\xD0LJ: 1 Time(s) \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s) \xE18,\x06qH\x89\xED\x9Fr\xE8\xDA&\x86\xDD ... xF5\x7F\xC8\xF3: 1 Time(s) \xE5QIn\xC2\xBE\x99\xAC]\xA3}f\xFF\x87\x22 ... x09\xC0\x14\xC0: 1 Time(s) \xEE\xBEb\xE0\xA8q\xD4\xB8\x83\xFE\xFB\x1C ... D\xC0$\xC0(\xC0: 1 Time(s) anonymous: 1 Time(s) icap://icap-server.net/server?arg=87: 1 Time(s) judge.9000.co.in:443: 1 Time(s) 499 (undefined) /: 1 Time(s) 500 Internal Server Error /: 38 Time(s) /favicon.ico: 7 Time(s) /.env: 4 Time(s) /robots.txt: 4 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /sitemap.xml: 2 Time(s) /.git/config: 1 Time(s) /.well-known/security.txt: 1 Time(s) /RDWeb: 1 Time(s) /Remote: 1 Time(s) /_profiler/phpinfo: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /actuator/health: 1 Time(s) /api/sonicos/auth: 1 Time(s) /api/sonicos/tfa: 1 Time(s) /api/v1: 1 Time(s) /auth.html: 1 Time(s) /auth1.html: 1 Time(s) /autodiscover/autodiscover.json?(a)foo.com/m ... json%3f(a)foo.com: 1 Time(s) /dana-cached/hc/HostCheckerInstaller.osx: 1 Time(s) /dana-na/nc/nc_gina_ver.txt: 1 Time(s) /geoserver/web/: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/x.js: 1 Time(s) /receiver/images/common/icon_vpn.ico: 1 Time(s) /restore.php: 1 Time(s) /sslvpnLogin.html: 1 Time(s) /t4: 1 Time(s) /vpn/images/AccessGateway.ico: 1 Time(s) /wsman: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (159.223.195.135): 194 Time(s) unknown (159.223.203.211): 193 Time(s) root (41.77.84.69): 85 Time(s) root (195.88.120.62): 75 Time(s) root (84-255-204-251.static.t-2.net): 60 Time(s) unknown (103.156.14.34): 55 Time(s) root (159.223.203.211): 41 Time(s) unknown (185.161.248.200): 41 Time(s) root (159.223.195.135): 38 Time(s) root (zaor.de): 38 Time(s) root (95.179.252.232): 24 Time(s) unknown (193.201.9.109): 24 Time(s) root (141.98.11.11): 17 Time(s) unknown (141.98.11.11): 17 Time(s) unknown (62.122.184.71): 17 Time(s) root (185.224.128.142): 12 Time(s) root (36.129.3.143): 12 Time(s) unknown (185.224.128.187): 12 Time(s) root (104.193.255.77): 8 Time(s) unknown (31.41.244.61): 8 Time(s) unknown (31.41.244.62): 7 Time(s) unknown (81.17.22.115): 7 Time(s) root (103.146.140.167): 6 Time(s) root (141.98.11.90): 6 Time(s) root (218.145.31.213): 6 Time(s) root (31.41.244.62): 6 Time(s) unknown (104.193.255.77): 6 Time(s) postgres (159.223.195.135): 5 Time(s) postgres (159.223.203.211): 5 Time(s) root (193.201.9.109): 5 Time(s) unknown (141.98.11.90): 5 Time(s) unknown (medisync.org): 5 Time(s) mysql (159.223.195.135): 4 Time(s) mysql (159.223.203.211): 4 Time(s) root (185.224.128.187): 4 Time(s) root (31.41.244.61): 4 Time(s) root (185.161.248.200): 3 Time(s) root (62.122.184.71): 3 Time(s) unknown (203.192.217.52): 3 Time(s) root (seed1.sheesh.rip): 2 Time(s) unknown (ip70-181-124-215.oc.oc.cox.net): 2 Time(s) postfix (185.161.248.200): 1 Time(s) root (157.245.154.124): 1 Time(s) sshd (185.161.248.200): 1 Time(s) unknown (175.196.231.248): 1 Time(s) unknown (77.90.185.131): 1 Time(s) uucp (193.201.9.109): 1 Time(s) Invalid Users: Unknown Account: 626 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 9.400K Bytes accepted 9,626 9.400K Bytes sent via SMTP 9,626 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 87 Connections 17 Connections lost (inbound) 87 Disconnections 1 Removed from queue 1 Sent via SMTP 47 Timeouts (inbound) 4 SMTP dialog errors 4 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 31.41.244.61: 4 times 31.41.244.62: 6 times 36.129.3.143: 12 times 41.77.84.69: 85 times 62.122.184.71: 3 times 84.255.204.251 (84-255-204-251.static.t-2.net): 60 times 91.224.92.110 (seed1.sheesh.rip): 2 times 95.179.252.232 (95.179.252.232.vultrusercontent.com): 24 times 103.146.140.167: 6 times 104.193.255.77 (.): 8 times 138.68.74.198 (zaor.de): 38 times 141.98.11.11 (axon-stall.riddlecamera.net): 17 times 141.98.11.90 (lighten.medyamol.com): 6 times 157.245.154.124: 1 time 159.223.195.135: 47 times 159.223.203.211: 50 times 185.161.248.200: 5 times 185.224.128.142 (ihate.feds.kys): 12 times 185.224.128.187: 4 times 193.201.9.109: 6 times 195.88.120.62 (195-88-120-62.parustelecom.ru): 75 times 218.145.31.213: 6 times Illegal users from: 2001:470:1:c84::27: 1 time undef: 255 times 14.139.243.10: 6 times 31.41.244.61: 8 times 31.41.244.62: 7 times 42.200.70.128 (42-200-70-128.static.imsbiz.com): 1 time 62.122.184.71: 17 times 65.49.1.105: 1 time 70.181.124.215 (ip70-181-124-215.oc.oc.cox.net): 2 times 77.90.185.131: 1 time 81.17.22.115 (hostedby.privatealps.net): 35 times 103.156.14.34: 55 times 104.193.255.77 (.): 6 times 115.244.37.124: 6 times 139.59.78.11 (medisync.org): 5 times 141.98.11.11 (axon-stall.riddlecamera.net): 17 times 141.98.11.90 (lighten.medyamol.com): 6 times 159.223.195.135: 194 times 159.223.203.211: 193 times 175.196.231.248: 1 time 183.136.225.5: 1 time 185.161.248.200: 41 times 185.224.128.187: 12 times 193.201.9.109: 26 times 195.88.120.62 (195-88-120-62.parustelecom.ru): 16 times 203.192.217.52 (dhcp-192-217-52.in2cable.com): 3 times **Unmatched Entries** Protocol major versions differ for 118.193.59.194: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Server : 1 time(s) fatal: buffer_get_string: buffer error [preauth] : 1 time(s) error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47383p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################