[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Samstag, 13 April 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sat Apr 13 04:42:04 2019
        Date Range Processed: yesterday
                              ( 2019-Apr-12 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 23:22 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Requests with error response codes
    400 Bad Request
       mstshash=Administr: 8 Time(s)
       /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 2 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
       mstshash=Test: 2 Time(s)
       /: 1 Time(s)
       HTTP/1.1: 1 Time(s)
    403 Forbidden
       /resolutionen/sose17/gesellschaftlich_verantwortung/: 2 Time(s)
    404 Not Found
       /robots.txt: 44 Time(s)
       /berlin/apple-touch-icon.png: 4 Time(s)
       /reader/1989-wi-berlin.pdf: 2 Time(s)
       /wp-login.php: 2 Time(s)
       /administrator/index.php: 1 Time(s)
       /berlin/exkursionen/apple-touch-icon.png: 1 Time(s)
       /blog: 1 Time(s)
       /cms: 1 Time(s)
       /demo: 1 Time(s)
       /en: 1 Time(s)
       /main: 1 Time(s)
       /new: 1 Time(s)
       /news: 1 Time(s)
       /press: 1 Time(s)
       /reader/1993-so-reader_do93.pdf: 1 Time(s)
       /reader/1993-wi-reader_st93.pdf: 1 Time(s)
       /reader/1994-wi-reader_hb94.pdf: 1 Time(s)
       /reader/1995-so-reader_ha95.pdf: 1 Time(s)
       /reader/1995-wi-reader_bn95.pdf: 1 Time(s)
       /reader/1998-so-reader_ro98.pdf: 1 Time(s)
       /reader/2017_SoSe_Berlin_vorlaeufig.pdf%7C: 1 Time(s)
       /reader/Sammlung_aller_Resolutionen.pdf: 1 Time(s)
       /reader/SoSe13_AK_MatheVorkurs.pdf: 1 Time(s)
       /reader/SoSe14_AK_Kommentierte_Studienordnungen.pdf: 1 Time(s)
       /reader/SoSe14_AK_Pr%C3%BCfungssystem_Sammlung.pdf: 1 Time(s)
       /reader/WiSe12_AK_Schule-Studium.pdf: 1 Time(s)
       /resolutionen/wise15/Gefl%C3%83%C2%BCchtet ... efluechtete.pdf: 1 Time(s)
       /site: 1 Time(s)
       /test: 1 Time(s)
       /website: 1 Time(s)
       /wordpress: 1 Time(s)
       /wp: 1 Time(s)
       /wp-admin: 1 Time(s)
       /www: 1 Time(s)
       /zapf/berichte/zapf-wise-2010: 1 Time(s)
    500 Internal Server Error
       /: 39 Time(s)
       //administrator//webconfig.txt.php: 1 Time(s)
       //administrator/?1=%40ini_set%28%22display ... 27%7C%3C-%27%3B: 1 Time(s)
       /?1=%40ini_set%28%22display_errors%22%2C%2 ... 27%7C%3C-%27%3B: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (152.204.14.29): 6 Time(s)
       root (188.134.79.129): 6 Time(s)
       root (94.51.124.67): 6 Time(s)
       root (ip5b43df12.dynamic.kabel-deutschland.de): 6 Time(s)
       unknown (112.171.69.24): 6 Time(s)
       unknown (170.231.129.14): 6 Time(s)
       unknown (45.164.75.126): 6 Time(s)
       unknown (87.red-88-13-235.dynamicip.rima-tde.net): 6 Time(s)
       unknown (95.78.207.149): 6 Time(s)
       unknown (103.107.17.134): 5 Time(s)
       unknown (103.108.87.133): 5 Time(s)
       unknown (110.44.126.83): 5 Time(s)
       unknown (111.205.93.188): 5 Time(s)
       unknown (111.ip-213-32-65.eu): 5 Time(s)
       unknown (112.64.33.38): 5 Time(s)
