################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Mar 2 04:42:03 2024 Date Range Processed: yesterday ( 2024-Mar-01 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 47:47 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 10 sites probed the server 107.151.243.170 118.123.105.93 141.138.138.113 161.35.230.183 161.35.230.3 161.35.27.144 44.220.188.6 45.128.232.191 45.95.169.184 66.240.205.34 Requests with error response codes 400 Bad Request null: 12 Time(s) *: 3 Time(s) mstshash=Administr: 3 Time(s) &V\xE8\x09\xD9\x8B\xDF\x99y6: 1 Time(s) /index.htm: 1 Time(s) S9e: 1 Time(s) \x00\x00BBBB\xBA\x8C\xC1\xABDAAA: 1 Time(s) \x0B(6^\xB6\xFE1y\xDE\xDD\x1D8\xF0\x90\xCA ... x09\xC0\x13\xC0: 1 Time(s) \x84\xAB\xC3\x03g\x88-\xD2=\x1D\xA6\xA6\x9 ... D\xC0$\xC0(\xC0: 1 Time(s) \x92O<Hl\xFA\x93\xAD\x81\x08\x80\xDFO|\x07 ... x09\xC0\x13\xC0: 1 Time(s) \xA4\x1Bv\xD9\x8C\x8CH8\xAC_&e\xF1\xBF\xFB ... x09\xC0\x13\xC0: 1 Time(s) \xEF\xFB/\xC19: 1 Time(s) 404 Not Found //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //2020/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) 500 Internal Server Error /: 13 Time(s) /.env: 1 Time(s) /.git/config: 1 Time(s) /FD873AC4-CF86-4FED-84EC-4BD59C6F17A7: 1 Time(s) /aaaaaaaaaaaaaaaaaaaaaaaaaqr: 1 Time(s) /cgi-bin/authLogin.cgi: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /favicon.ico: 1 Time(s) /geoserver/web/: 1 Time(s) /version: 1 Time(s) /webui/: 1 Time(s) 502 Bad Gateway /vtiGK5IARbm3GZ2zBzrhRg/pdf: 2 Time(s) /4mAvBdYMS2CRIJl9MnI8fg/pdf: 1 Time(s) /7MJ3fYYeSt6NNHrCr2upag/pdf: 1 Time(s) /FCDj6VIwTKm8h8i9d5B8FQ/pdf: 1 Time(s) /HJQnJPlrQZiMJi9HvD0qWA/pdf: 1 Time(s) /IG3YmOkURiiNa4rKfiykew/pdf: 1 Time(s) /M4sGyaqdSDCsFaWr3kglLA/pdf: 1 Time(s) /PnihMtr6Qf6cWqyqSXRJ5g/pdf: 1 Time(s) /Vnd6SuvKQDuMm5PDeazkyQ/pdf: 1 Time(s) /WBpjrPU6QDmYns7aYwCn8A/pdf: 1 Time(s) /WimroIaXR5CXrvgv95elSQ/pdf: 1 Time(s) /qjKcGifjT1ane0HIWl4LtA/pdf: 1 Time(s) /v7DnD4hVQTudc73ZRJpAVA/pdf: 1 Time(s) /yeHvln1zT4KUBVio7cnVfg/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (159.89.95.203): 133 Time(s) root (218.92.0.28): 42 Time(s) root (218.92.0.52): 30 Time(s) root (218.92.0.53): 30 Time(s) root (218.92.0.45): 24 Time(s) root (218.92.0.51): 24 Time(s) root (218.92.0.33): 18 Time(s) root (218.92.0.26): 12 Time(s) root (218.92.0.47): 12 Time(s) root (218.92.0.59): 12 Time(s) unknown (85.209.11.254): 9 Time(s) root (80.94.92.29): 8 Time(s) root (85.209.11.254): 7 Time(s) root (c80-217-27-15.bredband.tele2.se): 7 Time(s) root (dslb-090-186-080-079.090.186.pools.vodafone-ip.de): 7 Time(s) unknown (85.209.11.27): 7 Time(s) root (118.123.1.199): 6 Time(s) root (218.92.0.40): 6 Time(s) root (218.92.0.43): 6 Time(s) root (218.92.0.55): 6 Time(s) root (c209-226.icpnet.pl): 6 Time(s) root (118.33.167.186): 5 Time(s) unknown (182.220.239.40): 5 Time(s) unknown (185.196.8.151): 4 Time(s) unknown (211.218.194.133): 4 Time(s) unknown (62.122.184.252): 4 Time(s) unknown (185.11.61.88): 3 Time(s) unknown (2.57.122.127): 3 Time(s) unknown (80.94.92.29): 2 Time(s) unknown (dynamic-077-004-021-143.77.4.pool.telefonica.de): 2 Time(s) unknown (host-78-150-54-63.as13285.net): 2 Time(s) root (182.220.239.40): 1 Time(s) root (194.169.175.35): 1 Time(s) root (194.169.175.36): 1 Time(s) unknown (175.206.96.66): 1 Time(s) unknown (212.70.149.150): 1 Time(s) uucp (194.169.175.36): 1 Time(s) Invalid Users: Unknown Account: 51 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 88 Connections 9 Connections lost (inbound) 88 Disconnections 1 Timeouts (inbound) 4 SMTP dialog errors 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** systemd-logind: New seat seat0.: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ SSHD Started: 2 Time(s) Disconnecting after too many authentication failures for user: root : 40 Time(s) Failed logins from: 80.94.92.29: 8 times 80.217.27.15 (c80-217-27-15.bredband.tele2.se): 7 times 85.209.11.254: 7 times 85.221.209.226 (c209-226.icpnet.pl): 6 times 90.186.80.79 (dslb-090-186-080-079.090.186.pools.vodafone-ip.de): 7 times 118.33.167.186: 6 times 118.123.1.199: 6 times 159.89.95.203 (remiscuba.com): 133 times 182.220.239.40: 1 time 194.169.175.35: 1 time 194.169.175.36: 2 times 218.92.0.26: 12 times 218.92.0.28: 42 times 218.92.0.33: 18 times 218.92.0.40: 6 times 218.92.0.43: 6 times 218.92.0.45: 24 times 218.92.0.47: 12 times 218.92.0.51: 24 times 218.92.0.52: 30 times 218.92.0.53: 30 times 218.92.0.55: 6 times 218.92.0.59: 12 times Illegal users from: undef: 27 times 2.57.122.127: 3 times 62.122.184.252: 4 times 64.62.197.214 (scan-43c.shadowserver.org): 1 time 77.4.21.143 (dynamic-077-004-021-143.77.4.pool.telefonica.de): 2 times 78.150.54.63 (host-78-150-54-63.as13285.net): 2 times 80.94.92.29: 2 times 85.209.11.27: 7 times 85.209.11.254: 9 times 175.206.96.66: 5 times 182.220.239.40: 6 times 185.11.61.88: 3 times 185.196.8.151: 4 times 211.218.194.133: 4 times 212.70.149.150: 1 time ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop59766p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################