[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Sonntag, 10 Oktober 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sun Oct 10 04:42:05 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-09 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 85:86 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    106.45.9.144 -> zapf.wiki:443: 1 Time(s)
    222.186.19.235 -> zapf.wiki:443: 2 Time(s)
 
 A total of 8 sites probed the server 
    176.58.124.134
    193.242.145.112
    199.195.251.213
    209.141.56.41
    222.186.19.235
    5.188.210.227
    66.240.205.34
    91.132.58.79
 
 Requests with error response codes
    400 Bad Request
       null: 15 Time(s)
       zapf.wiki:443: 3 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
       /config/getuser?index=0: 2 Time(s)
       mstshash=Administr: 2 Time(s)
       /: 1 Time(s)
       /.env: 1 Time(s)
       http://5.188.210.227/echo.php: 1 Time(s)
    500 Internal Server Error
       /: 56 Time(s)
       /.env: 4 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /.git/config: 1 Time(s)
       /.well-known/security.txt: 1 Time(s)
       ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s)
       //login_sid.lua: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /GponForm/diag_Form?style/: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /blog/wp-login.php: 1 Time(s)
       /console/: 1 Time(s)
       /ecp/fa.js: 1 Time(s)
       /home/wp-login.php: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /new/wp-login.php: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
       /wp-login.php: 1 Time(s)
       /wp/wp-login.php: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (193.105.7.52): 45 Time(s)
       root (212.64.74.235): 40 Time(s)
       root (115.159.25.205): 38 Time(s)
       root (119.91.80.2): 38 Time(s)
       root (159.148.84.159): 38 Time(s)
       root (106.52.174.219): 37 Time(s)
       root (175.24.101.37): 37 Time(s)
       root (167.71.145.201): 36 Time(s)
       root (1.15.142.88): 35 Time(s)
       root (103.154.59.65): 34 Time(s)
       root (106.54.78.101): 34 Time(s)
       root (202.169.46.88): 34 Time(s)
       root (42.192.151.83): 34 Time(s)
       root (bras-base-mtrlpq3704w-grc-22-174-91-192-200.dsl.bell.ca): 34 Time(s)
       root (101.228.82.55): 33 Time(s)
       root (104.236.69.31): 32 Time(s)
       root (49.234.63.131): 32 Time(s)
       root (42.192.50.24): 30 Time(s)
       root (82.156.87.90): 29 Time(s)
       unknown (81.70.164.97): 29 Time(s)
       root (1.117.143.185): 27 Time(s)
       root (222.185.231.246): 25 Time(s)
       root (81.70.164.97): 21 Time(s)
       unknown (211.253.8.225): 21 Time(s)
       root (r201-217-159-155.ir-static.anteldata.net.uy): 20 Time(s)
       root (49.235.37.144): 19 Time(s)
       root (106.13.212.203): 18 Time(s)
       root (120.133.52.105): 18 Time(s)
       root (211.253.8.225): 18 Time(s)
       root (211.45.247.122): 18 Time(s)
       root (41.222.0.16): 18 Time(s)
       unknown (49.234.63.131): 18 Time(s)
       root (106.12.128.72): 17 Time(s)
       root (89.17.63.85): 17 Time(s)
       unknown (104.236.69.31): 17 Time(s)
       root (116.247.81.99): 16 Time(s)
       unknown (202.169.46.88): 16 Time(s)
       unknown (42.192.50.24): 16 Time(s)
       unknown (bras-base-mtrlpq3704w-grc-22-174-91-192-200.dsl.bell.ca): 16 Time(s)
       unknown (106.54.78.101): 15 Time(s)
       unknown (101.228.82.55): 14 Time(s)
       unknown (103.154.59.65): 14 Time(s)
       unknown (167.71.145.201): 14 Time(s)
       unknown (89.17.63.85): 14 Time(s)
       root (119.45.37.230): 13 Time(s)
       root (81.69.7.163): 13 Time(s)
       unknown (1.15.142.88): 13 Time(s)