       unknown (118.182.118.248): 5 Time(s)
       unknown (121.185.124.20): 5 Time(s)
       unknown (122.114.102.6): 5 Time(s)
       unknown (123.206.30.76): 5 Time(s)
       unknown (142.93.6.47): 5 Time(s)
       unknown (150.109.99.138): 5 Time(s)
       unknown (151.84.105.118): 5 Time(s)
       unknown (159.89.153.54): 5 Time(s)
       unknown (162.211.127.27): 5 Time(s)
       unknown (177.73.140.62): 5 Time(s)
       unknown (182.16.75.58): 5 Time(s)
       unknown (182.61.19.113): 5 Time(s)
       unknown (190.119.196.41): 5 Time(s)
       unknown (201.76.129.234): 5 Time(s)
       unknown (202.82.26.243): 5 Time(s)
       unknown (204.48.19.178): 5 Time(s)
       unknown (206.189.239.103): 5 Time(s)
       unknown (211.157.146.54): 5 Time(s)
       unknown (219.93.20.155): 5 Time(s)
       unknown (24.167.194.35.bc.googleusercontent.com): 5 Time(s)
       unknown (36.110.50.217): 5 Time(s)
       unknown (5.196.137.213): 5 Time(s)
       unknown (c-24-91-124-63.hsd1.ma.comcast.net): 5 Time(s)
       unknown (c-76-115-138-33.hsd1.or.comcast.net): 5 Time(s)
       unknown (ip-207.net-89-3-236.rev.numericable.fr): 5 Time(s)
       unknown (ip135.ip-144-217-196.net): 5 Time(s)
       unknown (ns306678.ovh.net): 5 Time(s)
       unknown (siid.ovh): 5 Time(s)
       unknown (www.yugt.ru): 5 Time(s)
       unknown (106.12.221.10): 4 Time(s)
       unknown (115.159.47.147): 4 Time(s)
       unknown (129.204.29.45): 4 Time(s)
       unknown (178-164-134-190.pool.digikabel.hu): 4 Time(s)
       unknown (185.88.196.30): 4 Time(s)
       unknown (198.199.117.143): 4 Time(s)
       unknown (5.red-80-26-116.staticip.rima-tde.net): 4 Time(s)
       unknown (81.213.214.225): 4 Time(s)
       unknown (87.ip-142-44-247.net): 4 Time(s)
       unknown (adsl-11.46.190.84.tellas.gr): 4 Time(s)
       unknown (105.142.broadband15.iol.cz): 3 Time(s)
       unknown (124.193.207.90): 3 Time(s)
       unknown (128.199.216.13): 3 Time(s)
       unknown (ns3077451.ip-188-165-242.eu): 3 Time(s)
       root (ip-83-99-54-96.dyn.luxdsl.pt.lu): 2 Time(s)
       unknown (140.143.199.249): 2 Time(s)
       unknown (140.210.9.130): 2 Time(s)
       unknown (193.32.163.89): 2 Time(s)
       unknown (2.153.63.33.dyn.user.ono.com): 2 Time(s)
       unknown (203-214-114-133.dyn.iinet.net.au): 2 Time(s)
       unknown (lfbn-1-9429-219.w86-237.abo.wanadoo.fr): 2 Time(s)
       unknown (limitedatonement.megamidia.com.br): 2 Time(s)
       backup (106.12.221.10): 1 Time(s)
       backup (adsl-11.46.190.84.tellas.gr): 1 Time(s)
       postgres (94.156.222.135): 1 Time(s)
       proxy (116.228.33.70): 1 Time(s)
       root (118.69.61.190): 1 Time(s)
       root (139.199.60.33): 1 Time(s)
       root (165.227.49.242): 1 Time(s)
       root (178.62.251.130): 1 Time(s)
       root (195.22.239.226): 1 Time(s)
       root (206.189.131.213): 1 Time(s)
       root (206.189.137.113): 1 Time(s)
       root (216.113.208.185): 1 Time(s)
       root (222.190.254.165): 1 Time(s)
       root (223.0.10.15): 1 Time(s)
       root (223.197.175.171): 1 Time(s)
       root (36.155.114.247): 1 Time(s)
