################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Jul 10 04:42:05 2021 Date Range Processed: yesterday ( 2021-Jul-09 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [246:244] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 158.51.126.242 -> httpbin.org:443: 3 Time(s) 222.186.19.235 -> zapf.wiki:443: 2 Time(s) 45.81.234.96 -> 137.74.76.83:25565: 1 Time(s) A total of 9 sites probed the server 143.244.128.164 157.230.98.98 162.62.123.46 178.62.209.203 222.186.19.235 34.86.35.6 37.187.139.22 61.219.11.151 74.222.21.183 Requests with error response codes 400 Bad Request /: 30 Time(s) null: 9 Time(s) httpbin.org:443: 3 Time(s) zapf.wiki:443: 2 Time(s) /robots.txt: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 137.74.76.83:25565: 1 Time(s) 7: 1 Time(s) \xB1D3\x7F@\xCE\x93\xAB\xFD\x7F\xC9\xE2^8k ... x09\xC0\x14\xC0: 1 Time(s) mstshash=Administr: 1 Time(s) 404 Not Found /robots.txt: 112 Time(s) /download/zapfev_satzung.pdf: 4 Time(s) /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 3 Time(s) /reader/1994-wi-reader_hb94.pdf: 3 Time(s) /reader/1995-so-reader_ha95.pdf: 3 Time(s) /wp-login.php: 3 Time(s) /.well-known/security.txt: 2 Time(s) /security.txt: 2 Time(s) /DesktopModules/Admin/RadEditorProvider/DialogHandler.aspx: 1 Time(s) /Install/InstallWizard.aspx?__VIEWSTATE=: 1 Time(s) /app_master/telerik.web.ui.dialoghandler.aspx: 1 Time(s) /assets/ckfinder/core/connector/php/connector.php: 1 Time(s) /blog/: 1 Time(s) /protokolle/Protokoll_MV_FFM_21.11.2015.pdf: 1 Time(s) /providers/htmleditorproviders/telerik/tel ... loghandler.aspx: 1 Time(s) /resolutionen/sose14/reso_sose14_zusammenarbeitzapf-che.pdf: 1 Time(s) /resolutionen/wise15/WissZeitVG/Stellungnahme_WiSe15_: 1 Time(s) /vendor/phpunit/phpunit/LICENSE: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/: 1 Time(s) /verein%7C: 1 Time(s) /wordpress/wp-admin/: 1 Time(s) 500 Internal Server Error /: 43 Time(s) /.env: 12 Time(s) /drupal/node/4/: 6 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s) /.git/config: 2 Time(s) //wp-content/plugins/fancy-product-designe ... age-handler.php: 2 Time(s) /?XDEBUG_SESSION_START=phpstorm: 2 Time(s) /Autodiscover/Autodiscover.xml: 2 Time(s) /_ignition/execute-solution: 2 Time(s) /api/jsonws/invoke: 2 Time(s) /console/: 2 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s) /mifs/.;/services/LogService: 2 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s) /.json: 1 Time(s) //login_sid.lua: 1 Time(s) /actuator/health: 1 Time(s) /api/search?folderIds=0: 1 Time(s) /config.json: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /idx_config/: 1 Time(s) /info.php: 1 Time(s) /nginx.conf: 1 Time(s) /nginx_status: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s) /server-status: 1 Time(s) /status: 1 Time(s) /status%3E%3Cscript%3Ealert(31337)%3C%2Fscript%3E: 1 Time(s) /telescope/requests: 1 Time(s) /v2/_catalog: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (103.215.139.109): 70 Time(s) root (106.241.54.211): 70 Time(s) root (112.217.207.130): 70 Time(s) root (128.199.167.161): 70 Time(s) root (128.199.215.207): 70 Time(s) root (186.189.193.207): 70 Time(s) root (200.233.163.65): 70 Time(s) root (36.89.87.106): 70 Time(s) root (66.70.142.214): 70 Time(s) root (94.137.136.45): 70 Time(s) root (1.15.180.182): 69 Time(s) root (181.48.139.118): 68 Time(s) root (101.89.162.247): 56 Time(s) root (119.29.37.150): 56 Time(s) root (207.154.241.112): 56 Time(s) root (106.75.137.132): 50 Time(s) root (125.141.56.235): 50 Time(s) root (139.155.29.211): 50 Time(s) root (139.59.81.182): 50 Time(s) root (187.72.177.131): 50 Time(s) root (95.77.98.196): 50 Time(s) root (v118-27-105-35.3vd9.static.cnode.io): 50 Time(s) root (v160-251-10-150.5oqr.static.cnode.io): 50 Time(s) root (111.229.187.216): 49 Time(s) root (114.67.116.17): 49 Time(s) root (118.24.140.195): 49 Time(s) root (170.106.167.81): 49 Time(s) root (150.158.173.65): 47 Time(s) root (104.131.89.163): 46 Time(s) root (81.71.135.16): 46 Time(s) root (122.51.56.87): 45 Time(s) root (138.68.172.55): 45 Time(s) root (207.195.47.57): 43 Time(s) root (138.197.171.79): 42 Time(s) root (125.70.53.48): 40 Time(s) root (159.75.130.56): 40 Time(s) root (177.92.98.254): 40 Time(s) root (36.7.87.126): 39 Time(s) root (172.81.238.79): 37 Time(s) root (164.90.198.71): 35 Time(s) root (49.51.249.135): 35 Time(s) root (47.red-83-34-21.dynamicip.rima-tde.net): 33 Time(s) root (178.62.81.36): 31 Time(s) root (106.75.36.176): 30 Time(s) root (201.46.29.184): 29 Time(s) root (104.131.165.30): 26 Time(s) root (152.136.209.98): 26 Time(s) root (prod1.adisoftronics.net): 26 Time(s) root (119.29.180.74): 25 Time(s) unknown (190.210.182.179): 24 Time(s) root (42.194.198.68): 23 Time(s) unknown (111.229.89.117): 23 Time(s) unknown (45.146.166.238): 23 Time(s) unknown (140.143.222.87): 22 Time(s) unknown (150.158.167.245): 22 Time(s) unknown (106.54.97.249): 21 Time(s) unknown (128.199.90.55): 21 Time(s) unknown (106.51.85.93): 20 Time(s) unknown (119.45.29.99): 20 Time(s) unknown (134.175.225.91): 20 Time(s) unknown (121.5.213.241): 19 Time(s) unknown (149.28.64.139): 19 Time(s) unknown (165.227.203.57): 19 Time(s) unknown (42.193.111.154): 19 Time(s) unknown (81.71.83.218): 19 Time(s) root (221.226.48.102): 18 Time(s) root (42.192.128.191): 18 Time(s) root (42.192.235.102): 18 Time(s) unknown (119.29.193.73): 18 Time(s) unknown (141.98.10.203): 18 Time(s) unknown (188.166.211.7): 18 Time(s) unknown (81.68.149.42): 18 Time(s) root (1.15.71.226): 17 Time(s) root (52.184.91.79): 17 Time(s) unknown (121.5.59.109): 15 Time(s) unknown (37.18.100.23): 15 Time(s) unknown (118.89.241.54): 14 Time(s) unknown (152.136.155.192): 14 Time(s) root (106.54.97.249): 12 Time(s) unknown (121.5.26.106): 12 Time(s) unknown (45.40.254.107): 12 Time(s) root (118.89.241.54): 11 Time(s) root (119.45.29.99): 11 Time(s) root (159.89.152.129): 11 Time(s) unknown (106.12.107.61): 11 Time(s) unknown (107.189.3.151): 11 Time(s) root (118.25.182.61): 10 Time(s) root (81.71.83.218): 9 Time(s) unknown (122.166.155.243): 9 Time(s) unknown (141.98.10.29): 9 Time(s) unknown (203.130.255.2): 9 Time(s) unknown (42.192.10.106): 9 Time(s) root (128.199.90.55): 8 Time(s) root (165.227.203.57): 8 Time(s) root (203.130.255.2): 8 Time(s) root (81.68.149.42): 8 Time(s) unknown (118.25.182.61): 8 Time(s) root (188.166.211.7): 7 Time(s) root (45.112.242.24): 7 Time(s) root (115.159.76.52): 6 Time(s) root (150.158.167.245): 6 Time(s) root (42.193.111.154): 6 Time(s) root (45.40.254.107): 6 Time(s) unknown (141.98.10.179): 6 Time(s) unknown (205.185.125.109): 6 Time(s) root (111.229.89.117): 5 Time(s) root (119.29.193.73): 5 Time(s) root (121.5.59.109): 5 Time(s) root (152.136.155.192): 5 Time(s) root (190.210.182.179): 5 Time(s) root (45.146.166.238): 5 Time(s) root (host81-130-226-43.in-addr.btopenworld.com): 5 Time(s) unknown (119.45.156.70): 5 Time(s) unknown (183.129.163.142): 5 Time(s) root (119.45.156.70): 4 Time(s) root (121.5.213.241): 4 Time(s) root (122.51.110.248): 4 Time(s) root (134.175.225.91): 4 Time(s) root (183.162.245.134): 4 Time(s) root (37.18.100.23): 4 Time(s) unknown (199.195.248.154): 4 Time(s) root (106.12.107.61): 3 Time(s) root (106.51.85.93): 3 Time(s) root (140.143.222.87): 3 Time(s) root (181.214.243.18): 3 Time(s) root (183.129.163.142): 3 Time(s) root (42.192.10.106): 3 Time(s) root (81.70.96.157): 3 Time(s) unknown (104.236.42.124): 3 Time(s) unknown (205.185.127.25): 3 Time(s) unknown (45.135.232.165): 3 Time(s) unknown (45.146.165.72): 3 Time(s) postgres (118.89.241.54): 2 Time(s) root (121.5.26.106): 2 Time(s) root (149.28.64.139): 2 Time(s) unknown (175.196.61.1): 2 Time(s) unknown (187.228.191.170): 2 Time(s) unknown (195.133.40.104): 2 Time(s) unknown (5400d8c3.dsl.pool.telekom.hu): 2 Time(s) unknown (ip4d1587ef.dynamic.kabel-deutschland.de): 2 Time(s) backup (152.136.155.192): 1 Time(s) mail (106.54.97.249): 1 Time(s) mysql (118.89.241.54): 1 Time(s) mysql (119.45.29.99): 1 Time(s) mysql (121.5.26.106): 1 Time(s) mysql (81.71.83.218): 1 Time(s) postgres (106.51.85.93): 1 Time(s) postgres (121.5.26.106): 1 Time(s) postgres (121.5.59.109): 1 Time(s) postgres (122.166.155.243): 1 Time(s) postgres (188.166.211.7): 1 Time(s) root (1.116.177.88): 1 Time(s) root (1.15.138.45): 1 Time(s) root (106.13.186.176): 1 Time(s) root (107.189.3.151): 1 Time(s) root (122.166.155.243): 1 Time(s) root (132.232.230.220): 1 Time(s) root (139.129.116.237): 1 Time(s) root (139.198.21.17): 1 Time(s) root (150.158.182.49): 1 Time(s) root (167.99.96.114): 1 Time(s) root (170.245.200.100): 1 Time(s) root (176.111.173.156): 1 Time(s) root (183.47.14.74): 1 Time(s) root (52.163.118.137): 1 Time(s) root (52.163.53.174): 1 Time(s) root (62.28.217.62): 1 Time(s) root (81.161.63.100): 1 Time(s) root (81.69.240.188): 1 Time(s) root (91.149.225.131): 1 Time(s) root (95.180.102.154): 1 Time(s) root (bl12-228-187.dsl.telepac.pt): 1 Time(s) root (fixed-187-188-206-106.totalplay.net): 1 Time(s) root (mail.yc1zt.id): 1 Time(s) root (tor-exit-relay-2.anonymizing-proxy.digitalcourage.de): 1 Time(s) unknown (1.116.245.146): 1 Time(s) unknown (176.111.173.156): 1 Time(s) unknown (177.92.98.254): 1 Time(s) unknown (181.48.139.118): 1 Time(s) unknown (183.162.245.134): 1 Time(s) unknown (195.133.40.46): 1 Time(s) unknown (58.33.160.139): 1 Time(s) unknown (77.81.151.203.sta.inet.co.th): 1 Time(s) unknown (host81-130-226-43.in-addr.btopenworld.com): 1 Time(s) www-data (119.29.193.73): 