################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Jan 6 04:42:04 2022 Date Range Processed: yesterday ( 2022-Jan-05 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 8:8 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 103.145.13.223 -> zapf.wiki:443: 2 Time(s) 180.95.231.97 -> zapf.wiki:443: 1 Time(s) 2.94.5.105 -> www.msftncsi.com:443: 130 Time(s) A total of 9 sites probed the server 103.156.91.51 139.59.44.109 178.62.192.166 193.169.253.168 193.169.254.151 200.73.112.67 23.250.19.242 45.33.65.249 54.37.163.160 Requests with error response codes 400 Bad Request www.msftncsi.com:443: 130 Time(s) null: 16 Time(s) mstshash=Domain: 4 Time(s) /: 3 Time(s) /phpmyadmin/scripts/setup.php: 3 Time(s) zapf.wiki:443: 3 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 2 Time(s) /.env: 1 Time(s) /.git/HEAD: 1 Time(s) /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: 1 Time(s) /Portal0000.htm: 1 Time(s) /home.jsp: 1 Time(s) mstshash=Administr: 1 Time(s) 404 Not Found //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) 500 Internal Server Error /: 32 Time(s) /.env: 5 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /ReportServer: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /bag2: 1 Time(s) /console/: 1 Time(s) /favicon.ico: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /login: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /robots.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (132.232.31.157): 39 Time(s) root (223.197.175.91): 38 Time(s) root (170.116.222.35.bc.googleusercontent.com): 35 Time(s) root (49.232.209.166): 34 Time(s) root (223.111.240.106): 33 Time(s) root (128.199.115.81): 27 Time(s) root (139.198.121.86): 22 Time(s) unknown (128.199.115.81): 20 Time(s) root (106.12.220.24): 15 Time(s) unknown (170.116.222.35.bc.googleusercontent.com): 15 Time(s) unknown (49.232.209.166): 15 Time(s) unknown (223.111.240.106): 14 Time(s) unknown (223.197.175.91): 12 Time(s) unknown (139.198.121.86): 11 Time(s) unknown (132.232.31.157): 9 Time(s) root (36.110.228.254): 7 Time(s) root (2.50.12.216): 6 Time(s) root (222.249.137.114): 6 Time(s) unknown (106.12.220.24): 5 Time(s) root (157.245.101.31): 4 Time(s) root (177-56-21-181.3g.claro.net.br): 4 Time(s) root (118.195.145.14): 3 Time(s) root (101.69.200.162): 2 Time(s) root (113.128.27.60): 2 Time(s) unknown (101.69.200.162): 2 Time(s) unknown (113.120.62.157): 2 Time(s) unknown (14-201-51-247.tpgi.com.au): 2 Time(s) unknown (91.120.148.240): 2 Time(s) unknown (91.86.28.92): 2 Time(s) unknown (c-107-4-233-157.hsd1.mn.comcast.net): 2 Time(s) unknown (h134-215-36-18.mtjltn.broadband.dynamic.tds.net): 2 Time(s) mysql (132.232.31.157): 1 Time(s) root (113.128.121.56): 1 Time(s) root (113.81.196.124): 1 Time(s) root (131.100.65.242): 1 Time(s) root (182.32.14.125): 1 Time(s) root (194.5.177.98): 1 Time(s) root (211.76.125.186): 1 Time(s) root (217.117.14.248): 1 Time(s) root (45.88.137.100): 1 Time(s) unknown (118.195.145.14): 1 Time(s) unknown (141.98.11.27): 1 Time(s) unknown (177-56-21-181.3g.claro.net.br): 1 Time(s) unknown (182.32.14.125): 1 Time(s) unknown (194.5.177.98): 1 Time(s) unknown (42.180.4.52): 1 Time(s) unknown (43.254.153.84): 1 Time(s) Invalid Users: Unknown Account: 122 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 14.778K Bytes accepted 15,133 14.778K Bytes sent via SMTP 15,133 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 2003 Connections 1906 Connections lost (inbound) 2003 Disconnections 1 Removed from queue 1 Sent via SMTP 1822 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 2.50.12.216: 6 times 35.222.116.170 (170.116.222.35.bc.googleusercontent.com): 35 times 36.110.228.254: 7 times 45.88.137.100: 1 time 49.232.209.166: 34 times 101.69.200.162: 2 times 106.12.220.24: 15 times 113.81.196.124: 1 time 113.128.27.60: 2 times 113.128.121.56: 1 time 118.195.145.14: 3 times 128.199.115.81 (128.199.162.143-newcopy): 27 times 131.100.65.242: 1 time 132.232.31.157: 40 times 139.198.121.86: 22 times 157.245.101.31: 4 times 177.56.21.181 (177-56-21-181.3g.claro.net.br): 4 times 182.32.14.125: 1 time 194.5.177.98: 1 time 211.76.125.186 (211-76-125-186.static.kbronet.com.tw): 1 time 217.117.14.248: 1 time 222.249.137.114: 6 times 223.111.240.106: 33 times 223.197.175.91 (223-197-175-91.static.imsbiz.com): 38 times Illegal users from: 2001:470:1:c84::11: 1 time undef: 93 times 14.201.51.247 (14-201-51-247.tpgi.com.au): 2 times 35.222.116.170 (170.116.222.35.bc.googleusercontent.com): 15 times 42.180.4.52: 1 time 43.254.153.84: 1 time 45.33.65.249 (45-33-65-249.ip.linodeusercontent.com): 1 time 45.141.84.10: 1 time 49.232.209.166: 15 times 64.62.197.152: 1 time 91.86.28.92: 2 times 91.120.148.240 (uph4gz1731.adsl.datanet.hu): 2 times 101.69.200.162: 2 times 106.12.220.24: 5 times 107.4.233.157 (c-107-4-233-157.hsd1.mn.comcast.net): 2 times 113.120.62.157: 2 times 118.195.145.14: 1 time 128.199.115.81 (128.199.162.143-newcopy): 20 times 132.232.31.157: 9 times 134.215.36.18 (h134-215-36-18.mtjltn.broadband.dynamic.tds.net): 2 times 139.198.121.86: 11 times 141.98.11.27 (knowledge.woinsta.com): 1 time 177.56.21.181 (177-56-21-181.3g.claro.net.br): 1 time 182.32.14.125: 1 time 194.5.177.98: 1 time 223.111.240.106: 14 times 223.197.175.91 (223-197-175-91.static.imsbiz.com): 12 times **Unmatched Entries** Protocol major versions differ for 45.33.65.249: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s) fatal: Unable to negotiate a key exchange method [preauth] : 1 time(s) Protocol major versions differ for 45.33.65.249: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s) Protocol major versions differ for 125.64.94.145: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################