       root (46.101.27.6): 1 Time(s)
       root (61.191.55.20): 1 Time(s)
       root (62.175.170.9.static.user.ono.com): 1 Time(s)
       root (86-175-89-200.fibertel.com.ar): 1 Time(s)
       root (crushdigital.co.uk): 1 Time(s)
       root (ip76.ip-142-44-184.net): 1 Time(s)
       root (oc-129-150-69-85.compute.oraclecloud.com): 1 Time(s)
       root (oc-129-191-18-156.compute.oraclecloud.com): 1 Time(s)
       sshd (109.207.200.131): 1 Time(s)
       unknown (104.236.246.16): 1 Time(s)
       unknown (106.12.194.172): 1 Time(s)
       unknown (107.170.231.42): 1 Time(s)
       unknown (108.ip-149-202-44.eu): 1 Time(s)
       unknown (110.10.129.226): 1 Time(s)
       unknown (114.242.164.188): 1 Time(s)
       unknown (128.199.123.60): 1 Time(s)
       unknown (139.59.180.53): 1 Time(s)
       unknown (142.93.218.84): 1 Time(s)
       unknown (149.202.180.35): 1 Time(s)
       unknown (167.99.161.15): 1 Time(s)
       unknown (178.128.124.83): 1 Time(s)
       unknown (196.1.99.12): 1 Time(s)
       unknown (202.137.154.236): 1 Time(s)
       unknown (202.155.226.221): 1 Time(s)
       unknown (210.212.249.228): 1 Time(s)
       unknown (211.250.189.64): 1 Time(s)
       unknown (218.3.139.85): 1 Time(s)
       unknown (221.160.100.14): 1 Time(s)
       unknown (222.127.49.228): 1 Time(s)
       unknown (244.ip-164-132-230.eu): 1 Time(s)
       unknown (27.254.13.198): 1 Time(s)
       unknown (27.71.232.44): 1 Time(s)
       unknown (41.239.114.139): 1 Time(s)
       unknown (43.252.215.227): 1 Time(s)
       unknown (45.55.157.147): 1 Time(s)
       unknown (4832574137.e.brasiltelecom.net.br): 1 Time(s)
       unknown (61.148.194.162): 1 Time(s)
       unknown (61.72.254.71): 1 Time(s)
       unknown (62.175.170.9.static.user.ono.com): 1 Time(s)
       unknown (68.183.191.99): 1 Time(s)
       unknown (81.23.191.99): 1 Time(s)
       unknown (91.84.51.92): 1 Time(s)
       unknown (96.239.59.131): 1 Time(s)
       unknown (bzq-80-82-151.dsl.bezeqint.net): 1 Time(s)
       unknown (c110-20-182-177.rivrw10.nsw.optusnet.com.au): 1 Time(s)
       unknown (cpe-174-101-80-233.columbus.res.rr.com): 1 Time(s)
       unknown (ec2-52-7-243-181.compute-1.amazonaws.com): 1 Time(s)
       unknown (host-212-68-208-120.dynamic.voo.be): 1 Time(s)
       unknown (host226.181-10-204.telecom.net.ar): 1 Time(s)
       unknown (ip-83-99-54-96.dyn.luxdsl.pt.lu): 1 Time(s)
       unknown (ip103.ip-92-222-103.eu): 1 Time(s)
       unknown (ns207822.ip-94-23-215.eu): 1 Time(s)
       unknown (ns3016508.ip-51-254-47.eu): 1 Time(s)
       unknown (ns522805.ip-158-69-124.net): 1 Time(s)
       unknown (oc-129-144-186-118.compute.oraclecloud.com): 1 Time(s)
       unknown (psyradio.com.ua): 1 Time(s)
       unknown (static-217-77-221-85.wildpark.net): 1 Time(s)
       www-data (ip103.ip-92-222-103.eu): 1 Time(s)
    Invalid Users:
       Unknown Account: 319 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

      616   Miscellaneous warnings  
 
   35.764K  Bytes accepted                              36,622
   35.764K  Bytes sent via SMTP                         36,622
