[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 5 Juli 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Jul  5 04:42:07 2019
        Date Range Processed: yesterday
                              ( 2019-Jul-04 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [241:241]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Requests with error response codes
    400 Bad Request
       /: 1 Time(s)
       /Login.htm: 1 Time(s)
       /shell?busybox: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       /webadmin/script?command=|busybox: 1 Time(s)
    403 Forbidden
       /resolutionen/sose17/: 1 Time(s)
       /resolutionen/wise16/: 1 Time(s)
    404 Not Found
       /robots.txt: 50 Time(s)
       /berlin/apple-touch-icon.png: 2 Time(s)
       /ads.txt: 1 Time(s)
       /berichte/SoSe16/www.zapfev.de/resolutione ... amt/Lehramt.pdf: 1 Time(s)
       /berichte/WiSe16/www.zapfev.de/resolutione ... ellungnahme.pdf: 1 Time(s)
       /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s)
       /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
    500 Internal Server Error
       /robots.txt: 19 Time(s)
       /: 8 Time(s)
       /web_shell_cmd.gch: 3 Time(s)
       /favicon.ico: 2 Time(s)
       /Lists/admin.php: 1 Time(s)
       /admin.php: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (154.118.141.90): 30 Time(s)
       unknown (94.191.29.221): 29 Time(s)
       unknown (123.207.78.134): 26 Time(s)
       unknown (140.143.236.227): 26 Time(s)
       unknown (180.96.28.87): 26 Time(s)
       unknown (106.12.96.226): 25 Time(s)
       unknown (123.207.247.237): 25 Time(s)
       unknown (125-227-57-223.hinet-ip.hinet.net): 25 Time(s)
       unknown (206.189.147.229): 25 Time(s)
       unknown (212.156.115.58): 25 Time(s)
       unknown (ns332025.ip-37-187-122.eu): 25 Time(s)
       unknown (118.25.10.61): 24 Time(s)
       unknown (139.59.8.66): 24 Time(s)
       unknown (179.185.67.221.static.gvt.net.br): 24 Time(s)
       unknown (182.61.37.35): 24 Time(s)
       unknown (188.131.200.191): 24 Time(s)
       unknown (188.131.204.154): 24 Time(s)
       unknown (49.212.154.221): 24 Time(s)
       unknown (178.62.41.7): 23 Time(s)
       unknown (182.156.196.67): 23 Time(s)
       unknown (static-235-189-84-188.ipcom.comunitel.net): 23 Time(s)
       unknown (77.93.33.212): 22 Time(s)
       unknown (173-12-157-141-northgulf.hfc.comcastbusiness.net): 21 Time(s)
       unknown (188.ip-51-255-160.eu): 21 Time(s)
       unknown (68.183.50.0): 21 Time(s)
       unknown (159.203.179.230): 20 Time(s)
       unknown (160.ip-213-32-67.eu): 20 Time(s)
       unknown (168.194.160.179): 18 Time(s)
       unknown (111.230.241.245): 16 Time(s)
       unknown (ip-109-73.sn2.clouditalia.com): 14 Time(s)
       unknown (178.128.76.41): 13 Time(s)
       unknown (211.159.152.252): 13 Time(s)
       unknown (120.ip-51-38-129.eu): 9 Time(s)
       unknown (157.230.30.23): 9 Time(s)
       unknown (112.35.26.43): 7 Time(s)
       unknown (c-71-237-171-150.hsd1.or.comcast.net): 7 Time(s)
       root (109.195.94.140): 6 Time(s)
       root (37.204.95.105): 6 Time(s)
       unknown (120.1.21.38): 6 Time(s)
       unknown (153.3.123.101): 6 Time(s)
       unknown (gtl132.internetdsl.tpnet.pl): 5 Time(s)
       unknown (190.65.220.94): 3 Time(s)
       unknown (45.55.12.248): 3 Time(s)
       root (160.ip-213-32-67.eu): 2 Time(s)
       root (178.62.41.7): 2 Time(s)
       root (182.156.196.67): 2 Time(s)
       root (182.61.37.35): 2 Time(s)
       unknown (14.161.6.201): 2 Time(s)
       unknown (178.128.150.158): 2 Time(s)
       unknown (193.32.163.182): 2 Time(s)
       unknown (68.183.178.162): 2 Time(s)
       backup (106.12.96.226): 1 Time(s)
       backup (157.230.30.23): 1 Time(s)
