################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Nov 29 04:42:05 2021 Date Range Processed: yesterday ( 2021-Nov-28 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 63:62 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 89.248.165.52 -> 85.206.160.115:80: 1 Time(s) 89.248.165.52 -> hotmail-com.olc.protection.outlook.com:25: 1 Time(s) A total of 8 sites probed the server 103.156.91.51 161.35.230.183 172.106.16.74 185.142.236.40 185.162.235.164 64.227.99.233 66.240.205.34 89.248.165.52 Requests with error response codes 400 Bad Request null: 18 Time(s) mstshash=Domain: 4 Time(s) /: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s) mstshash=Administr: 3 Time(s) /bag2: 1 Time(s) /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s) /manager/text/list: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) 85.206.160.115:80: 1 Time(s) hotmail-com.olc.protection.outlook.com:25: 1 Time(s) 500 Internal Server Error /: 17 Time(s) /robots.txt: 4 Time(s) /.env: 3 Time(s) /favicon.ico: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) https://api.weaapi.com/w4s/app/home/index: 2 Time(s) /.DS_Store: 1 Time(s) /.well-known/security.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/productConfig: 1 Time(s) /console/: 1 Time(s) /idx_config/: 1 Time(s) /info.php: 1 Time(s) /manager/html: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /server-status: 1 Time(s) /sitemap.xml: 1 Time(s) /telescope/requests: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (heribay.intertoons.net): 146 Time(s) root (81.7.145.20): 40 Time(s) unknown (210.92.1.109.rev.sfr.net): 31 Time(s) root (221.213.129.46): 26 Time(s) root (189.85.145.113): 20 Time(s) root (68.183.189.177): 20 Time(s) unknown (38.143.137.18): 18 Time(s) root (122.51.220.15): 17 Time(s) root (143.244.136.52): 17 Time(s) root (157.230.230.126): 17 Time(s) root (121.224.96.60): 14 Time(s) root (rrcs-70-62-137-84.central.biz.rr.com): 13 Time(s) unknown (141.98.10.82): 12 Time(s) unknown (221.213.129.46): 12 Time(s) unknown (49.234.41.154): 10 Time(s) unknown (81.7.145.20): 10 Time(s) root (209.141.42.129): 9 Time(s) root (49.234.41.154): 9 Time(s) unknown (157.230.230.126): 9 Time(s) unknown (141.98.10.60): 8 Time(s) unknown (143.244.136.52): 8 Time(s) unknown (189.85.145.113): 8 Time(s) unknown (68.183.189.177): 8 Time(s) root (94.232.46.202): 7 Time(s) unknown (164.92.242.54): 7 Time(s) unknown (176.111.173.238): 7 Time(s) root (167.71.12.34): 6 Time(s) root (210.92.1.109.rev.sfr.net): 6 Time(s) root (222.187.237.11): 6 Time(s) unknown (122.51.220.15): 6 Time(s) unknown (167.71.11.216): 6 Time(s) unknown (rrcs-70-62-137-84.central.biz.rr.com): 6 Time(s) unknown (164.92.242.51): 5 Time(s) unknown (209.141.42.129): 5 Time(s) root (103.97.201.5): 4 Time(s) root (141.98.10.246): 4 Time(s) root (176.111.173.238): 4 Time(s) root (38.143.137.18): 4 Time(s) unknown (141.98.10.246): 4 Time(s) unknown (209.141.52.25): 4 Time(s) root (209.141.62.233): 3 Time(s) unknown (1.14.72.164): 3 Time(s) unknown (106.12.202.192): 3 Time(s) unknown (141.98.10.179): 3 Time(s) unknown (176.111.173.237): 3 Time(s) unknown (209.141.53.74): 3 Time(s) unknown (211-22-65-18.hinet-ip.hinet.net): 3 Time(s) unknown (smtp4.achtungumbedingt.de): 3 Time(s) root (36.110.228.254): 2 Time(s) unknown (141.98.10.63): 2 Time(s) unknown (164.92.242.36): 2 Time(s) unknown (167.71.2.44): 2 Time(s) unknown (176-141-138-17.abo.bbox.fr): 2 Time(s) unknown (181.188.187.61): 2 Time(s) unknown (205.185.115.39): 2 Time(s) unknown (209.141.33.121): 2 Time(s) unknown (209.141.34.220): 2 Time(s) unknown (209.141.47.245): 2 Time(s) unknown (212.192.241.124): 2 Time(s) unknown (212.192.241.37): 2 Time(s) unknown (23.183.81.249): 2 Time(s) unknown (23.183.81.54): 2 Time(s) unknown (23.183.82.180): 2 Time(s) unknown (67.205.138.198): 2 Time(s) unknown (83-238-211-180.static.ip.netia.com.pl): 2 Time(s) unknown (ssh01.goettert.net): 2 Time(s) postgres (176.111.173.237): 1 Time(s) postgres (81.7.145.20): 1 Time(s) root (106.12.202.192): 1 Time(s) root (116.105.217.54): 1 Time(s) root (154.8.226.52): 1 Time(s) root (67.205.138.198): 1 Time(s) root (ssh01.goettert.net): 1 Time(s) unknown (103.97.201.5): 1 Time(s) unknown (116.105.217.54): 1 Time(s) unknown (116.110.252.176): 1 Time(s) unknown (121.224.96.60): 1 Time(s) unknown (205.185.114.87): 1 Time(s) unknown (72.195.34.37): 1 Time(s) Invalid Users: Unknown Account: 245 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 Miscellaneous warnings 14.143K Bytes accepted 14,482 14.143K Bytes sent via SMTP 14,482 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 182 Connections 9 Connections lost (inbound) 182 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Timeouts (inbound) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 36.110.228.254: 2 times 38.143.137.18: 4 times 49.234.41.154: 9 times 67.205.138.198: 1 time 68.183.189.177: 20 times 70.62.137.84 (rrcs-70-62-137-84.central.biz.rr.com): 13 times 81.7.145.20: 41 times 94.232.46.202: 7 times 95.216.208.211 (ssh01.goettert.net): 1 time 103.97.201.5: 4 times 106.12.202.192: 1 time 109.1.92.210 (210.92.1.109.rev.sfr.net): 6 times 116.105.217.54: 1 time 121.224.96.60: 14 times 122.51.220.15: 17 times 141.98.10.246 (while-alerte.flightcrown.com): 4 times 143.110.179.115 (heribay.intertoons.net): 146 times 143.244.136.52: 17 times 154.8.226.52: 1 time 157.230.230.126: 17 times 167.71.12.34: 6 times 176.111.173.237: 1 time 176.111.173.238: 4 times 189.85.145.113 (acesso-145-113.persisinternet.com.br): 20 times 209.141.42.129: 9 times 209.141.62.233 (hhb8.cn): 3 times 221.213.129.46: 26 times 222.187.237.11: 6 times Illegal users from: 2001:470:1:c84::25: 1 time undef: 123 times 1.14.72.164: 3 times 23.183.81.54: 2 times 23.183.81.249: 2 times 23.183.82.180: 2 times 38.143.137.18: 18 times 49.234.41.154: 10 times 65.49.20.67 (scan-18.shadowserver.org): 1 time 67.205.138.198: 2 times 68.183.189.177: 8 times 70.62.137.84 (rrcs-70-62-137-84.central.biz.rr.com): 6 times 72.195.34.37: 1 time 81.7.145.20: 10 times 83.238.211.180 (83-238-211-180.static.ip.netia.com.pl): 2 times 95.216.208.211 (ssh01.goettert.net): 2 times 103.97.201.5: 1 time 106.12.202.192: 3 times 107.189.30.134 (smtp4.achtungumbedingt.de): 3 times 109.1.92.210 (210.92.1.109.rev.sfr.net): 31 times 116.105.217.54: 1 time 116.110.252.176: 1 time 121.224.96.60: 1 time 122.51.220.15: 6 times 141.98.10.60: 8 times 141.98.10.63: 2 times 141.98.10.82: 12 times 141.98.10.179 (er.includeswitche.com): 3 times 141.98.10.246 (while-alerte.flightcrown.com): 4 times 143.244.136.52: 8 times 154.89.5.78: 1 time 157.230.230.126: 9 times 164.92.242.36: 2 times 164.92.242.51: 5 times 164.92.242.54: 7 times 167.71.2.44: 2 times 167.71.11.216: 6 times 176.111.173.237: 3 times 176.111.173.238: 7 times 176.141.138.17 (176-141-138-17.abo.bbox.fr): 2 times 181.188.187.61 (LPZ-181-188-187-00061.tigo.bo): 2 times 189.85.145.113 (acesso-145-113.persisinternet.com.br): 8 times 205.185.114.87: 1 time 205.185.115.39 (mx.learnmorefun.org): 2 times 209.141.33.121: 2 times 209.141.34.220 (meshlv02.oxds.org): 2 times 209.141.42.129: 5 times 209.141.47.245: 2 times 209.141.52.25 (jsebean.com): 4 times 209.141.53.74: 3 times 211.22.65.18 (211-22-65-18.hinet-ip.hinet.net): 3 times 212.192.241.37: 2 times 212.192.241.124: 2 times 221.213.129.46: 12 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################