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
     1063   Connections             
     1030   Connections lost (inbound) 
     1063   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    invalid : 4 Time(s)
    root : 4 Time(s)
 
 Failed logins from:
    36.155.114.247: 1 time
    46.101.27.6: 1 time
    46.101.88.10 (crushdigital.co.uk): 1 time
    46.190.84.11 (adsl-11.46.190.84.tellas.gr): 1 time
    61.191.55.20: 1 time
    62.175.170.9 (62.175.170.9.static.user.ono.com): 1 time
    83.99.54.96 (ip-83-99-54-96.dyn.luxdsl.pt.lu): 2 times
    91.67.223.18 (ip5b43df12.dynamic.kabel-deutschland.de): 6 times
    92.222.103.103 (ip103.ip-92-222-103.eu): 1 time
    94.51.124.67: 6 times
    94.156.222.135 (94.156.222.135.neterra.net): 1 time
    106.12.221.10: 1 time
    109.207.200.131: 1 time
    116.228.33.70: 1 time
    118.69.61.190: 1 time
    129.150.69.85 (oc-129-150-69-85.compute.oraclecloud.com): 1 time
    129.191.18.156 (oc-129-191-18-156.compute.oraclecloud.com): 1 time
    139.199.60.33: 1 time
    142.44.184.76 (ip76.ip-142-44-184.net): 1 time
    152.204.14.29: 6 times
    165.227.49.242 (184473.cloudwaysapps.com): 1 time
    178.62.251.130 (239829.cloudwaysapps.com): 1 time
    188.134.79.129 (188x134x79x129.static-business.iz.ertelecom.ru): 6 times
    195.22.239.226 (static.195.22.239.226.mdl.net): 1 time
    200.89.175.86 (86-175-89-200.fibertel.com.ar): 1 time
    206.189.131.213: 1 time
    206.189.137.113: 1 time
    216.113.208.185: 1 time
    222.190.254.165: 1 time
    223.0.10.15: 1 time
    223.197.175.171 (223-197-175-171.static.imsbiz.com): 1 time
 
 Illegal users from:
    undef: 225 times
    2.153.63.33 (2.153.63.33.dyn.user.ono.com): 2 times
    5.196.137.213: 5 times
    24.91.124.63 (c-24-91-124-63.hsd1.ma.comcast.net): 5 times
    27.71.232.44: 1 time
    27.254.13.198: 1 time
    35.194.167.24 (24.167.194.35.bc.googleusercontent.com): 5 times
    36.110.50.217 (217.50.110.36.static.bjtelecom.net): 5 times
    41.239.114.139 (host-41.239.114.139.tedata.net): 1 time
    43.252.215.227: 1 time
    45.55.157.147: 1 time
    45.164.75.126 (45-164-75-126-soswifi.com.br): 6 times
    46.190.84.11 (adsl-11.46.190.84.tellas.gr): 4 times
    51.75.122.16 (siid.ovh): 5 times
    51.254.47.198 (ns3016508.ip-51-254-47.eu): 1 time
    52.7.243.181 (ec2-52-7-243-181.compute-1.amazonaws.com): 1 time
    61.72.254.71: 1 time
    61.148.194.162: 1 time
    62.175.170.9 (62.175.170.9.static.user.ono.com): 1 time
    68.183.191.99: 1 time
    76.115.138.33 (c-76-115-138-33.hsd1.or.comcast.net): 5 times
    80.26.116.5 (5.red-80-26-116.staticip.rima-tde.net): 4 times
    81.23.191.99 (81.23.191-99.tlt.ru): 1 time
    81.213.214.225 (81.213.214.225.dynamic.ttnet.com.tr): 4 times
    82.80.82.151 (bzq-80-82-151.dsl.bezeqint.net): 1 time
    83.99.54.96 (ip-83-99-54-96.dyn.luxdsl.pt.lu): 1 time
    86.237.6.219 (lfbn-1-9429-219.w86-237.abo.wanadoo.fr): 2 times
    88.13.235.87 (87.red-88-13-235.dynamicip.rima-tde.net): 6 times
    89.3.236.207 (ip-207.net-89-3-236.rev.numericable.fr): 5 times
    90.182.142.105 (105.142.broadband15.iol.cz): 3 times
    91.84.51.92: 1 time
