[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Donnerstag, 25 Februar 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Thu Feb 25 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Feb-24 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 96:96 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 9 sites probed the server 
    138.68.19.202
    159.65.206.162
    161.35.236.158
    172.104.242.173
    20.80.88.123
    45.153.203.125
    61.219.11.153
    64.227.99.233
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       null: 12 Time(s)
       /: 5 Time(s)
       mstshash=Administr: 2 Time(s)
       /c/version.js: 1 Time(s)
       /client_area/: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       /stalker_portal/c/: 1 Time(s)
       /stalker_portal/c/version.js: 1 Time(s)
       /streaming/clients_live.php: 1 Time(s)
       /system_api.php: 1 Time(s)
       X\xD4>\x12\x98\xC4<\xE0\x13\xCF\x00\xAC\xA ... 5Cs\x9C\xBD\xCB: 1 Time(s)
       \x14+\x1A\x22\xB8\x887\x17\x057;\x00\x00\x ... x09\xC0\x14\xC0: 1 Time(s)
    404 Not Found
       /robots.txt: 68 Time(s)
       /reader/1989-wi-berlin.pdf: 3 Time(s)
       /reader/1995-so-reader_ha95.pdf: 3 Time(s)
       /download/zapfev_satzung.pdf: 2 Time(s)
       /reader/1995-wi-reader_bn95.pdf: 2 Time(s)
       /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 2 Time(s)
       /wp-login.php: 2 Time(s)
       /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 1 Time(s)
       /bupload/: 1 Time(s)
       /ebak/: 1 Time(s)
       /ebak1/: 1 Time(s)
       /ebak2/: 1 Time(s)
       /empirebak/: 1 Time(s)
       /eupload/: 1 Time(s)
       /protokolle/Protokoll_MV_2019_01_11_Freiburg.pdf: 1 Time(s)
    499 (undefined)
       /: 1 Time(s)
    500 Internal Server Error
       /: 66 Time(s)
       /.env: 7 Time(s)
       /robots.txt: 7 Time(s)
       /sitemap.xml: 6 Time(s)
       /atom.xml: 5 Time(s)
       /sitemap.txt: 5 Time(s)
       /sitemap_index.xml: 4 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       //login_sid.lua: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /admin//config.php: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /c/version.js: 1 Time(s)
       /client_area/: 1 Time(s)
       /console/: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /sitemap.xml.gz: 1 Time(s)
       /stalker_portal/c/: 1 Time(s)
       /stalker_portal/c/version.js: 1 Time(s)
       /streaming/clients_live.php: 1 Time(s)
       /system_api.php: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
    503 Service Unavailable
       /me: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (vmi501273.contaboserver.net): 228 Time(s)
       root (165.227.165.102): 92 Time(s)
       root (248.ip-149-56-130.net): 83 Time(s)
       root (150.136.21.3): 72 Time(s)
       root (114.67.105.113): 70 Time(s)
       root (42.248.78.56): 69 Time(s)
       root (120.48.31.123): 68 Time(s)
       root (159.203.181.218): 66 Time(s)
       root (139.215.217.181): 65 Time(s)
       root (206.189.122.104): 65 Time(s)
       root (157.230.215.145): 64 Time(s)
       root (119.28.194.66): 63 Time(s)
       root (139.59.3.114): 62 Time(s)
       root (194.152.206.47): 62 Time(s)
       root (106.13.217.124): 61 Time(s)
       root (176.235.221.83): 61 Time(s)
       root (42.192.87.213): 61 Time(s)
       root (114.67.95.121): 60 Time(s)
       root (188.254.0.172): 60 Time(s)
       root (209.141.35.155): 60 Time(s)
       root (36.22.178.114): 60 Time(s)
       root (188.131.135.227): 59 Time(s)
       root (v133-130-118-86.a049.g.tyo1.static.cnode.io): 59 Time(s)
       root (vps-03cdee8b.vps.ovh.net): 59 Time(s)
       root (216.ip-144-217-243.net): 58 Time(s)
       root (ip91.ip-149-56-80.net): 57 Time(s)
       root (104.248.144.65): 56 Time(s)
