Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Fri Dec 3 04:42:04 2021
Date Range Processed: yesterday
( 2021-Dec-02 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 60:60 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 10 sites probed the server
103.156.91.51
119.28.114.205
159.223.56.88
161.35.230.183
161.35.236.158
175.183.16.135
178.62.223.215
23.102.38.254
35.172.182.246
45.143.99.69
Requests with error response codes
400 Bad Request
null: 15 Time(s)
/: 4 Time(s)
mstshash=Domain: 4 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
/socket.io/?noteId=features&EIO=3&transpor ... GCvVNZKVqz6AABd: 2 Time(s)
/socket.io/?noteId=features&EIO=3&transpor ... PtzOfAce59GAABI: 2 Time(s)
/.env: 1 Time(s)
/ab2g: 1 Time(s)
/ab2h: 1 Time(s)
/bag2: 1 Time(s)
/c/version.js: 1 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2 ... %2e/.%2e/bin/sh: 1 Time(s)
/flu/403.html: 1 Time(s)
/gemini-iptv/get_prc.php: 1 Time(s)
/gemini-iptv/vod.json: 1 Time(s)
/socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... eMT4jTTZ7nTAABx: 1 Time(s)
/socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... fbD-rEgoTG6AAAy: 1 Time(s)
/socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... itCw9EUJAbfAABh: 1 Time(s)
/socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... l3vOKhfWJ0sAABC: 1 Time(s)
/socket.io/?noteId=features&EIO=3&transpor ... 4beaDlkZwelAABN: 1 Time(s)
/socket.io/?noteId=features&EIO=3&transpor ... DpYu1hzlxeCAABf: 1 Time(s)
/socket.io/?noteId=features&EIO=3&transpor ... PgNKFBElyv2AAB4: 1 Time(s)
/socket.io/?noteId=features&EIO=3&transpor ... kUOY8_KkekCAABJ: 1 Time(s)
/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
/stalker_portal/c/version.js: 1 Time(s)
/stream/live.php: 1 Time(s)
/streaming/clients_live.php: 1 Time(s)
/system_api.php: 1 Time(s)
/w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
\x96\x0F\xFC\xA0\xB9\x1A\x1D\x16\xC0H\x81\ ... x09\xC0\x13\xC0: 1 Time(s)
\xB6\xC5\xE7\xFE\x8A\x83(\xDC\xC3\xB2\xFC\ ... DE\x86\xEB\xCA0: 1 Time(s)
\xBC\xD4\xC1\xE4A\x9E\x03\xAE\xDFgT\x05: 1 Time(s)
\xDA\xB6\x8E83\xBD\xDE\xEDv\xE9\xAD\x1B\xE ... C\x00<\x00/\x00: 1 Time(s)
500 Internal Server Error
/: 55 Time(s)
/.env: 6 Time(s)
/robots.txt: 4 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 3 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s)
/mifs/.;/services/LogService: 2 Time(s)
/.well-known/security.txt: 1 Time(s)
/?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/HNAP1: 1 Time(s)
/actuator/health: 1 Time(s)
/c/version.js: 1 Time(s)
/console/: 1 Time(s)
/evox/about: 1 Time(s)
/favicon.ico: 1 Time(s)
/flu/403.html: 1 Time(s)
/gemini-iptv/get_prc.php: 1 Time(s)
/gemini-iptv/vod.json: 1 Time(s)
/nmaplowercheck1638456878: 1 Time(s)
/owa/auth/logon.aspx: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
/sdk: 1 Time(s)
/stalker_portal/c/version.js: 1 Time(s)
/stream/live.php: 1 Time(s)
/streaming/clients_live.php: 1 Time(s)
/system_api.php: 1 Time(s)
/v2/api-docs: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (46.101.94.164): 39 Time(s)
root (186.67.248.6): 38 Time(s)
root (1.15.106.44): 34 Time(s)