    92.222.103.103 (ip103.ip-92-222-103.eu): 1 time
    94.23.215.158 (ns207822.ip-94-23-215.eu): 1 time
    94.23.224.107 (ns306678.ovh.net): 5 times
    95.78.207.149 (dhcp-dynamic-95-78-207-149.broadband.nlink.ru): 6 times
    96.239.59.131 (static-96-239-59-131.nycmny.fios.verizon.net): 1 time
    103.107.17.134 (m134.mycloudbox.in): 5 times
    103.108.87.133 (103-108-87-133.poltekkesjogja.ac.id): 5 times
    104.236.246.16: 1 time
    106.12.194.172: 1 time
    106.12.221.10: 4 times
    107.170.231.42: 1 time
    110.10.129.226: 1 time
    110.20.182.177 (c110-20-182-177.rivrw10.nsw.optusnet.com.au): 1 time
    110.44.126.83: 5 times
    111.205.93.188: 5 times
    112.64.33.38: 5 times
    112.171.69.24: 6 times
    114.242.164.188: 1 time
    115.159.47.147: 4 times
    118.182.118.248: 5 times
    121.185.124.20: 5 times
    122.114.102.6: 5 times
    123.206.30.76: 5 times
    124.193.207.90: 3 times
    128.199.123.60: 1 time
    128.199.216.13: 3 times
    129.144.186.118 (oc-129-144-186-118.compute.oraclecloud.com): 1 time
    129.204.29.45: 4 times
    131.255.239.38 (limitedatonement.megamidia.com.br): 2 times
    139.59.180.53: 1 time
    140.143.199.249: 2 times
    140.210.9.130: 2 times
    142.44.247.87 (87.ip-142-44-247.net): 4 times
    142.93.6.47: 5 times
    142.93.218.84: 1 time
    144.217.196.135 (ip135.ip-144-217-196.net): 5 times
    149.202.44.108 (108.ip-149-202-44.eu): 1 time
    149.202.180.35: 1 time
    150.109.99.138: 5 times
    151.84.105.118: 5 times
    158.69.124.9 (ns522805.ip-158-69-124.net): 1 time
    159.89.153.54: 5 times
    162.211.127.27: 5 times
    164.132.230.244 (244.ip-164-132-230.eu): 1 time
    167.99.161.15: 1 time
    170.231.129.14: 6 times
    174.101.80.233 (cpe-174-101-80-233.columbus.res.rr.com): 1 time
    177.7.217.57 (4832574137.e.brasiltelecom.net.br): 1 time
    177.73.140.62: 5 times
    178.128.124.83 (ehalal.io): 1 time
    178.164.134.190 (178-164-134-190.pool.digikabel.hu): 4 times
    181.10.204.226 (host226.181-10-204.telecom.net.ar): 1 time
    182.16.75.58: 5 times
    182.61.19.113: 5 times
    185.88.196.30 (not-updated.castle-it.net): 4 times
    188.165.242.200 (ns3077451.ip-188-165-242.eu): 3 times
    190.119.196.41: 5 times
    193.32.163.89: 2 times
    193.169.39.254 (www.yugt.ru): 5 times
    196.1.99.12: 1 time
    198.199.117.143: 4 times
    201.76.129.234 (20176129234.tvninternet.com.br): 5 times
    202.82.26.243: 5 times
    202.137.154.236: 1 time
    202.155.226.221: 1 time
    203.214.114.133 (203-214-114-133.dyn.iinet.net.au): 2 times
    204.48.19.178: 5 times
    206.189.239.103: 5 times
    210.212.249.228: 1 time
    211.157.146.54: 5 times
    211.250.189.64: 1 time
    212.68.208.120 (host-212-68-208-120.dynamic.voo.be): 1 time
    212.80.216.133 (psyradio.com.ua): 1 time
    213.32.65.111 (111.ip-213-32-65.eu): 5 times
    217.77.221.85 (static-217-77-221-85.wildpark.net): 1 time
    218.3.139.85: 1 time
    219.93.20.155: 5 times
    221.160.100.14: 1 time
    222.127.49.228: 1 time
 
 **Unmatched Entries**
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)