       backup (159.203.179.230): 1 Time(s)
       backup (188.ip-51-255-160.eu): 1 Time(s)
       bin (118.25.10.61): 1 Time(s)
       bin (140.143.236.227): 1 Time(s)
       irc (168.194.160.179): 1 Time(s)
       irc (182.156.196.67): 1 Time(s)
       list (125-227-57-223.hinet-ip.hinet.net): 1 Time(s)
       lp (106.12.96.226): 1 Time(s)
       lp (159.203.179.230): 1 Time(s)
       mysql (118.25.10.61): 1 Time(s)
       mysql (157.230.30.23): 1 Time(s)
       news (123.207.247.237): 1 Time(s)
       postgres (111.230.241.245): 1 Time(s)
       postgres (125-227-57-223.hinet-ip.hinet.net): 1 Time(s)
       postgres (173-12-157-141-northgulf.hfc.comcastbusiness.net): 1 Time(s)
       postgres (178.62.41.7): 1 Time(s)
       postgres (ns3016508.ip-51-254-47.eu): 1 Time(s)
       root (104.236.102.16): 1 Time(s)
       root (125-227-57-223.hinet-ip.hinet.net): 1 Time(s)
       root (134.175.42.162): 1 Time(s)
       root (139.59.79.56): 1 Time(s)
       root (154.118.141.90): 1 Time(s)
       root (157.230.30.23): 1 Time(s)
       root (159.65.144.233): 1 Time(s)
       root (159.89.165.127): 1 Time(s)
       root (173-12-157-141-northgulf.hfc.comcastbusiness.net): 1 Time(s)
       root (178.128.150.158): 1 Time(s)
       root (188.131.200.191): 1 Time(s)
       root (206.189.136.160): 1 Time(s)
       root (206.189.147.229): 1 Time(s)
       root (212.156.115.58): 1 Time(s)
       root (215.ip-51-255-174.eu): 1 Time(s)
       root (218.92.0.175): 1 Time(s)
       root (218.92.0.186): 1 Time(s)
       root (56.226.221.35.bc.googleusercontent.com): 1 Time(s)
       root (77.65.198.35.bc.googleusercontent.com): 1 Time(s)
       root (77.93.33.212): 1 Time(s)
       root (94.191.29.221): 1 Time(s)
       root (host81-133-111-101.in-addr.btopenworld.com): 1 Time(s)
       root (ip-104-238-116-94.ip.secureserver.net): 1 Time(s)
       root (ns332025.ip-37-187-122.eu): 1 Time(s)
       sync (56.226.221.35.bc.googleusercontent.com): 1 Time(s)
       sys (173-12-157-141-northgulf.hfc.comcastbusiness.net): 1 Time(s)
       temp (160.ip-213-32-67.eu): 1 Time(s)
       unknown (101.251.197.238): 1 Time(s)
       unknown (103.21.148.16): 1 Time(s)
       unknown (103.248.83.76): 1 Time(s)
       unknown (104.248.211.180): 1 Time(s)
       unknown (104.248.255.118): 1 Time(s)
       unknown (110.45.145.178): 1 Time(s)
       unknown (111.231.87.233): 1 Time(s)
       unknown (112.241.140.114): 1 Time(s)
       unknown (114-32-218-77.hinet-ip.hinet.net): 1 Time(s)
       unknown (116.228.58.93): 1 Time(s)
       unknown (116.238.224.222): 1 Time(s)
       unknown (118.24.90.64): 1 Time(s)
       unknown (121.201.8.248): 1 Time(s)
       unknown (122.114.79.98): 1 Time(s)
       unknown (122.5.18.194): 1 Time(s)
       unknown (124.116.156.131): 1 Time(s)
       unknown (132.255.29.228): 1 Time(s)
       unknown (138.197.105.79): 1 Time(s)
       unknown (138.197.153.228): 1 Time(s)
       unknown (171.224.248.115): 1 Time(s)
       unknown (178.128.156.144): 1 Time(s)
       unknown (178.128.158.113): 1 Time(s)
       unknown (178.128.195.6): 1 Time(s)
       unknown (178.128.3.152): 1 Time(s)
       unknown (180.117.111.164): 1 Time(s)
       unknown (182.61.170.251): 1 Time(s)
       unknown (182.61.43.223): 1 Time(s)
       unknown (185.101.231.42): 1 Time(s)
       unknown (189.176.194.35.bc.googleusercontent.com): 1 Time(s)
       unknown (189.254.33.157): 1 Time(s)
       unknown (196.1.99.12): 1 Time(s)
       unknown (201.131.244.57): 1 Time(s)
       unknown (203.110.215.219): 1 Time(s)
       unknown (206.189.65.11): 1 Time(s)
       unknown (213.77.62.84): 1 Time(s)
       unknown (215.ip-51-255-174.eu): 1 Time(s)
       unknown (221.181.73.31): 1 Time(s)