       root (139.59.72.206): 56 Time(s)
       root (210-71-232-236.hinet-ip.hinet.net): 56 Time(s)
       root (180.76.161.127): 55 Time(s)
       root (43.128.20.17): 55 Time(s)
       root (223.255.28.203): 54 Time(s)
       root (128.199.129.68): 53 Time(s)
       root (51.39.189.65): 53 Time(s)
       root (221.213.129.46): 52 Time(s)
       root (132.232.89.186): 51 Time(s)
       root (211.252.87.42): 51 Time(s)
       root (node-hwk.pool-182-52.dynamic.totinternet.net): 51 Time(s)
       root (45.59.116.101): 49 Time(s)
       root (106.75.15.152): 48 Time(s)
       root (203.195.141.177): 48 Time(s)
       root (161.35.49.78): 47 Time(s)
       root (104.236.124.45): 46 Time(s)
       root (179.127.167.201): 46 Time(s)
       root (58.19.42.140): 46 Time(s)
       root (103.123.25.80): 45 Time(s)
       root (203.46.223.176): 45 Time(s)
       root (218.30.91.130): 45 Time(s)
       root (c-73-232-46-104.hsd1.tx.comcast.net): 45 Time(s)
       root (119.29.183.138): 44 Time(s)
       root (49.233.16.90): 44 Time(s)
       root (182.254.150.136): 43 Time(s)
       root (157.230.33.158): 42 Time(s)
       root (smtp2.visto-web.com.br): 42 Time(s)
       root (118.89.235.217): 41 Time(s)
       root (119.45.242.37): 41 Time(s)
       root (212.64.3.194): 41 Time(s)
       root (172.81.239.224): 40 Time(s)
       root (191.255.210.82): 40 Time(s)
       root (95.85.28.125): 40 Time(s)
       root (fl1-210-147-152-88.kng.mesh.ad.jp): 40 Time(s)
       root (183.239.21.44): 39 Time(s)
       root (27.128.168.225): 39 Time(s)
       root (64.227.107.151): 39 Time(s)
       root (81.69.25.239): 39 Time(s)
       root (221.0.94.20): 37 Time(s)
       root (106.12.185.16): 36 Time(s)
       root (128.199.116.139): 36 Time(s)
       root (192.241.185.120): 36 Time(s)
       root (207.ip-51-255-203.eu): 36 Time(s)
       root (61.177.172.104): 36 Time(s)
       root (104.131.16.72): 35 Time(s)
       root (159.75.115.172): 35 Time(s)
       root (58.87.78.176): 35 Time(s)
       root (106.12.30.57): 33 Time(s)
       root (134.122.19.213): 33 Time(s)
       root (165.227.163.85): 33 Time(s)
       root (176.109.0.30): 33 Time(s)
       root (129.226.170.65): 32 Time(s)
       root (49.234.9.92): 32 Time(s)
       root (smtp.algonews.space): 32 Time(s)
       root (119.45.222.118): 31 Time(s)
       root (bl21-166-137.dsl.telepac.pt): 31 Time(s)
       root (62.234.114.64): 30 Time(s)
       root (111.230.204.113): 27 Time(s)
       root (221.231.125.146): 26 Time(s)
       root (104.128.92.120.16clouds.com): 25 Time(s)
       root (167.160.188.190): 25 Time(s)
       root (103.152.242.19): 24 Time(s)
       root (129.211.124.204): 22 Time(s)
       root (221.181.185.143): 22 Time(s)
       root (218.92.0.165): 18 Time(s)
       root (218.92.0.171): 18 Time(s)
       root (218.92.0.248): 18 Time(s)
       root (222.187.238.87): 18 Time(s)
       root (165.227.46.89): 16 Time(s)
       root (106.12.107.61): 15 Time(s)
       root (118.125.106.12): 15 Time(s)
       root (192.144.230.43): 13 Time(s)
       unknown (49.205.84.209): 13 Time(s)
       root (123.207.78.83): 10 Time(s)
       root (221.181.185.140): 10 Time(s)
       root (43.226.69.100): 10 Time(s)
       root (85.ip-151-80-146.eu): 10 Time(s)
       root (178.154.228.6): 9 Time(s)
       root (88.ip-144-217-15.net): 9 Time(s)
       root (195.43.3.231): 7 Time(s)
       unknown (221.0.94.20): 7 Time(s)
       root (138.94.192.131): 6 Time(s)
       root (218.92.0.133): 6 Time(s)
       root (218.92.0.138): 6 Time(s)
       root (218.92.0.184): 6 Time(s)
       root (104.131.190.193): 4 Time(s)
       root (159.89.202.95): 4 Time(s)
       unknown (c-73-15-44-227.hsd1.ca.comcast.net): 4 Time(s)
       unknown (206.189.2.121): 3 Time(s)
       root (81.161.63.101): 2 Time(s)
