################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Jan 16 04:42:04 2022 Date Range Processed: yesterday ( 2022-Jan-15 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 8:8 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 222.186.59.201 -> zapf.wiki:443: 2 Time(s) A total of 10 sites probed the server 106.75.223.168 125.64.94.221 146.0.72.136 157.245.110.33 161.35.151.45 178.62.110.22 193.37.255.114 222.186.59.201 34.77.162.6 61.53.52.64 Requests with error response codes 400 Bad Request null: 18 Time(s) /: 2 Time(s) mstshash=Domain: 2 Time(s) zapf.wiki:443: 2 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) \x00\x00\x00\x00: 1 Time(s) \x5Cxbf\x5Cx02\x5Cx00\x5Cx88\x5Cx13\x5Cx00 ... \x5Cx9e\x5Cx16E: 1 Time(s) _\x9D\x84rk\xD6\x99\x85\x82\xC1\xF6\x1DB\x ... x09\xC0\x13\xC0: 1 Time(s) anonymous: 1 Time(s) default.asp: 1 Time(s) 499 (undefined) /build/260ef443edb4dfd026d82e2b21a4c75c.woff: 1 Time(s) /build/MathJax/jax/output/HTML-CSS/jax.js?V=2.7.8: 1 Time(s) /build/af7ae505a9eed503f8b8e6982036873e.woff2: 1 Time(s) /build/cover-styles-pack.fef3ca2736298be630a4.css: 1 Time(s) /build/cover.fef3ca2736298be630a4.css: 1 Time(s) 500 Internal Server Error /: 37 Time(s) /robots.txt: 4 Time(s) /.env: 3 Time(s) /.well-known/security.txt: 2 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /favicon.ico: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /HNAP1: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /berlin: 1 Time(s) /console/: 1 Time(s) /evox/about: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /nmaplowercheck1642204533: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /sdk: 1 Time(s) /sitemap.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (106.13.74.61): 30 Time(s) root (195.9.221.218): 30 Time(s) root (206.189.145.18): 30 Time(s) root (37.139.24.190): 30 Time(s) root (41.215.138.42): 30 Time(s) root (89-97-218-142.ip19.fastwebnet.it): 30 Time(s) root (guaranteed.dev): 30 Time(s) root (1.117.155.198): 26 Time(s) root (49.247.198.162): 21 Time(s) root (175.213.182.152): 20 Time(s) root (42.248.78.142): 15 Time(s) root (104.248.160.14): 7 Time(s) root (36.110.114.42): 7 Time(s) root (125.122.203.15): 6 Time(s) root (139.198.179.86): 6 Time(s) unknown (176.111.173.226): 3 Time(s) unknown (176-189-237-70.abo.bbox.fr): 2 Time(s) unknown (199.195.253.100): 2 Time(s) unknown (2.57.121.35): 2 Time(s) unknown (220.74.0.120): 2 Time(s) root (103.25.36.194): 1 Time(s) root (103.26.40.145): 1 Time(s) root (103.3.58.53): 1 Time(s) root (122.194.229.65): 1 Time(s) root (175.126.73.16): 1 Time(s) root (179.124.36.196): 1 Time(s) root (203.128.242.166): 1 Time(s) root (210.74.11.97): 1 Time(s) root (221.195.1.201): 1 Time(s) root (223.112.196.122): 1 Time(s) root (43.154.24.83): 1 Time(s) root (45.88.137.253): 1 Time(s) root (61.177.172.174): 1 Time(s) root (77.81.151.203.sta.inet.co.th): 1 Time(s) root (mail.cdrossi.com): 1 Time(s) root (mbl-65-136-170.dsl.net.pk): 1 Time(s) root (mx1.ics.sn): 1 Time(s) unknown (116.105.216.128): 1 Time(s) unknown (wiebe.tor-exit.calyxinstitute.org): 1 Time(s) Invalid Users: Unknown Account: 13 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 Miscellaneous warnings 10.274K Bytes accepted 10,521 10.274K Bytes sent via SMTP 10,521 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 69 Connections 19 Connections lost (inbound) 69 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 1.117.155.198: 26 times 36.110.114.42 (42.114.110.36.static.bjtelecom.net): 7 times 37.139.24.190: 30 times 41.215.138.42: 30 times 42.248.78.142: 15 times 43.154.24.83: 1 time 45.88.137.253: 1 time 49.247.198.162: 21 times 58.65.136.170 (mbl-65-136-170.dsl.net.pk): 1 time 61.177.172.174: 2 times 89.97.218.142 (89-97-218-142.ip19.fastwebnet.it): 30 times 103.3.58.53: 1 time 103.25.36.194: 1 time 103.26.40.145 (103-26-40-145.static.hostcentral.net): 1 time 104.248.160.14: 7 times 106.13.74.61: 30 times 122.194.229.65: 3 times 125.122.203.15: 6 times 139.198.179.86: 6 times 159.65.67.31 (guaranteed.dev): 30 times 175.126.73.16: 1 time 175.213.182.152: 20 times 179.124.36.196 (196.36.124.179.static.sp2.alog.com.br): 1 time 195.9.221.218: 30 times 200.69.141.210 (mail.cdrossi.com): 1 time 203.128.242.166: 1 time 203.151.81.77 (77.81.151.203.sta.inet.co.th): 1 time 206.189.145.18: 30 times 210.74.11.97: 1 time 213.154.70.102 (mx1.ics.sn): 1 time 221.195.1.201: 1 time 223.112.196.122: 1 time Illegal users from: 2001:470:1:c84::22: 1 time undef: 12 times 2.57.121.35 (smtp35.kcmoa.com): 3 times 64.62.197.122: 1 time 116.105.216.128: 1 time 146.0.72.136: 1 time 162.247.74.74 (wiebe.tor-exit.calyxinstitute.org): 1 time 176.111.173.226: 3 times 176.189.237.70 (176-189-237-70.abo.bbox.fr): 2 times 199.195.253.100: 2 times 220.74.0.120: 2 times **Unmatched Entries** Protocol major versions differ for 125.64.94.145: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 2 time(s) Protocol major versions differ for 146.0.72.136: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s) Protocol major versions differ for 146.0.72.136: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s) Disconnecting: Change of username or service not allowed: (asher,ssh-connection) -> (ashish,ssh-connection) [preauth] : 1 time(s) fatal: Unable to negotiate a key exchange method [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (12.x,ssh-connection) -> (a,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (ashish,ssh-connection) -> (austin,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################