################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Nov 7 04:42:04 2021 Date Range Processed: yesterday ( 2021-Nov-06 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 27:27 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 222.186.19.235 -> zapf.wiki:443: 1 Time(s) A total of 13 sites probed the server 142.93.210.126 165.227.12.150 165.227.2.207 165.227.45.197 167.99.64.66 172.104.131.24 178.239.21.102 222.186.19.235 23.224.189.13 27.115.124.99 40.76.56.186 49.89.62.141 93.174.95.106 Requests with error response codes 400 Bad Request null: 22 Time(s) /ab2g: 7 Time(s) /ab2h: 7 Time(s) /: 4 Time(s) mstshash=Administr: 4 Time(s) *: 2 Time(s) /3000D00E0000FFFF3F00313137443737313436343 ... 000000000000000: 2 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /config/getuser?index=0: 2 Time(s) /.env: 1 Time(s) /10102720: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) \x03V\xF39p\xD9g\xB6\xFBQ\xC2\x03|\x19\xC9 ... x09\xC0\x14\xC0: 1 Time(s) http://ipinfo.io: 1 Time(s) zapf.wiki:443: 1 Time(s) 404 Not Found /404: 1 Time(s) 499 (undefined) /socket.io/?noteId=cdZDOUK6SMuuOAgcE8hemA& ... lling&t=NpoSr35: 1 Time(s) 500 Internal Server Error /: 55 Time(s) /.env: 7 Time(s) /robots.txt: 4 Time(s) /favicon.ico: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /sitemap.xml: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s) //a2billing/customer/templates/default/footer.tpl: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /Telerik.Web.UI.WebResource.axd?type=rau: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /console/: 1 Time(s) /dns-query?dns=ORkBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE: 1 Time(s) /dns-query?dns=tBQBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /remote/login: 1 Time(s) /webadmin/Index.action: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (82.156.120.226): 39 Time(s) root (82.156.53.141): 38 Time(s) unknown (52.169.122.231): 37 Time(s) root (103.146.30.114): 36 Time(s) root (121.4.116.241): 35 Time(s) root (125.141.139.29): 35 Time(s) root (134.209.239.241): 35 Time(s) root (106.53.110.236): 33 Time(s) root (ppp-vpdn-93.158.229.62.yarnet.ru): 33 Time(s) root (218.234.149.18): 32 Time(s) root (net-31-27-105-102.cust.vodafonedsl.it): 31 Time(s) root (42.193.137.220): 29 Time(s) root (121.4.70.7): 28 Time(s) root (1.215.195.10): 27 Time(s) root (117.158.107.107): 22 Time(s) root (43.129.221.217): 22 Time(s) root (115.231.73.154): 21 Time(s) unknown (42.193.137.220): 19 Time(s) unknown (net-31-27-105-102.cust.vodafonedsl.it): 19 Time(s) root (1.119.131.102): 17 Time(s) unknown (ppp-vpdn-93.158.229.62.yarnet.ru): 17 Time(s) unknown (218.234.149.18): 16 Time(s) unknown (121.4.116.241): 15 Time(s) unknown (125.141.139.29): 15 Time(s) unknown (134.209.239.241): 15 Time(s) unknown (103.146.30.114): 14 Time(s) unknown (106.53.110.236): 14 Time(s) root (52.169.122.231): 12 Time(s) unknown (1.215.195.10): 12 Time(s) unknown (82.156.53.141): 12 Time(s) unknown (82.156.120.226): 11 Time(s) unknown (121.4.70.7): 10 Time(s) root (104.131.84.124): 8 Time(s) root (119.45.41.248): 8 Time(s) unknown (117.158.107.107): 8 Time(s) unknown (119.45.41.248): 7 Time(s) unknown (1.119.131.102): 6 Time(s) unknown (104.131.84.124): 6 Time(s) unknown (115.231.73.154): 6 Time(s) root (175.209.89.234): 5 Time(s) root (2.153.116.80.dyn.user.ono.com): 5 Time(s) unknown (43.129.221.217): 4 Time(s) root (202.153.134.34.bc.googleusercontent.com): 2 Time(s) root (90.red-83-42-60.dynamicip.rima-tde.net): 2 Time(s) unknown (097-097-177-058.res.spectrum.com): 2 Time(s) unknown (109-186-225-21.bb.netvision.net.il): 2 Time(s) unknown (141.98.10.121): 2 Time(s) unknown (141.98.10.60): 2 Time(s) unknown (141.98.10.81): 2 Time(s) unknown (175.209.89.234): 2 Time(s) unknown (176.111.173.237): 2 Time(s) unknown (202.153.134.34.bc.googleusercontent.com): 2 