root (103.122.246.125): 32 Time(s)
root (82.157.189.241): 32 Time(s)
root (211.157.148.2): 31 Time(s)
root (91.192.4.91): 30 Time(s)
root (218.25.140.72): 26 Time(s)
unknown (91.192.4.91): 20 Time(s)
root (175.209.89.234): 19 Time(s)
root (202.165.25.137): 19 Time(s)
root (49.232.210.62): 19 Time(s)
root (14.98.54.222): 18 Time(s)
root (190.145.12.233): 18 Time(s)
unknown (45.80.64.246): 17 Time(s)
root (45.80.64.246): 16 Time(s)
unknown (82.157.189.241): 16 Time(s)
unknown (1.15.106.44): 14 Time(s)
unknown (211.157.148.2): 14 Time(s)
unknown (218.25.140.72): 14 Time(s)
unknown (14.98.54.222): 12 Time(s)
unknown (186.67.248.6): 12 Time(s)
root (90.189.182.30): 11 Time(s)
unknown (103.122.246.125): 11 Time(s)
unknown (202.165.25.137): 11 Time(s)
unknown (49.232.210.62): 11 Time(s)
root (net-2-45-185-2.cust.vodafonedsl.it): 10 Time(s)
unknown (90.189.182.30): 10 Time(s)
unknown (92.255.85.237): 10 Time(s)
root (106.12.179.113): 9 Time(s)
unknown (106.12.179.113): 9 Time(s)
unknown (141.98.10.82): 9 Time(s)
unknown (46.101.94.164): 9 Time(s)
unknown (190.145.12.233): 7 Time(s)
root (180.215.168.18): 6 Time(s)
unknown (209.141.47.245): 6 Time(s)
unknown (112.166.133.216): 5 Time(s)
unknown (smtp.promedica.com.br): 5 Time(s)
root (141.98.10.246): 4 Time(s)
unknown (141.98.10.246): 4 Time(s)
unknown (195.133.18.104): 4 Time(s)
unknown (209.141.33.121): 4 Time(s)
unknown (209.141.34.220): 4 Time(s)
unknown (209.141.53.74): 4 Time(s)
root (112.166.133.216): 3 Time(s)
root (91.144.135.82): 3 Time(s)
root (smtp.promedica.com.br): 3 Time(s)
unknown (116.110.252.176): 3 Time(s)
unknown (175.209.89.234): 3 Time(s)
unknown (194.85.248.40): 3 Time(s)
unknown (212.192.241.37): 3 Time(s)
unknown (h2877746.stratoserver.net): 3 Time(s)
unknown (net-2-45-185-2.cust.vodafonedsl.it): 3 Time(s)
root (45.88.137.100): 2 Time(s)
root (61.135.152.226): 2 Time(s)
root (92.255.85.237): 2 Time(s)
unknown (141.98.10.60): 2 Time(s)
unknown (179.162.111.189): 2 Time(s)
unknown (209.141.32.141): 2 Time(s)
mysql (46.101.94.164): 1 Time(s)
postgres (211.157.148.2): 1 Time(s)
root (20.124.202.143): 1 Time(s)
unknown (119.42.101.47): 1 Time(s)
unknown (136.144.41.3): 1 Time(s)
unknown (141.98.10.202): 1 Time(s)
unknown (190.107.170.11): 1 Time(s)
unknown (20.124.202.143): 1 Time(s)
unknown (205.185.115.39): 1 Time(s)
unknown (209.141.33.193): 1 Time(s)
unknown (23.183.81.54): 1 Time(s)
unknown (41.137.137.92): 1 Time(s)
unknown (60.19.20.235): 1 Time(s)
unknown (61.135.152.226): 1 Time(s)
unknown (91.144.135.82): 1 Time(s)
Invalid Users:
Unknown Account: 278 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
12.091K Bytes accepted 12,381
12.091K Bytes sent via SMTP 12,381
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
4 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
4 Total 4xx Rejects 100.00%
======== ==================================================
731 Connections
558 Connections lost (inbound)
731 Disconnections
1 Removed from queue
1 Sent via SMTP
3 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Network Read Write Errors: 1
Failed logins from:
1.15.106.44: 34 times
