################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Nov 11 04:42:04 2021 Date Range Processed: yesterday ( 2021-Nov-10 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 52:53 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 7 sites probed the server 115.56.110.31 139.162.145.250 161.35.230.3 172.104.131.24 205.185.124.100 64.227.99.233 66.240.205.34 Requests with error response codes 400 Bad Request null: 9 Time(s) /config/getuser?index=0: 3 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... jS1a_DGcs-GAAGO: 3 Time(s) /socket.io/?noteId=LdW0m7lCSQGo6FSrTd23Ag& ... 7ZTmJrPmFGOAAGV: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... XELJl0T_TV3AAGQ: 2 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... lIM1VPTDqO4AAGR: 2 Time(s) /socket.io/?noteId=sjm1ThKESAW4OTPKptLASA& ... 0POB17QtzvQAAGc: 2 Time(s) /: 1 Time(s) /.env: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... 0pqVlb2lWWUAAGP: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... 3Wbwi_HV0OqAAGL: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... BcvK-fp7LEcAAGT: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... IBKFWYjOvJ8AAGS: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... PTm58nSADKSAAGU: 1 Time(s) /socket.io/?noteId=LdW0m7lCSQGo6FSrTd23Ag& ... dy3ypEUJDLvAAGW: 1 Time(s) /socket.io/?noteId=PiTR8IfESdq38mhcyRBXHQ& ... PZmXJysIqBCAAGk: 1 Time(s) /socket.io/?noteId=PiTR8IfESdq38mhcyRBXHQ& ... fFegOgiMMLjAAGi: 1 Time(s) /socket.io/?noteId=PiTR8IfESdq38mhcyRBXHQ& ... jm-vJ4-MUC1AAGj: 1 Time(s) /socket.io/?noteId=sjm1ThKESAW4OTPKptLASA& ... Fmic7jzHSCSAAGe: 1 Time(s) /socket.io/?noteId=sjm1ThKESAW4OTPKptLASA& ... bITvznPoln1AAGZ: 1 Time(s) /socket.io/?noteId=sjm1ThKESAW4OTPKptLASA& ... gwEtyE6oIx-AAGa: 1 Time(s) /socket.io/?noteId=sjm1ThKESAW4OTPKptLASA& ... yhcXQzuB6kpAAGY: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) =PVR\xCE\x18\x03\xD4v\x1C\x95t\xE7H\x22@\xBC\xE7: 1 Time(s) 404 Not Found /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) /wp-content/plugins/fancy-product-designer ... age-handler.php: 1 Time(s) /wp-content/plugins/ioptimization/IOptimize.php?rchk: 1 Time(s) /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello: 1 Time(s) /wp-content/plugins/ubh/up.php: 1 Time(s) /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css: 1 Time(s) /wp-includes/lfx.php: 1 Time(s) 499 (undefined) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... 0pqVlb2lWWUAAGP: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... 3Wbwi_HV0OqAAGL: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... BcvK-fp7LEcAAGT: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... IBKFWYjOvJ8AAGS: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... PTm58nSADKSAAGU: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... XELJl0T_TV3AAGQ: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... jS1a_DGcs-GAAGO: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... lIM1VPTDqO4AAGR: 1 Time(s) /socket.io/?noteId=6ruxOOlTQnmXxivdZLqRqw& ... rC9MqltIi4QAAGM: 1 Time(s) /socket.io/?noteId=LdW0m7lCSQGo6FSrTd23Ag& ... 