       unknown (234.86.221.35.bc.googleusercontent.com): 1 Time(s)
       unknown (36.89.209.22): 1 Time(s)
       unknown (45.55.157.147): 1 Time(s)
       unknown (45.55.232.84): 1 Time(s)
       unknown (45.55.42.17): 1 Time(s)
       unknown (46.101.49.156): 1 Time(s)
       unknown (61.72.254.71): 1 Time(s)
       unknown (67.8.244.35.bc.googleusercontent.com): 1 Time(s)
       unknown (74-92-210-138-colorado.hfc.comcastbusiness.net): 1 Time(s)
       unknown (gridit.grid-computacion.com): 1 Time(s)
       unknown (ip182.ip-51-254-51.eu): 1 Time(s)
       unknown (mail.buzzdate.xyz): 1 Time(s)
       unknown (ns3077451.ip-188-165-242.eu): 1 Time(s)
       unknown (pd9eea671.dip0.t-ipconnect.de): 1 Time(s)
       unknown (vmi265320.contaboserver.net): 1 Time(s)
       www-data (179.185.67.221.static.gvt.net.br): 1 Time(s)
       www-data (182.61.37.35): 1 Time(s)
       www-data (188.131.204.154): 1 Time(s)
       www-data (49.212.154.221): 1 Time(s)
    Invalid Users:
       Unknown Account: 846 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        2   Miscellaneous warnings  
 
   28.915K  Bytes accepted                              29,609
   28.915K  Bytes sent via SMTP                         29,609
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
      290   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
      290   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      422   Connections             
      391   Connections lost (inbound) 
      422   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    invalid : 2 Time(s)
    root : 2 Time(s)
 
 Failed logins from:
    35.198.65.77 (77.65.198.35.bc.googleusercontent.com): 1 time
    35.221.226.56 (56.226.221.35.bc.googleusercontent.com): 2 times
    37.187.122.195 (ns332025.ip-37-187-122.eu): 1 time
    37.204.95.105 (broadband-37.204-95-105.ip.moscow.rt.ru): 6 times
    49.212.154.221 (in-betweens.com): 1 time
    51.254.47.198 (ns3016508.ip-51-254-47.eu): 1 time
    51.255.160.188 (188.ip-51-255-160.eu): 1 time
    51.255.174.215 (215.ip-51-255-174.eu): 1 time
    77.93.33.212: 1 time
    81.133.111.101 (host81-133-111-101.in-addr.btopenworld.com): 1 time
    94.191.29.221: 1 time
    104.236.102.16: 1 time
    104.238.116.94 (ip-104-238-116-94.ip.secureserver.net): 1 time
    106.12.96.226: 2 times
    109.195.94.140 (109x195x94x140.static-business.spb.ertelecom.ru): 6 times
    111.230.241.245: 1 time
    118.25.10.61: 2 times
    123.207.247.237: 1 time
    125.227.57.223 (125-227-57-223.HINET-IP.hinet.net): 3 times
    134.175.42.162: 1 time
    139.59.79.56: 1 time
    140.143.236.227: 1 time
    154.118.141.90: 1 time
    157.230.30.23: 3 times
    159.65.144.233: 1 time
    159.89.165.127: 1 time
    159.203.179.230: 2 times
    168.194.160.179 (179.160.194.168.rfc6598.dynamic.copelfibra.com.br): 1 time
    173.12.157.141 (173-12-157-141-northgulf.hfc.comcastbusiness.net): 3 times
    178.62.41.7: 3 times
    178.128.150.158: 1 time
    179.185.67.221 (179.185.67.221.static.gvt.net.br): 1 time
    182.61.37.35: 3 times
    182.156.196.67 (static-67.196.156.182-tataidc.co.in): 3 times
    188.131.200.191: 1 time
    188.131.204.154: 1 time
    206.189.136.160: 1 time
    206.189.147.229: 1 time
    212.156.115.58 (212.156.115.58.static.turktelekom.com.tr): 1 time
    213.32.67.160 (160.ip-213-32-67.eu): 3 times
    218.92.0.175: 2 times
    218.92.0.186: 3 times
 
 Illegal users from:
    undef: 630 times
    14.161.6.201 (static.vnpt.vn): 2 times
    35.194.176.189 (189.176.194.35.bc.googleusercontent.com): 1 time
    35.221.86.234 (234.86.221.35.bc.googleusercontent.com): 1 time
    35.244.8.67 (67.8.244.35.bc.googleusercontent.com): 1 time
    36.89.209.22: 1 time