2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 10 times
14.98.54.222 (static-222.54.98.14-tataidc.co.in): 18 times
20.124.202.143: 1 time
45.80.64.246: 16 times
45.88.137.100: 2 times
46.101.94.164: 40 times
49.232.210.62: 19 times
61.135.152.226: 2 times
82.157.189.241: 32 times
90.189.182.30 (b-internet.90.189.182.30.snt.ru): 11 times
91.144.135.82 (91x144x135x82.static-business.chel.ertelecom.ru): 3 times
91.192.4.91: 30 times
92.255.85.237: 2 times
103.122.246.125: 32 times
106.12.179.113: 9 times
112.166.133.216: 3 times
141.98.10.246 (while-alerte.flightcrown.com): 4 times
175.209.89.234: 19 times
180.215.168.18: 6 times
186.67.248.6: 38 times
190.145.12.233: 18 times
200.215.168.145 (smtp.promedica.com.br): 3 times
202.165.25.137: 19 times
211.157.148.2: 32 times
218.25.140.72: 26 times
Illegal users from:
2001:470:1:332::7: 1 time
undef: 167 times
1.15.106.44: 14 times
2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 3 times
14.98.54.222 (static-222.54.98.14-tataidc.co.in): 12 times
20.124.202.143: 1 time
23.183.81.54: 1 time
41.137.137.92: 1 time
45.80.64.246: 17 times
46.101.94.164: 9 times
49.232.210.62: 11 times
60.19.20.235: 1 time
61.135.152.226: 1 time
65.49.20.67 (scan-18.shadowserver.org): 1 time
81.169.193.87 (h2877746.stratoserver.net): 3 times
82.157.189.241: 16 times
90.189.182.30 (b-internet.90.189.182.30.snt.ru): 10 times
91.144.135.82 (91x144x135x82.static-business.chel.ertelecom.ru): 1 time
91.192.4.91: 20 times
92.255.85.237: 10 times
103.122.246.125: 11 times
106.12.179.113: 9 times
112.166.133.216: 5 times
116.110.252.176: 3 times
119.42.101.47: 1 time
136.144.41.3: 1 time
141.98.10.60: 2 times
141.98.10.82: 9 times
141.98.10.202: 1 time
141.98.10.246 (while-alerte.flightcrown.com): 4 times
152.32.170.230: 1 time
175.209.89.234: 3 times
178.73.215.171 (178-73-215-171-static.glesys.net): 1 time
179.162.111.189 (179.162.111.189.dynamic.adsl.gvt.net.br): 2 times
186.67.248.6: 12 times
190.107.170.11: 1 time
190.145.12.233: 7 times
194.85.248.40: 3 times
195.133.18.104: 4 times
200.215.168.145 (smtp.promedica.com.br): 5 times
202.165.25.137: 11 times
205.185.115.39 (mx.learnmorefun.org): 1 time
209.141.32.141 (smtp9.dfsfasfasf.xyz): 2 times
209.141.33.121: 4 times
209.141.33.193 (mx.chinadomainregistry.org): 1 time
209.141.34.220 (meshlv02.oxds.org): 4 times
209.141.47.245: 6 times
209.141.53.74: 4 times
211.157.148.2: 14 times
212.192.241.37: 3 times
218.25.140.72: 14 times
**Unmatched Entries**
error: Received disconnect from 20.124.202.143: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] : 2 time(s)
error: Received disconnect from 200.215.168.145: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] : 6 time(s)
Protocol major versions differ for 154.88.26.229: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Server : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 10 Monate
ZaPF ev Website
by Maximilian Schneider
Guten Abend lieber ToPF,
ich habe gerade ein Pull Request für die Website erstellt. Dort habe ich
die Resos der Sommer ZaPF 21 hinzugefügt.
Könnt ihr euch bitte um den Pull Request kümmern und die Website neustarten?