       unknown (198.23.153.142): 13 Time(s)
       root (117.107.163.240): 12 Time(s)
       unknown (119.91.80.2): 12 Time(s)
       unknown (175.24.101.37): 12 Time(s)
       unknown (41.222.0.16): 12 Time(s)
       root (115.159.114.30): 11 Time(s)
       root (143.110.212.213): 11 Time(s)
       root (r179-27-60-34.static.adinet.com.uy): 11 Time(s)
       unknown (106.52.174.219): 11 Time(s)
       unknown (115.159.25.205): 11 Time(s)
       unknown (159.148.84.159): 11 Time(s)
       unknown (42.192.151.83): 11 Time(s)
       unknown (1.117.143.185): 10 Time(s)
       unknown (116.247.81.99): 10 Time(s)
       unknown (117.107.163.240): 10 Time(s)
       unknown (212.64.74.235): 10 Time(s)
       unknown (82.156.87.90): 10 Time(s)
       unknown (49.234.42.234): 9 Time(s)
       root (139.255.66.218): 8 Time(s)
       unknown (176.111.173.226): 8 Time(s)
       unknown (81.69.7.163): 8 Time(s)
       root (49.234.42.234): 7 Time(s)
       unknown (115.159.114.30): 7 Time(s)
       unknown (211.45.247.122): 7 Time(s)
       unknown (222.185.231.246): 7 Time(s)
       unknown (r179-27-60-34.static.adinet.com.uy): 7 Time(s)
       unknown (106.12.128.72): 6 Time(s)
       unknown (106.13.212.203): 6 Time(s)
       unknown (61.35.57.29): 6 Time(s)
       root (193.105.7.52): 5 Time(s)
       unknown (120.133.52.105): 5 Time(s)
       unknown (45.135.232.159): 5 Time(s)
       unknown (49.235.37.144): 5 Time(s)
       unknown (r201-217-159-155.ir-static.anteldata.net.uy): 5 Time(s)
       root (198.23.153.142): 4 Time(s)
       root (210.28.213.193.static.cust.telenor.com): 4 Time(s)
       root (81.68.212.201): 4 Time(s)
       root (conm200-116-110-25.epm.net.co): 4 Time(s)
       unknown (143.110.212.213): 4 Time(s)
       unknown (210.28.213.193.static.cust.telenor.com): 4 Time(s)
       root (113.102.207.69): 3 Time(s)
       root (14.221.4.185): 3 Time(s)
       root (ip-182-16-240-238.interlink.net.id): 3 Time(s)
       unknown (107.ip-51-254-113.eu): 3 Time(s)
       unknown (119.45.37.230): 3 Time(s)
       unknown (146.185.79.101): 3 Time(s)
       unknown (176.111.173.237): 3 Time(s)
       unknown (176.111.173.238): 3 Time(s)
       unknown (205.185.121.149): 3 Time(s)
       unknown (209.141.55.232): 3 Time(s)
       root (101.89.182.204): 2 Time(s)
       root (113.102.205.224): 2 Time(s)
       root (113.102.205.97): 2 Time(s)
       root (113.102.206.144): 2 Time(s)
       root (113.102.206.149): 2 Time(s)
       root (113.102.207.182): 2 Time(s)
       root (113.102.207.245): 2 Time(s)
       root (14.221.5.228): 2 Time(s)
       root (14.221.5.73): 2 Time(s)
       root (42.192.133.140): 2 Time(s)
       root (net-109-116-41-238.cust.vodafonedsl.it): 2 Time(s)
       unknown (046124101250.public.t-mobile.at): 2 Time(s)
       unknown (112.31.56.247): 2 Time(s)
       unknown (113.102.205.224): 2 Time(s)
       unknown (139.255.66.218): 2 Time(s)
       unknown (141.98.10.81): 2 Time(s)
       unknown (212.193.30.64): 2 Time(s)
       unknown (42.192.133.140): 2 Time(s)
       unknown (82.166.147.151): 2 Time(s)
       unknown (net-109-116-41-238.cust.vodafonedsl.it): 2 Time(s)
       backup (104.236.69.31): 1 Time(s)
       backup (198.23.153.142): 1 Time(s)
       mysql (42.192.50.24): 1 Time(s)
       root (107.ip-51-254-113.eu): 1 Time(s)
       root (113.102.204.55): 1 Time(s)
       root (113.102.204.82): 1 Time(s)
       root (113.102.205.112): 1 Time(s)
       root (113.102.205.120): 1 Time(s)
       root (113.102.206.156): 1 Time(s)
       root (113.102.207.128): 1 Time(s)
       root (113.102.207.199): 1 Time(s)
       root (114.67.104.59): 1 Time(s)
       root (14.221.4.11): 1 Time(s)
       root (14.221.4.138): 1 Time(s)
