################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Feb 6 04:42:03 2024 Date Range Processed: yesterday ( 2024-Feb-05 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [118:120] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 9 sites probed the server 161.35.230.3 167.71.102.181 192.241.219.54 192.241.225.20 192.241.230.63 198.235.24.133 206.189.89.169 45.128.232.191 89.190.156.234 Requests with error response codes 400 Bad Request null: 10 Time(s) *: 4 Time(s) -\xBE}\x19|\x0C\xCA\x0FO\xCE0\x17\xD3JD\x1 ... 00=\x00\x16\xC0: 1 Time(s) /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 1 Time(s) ;\x10\xBF\xB3\x03\xD3\xE6}: 1 Time(s) Y\x02)2.\x5Ci\xD4:%1\x8C\x90O\xC8\x04\x90\xE3\x83\x88!\x9E: 1 Time(s) mstshash=Administr: 1 Time(s) 500 Internal Server Error /: 13 Time(s) /.git/config: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Public/home/js/check.js: 1 Time(s) /ReportServer: 1 Time(s) /actuator/health: 1 Time(s) /cgi-bin/welcome: 1 Time(s) /favicon.ico: 1 Time(s) /geoserver/web/: 1 Time(s) /spog/welcome: 1 Time(s) /static/admin/javascript/hetong.js: 1 Time(s) /webui/: 1 Time(s) 502 Bad Gateway /Reso_DigitalePruefungen/pdf: 1 Time(s) /StAPF18,6:FSAntworten_auf_resos/pdf: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (68.183.91.213): 103 Time(s) root (147.182.247.119): 66 Time(s) root (179.100.72.79): 31 Time(s) unknown (185.161.248.218): 26 Time(s) root (24.144.80.196): 25 Time(s) root (68.183.24.108): 24 Time(s) root (118.70.134.18): 22 Time(s) root (186.206.171.126): 22 Time(s) root (43.131.30.179): 22 Time(s) root (46.21.159.227): 22 Time(s) root (li1368-76.members.linode.com): 22 Time(s) root (138.68.9.83): 19 Time(s) root (115.247.46.122): 18 Time(s) root (43.153.103.74): 18 Time(s) unknown (147.182.247.119): 18 Time(s) root (host210.sub-63-41-9.myvzw.com): 17 Time(s) root (178.128.84.59): 11 Time(s) unknown (104.250.49.129): 11 Time(s) root (222.70.137.13): 10 Time(s) unknown (177.185.137.56): 10 Time(s) unknown (101.34.246.169): 9 Time(s) unknown (206.189.141.87): 9 Time(s) unknown (68.183.46.135): 9 Time(s) unknown (122.184.72.202): 8 Time(s) unknown (143.110.220.40): 8 Time(s) unknown (43.156.69.230): 8 Time(s) unknown (45.184.44.171): 8 Time(s) unknown (85.209.11.27): 8 Time(s) unknown (13.80.7.122): 7 Time(s) unknown (161.35.5.255): 7 Time(s) unknown (176.57.211.148): 7 Time(s) unknown (36.94.49.234): 7 Time(s) unknown (41.95.192.72): 7 Time(s) unknown (46.101.171.235): 7 Time(s) root (112.168.248.149): 6 Time(s) root (150.136.162.39): 6 Time(s) root (220.118.152.110): 6 Time(s) root (69.70.75.46): 6 Time(s) root (gadtogo.al.3cx.us): 6 Time(s) unknown (106.13.220.149): 6 Time(s) unknown (141.98.11.11): 6 Time(s) unknown (175.31.0.103): 6 Time(s) unknown (43.153.80.192): 6 Time(s) root (114.242.143.121): 5 Time(s) root (13.80.7.122): 5 Time(s) root (143.198.43.241): 5 Time(s) root (196.117.71.178): 5 Time(s) unknown (101.35.252.142): 5 Time(s) unknown (143.198.43.241): 5 Time(s) unknown (196.117.71.178): 5 Time(s) unknown (36.103.243.179): 5 Time(s) unknown (49.232.234.239): 5 Time(s) root (104.250.49.129): 4 Time(s) root (114.117.214.97): 4 Time(s) root (122.184.72.202): 4 Time(s) root (185.161.248.218): 4 Time(s) root (43.142.82.135): 4 Time(s) root (49.232.234.239): 