7ZTmJrPmFGOAAGV: 1 Time(s) /socket.io/?noteId=LdW0m7lCSQGo6FSrTd23Ag& ... dy3ypEUJDLvAAGW: 1 Time(s) /socket.io/?noteId=PiTR8IfESdq38mhcyRBXHQ& ... PZmXJysIqBCAAGk: 1 Time(s) /socket.io/?noteId=PiTR8IfESdq38mhcyRBXHQ& ... fFegOgiMMLjAAGi: 1 Time(s) /socket.io/?noteId=PiTR8IfESdq38mhcyRBXHQ& ... jm-vJ4-MUC1AAGj: 1 Time(s) /socket.io/?noteId=sjm1ThKESAW4OTPKptLASA& ... Btc1jrZnCYiAAGd: 1 Time(s) /socket.io/?noteId=sjm1ThKESAW4OTPKptLASA& ... bITvznPoln1AAGZ: 1 Time(s) /socket.io/?noteId=sjm1ThKESAW4OTPKptLASA& ... gwEtyE6oIx-AAGa: 1 Time(s) /socket.io/?noteId=sjm1ThKESAW4OTPKptLASA& ... oG5sypXrokOAAGb: 1 Time(s) /socket.io/?noteId=sjm1ThKESAW4OTPKptLASA& ... yASnHDFwAQWAAGg: 1 Time(s) /socket.io/?noteId=sjm1ThKESAW4OTPKptLASA& ... yhcXQzuB6kpAAGY: 1 Time(s) 500 Internal Server Error /: 45 Time(s) /favicon.ico: 6 Time(s) /.env: 5 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /robots.txt: 2 Time(s) /server-version.txt: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /console/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /login: 1 Time(s) /manager/html: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) /wp-includes/fox-index.php: 1 Time(s) /wp-includes/lfx.php: 1 Time(s) /wp-login.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (159.65.11.227): 258 Time(s) root (49.233.44.150): 38 Time(s) root (202.152.33.132): 36 Time(s) root (82.156.110.55): 36 Time(s) root (119.96.173.87): 35 Time(s) root (178.62.123.167): 35 Time(s) root (cpe-76-176-69-186.san.res.rr.com): 34 Time(s) root (139.198.121.86): 33 Time(s) root (42.192.125.230): 31 Time(s) unknown (195.54.166.135): 31 Time(s) root (202.165.25.137): 27 Time(s) root (61.190.13.219): 27 Time(s) root (148.70.241.56): 25 Time(s) root (109.227.63.3): 21 Time(s) root (113.215.181.54): 21 Time(s) root (139.198.174.152): 19 Time(s) root (host-79-8-65-109.business.telecomitalia.it): 18 Time(s) root (199.19.225.198): 16 Time(s) root (1.15.86.33): 15 Time(s) root (119.84.128.24): 15 Time(s) root (165.22.70.203): 15 Time(s) unknown (cpe-76-176-69-186.san.res.rr.com): 15 Time(s) unknown (139.198.121.86): 14 Time(s) unknown (178.62.123.167): 14 Time(s) unknown (199.19.225.198): 14 Time(s) unknown (202.152.33.132): 14 Time(s) unknown (61.190.13.219): 14 Time(s) unknown (82.156.110.55): 14 Time(s) root (52.191.166.171): 13 Time(s) unknown (176.111.173.237): 13 Time(s) unknown (49.233.44.150): 12 Time(s) root (119.147.184.22): 11 Time(s) unknown (148.70.241.56): 11 Time(s) unknown (42.192.125.230): 9 Time(s) root (122.51.52.154): 8 Time(s) unknown (119.84.128.24): 8 Time(s) unknown (52.191.166.171): 8 Time(s) unknown (113.215.181.54): 7 Time(s) unknown (165.22.70.203): 7 Time(s) unknown (202.165.25.137): 7 Time(s) unknown (96.56.221.138): 7 Time(s) unknown (host-79-8-65-109.business.telecomitalia.it): 7 Time(s) root (ip-198-12-255-244.ip.secureserver.net): 6 Time(s) unknown (109.227.63.3): 6 Time(s) unknown (119.96.173.87): 6 Time(s) unknown (122.51.52.154): 6 Time(s) unknown (141.98.10.81): 6 Time(s) unknown (2.56.59.39): 6 Time(s) unknown (1.15.86.33): 5 Time(s) root (176.111.173.237): 4 Time(s) root (195.54.166.135): 4 Time(s) root (58.58.133.130): 4 Time(s) root (96.56.221.138): 4 Time(s) unknown (119.147.184.22): 4 Time(s) unknown (139.198.174.152): 4 Time(s) unknown (141.98.10.142): 4 Time(s) unknown (117.7.122.163): 3 Time(s) unknown (45.135.232.159): 3 Time(s) unknown (ip-198-12-255-244.ip.secureserver.net): 3 Time(s) root (94.232.46.202): 2 Time(s) unknown (110.136.232.7): 2 Time(s) unknown (116.105.217.33): 2 Time(s) unknown (125.187.24.45): 2 Time(s) unknown (141.98.10.121): 2 Time(s) unknown (173-31-179-82.client.mchsi.com): 2 Time(s) unknown (37.0.10.28): 2 Time(s) unknown (p57902cec.dip0.t-ipconnect.de): 2 Time(s) mysql (176.111.173.237): 1 Time(s) root (116.105.217.33): 1 Time(s) root (39.98.41.130): 1 Time(s) root (45.88.137.100): 1 Time(s) unknown (047-042-016-247.res.spectrum.com): 1 Time(s) unknown (116.110.121.105): 1 Time(s) unknown (141.98.10.63): 1 Time(s) unknown (171.227.217.229): 1 Time(s) unknown (45.153.160.135): 1 Time(s) unknown (81.69.190.192): 1 Time(s) unknown (82.221.128.191): 1 Time(s) Invalid Users: Unknown Account: 303 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 50 Miscellaneous warnings 12.279K Bytes accepted 12,574 12.279K Bytes sent via SMTP 12,574 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 200 Connections 56 Connections lost (inbound) 200 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.15.86.33: 15 times 39.98.41.130: 1 time 42.192.125.230: 31 times 45.88.137.100: 1 time 49.233.44.150: 38 times 52.191.166.171: 13 times 58.58.133.130: 4 times 61.190.13.219: 27 times 76.176.69.186 (cpe-76-176-69-186.san.res.rr.com): 34 times 79.8.65.109 (host-79-8-65-109.business.telecomitalia.it): 18 times 82.156.110.55: 36 times 94.232.46.202: 2 times 96.56.221.138 (ool-6038dd8a.static.optonline.net): 4 times 109.227.63.3 (srv-109-227-63-3.static.a1.hr): 21 times 113.215.181.54: 21 times 116.105.217.33: 1 time 119.84.128.24: 15 times 119.96.173.87: 35 times 119.147.184.22: 11 times 122.51.52.154: 8 times 139.198.121.86: 33 times 139.198.174.152: 19 times 148.70.241.56: 25 times 159.65.11.227: 258 times 165.22.70.203: 15 times 176.111.173.237: 5 times 178.62.123.167: 35 times 195.54.166.135: 4 times 198.12.255.244 (ip-198-12-255-244.ip.secureserver.net): 6 times 199.19.225.198 (smtp1.roopknits.com): 16 times 202.152.33.132: 36 times 202.165.25.137: 27 times Illegal users from: 2001:470:1:c84::24: 1 time undef: 198 times 1.15.86.33: 5 times 2.56.59.39 (branewsinfos.ddns.net): 6 times 37.0.10.28 (aggiornamento.xyz): 2 times 42.192.125.230: 9 times 45.135.232.159: 3 times 45.153.160.135: 1 time 47.42.16.247 (047-042-016-247.res.spectrum.com): 1 time 49.233.44.150: 12 times 52.191.166.171: 8 times 61.190.13.219: 14 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 76.176.69.186 (cpe-76-176-69-186.san.res.rr.com): 15 times 79.8.65.109 (host-79-8-65-109.business.telecomitalia.it): 7 times 81.69.190.192: 1 time 82.156.110.55: 14 times 82.221.128.191: 1 time 87.144.44.236 (p57902cec.dip0.t-ipconnect.de): 2 times 96.56.221.138 (ool-6038dd8a.static.optonline.net): 7 times 109.227.63.3 (srv-109-227-63-3.static.a1.hr): 6 times 110.136.232.7: 2 times 113.215.181.54: 7 times 116.105.217.33: 2 times 116.110.121.105: 1 time 117.7.122.163 (localhost): 3 times 119.84.128.24: 8 times 119.96.173.87: 6 times 119.147.184.22: 4 times 122.51.52.154: 6 times 125.187.24.45: 2 times 139.198.121.86: 14 times 139.198.174.152: 4 times 141.98.10.63: 1 time 141.98.10.81: 6 times 141.98.10.121: 2 times 141.98.10.142 (rectum-bounders.oinkhow.net): 4 times 148.70.241.56: 11 times 165.22.70.203: 7 times 171.227.217.229 (dynamic-ip-adsl.viettel.vn): 1 time 173.31.179.82 (173-31-179-82.client.mchsi.com): 2 times 176.111.173.237: 13 times 178.62.123.167: 14 times 195.54.166.135: 31 times 198.12.255.244 (ip-198-12-255-244.ip.secureserver.net): 3 times 199.19.225.198 (smtp1.roopknits.com): 14 times 202.152.33.132: 14 times 202.165.25.137: 7 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################