Viele Grüße vom StAPF
Max
3 Jahre, 10 Monate
Mumble hat Probleme mit dem Zerztifikat
by Tobias Löffler
Moin,
Ich wurde auf ein Zertifikatsproblem mit Mumble hingewiesen. Wenn man
Mumble startet und zapf.mumble.in eingibt bekommt man folgende
Fehlermeldung:
Liebe Grüße,
Tobi
3 Jahre, 10 Monate
Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Thu Dec 2 04:42:04 2021
Date Range Processed: yesterday
( 2021-Dec-01 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 43:43 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 7 sites probed the server
103.156.91.51
193.29.14.156
218.255.162.29
23.102.38.254
23.224.186.219
45.134.144.108
66.240.205.34
Requests with error response codes
400 Bad Request
null: 9 Time(s)
/socket.io/?noteId=D1lk7Eb3Squ7uGiIXiErNg& ... HmYoRyXn9_sAAAT: 4 Time(s)
mstshash=Domain: 4 Time(s)
/: 2 Time(s)
/socket.io/?noteId=nhtPDSPISDGGdnglpZRL0A& ... zbhkpgKUuvvAAAX: 2 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s)
/jjH@: 1 Time(s)
/socket.io/?noteId=nhtPDSPISDGGdnglpZRL0A& ... Og6gfnRVMeUAAAY: 1 Time(s)
HTTP/1.0: 1 Time(s)
404 Not Found
//2018/wp-includes/wlwmanifest.xml: 1 Time(s)
//2019/wp-includes/wlwmanifest.xml: 1 Time(s)
//blog/wp-includes/wlwmanifest.xml: 1 Time(s)
//cms/wp-includes/wlwmanifest.xml: 1 Time(s)
//media/wp-includes/wlwmanifest.xml: 1 Time(s)
//news/wp-includes/wlwmanifest.xml: 1 Time(s)
//shop/wp-includes/wlwmanifest.xml: 1 Time(s)
//site/wp-includes/wlwmanifest.xml: 1 Time(s)
//sito/wp-includes/wlwmanifest.xml: 1 Time(s)
//test/wp-includes/wlwmanifest.xml: 1 Time(s)
//web/wp-includes/wlwmanifest.xml: 1 Time(s)
//website/wp-includes/wlwmanifest.xml: 1 Time(s)
//wordpress/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp-includes/wlwmanifest.xml: 1 Time(s)
//wp/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp1/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp2/wp-includes/wlwmanifest.xml: 1 Time(s)
//xmlrpc.php?rsd: 1 Time(s)
499 (undefined)
/socket.io/?noteId=nhtPDSPISDGGdnglpZRL0A& ... Og6gfnRVMeUAAAY: 1 Time(s)
/socket.io/?noteId=nhtPDSPISDGGdnglpZRL0A& ... l6oGH6WT9ejAAAZ: 1 Time(s)
/socket.io/?noteId=nhtPDSPISDGGdnglpZRL0A& ... zbhkpgKUuvvAAAX: 1 Time(s)
500 Internal Server Error
/: 17 Time(s)
/.env: 4 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/owa/auth/logon.aspx: 2 Time(s)
/robots.txt: 2 Time(s)
///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s)
/HNAP1/: 1 Time(s)
/ReportServer: 1 Time(s)
/admin/.env: 1 Time(s)
/api/.env: 1 Time(s)
/api/v1/.env: 1 Time(s)
/api/v2/.env: 1 Time(s)
/api/v3/.env: 1 Time(s)
/app/.env: 1 Time(s)
/backend/.env: 1 Time(s)
/bag2: 1 Time(s)
/common/info.cgi: 1 Time(s)
/config/.env: 1 Time(s)
/core/.env: 1 Time(s)
/currentsetting.htm: 1 Time(s)
/dev/.env: 1 Time(s)
/dniapi/userInfos: 1 Time(s)
/epa/scripts/win/nsepa_setup.exe: 1 Time(s)
/favicon.ico: 1 Time(s)
/laravel/.env: 1 Time(s)
/local/.env: 1 Time(s)
/login: 1 Time(s)
/master/.env: 1 Time(s)
/old/.env: 1 Time(s)
/oldsite/.env: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
/portal/.env: 1 Time(s)
/prod/.env: 1 Time(s)
/production/.env: 1 Time(s)
/sitemap.xml: 1 Time(s)
/stag/.env: 1 Time(s)
/staging/.env: 1 Time(s)
/test/.env: 1 Time(s)
/tools/.env: 1 Time(s)
/web/.env: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (gurlstalk.com): 40 Time(s)
root (150.158.173.223): 34 Time(s)