4 Time(s) root (58.209.80.228): 4 Time(s) unknown (114.117.214.97): 4 Time(s) unknown (183.150.182.68): 4 Time(s) unknown (85.209.11.254): 4 Time(s) root (106.13.220.149): 3 Time(s) root (110.40.166.227): 3 Time(s) root (141.98.11.11): 3 Time(s) root (143.110.220.40): 3 Time(s) root (161.35.5.255): 3 Time(s) root (176.57.211.148): 3 Time(s) root (177.185.137.56): 3 Time(s) root (206.189.141.87): 3 Time(s) root (36.94.49.234): 3 Time(s) root (45.184.44.171): 3 Time(s) unknown (43.142.82.135): 3 Time(s) root (141.98.11.90): 2 Time(s) root (36.103.243.179): 2 Time(s) root (41.95.192.72): 2 Time(s) root (85.209.11.254): 2 Time(s) unknown (121.158.203.212): 2 Time(s) unknown (179.100.72.79): 2 Time(s) unknown (185.11.61.234): 2 Time(s) unknown (186.206.171.126): 2 Time(s) unknown (71.116.166.178.rev.vodafone.pt): 2 Time(s) unknown (host210.sub-63-41-9.myvzw.com): 2 Time(s) unknown (ip54.ip-178-33-150.eu): 2 Time(s) backup (41.95.192.72): 1 Time(s) daemon (106.13.220.149): 1 Time(s) deployment (101.35.252.142): 1 Time(s) deployment (41.95.192.72): 1 Time(s) deployment (43.156.69.230): 1 Time(s) mysql (161.35.5.255): 1 Time(s) postgres (36.94.49.234): 1 Time(s) postgres (43.142.82.135): 1 Time(s) root (101.35.252.142): 1 Time(s) root (117.50.184.163): 1 Time(s) root (137.184.195.142): 1 Time(s) root (163.228.241.80): 1 Time(s) root (175.31.0.103): 1 Time(s) root (183.150.182.68): 1 Time(s) root (43.153.80.192): 1 Time(s) root (43.156.69.230): 1 Time(s) root (46.101.171.235): 1 Time(s) root (68.183.46.135): 1 Time(s) root (85.209.11.226): 1 Time(s) root (85.209.11.27): 1 Time(s) root (core1.bbe.masterit-dev.cloud): 1 Time(s) root (ip54.ip-178-33-150.eu): 1 Time(s) unknown (118.70.134.18): 1 Time(s) unknown (141.98.11.90): 1 Time(s) unknown (178.128.84.59): 1 Time(s) unknown (43.131.30.179): 1 Time(s) unknown (46.21.159.227): 1 Time(s) unknown (58.209.80.228): 1 Time(s) unknown (85.209.11.226): 1 Time(s) Invalid Users: Unknown Account: 259 Time(s) systemd-user: Unknown Entries: session opened for user root by (uid=0): 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 16.098K Bytes accepted 16,484 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 13 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 13 Total 4xx Rejects 100.00% ======== ================================================== 99 Connections 6 Connections lost (inbound) 99 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- rsyslogd Begin ------------------------ **** Unmatched entries **** [origin software="rsyslogd" swVersion="8.4.2" x-pid="209" x-info="http://www.rsyslog.com"] exiting on signal 15. : 1 Times ---------------------- rsyslogd End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** systemd-logind: Failed to abandon session scope: Connection reset by peer: 1 Time(s) systemd-logind: New seat seat0.: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ SSHD Killed: 1 Time(s) SSHD Started: 2 Time(s) Disconnecting after too many authentication failures for user: root : 4 Time(s) Failed logins from: 13.80.7.122: 5 times 24.144.80.196: 25 times 36.94.49.234: 4 times 36.103.243.179: 2 times 41.95.192.72: 4 times 43.131.30.179: 22 times 43.142.82.135: 5 times 43.153.80.192: 1 time 43.153.103.74: 18 times 43.156.69.230: 2 times 45.184.44.171: 