################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Feb 28 04:42:03 2024 Date Range Processed: yesterday ( 2024-Feb-27 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 8:8 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 8 sites probed the server 116.2.160.244 162.243.131.14 162.243.131.27 167.71.102.181 172.104.131.24 172.233.57.157 64.227.97.195 94.156.8.86 Requests with error response codes 400 Bad Request null: 10 Time(s) *: 7 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 2 Time(s) mstshash=Administr: 2 Time(s) /: 1 Time(s) /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 1 Time(s) /home.aspx: 1 Time(s) /sdk: 1 Time(s) U\xF0\xA3\xEBy\x10@\x17\x91\xB2\x04\x9Ei\x ... xBE\x00\xBD\xC0: 1 Time(s) \x0F\x1D\xDC\xCF=\xCD&z\xD7!\x9Fj3\xAC6\xA ... 00=\x00\x16\xC0: 1 Time(s) 500 Internal Server Error /: 16 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /RDWeb/Pages/en-US/login.aspx: 1 Time(s) /actuator/gateway/routes: 1 Time(s) /actuator/health: 1 Time(s) /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /robots.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (170.64.197.254): 8 Time(s) root (113.194.203.11): 6 Time(s) root (203.251.37.199): 6 Time(s) root (d137-186-227-113.abhsia.telus.net): 6 Time(s) root (170.64.197.254): 5 Time(s) root (222.118.160.227): 5 Time(s) unknown (159.203.91.157): 5 Time(s) root (185.34.130.47): 3 Time(s) unknown (185.11.61.88): 2 Time(s) unknown (62.122.184.252): 2 Time(s) root (159.203.91.157): 1 Time(s) unknown (185.196.8.151): 1 Time(s) Invalid Users: Unknown Account: 18 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 117 Connections 15 Connections lost (inbound) 117 Disconnections 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** systemd-logind: New seat seat0.: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ SSHD Started: 2 Time(s) Disconnecting after too many authentication failures for user: root : 3 Time(s) Failed logins from: 113.194.203.11 (11.203.194.113.adsl-pool.jx.chinaunicom.com): 6 times 137.186.227.113 (d137-186-227-113.abhsia.telus.net): 6 times 159.203.91.157: 1 time 170.64.197.254: 5 times 185.34.130.47: 3 times 203.251.37.199: 6 times 222.118.160.227: 6 times Illegal users from: 2001:470:1:332::9 (scan-43af.shadowserver.org): 1 time undef: 21 times 62.122.184.252: 2 times 64.62.197.77 (scan-46a.shadowserver.org): 1 time 159.203.91.157: 5 times 170.64.197.254: 9 times 172.233.57.157 (172-233-57-157.ip.linodeusercontent.com): 1 time 185.11.61.88: 2 times 185.196.8.151: 1 time 186.5.113.165 (mail.cmconstrucciones.com): 6 times **Unmatched Entries** fatal: Unable to negotiate a key exchange method [preauth] : 1 time(s) Protocol major versions differ for 172.233.57.157: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s) Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 1 time(s) Protocol major versions differ for 172.233.57.157: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop65192p1 394G 243G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################