root (119.96.175.156): 33 Time(s)
root (49.235.78.105): 30 Time(s)
root (175.24.152.200): 29 Time(s)
root (net-2-45-185-2.cust.vodafonedsl.it): 21 Time(s)
root (static.114.139.47.78.clients.your-server.de): 21 Time(s)
unknown (93.123.93.104): 19 Time(s)
root (168.121.104.224): 17 Time(s)
root (vps2.d3soft.ma): 16 Time(s)
root (93.123.93.104): 15 Time(s)
unknown (119.96.175.156): 15 Time(s)
unknown (141.98.10.82): 15 Time(s)
unknown (150.158.173.223): 15 Time(s)
unknown (49.235.78.105): 15 Time(s)
root (182.50.65.146): 14 Time(s)
root (ec2-18-162-51-206.ap-east-1.compute.amazonaws.com): 13 Time(s)
unknown (net-2-45-185-2.cust.vodafonedsl.it): 11 Time(s)
unknown (116.247.81.99): 9 Time(s)
unknown (168.121.104.224): 8 Time(s)
unknown (175.24.152.200): 8 Time(s)
unknown (vps2.d3soft.ma): 8 Time(s)
root (116.247.81.99): 7 Time(s)
unknown (141.98.10.60): 7 Time(s)
root (200.225.216.65): 6 Time(s)
unknown (182.50.65.146): 6 Time(s)
unknown (static.114.139.47.78.clients.your-server.de): 5 Time(s)
root (141.98.10.246): 4 Time(s)
unknown (141.98.10.246): 4 Time(s)
unknown (209.141.47.245): 4 Time(s)
unknown (212.192.241.124): 4 Time(s)
unknown (212.192.241.37): 4 Time(s)
unknown (23.183.81.227): 4 Time(s)
unknown (ec2-18-162-51-206.ap-east-1.compute.amazonaws.com): 4 Time(s)
unknown (195.133.18.104): 3 Time(s)
unknown (209.141.33.193): 3 Time(s)
unknown (31.184.198.71): 3 Time(s)
unknown (91.223.67.146): 3 Time(s)
unknown (115.95.69.205): 2 Time(s)
unknown (199.76.38.123): 2 Time(s)
unknown (200.225.216.65): 2 Time(s)
unknown (209.141.33.121): 2 Time(s)
unknown (23.183.81.136): 2 Time(s)
unknown (23.183.81.54): 2 Time(s)
unknown (23.183.82.135): 2 Time(s)
unknown (23.183.82.180): 2 Time(s)
unknown (host-24-224-178-87.public.eastlink.ca): 2 Time(s)
unknown (host-5-58-49-173.bitternet.ua): 2 Time(s)
unknown (slot0.epaperitaliait.com): 2 Time(s)
postgres (93.123.93.104): 1 Time(s)
root (1.85.218.150): 1 Time(s)
unknown (1.15.181.252): 1 Time(s)
unknown (103.127.67.54): 1 Time(s)
unknown (136.144.41.3): 1 Time(s)
unknown (151.1.177.22): 1 Time(s)
unknown (194.85.248.40): 1 Time(s)
unknown (198.98.62.88): 1 Time(s)
unknown (209.141.34.220): 1 Time(s)
unknown (23.183.81.249): 1 Time(s)
Invalid Users:
Unknown Account: 207 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
1 Miscellaneous warnings
12.487K Bytes accepted 12,787
12.487K Bytes sent via SMTP 12,787
======== ==================================================
2 Accepted 100.00%
-------- --------------------------------------------------
2 Total 100.00%
======== ==================================================
3 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
3 Total 4xx Rejects 100.00%
======== ==================================================
484 Connections
311 Connections lost (inbound)
484 Disconnections
2 Removed from queue
2 Sent via SMTP
3 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
1.85.218.150: 1 time
2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 21 times
18.162.51.206 (ec2-18-162-51-206.ap-east-1.compute.amazonaws.com): 13 times
49.235.78.105: 30 times
78.47.139.114 (static.114.139.47.78.clients.your-server.de): 21 times
93.123.93.104 (mail.motolife.bg): 16 times
104.248.168.195 (gurlstalk.com): 40 times
116.247.81.99: 7 times
119.96.175.156: 33 times
141.98.10.246 (while-alerte.flightcrown.com): 4 times