    37.187.122.195 (ns332025.ip-37-187-122.eu): 25 times
    45.55.12.248 (hostmaster.vitalconnectionuniversity.com): 3 times
    45.55.42.17: 1 time
    45.55.157.147: 1 time
    45.55.232.84: 1 time
    46.101.49.156: 1 time
    49.212.154.221 (in-betweens.com): 24 times
    51.38.129.120 (120.ip-51-38-129.eu): 9 times
    51.254.51.182 (ip182.ip-51-254-51.eu): 1 time
    51.255.160.188 (188.ip-51-255-160.eu): 21 times
    51.255.174.215 (215.ip-51-255-174.eu): 1 time
    61.72.254.71: 1 time
    68.183.50.0: 21 times
    68.183.178.162: 2 times
    71.237.171.150 (c-71-237-171-150.hsd1.or.comcast.net): 7 times
    74.92.210.138 (74-92-210-138-Colorado.hfc.comcastbusiness.net): 1 time
    77.93.33.212: 22 times
    83.3.245.132 (gtl132.internetdsl.tpnet.pl): 5 times
    83.211.109.73 (ip-109-73.sn2.clouditalia.com): 14 times
    94.191.29.221: 29 times
    101.251.197.238: 1 time
    103.21.148.16: 1 time
    103.248.83.76 (static-103-248-83-76.ctrls.in): 1 time
    104.248.211.180: 1 time
    104.248.255.118: 1 time
    106.12.96.226: 25 times
    110.45.145.178: 1 time
    111.230.241.245: 16 times
    111.231.87.233: 1 time
    112.35.26.43: 7 times
    112.241.140.114: 5 times
    114.32.218.77 (114-32-218-77.HINET-IP.hinet.net): 1 time
    116.228.58.93: 1 time
    116.238.224.222: 1 time
    118.24.90.64: 1 time
    118.25.10.61: 24 times
    120.1.21.38: 6 times
    121.201.8.248: 1 time
    122.5.18.194 (194.18.5.122.broad.yt.sd.dynamic.163data.com.cn): 1 time
    122.114.79.98: 1 time
    123.207.78.134: 26 times
    123.207.247.237: 25 times
    124.116.156.131: 1 time
    125.227.57.223 (125-227-57-223.HINET-IP.hinet.net): 25 times
    132.255.29.228 (132-255-29-228.informac.com.br): 1 time
    138.197.105.79: 1 time
    138.197.153.228: 1 time
    139.59.8.66: 24 times
    139.59.95.244 (mail.buzzdate.xyz): 1 time
    140.143.236.227: 26 times
    153.3.123.101: 6 times
    154.118.141.90: 30 times
    157.230.30.23: 9 times
    159.203.179.230: 20 times
    167.86.113.253 (vmi265320.contaboserver.net): 1 time
    168.194.160.179 (179.160.194.168.rfc6598.dynamic.copelfibra.com.br): 18 times
    171.224.248.115 (dynamic-ip-adsl.viettel.vn): 1 time
    173.12.157.141 (173-12-157-141-northgulf.hfc.comcastbusiness.net): 21 times
    178.62.41.7: 23 times
    178.128.3.152: 1 time
    178.128.76.41: 13 times
    178.128.150.158: 2 times
    178.128.156.144: 1 time
    178.128.158.113: 1 time
    178.128.195.6: 1 time
    179.185.67.221 (179.185.67.221.static.gvt.net.br): 24 times
    180.96.28.87: 26 times
    180.117.111.164: 5 times
    182.61.37.35: 24 times
    182.61.43.223: 1 time
    182.61.170.251: 1 time
    182.156.196.67 (static-67.196.156.182-tataidc.co.in): 23 times
    185.101.231.42 (int0.client.access.fanaptelecom.net): 1 time
    188.84.189.235 (static-235-189-84-188.ipcom.comunitel.net): 23 times
    188.131.200.191: 24 times
    188.131.204.154: 24 times
    188.165.242.200 (ns3077451.ip-188-165-242.eu): 1 time
    189.254.33.157 (customer-189-254-33-157-sta.uninet-ide.com.mx): 1 time
    190.65.220.94: 3 times
    193.32.163.182 (hosting-by.cloud-home.me): 2 times
    196.1.99.12: 1 time
    201.131.244.57 (201-131-244-57.gln.net.br): 1 time
    201.139.111.202 (gridit.grid-computacion.com): 1 time
    203.110.215.219: 1 time
    206.189.65.11: 1 time
    206.189.147.229: 25 times
    211.159.152.252: 13 times
    212.156.115.58 (212.156.115.58.static.turktelekom.com.tr): 25 times
    213.32.67.160 (160.ip-213-32-67.eu): 20 times
    213.77.62.84: 1 time
    217.238.166.113 (pD9EEA671.dip0.t-ipconnect.de): 1 time
    221.181.73.31 (.): 1 time
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  242G  159G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)