       root (14.221.4.182): 1 Time(s)
       root (14.221.4.55): 1 Time(s)
       root (14.221.5.150): 1 Time(s)
       root (14.221.5.157): 1 Time(s)
       root (14.221.5.176): 1 Time(s)
       root (14.221.5.190): 1 Time(s)
       root (146.185.79.101): 1 Time(s)
       root (154.8.226.52): 1 Time(s)
       root (36.133.170.229): 1 Time(s)
       root (36.133.216.195): 1 Time(s)
       sys (159.148.84.159): 1 Time(s)
       unknown (113.102.205.112): 1 Time(s)
       unknown (113.102.205.202): 1 Time(s)
       unknown (113.102.205.242): 1 Time(s)
       unknown (113.102.205.42): 1 Time(s)
       unknown (113.102.206.144): 1 Time(s)
       unknown (113.102.206.149): 1 Time(s)
       unknown (113.102.206.230): 1 Time(s)
       unknown (113.102.207.128): 1 Time(s)
       unknown (113.102.207.199): 1 Time(s)
       unknown (14.221.5.22): 1 Time(s)
       unknown (14.221.5.252): 1 Time(s)
       unknown (14.221.5.71): 1 Time(s)
       unknown (188.126.89.138): 1 Time(s)
       unknown (188.126.89.139): 1 Time(s)
       unknown (36.133.216.195): 1 Time(s)
       unknown (45.154.255.147): 1 Time(s)
       unknown (conm200-116-110-25.epm.net.co): 1 Time(s)
       unknown (ip-182-16-240-238.interlink.net.id): 1 Time(s)
       unknown (tor-exit4-readme.dfri.se): 1 Time(s)
       uucp (45.135.232.159): 1 Time(s)
    Invalid Users:
       Unknown Account: 562 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        3   Miscellaneous warnings  
 
   16.583K  Bytes accepted                              16,981
   16.583K  Bytes sent via SMTP                         16,981
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        3   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        3   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       90   Connections             
       32   Connections lost (inbound) 
       90   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
       40   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.15.142.88: 35 times
    1.117.143.185: 27 times
    14.221.4.11: 1 time
    14.221.4.55: 1 time
    14.221.4.138: 1 time
    14.221.4.182: 1 time
    14.221.4.185: 3 times
    14.221.5.73: 2 times
    14.221.5.150: 1 time
    14.221.5.157: 1 time
    14.221.5.176: 1 time
    14.221.5.190: 1 time
    14.221.5.228: 2 times
    36.133.170.229: 1 time
    36.133.216.195: 1 time
    41.222.0.16: 18 times
    42.192.50.24: 31 times
    42.192.133.140: 2 times
    42.192.151.83: 34 times
    45.135.232.159: 1 time
    49.234.42.234: 7 times
    49.234.63.131: 32 times
    49.235.37.144: 19 times
    51.254.113.107 (107.ip-51-254-113.eu): 1 time
    81.68.212.201: 4 times
    81.69.7.163: 13 times
    81.70.164.97: 21 times
    82.156.87.90: 29 times
    89.17.63.85: 17 times
    101.89.182.204: 2 times
    101.228.82.55: 33 times
    103.154.59.65: 34 times
    104.236.69.31: 33 times
    106.12.128.72: 17 times
    106.13.212.203: 18 times
    106.52.174.219: 37 times
    106.54.78.101: 34 times
    109.116.41.238 (net-109-116-41-238.cust.vodafonedsl.it): 2 times
    113.102.204.55: 1 time
    113.102.204.82: 1 time
    113.102.205.97: 2 times
    113.102.205.112: 1 time
    113.102.205.120: 1 time
    113.102.205.224: 2 times
    113.102.206.144: 2 times
    113.102.206.149: 2 times
    113.102.206.156: 1 time
    113.102.207.69: 3 times
    113.102.207.128: 1 time
    113.102.207.182: 2 times
    113.102.207.199: 1 time
    113.102.207.245: 2 times
    114.67.104.59: 1 time
    115.159.25.205: 38 times
    115.159.114.30: 11 times
    116.247.81.99: 16 times
    117.107.163.240: 12 times
    119.45.37.230: 13 times
    119.91.80.2: 38 times
    120.133.52.105: 18 times
    139.255.66.218 (ln-static-139-255-66-218.link.net.id): 8 times