1 Time(s) www-data (121.5.213.241): 1 Time(s) www-data (128.199.90.55): 1 Time(s) www-data (81.71.83.218): 1 Time(s) Invalid Users: Unknown Account: 588 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 Miscellaneous warnings 24.200K Bytes accepted 24,781 24.200K Bytes sent via SMTP 24,781 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 5 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 5 Total 4xx Rejects 100.00% ======== ================================================== 744 Connections 615 Connections lost (inbound) 744 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Timeouts (inbound) 2 SMTP dialog errors 50 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.15.71.226: 17 times 1.15.138.45: 1 time 1.15.180.182: 69 times 1.116.177.88: 1 time 36.7.87.126: 39 times 36.89.87.106: 70 times 37.18.100.23: 4 times 42.192.10.106: 3 times 42.192.128.191: 18 times 42.192.235.102: 18 times 42.193.111.154: 6 times 42.194.198.68: 23 times 45.40.254.107: 6 times 45.112.242.24: 7 times 45.146.166.238: 5 times 49.51.249.135: 35 times 52.163.53.174: 1 time 52.163.118.137: 1 time 52.184.91.79: 17 times 62.28.217.62: 1 time 66.70.142.214: 70 times 81.68.149.42: 8 times 81.69.240.188: 1 time 81.70.96.157: 3 times 81.71.83.218: 11 times 81.71.135.16: 46 times 81.130.226.43 (host81-130-226-43.in-addr.btopenworld.com): 5 times 81.161.63.100: 1 time 83.34.21.47 (47.red-83-34-21.dynamicip.rima-tde.net): 33 times 85.245.228.187 (bl12-228-187.dsl.telepac.pt): 1 time 91.149.225.131 (tor-exit-node.miao.pt): 1 time 94.137.136.45: 70 times 95.77.98.196 (2ip-hotelcapitol-victoriei29-fo.b.astral.ro): 50 times 95.180.102.154: 1 time 101.89.162.247: 56 times 103.49.228.234 (mail.yc1zt.id): 1 time 103.215.139.109: 70 times 103.248.33.51 (prod1.adisoftronics.net): 26 times 104.131.89.163: 46 times 104.131.165.30 (mobile-dev.secondsiren.com): 26 times 106.12.107.61: 3 times 106.13.186.176: 1 time 106.51.85.93 (broadband.actcorp.in): 4 times 106.54.97.249: 13 times 106.75.36.176: 30 times 106.75.137.132: 50 times 106.241.54.211: 70 times 107.189.3.151: 1 time 111.229.89.117: 5 times 111.229.187.216: 49 times 112.217.207.130: 70 times 114.67.116.17: 49 times 115.159.76.52: 6 times 118.24.140.195: 49 times 118.25.182.61: 10 times 118.27.105.35 (v118-27-105-35.3vd9.static.cnode.io): 50 times 118.89.241.54: 14 times 119.29.37.150: 56 times 119.29.180.74: 25 times 119.29.193.73: 6 times 119.45.29.99: 12 times 119.45.156.70: 4 times 121.5.26.106: 4 times 121.5.59.109: 6 times 121.5.213.241: 5 times 122.51.56.87: 45 times 122.51.110.248: 4 times 122.166.155.243 (abts-kk-static-243.155.166.122.airtelbroadband.in): 2 times 125.70.53.48 (48.53.70.125.broad.cd.sc.dynamic.163data.com.cn): 40 times 125.141.56.235: 50 times 128.199.90.55: 9 times 128.199.167.161: 70 times 128.199.215.207: 70 times 132.232.230.220: 1 time 134.175.225.91: 4 times 138.68.172.55: 45 times 138.197.171.79: 42 times 139.59.81.182: 50 times 139.129.116.237: 1 time 139.155.29.211: 50 times 139.198.21.17: 1 time 140.143.222.87: 3 times 149.28.64.139 (149.28.64.139.vultr.com): 2 times 150.158.167.245: 6 times 150.158.173.65: 47 times 150.158.182.49: 