150.158.173.223: 34 times
168.121.104.224: 17 times
175.24.152.200: 29 times
178.33.67.12 (vps2.d3soft.ma): 16 times
182.50.65.146: 14 times
200.225.216.65 (mluiza-200-225-216-065.static.ctbctelecom.com.br): 6 times
Illegal users from:
2001:470:1:c84::27: 1 time
undef: 105 times
1.15.181.252: 1 time
2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 11 times
5.58.49.173 (host-5-58-49-173.bitternet.ua): 2 times
18.162.51.206 (ec2-18-162-51-206.ap-east-1.compute.amazonaws.com): 4 times
23.183.81.54: 2 times
23.183.81.136: 2 times
23.183.81.227: 4 times
23.183.81.249: 1 time
23.183.82.135: 2 times
23.183.82.180: 2 times
24.224.178.87 (host-24-224-178-87.public.eastlink.ca): 2 times
31.184.198.71: 3 times
49.235.78.105: 15 times
65.49.20.68 (scan-19.shadowserver.org): 1 time
78.47.139.114 (static.114.139.47.78.clients.your-server.de): 5 times
91.223.67.146: 3 times
93.123.93.104 (mail.motolife.bg): 19 times
103.127.67.54: 1 time
115.95.69.205: 2 times
116.247.81.99: 9 times
119.96.175.156: 15 times
136.144.41.3: 1 time
141.98.10.60: 7 times
141.98.10.82: 15 times
141.98.10.246 (while-alerte.flightcrown.com): 4 times
150.158.173.223: 15 times
151.1.177.22: 1 time
168.121.104.224: 8 times
175.24.152.200: 8 times
178.33.67.12 (vps2.d3soft.ma): 8 times
182.50.65.146: 6 times
194.85.248.40: 1 time
195.133.18.24 (slot0.epaperitaliait.com): 2 times
195.133.18.104: 3 times
198.98.62.88: 1 time
199.76.38.123: 2 times
200.225.216.65 (mluiza-200-225-216-065.static.ctbctelecom.com.br): 2 times
209.141.33.121: 2 times
209.141.33.193 (mx.chinadomainregistry.org): 3 times
209.141.34.220 (meshlv02.oxds.org): 1 time
209.141.47.245: 4 times
212.192.241.37: 4 times
212.192.241.124: 4 times
**Unmatched Entries**
Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (0,ssh-connection) [preauth] : 1 time(s)
Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (!root,ssh-connection) [preauth] : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 10 Monate
Logwatch for h2361197.stratoserver.net (Linux)
by root@zapf.in
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Wed Dec 1 04:42:04 2021
Date Range Processed: yesterday
( 2021-Nov-30 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 75:76 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 5 sites probed the server
128.199.197.176
165.227.214.141
171.25.193.20
222.186.19.235
23.102.38.254
Requests with error response codes
400 Bad Request
null: 10 Time(s)
mstshash=Domain: 4 Time(s)
http://fuwu.sogou.com/404/index.html: 2 Time(s)
/: 1 Time(s)
/.env: 1 Time(s)
/ab2g: 1 Time(s)
/ab2h: 1 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s)
a: 1 Time(s)
404 Not Found
//2018/wp-includes/wlwmanifest.xml: 1 Time(s)
//2019/wp-includes/wlwmanifest.xml: 1 Time(s)
//blog/wp-includes/wlwmanifest.xml: 1 Time(s)
//cms/wp-includes/wlwmanifest.xml: 1 Time(s)
//media/wp-includes/wlwmanifest.xml: 1 Time(s)
//news/wp-includes/wlwmanifest.xml: 1 Time(s)
//shop/wp-includes/wlwmanifest.xml: 1 Time(s)
//site/wp-includes/wlwmanifest.xml: 1 Time(s)
//sito/wp-includes/wlwmanifest.xml: 1 Time(s)
//test/wp-includes/wlwmanifest.xml: 1 Time(s)
//web/wp-includes/wlwmanifest.xml: 1 Time(s)
//website/wp-includes/wlwmanifest.xml: 1 Time(s)
//wordpress/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp-includes/wlwmanifest.xml: 1 Time(s)