3 times 46.21.159.227 (227.159.21.46.inferno.name): 22 times 46.101.171.235: 1 time 49.232.234.239: 4 times 58.209.80.228: 4 times 63.41.9.210 (host210.sub-63-41-9.myvzw.com): 17 times 68.183.24.108: 24 times 68.183.46.135: 1 time 68.183.91.213 (basmatihouse.in): 103 times 69.70.75.46 (mail.libertymusictrax.com): 6 times 74.252.14.95 (gadtogo.al.3cx.us): 6 times 85.209.11.27: 1 time 85.209.11.226: 1 time 85.209.11.254: 2 times 101.35.252.142: 2 times 104.250.49.129: 4 times 106.13.220.149: 4 times 110.40.166.227: 3 times 112.168.248.149: 6 times 114.117.214.97: 4 times 114.242.143.121: 5 times 115.247.46.122: 18 times 117.50.184.163: 1 time 118.70.134.18: 22 times 122.184.72.202: 4 times 137.184.195.142: 1 time 138.68.9.83: 19 times 139.162.205.76 (li1368-76.members.linode.com): 22 times 141.98.11.11 (axon-stall.riddlecamera.net): 3 times 141.98.11.90 (lighten.medyamol.com): 2 times 143.110.220.40: 3 times 143.198.43.241: 5 times 147.182.247.119: 66 times 150.136.162.39: 6 times 161.35.5.255: 4 times 163.228.241.80: 1 time 175.31.0.103: 1 time 176.57.211.148: 3 times 177.185.137.56: 3 times 178.33.150.54 (ip54.ip-178-33-150.eu): 1 time 178.128.84.59: 11 times 179.100.72.79 (179-100-72-79.user.vivozap.com.br): 31 times 183.150.182.68: 1 time 185.161.248.218: 4 times 186.206.171.126: 22 times 196.117.71.178: 5 times 206.189.141.87: 3 times 209.38.228.147 (core1.bbe.masterit-dev.cloud): 1 time 220.118.152.110: 6 times 222.70.137.13 (13.137.70.222.broad.xw.sh.dynamic.163data.com.cn): 10 times Illegal users from: undef: 181 times 13.80.7.122: 7 times 14.143.175.158 (14.143.175.158.static-vsnl.net.in): 6 times 36.94.49.234: 7 times 36.103.243.179: 5 times 41.95.192.72: 7 times 43.131.30.179: 1 time 43.142.82.135: 3 times 43.153.80.192: 6 times 43.156.69.230: 8 times 45.184.44.171: 8 times 46.21.159.227 (227.159.21.46.inferno.name): 1 time 46.101.171.235: 7 times 49.232.234.239: 5 times 58.209.80.228: 1 time 63.41.9.210 (host210.sub-63-41-9.myvzw.com): 2 times 68.183.46.135: 9 times 69.70.75.46 (mail.libertymusictrax.com): 17 times 85.209.11.27: 8 times 85.209.11.226: 1 time 85.209.11.254: 5 times 101.34.246.169: 9 times 101.35.252.142: 5 times 104.250.49.129: 11 times 106.13.220.149: 6 times 114.117.214.97: 4 times 118.70.134.18: 1 time 121.158.203.212: 2 times 122.184.72.202: 8 times 141.98.11.11 (axon-stall.riddlecamera.net): 6 times 141.98.11.90 (lighten.medyamol.com): 1 time 143.110.220.40: 8 times 143.198.43.241: 5 times 147.182.247.119: 18 times 161.35.5.255: 7 times 175.31.0.103: 6 times 176.57.211.148: 7 times 177.185.137.56: 10 times 178.33.150.54 (ip54.ip-178-33-150.eu): 2 times 178.128.84.59: 1 time 178.166.116.71 (71.116.166.178.rev.vodafone.pt): 2 times 179.100.72.79 (179-100-72-79.user.vivozap.com.br): 2 times 183.150.182.68: 4 times 185.11.61.234: 2 times 185.161.248.218: 26 times 186.206.171.126: 2 times 194.169.175.178: 1 time 196.117.71.178: 5 times 206.189.141.87: 9 times Users logging in through sshd: root: 77.180.67.108 (dynamic-077-180-067-108.77.180.pool.telefonica.de): 1 time **Unmatched Entries** fatal: buffer_get_string: buffer error [preauth] : 1 time(s) error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop30261p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################