Time(s) unknown (211.114.38.236): 2 Time(s) unknown (221.163.103.143): 2 Time(s) unknown (69.49.228.198): 2 Time(s) unknown (90.red-83-42-60.dynamicip.rima-tde.net): 2 Time(s) unknown (c-24-218-231-49.hsd1.nh.comcast.net): 2 Time(s) unknown (p579b0b3b.dip0.t-ipconnect.de): 2 Time(s) bin (69.49.228.198): 1 Time(s) postfix (42.193.137.220): 1 Time(s) postgres (176.111.173.237): 1 Time(s) root (103.151.182.6): 1 Time(s) root (113.81.197.166): 1 Time(s) root (139.59.169.103): 1 Time(s) root (189.254.255.3): 1 Time(s) root (36.91.61.178): 1 Time(s) root (69.49.228.198): 1 Time(s) unknown (141.98.10.63): 1 Time(s) unknown (189.254.255.3): 1 Time(s) unknown (198.98.54.56): 1 Time(s) unknown (2.153.116.80.dyn.user.ono.com): 1 Time(s) unknown (211-22-65-18.hinet-ip.hinet.net): 1 Time(s) unknown (netcupde.tor-exit.de): 1 Time(s) unknown (tor-exit-nl1.privex.cc): 1 Time(s) Invalid Users: Unknown Account: 298 Time(s) Bad User: --: 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 12.552K Bytes accepted 12,853 12.552K Bytes sent via SMTP 12,853 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 184 Connections 52 Connections lost (inbound) 184 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.119.131.102: 17 times 1.215.195.10: 27 times 2.153.116.80 (2.153.116.80.dyn.user.ono.com): 5 times 31.27.105.102 (net-31-27-105-102.cust.vodafonedsl.it): 31 times 34.134.153.202 (202.153.134.34.bc.googleusercontent.com): 2 times 36.91.61.178: 1 time 42.193.137.220: 30 times 43.129.221.217: 22 times 52.169.122.231: 12 times 69.49.228.198 (69-49-228-198.unifiedlayer.com): 2 times 82.156.53.141: 38 times 82.156.120.226: 39 times 83.42.60.90 (90.red-83-42-60.dynamicip.rima-tde.net): 2 times 93.158.229.62 (ppp-vpdn-93.158.229.62.yarnet.ru): 33 times 103.146.30.114: 36 times 103.151.182.6 (ns1.bestcommunicatioon.net): 1 time 104.131.84.124: 8 times 106.53.110.236: 33 times 113.81.197.166: 1 time 115.231.73.154: 21 times 117.158.107.107: 22 times 119.45.41.248: 8 times 121.4.70.7: 28 times 121.4.116.241: 35 times 125.141.139.29: 35 times 134.209.239.241: 35 times 139.59.169.103: 1 time 175.209.89.234: 5 times 176.111.173.237: 1 time 189.254.255.3 (customer-189-254-255-3-sta.uninet-ide.com.mx): 1 time 218.234.149.18: 32 times Illegal users from: 2001:470:1:332::3: 1 time undef: 220 times 1.119.131.102: 6 times 1.215.195.10: 12 times 2.153.116.80 (2.153.116.80.dyn.user.ono.com): 1 time 24.218.231.49 (c-24-218-231-49.hsd1.nh.comcast.net): 2 times 31.27.105.102 (net-31-27-105-102.cust.vodafonedsl.it): 19 times 34.134.153.202 (202.153.134.34.bc.googleusercontent.com): 2 times 42.193.137.220: 19 times 43.129.221.217: 4 times 52.169.122.231: 38 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 69.49.228.198 (69-49-228-198.unifiedlayer.com): 2 times 82.156.53.141: 12 times 82.156.120.226: 11 times 83.42.60.90 (90.red-83-42-60.dynamicip.rima-tde.net): 2 times 87.155.11.59 (p579b0b3b.dip0.t-ipconnect.de): 2 times 91.132.147.168 (netcupDE.tor-exit.de): 1 time 93.158.229.62 (ppp-vpdn-93.158.229.62.yarnet.ru): 17 times 97.97.177.58 (097-097-177-058.res.spectrum.com): 2 times 103.146.30.114: 14 times 104.131.84.124: 6 times 106.53.110.236: 14 times 109.186.225.21 (109-186-225-21.bb.netvision.net.il): 2 times 115.231.73.154: 6 times 117.158.107.107: 8 times 119.45.41.248: 7 times 121.4.70.7: 10 times 121.4.116.241: 15 times 125.141.139.29: 15 times 134.209.239.241: 15 times 141.98.10.60: 2 times 141.98.10.63: 1 time 141.98.10.81: 2 times 141.98.10.121: 2 times 175.209.89.234: 2 times 176.111.173.237: 2 times 185.130.47.58 (tor-exit-nl1.privex.cc): 1 time 189.254.255.3 (customer-189-254-255-3-sta.uninet-ide.com.mx): 1 time 198.98.54.56: 1 time 211.22.65.18 (211-22-65-18.hinet-ip.hinet.net): 1 time 211.114.38.236: 2 times 218.234.149.18: 16 times 221.163.103.143: 2 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################