//wp/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp1/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp2/wp-includes/wlwmanifest.xml: 1 Time(s)
//xmlrpc.php?rsd: 1 Time(s)
499 (undefined)
/apple-touch-icon.png: 3 Time(s)
500 Internal Server Error
/: 21 Time(s)
/.env: 5 Time(s)
/robots.txt: 3 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/.well-known/security.txt: 1 Time(s)
/?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/_ignition/execute-solution: 1 Time(s)
/_profiler/phpinfo: 1 Time(s)
/actuator/health: 1 Time(s)
/console/: 1 Time(s)
/debug/default/view?panel=config: 1 Time(s)
/mifs/.;/services/LogService: 1 Time(s)
/owa/: 1 Time(s)
/owa/auth/logon.aspx: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (vmi690594.contaboserver.net): 115 Time(s)
root (korra.angulare.app): 70 Time(s)
root (128.199.173.208): 29 Time(s)
root (119.96.158.87): 26 Time(s)
root (114.113.225.111): 24 Time(s)
root (182.50.65.146): 24 Time(s)
root (116.196.122.196): 23 Time(s)
unknown (128.199.173.208): 21 Time(s)
root (49.233.23.193): 20 Time(s)
root (61.133.122.19): 18 Time(s)
root (142.93.179.2): 15 Time(s)
root (138.197.149.97): 14 Time(s)
root (178.154.204.1): 14 Time(s)
root (49.232.206.20): 14 Time(s)
root (165.227.196.43): 13 Time(s)
unknown (141.98.10.60): 12 Time(s)
unknown (141.98.10.82): 12 Time(s)
unknown (114.113.225.111): 10 Time(s)
unknown (119.96.158.87): 10 Time(s)
unknown (165.227.196.43): 10 Time(s)
unknown (49.233.23.193): 10 Time(s)
unknown (61.133.122.19): 10 Time(s)
root (120.237.118.139): 9 Time(s)
unknown (49.232.206.20): 9 Time(s)
unknown (142.93.179.2): 8 Time(s)
unknown (138.197.149.97): 7 Time(s)
unknown (fixed-187-190-24-199.totalplay.net): 7 Time(s)
root (119.96.172.95): 6 Time(s)
root (13.76.254.161): 6 Time(s)
root (202.139.198.181): 6 Time(s)
root (205.185.114.149): 6 Time(s)
root (43.255.116.56): 6 Time(s)
root (49.232.219.42): 6 Time(s)
root (vps2.d3soft.ma): 6 Time(s)
unknown (159.65.228.224): 6 Time(s)
unknown (178.154.204.1): 6 Time(s)
unknown (182.50.65.146): 6 Time(s)
root (fixed-187-190-24-199.totalplay.net): 5 Time(s)
unknown (116.196.122.196): 5 Time(s)
root (2.56.59.114): 4 Time(s)
root (42.192.125.230): 3 Time(s)
unknown (119.96.172.95): 3 Time(s)
unknown (120.237.118.139): 3 Time(s)
unknown (205.185.114.149): 3 Time(s)
unknown (205.185.115.39): 3 Time(s)
unknown (209.141.52.25): 3 Time(s)
unknown (23.183.81.227): 3 Time(s)
unknown (23.183.81.249): 3 Time(s)
unknown (23.183.81.54): 3 Time(s)
unknown (23.183.82.135): 3 Time(s)
unknown (45.155.204.39): 3 Time(s)
unknown (49.232.219.42): 3 Time(s)
unknown (91.223.67.146): 3 Time(s)
unknown (vps2.d3soft.ma): 3 Time(s)
unknown (116.110.252.176): 2 Time(s)
unknown (121.166.68.59): 2 Time(s)
unknown (136.185.3.238): 2 Time(s)
unknown (141.98.10.202): 2 Time(s)
unknown (162.173-247-81.adsl-dyn.isp.belgacom.be): 2 Time(s)
unknown (179.43.187.37): 2 Time(s)
unknown (209.141.32.141): 2 Time(s)
unknown (209.141.47.245): 2 Time(s)
unknown (209.141.53.74): 2 Time(s)
unknown (212.192.241.37): 2 Time(s)
unknown (23.183.82.180): 2 Time(s)
unknown (62.175.19.95.dynamic.jazztel.es): 2 Time(s)
unknown (82.66.59.170): 2 Time(s)
unknown (pool-173-76-16-169.bstnma.fios.verizon.net): 2 Time(s)
root (129.146.188.246): 1 Time(s)
unknown (116.103.20.151): 1 Time(s)
unknown (136.144.41.3): 1 Time(s)