1 time 152.136.155.192: 6 times 152.136.209.98: 26 times 159.75.130.56: 40 times 159.89.152.129: 11 times 160.251.10.150 (v160-251-10-150.5oqr.static.cnode.io): 50 times 164.90.198.71: 35 times 165.227.203.57: 8 times 167.99.96.114: 1 time 170.106.167.81: 49 times 170.245.200.100 (170-245-200-100.redesiminternet.com.br): 1 time 172.81.238.79: 37 times 176.111.173.156: 1 time 177.92.98.254 (177-92-98-254.regusnet.com): 40 times 178.62.81.36: 31 times 181.48.139.118: 68 times 181.214.243.18: 3 times 183.47.14.74: 1 time 183.129.163.142: 3 times 183.162.245.134: 4 times 185.220.102.248 (tor-exit-relay-2.anonymizing-proxy.digitalcourage.de): 1 time 186.189.193.207: 70 times 187.72.177.131 (abinee.org.br): 50 times 187.188.206.106 (fixed-187-188-206-106.totalplay.net): 1 time 188.166.211.7: 8 times 190.210.182.179 (customer-static-210-182-179.iplannetworks.net): 5 times 200.233.163.65 (200-233-163-065.static.ctbctelecom.com.br): 70 times 201.46.29.184 (201.46.29.184.access.a85.com.br): 29 times 203.130.255.2: 8 times 207.154.241.112: 56 times 207.195.47.57 (207-195-47-57.estv.hsdb.sasknet.sk.ca): 43 times 221.226.48.102: 18 times Illegal users from: undef: 324 times 1.116.245.146: 1 time 37.18.100.23: 15 times 42.192.10.106: 9 times 42.193.111.154: 19 times 45.40.254.107: 12 times 45.135.232.165: 3 times 45.146.165.72: 3 times 45.146.166.238: 23 times 58.33.160.139 (139.160.33.58.broad.xw.sh.dynamic.163data.com.cn): 1 time 65.49.20.68 (scan-19.shadowserver.org): 1 time 77.21.135.239 (ip4d1587ef.dynamic.kabel-deutschland.de): 2 times 81.68.149.42: 18 times 81.71.83.218: 19 times 81.130.226.43 (host81-130-226-43.in-addr.btopenworld.com): 1 time 84.0.216.195 (5400D8C3.dsl.pool.telekom.hu): 2 times 104.236.42.124: 3 times 106.12.107.61: 11 times 106.51.85.93 (broadband.actcorp.in): 20 times 106.54.97.249: 21 times 107.189.3.151: 11 times 111.229.89.117: 23 times 118.25.182.61: 8 times 118.89.241.54: 14 times 119.29.193.73: 18 times 119.45.29.99: 20 times 119.45.156.70: 5 times 121.5.26.106: 12 times 121.5.59.109: 15 times 121.5.213.241: 19 times 122.166.155.243 (abts-kk-static-243.155.166.122.airtelbroadband.in): 9 times 128.199.90.55: 21 times 134.175.225.91: 20 times 140.143.222.87: 22 times 141.98.10.29: 9 times 141.98.10.179 (er.includeswitche.com): 6 times 141.98.10.203: 18 times 149.28.64.139 (149.28.64.139.vultr.com): 19 times 150.158.167.245: 22 times 152.136.155.192: 14 times 165.227.203.57: 19 times 175.196.61.1: 2 times 176.111.173.156: 1 time 177.92.98.254 (177-92-98-254.regusnet.com): 1 time 181.48.139.118: 1 time 183.129.163.142: 5 times 183.162.245.134: 1 time 187.228.191.170 (dsl-187-228-191-170-dyn.prod-infinitum.com.mx): 2 times 188.166.211.7: 18 times 190.210.182.179 (customer-static-210-182-179.iplannetworks.net): 24 times 195.133.40.46: 1 time 195.133.40.104: 2 times 199.195.248.154: 4 times 203.130.255.2: 9 times 203.151.81.77 (77.81.151.203.sta.inet.co.th): 1 time 205.185.125.109: 6 times 205.185.127.25 (serveroperations.com): 3 times **Unmatched Entries** fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 2 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################