    143.110.212.213: 11 times
    146.185.79.101: 1 time
    154.8.226.52: 1 time
    159.148.84.159: 39 times
    167.71.145.201: 36 times
    174.91.192.200 (bras-base-mtrlpq3704w-grc-22-174-91-192-200.dsl.bell.ca): 34 times
    175.24.101.37: 37 times
    179.27.60.34 (r179-27-60-34.static.adinet.com.uy): 11 times
    182.16.240.238 (ip-182-16-240-238.interlink.net.id): 3 times
    193.105.7.52 (193-105-7-52.therecom.net): 5 times
    193.213.28.210 (210.28.213.193.static.cust.telenor.com): 4 times
    198.23.153.142 (198-23-153-142-host.colocrossing.com): 5 times
    200.116.110.25 (conm200-116-110-25.epm.net.co): 4 times
    201.217.159.155 (r201-217-159-155.ir-static.anteldata.net.uy): 20 times
    202.169.46.88: 34 times
    211.45.247.122: 18 times
    211.253.8.225: 18 times
    212.64.74.235: 40 times
    222.185.231.246: 25 times
 
 Illegal users from:
    undef: 388 times
    1.15.142.88: 13 times
    1.117.143.185: 10 times
    14.221.5.22: 1 time
    14.221.5.71: 1 time
    14.221.5.252: 1 time
    36.133.216.195: 1 time
    41.222.0.16: 12 times
    42.192.50.24: 16 times
    42.192.133.140: 2 times
    42.192.151.83: 11 times
    45.135.232.159: 5 times
    45.154.255.147 (cust-147.keff.org): 1 time
    46.124.101.250 (046124101250.public.t-mobile.at): 2 times
    49.234.42.234: 9 times
    49.234.63.131: 18 times
    49.235.37.144: 5 times
    51.254.113.107 (107.ip-51-254-113.eu): 3 times
    61.35.57.29: 6 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    81.69.7.163: 8 times
    81.70.164.97: 29 times
    82.156.87.90: 10 times
    82.166.147.151 (82-166-147-151.barak-online.net): 2 times
    89.17.63.85: 14 times
    101.228.82.55: 14 times
    103.154.59.65: 14 times
    104.236.69.31: 17 times
    106.12.128.72: 6 times
    106.13.212.203: 6 times
    106.52.174.219: 11 times
    106.54.78.101: 15 times
    109.116.41.238 (net-109-116-41-238.cust.vodafonedsl.it): 2 times
    112.31.56.247: 2 times
    113.102.205.42: 1 time
    113.102.205.112: 1 time
    113.102.205.202: 1 time
    113.102.205.224: 2 times
    113.102.205.242: 1 time
    113.102.206.144: 1 time
    113.102.206.149: 1 time
    113.102.206.230: 1 time
    113.102.207.128: 1 time
    113.102.207.199: 1 time
    115.159.25.205: 11 times
    115.159.114.30: 7 times
    116.247.81.99: 10 times
    117.107.163.240: 10 times
    119.45.37.230: 3 times
    119.91.80.2: 12 times
    120.133.52.105: 5 times
    139.255.66.218 (ln-static-139-255-66-218.link.net.id): 2 times
    141.98.10.81: 2 times
    143.110.212.213: 4 times
    146.185.79.101: 3 times
    159.148.84.159: 11 times
    167.71.145.201: 14 times
    171.25.193.78 (tor-exit4-readme.dfri.se): 1 time
    174.91.192.200 (bras-base-mtrlpq3704w-grc-22-174-91-192-200.dsl.bell.ca): 16 times
    175.24.101.37: 12 times
    176.111.173.226: 8 times
    176.111.173.237: 3 times
    176.111.173.238: 3 times
    179.27.60.34 (r179-27-60-34.static.adinet.com.uy): 7 times
    182.16.240.238 (ip-182-16-240-238.interlink.net.id): 1 time
    188.126.89.138: 1 time
    188.126.89.139: 1 time
    193.105.7.52 (193-105-7-52.therecom.net): 45 times
    193.213.28.210 (210.28.213.193.static.cust.telenor.com): 4 times
    198.23.153.142 (198-23-153-142-host.colocrossing.com): 13 times
    200.116.110.25 (conm200-116-110-25.epm.net.co): 1 time
    201.217.159.155 (r201-217-159-155.ir-static.anteldata.net.uy): 5 times
    202.169.46.88: 16 times
    205.185.121.149: 3 times
    209.141.55.232: 3 times
    211.45.247.122: 7 times
    211.253.8.225: 21 times
    212.64.74.235: 10 times
    212.193.30.64: 2 times
    222.185.231.246: 7 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)