unknown (209.141.33.193): 1 Time(s)
unknown (45.144.225.69): 1 Time(s)
unknown (49.235.167.59): 1 Time(s)
Invalid Users:
Unknown Account: 221 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
3 Miscellaneous warnings
13.066K Bytes accepted 13,380
13.066K Bytes sent via SMTP 13,380
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
4 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
4 Total 4xx Rejects 100.00%
======== ==================================================
185 Connections
11 Connections lost (inbound)
185 Disconnections
1 Removed from queue
1 Sent via SMTP
3 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 1 Time(s)
Failed logins from:
2.56.59.114: 4 times
13.76.254.161: 6 times
42.192.125.230: 3 times
43.255.116.56: 6 times
49.232.206.20: 14 times
49.232.219.42: 6 times
49.233.23.193: 20 times
61.133.122.19: 18 times
66.45.234.187 (korra.angulare.app): 70 times
114.113.225.111: 24 times
116.196.122.196: 23 times
119.96.158.87: 26 times
119.96.172.95: 6 times
120.237.118.139: 9 times
128.199.173.208: 29 times
129.146.188.246: 1 time
138.197.149.97: 14 times
142.93.179.2 (temperiesdev.qa.beneficios): 15 times
161.97.187.24 (vmi690594.contaboserver.net): 115 times
165.227.196.43: 13 times
178.33.67.12 (vps2.d3soft.ma): 6 times
178.154.204.1: 14 times
182.50.65.146: 24 times
187.190.24.199 (fixed-187-190-24-199.totalplay.net): 5 times
202.139.198.181: 6 times
205.185.114.149: 6 times
Illegal users from:
undef: 111 times
23.183.81.54: 3 times
23.183.81.227: 3 times
23.183.81.249: 3 times
23.183.82.135: 3 times
23.183.82.180: 2 times
45.144.225.69: 1 time
45.155.204.39: 3 times
49.232.206.20: 9 times
49.232.219.42: 3 times
49.233.23.193: 10 times
49.235.167.59: 1 time
61.133.122.19: 10 times
65.49.20.69 (scan-20.shadowserver.org): 1 time
81.247.173.162 (162.173-247-81.adsl-dyn.isp.belgacom.be): 2 times
82.66.59.170 (mar92-2_migr-82-66-59-170.fbx.proxad.net): 2 times
91.223.67.146: 3 times
95.19.175.62 (62.175.19.95.dynamic.jazztel.es): 2 times
114.113.225.111: 10 times
116.103.20.151: 1 time
116.110.252.176: 2 times
116.196.122.196: 5 times
119.96.158.87: 10 times
119.96.172.95: 3 times
120.237.118.139: 3 times
121.166.68.59: 2 times
128.199.173.208: 21 times
136.144.41.3: 1 time
136.185.3.238 (abts-tn-static-238.3.185.136.airtelbroadband.in): 2 times
138.197.149.97: 7 times
141.98.10.60: 12 times
141.98.10.82: 12 times
141.98.10.202: 2 times
142.93.179.2 (temperiesdev.qa.beneficios): 8 times
159.65.228.224: 6 times
165.227.196.43: 10 times
173.76.16.169 (pool-173-76-16-169.bstnma.fios.verizon.net): 2 times
178.33.67.12 (vps2.d3soft.ma): 3 times
178.154.204.1: 6 times
179.43.187.37: 2 times
182.50.65.146: 6 times
187.190.24.199 (fixed-187-190-24-199.totalplay.net): 7 times
205.185.114.149: 3 times
205.185.115.39 (mx.learnmorefun.org): 3 times
209.141.32.141 (smtp9.dfsfasfasf.xyz): 2 times
209.141.33.193 (mx.chinadomainregistry.org): 1 time
209.141.47.245: 2 times
209.141.52.25 (jsebean.com): 3 times
209.141.53.74: 2 times
212.192.241.37: 2 times
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
3 Jahre, 10 Monate
Cron <root@h2361197> /usr/sbin/nginx -s reload
by root@zapf.in
nginx: [warn] conflicting server name "xn--studienfhrer-physik-dbc.de" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "topf.zapf.in" on 0.0.0.0:80, ignored
3 Jahre, 10 Monate