       root (81.161.63.253): 2 Time(s)
       unknown (141.98.80.69): 2 Time(s)
       unknown (141.98.80.71): 2 Time(s)
       unknown (141.98.80.82): 2 Time(s)
       unknown (141.98.80.85): 2 Time(s)
       unknown (195.54.160.250): 2 Time(s)
       unknown (77.69.205.18): 2 Time(s)
       unknown (ns555166.ip-54-39-16.net): 2 Time(s)
       mysql (195.54.160.250): 1 Time(s)
       root (104.248.13.213): 1 Time(s)
       root (106.241.33.158): 1 Time(s)
       root (114.7.124.134): 1 Time(s)
       root (117.50.45.241): 1 Time(s)
       root (124.156.133.54): 1 Time(s)
       root (124.205.84.8): 1 Time(s)
       root (134.209.155.240): 1 Time(s)
       root (138.68.40.92): 1 Time(s)
       root (139.129.108.135): 1 Time(s)
       root (14.143.3.30): 1 Time(s)
       root (141.98.80.70): 1 Time(s)
       root (141.98.80.83): 1 Time(s)
       root (157.230.55.192): 1 Time(s)
       root (181.49.118.185): 1 Time(s)
       root (192.144.254.35): 1 Time(s)
       root (202.61.133.80): 1 Time(s)
       root (218.95.182.38): 1 Time(s)
       root (222.239.124.19): 1 Time(s)
       root (223.113.4.34): 1 Time(s)
       root (41.76.175.131): 1 Time(s)
       root (42.192.75.240): 1 Time(s)
       root (42.194.132.178): 1 Time(s)
       root (46.101.143.148): 1 Time(s)
       root (49.232.193.113): 1 Time(s)
       root (58.59.17.74): 1 Time(s)
       root (60.168.81.236): 1 Time(s)
       root (81.68.171.183): 1 Time(s)
       root (ns319899.ip-91-121-86.eu): 1 Time(s)
       unknown (178.253.237.18): 1 Time(s)
       unknown (200.216.31.20): 1 Time(s)
    Invalid Users:
       Unknown Account: 43 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       15   Miscellaneous warnings  
 
   19.074K  Bytes accepted                              19,532
   19.074K  Bytes sent via SMTP                         19,532
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       71   Connections             
       12   Connections lost (inbound) 
       71   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 19 Time(s)
 
 Failed logins from:
    2.82.166.137 (bl21-166-137.dsl.telepac.pt): 31 times
    14.143.3.30 (14.143.3.30.static-Bangalore.vsnl.net.in): 1 time
    27.128.168.225: 39 times
    36.22.178.114: 60 times
    41.76.175.131: 1 time
    42.192.75.240: 1 time
    42.192.87.213: 61 times
    42.194.132.178: 1 time
    42.248.78.56: 69 times
    43.128.20.17: 55 times
    43.226.69.100: 10 times
    45.59.116.101: 49 times
    46.101.143.148: 1 time
    49.232.193.113: 1 time
    49.233.16.90: 44 times
    49.234.9.92: 32 times
    51.39.189.65: 53 times
    51.83.131.123 (vps-03cdee8b.vps.ovh.net): 59 times
    51.255.203.207 (207.ip-51-255-203.eu): 36 times
    58.19.42.140: 46 times
    58.59.17.74: 1 time
    58.87.78.176: 35 times
    60.168.81.236: 1 time
    61.177.172.104: 36 times
    62.234.114.64: 30 times
    64.227.107.151: 39 times
    73.232.46.104 (c-73-232-46-104.hsd1.tx.comcast.net): 45 times
    81.68.171.183: 1 time
    81.69.25.239: 39 times
    81.161.63.101: 2 times
    81.161.63.253: 2 times
    91.121.86.22 (ns319899.ip-91-121-86.eu): 1 time
    95.85.28.125: 40 times
    103.123.25.80 (host-103-123-25-80.pky.kalteng.go.id): 45 times
    103.152.242.19: 24 times
    104.128.92.120 (104.128.92.120.16clouds.com): 25 times
    104.131.16.72 (advancesettlers.netssl): 35 times
    104.131.190.193 (docman.gozmart.ch-prob): 4 times
    104.236.124.45: 46 times
    104.248.13.213: 1 time
    104.248.144.65: 56 times
    106.12.30.57: 33 times
    106.12.107.61: 15 times
    106.12.185.16: 36 times
    106.13.217.124: 61 times
    106.75.15.152: 48 times
    106.241.33.158: 1 time
    111.230.204.113: 27 times
    114.7.124.134 (114-7-124-134.resources.indosat.com): 1 time
    114.67.95.121: 60 times
    114.67.105.113: 70 times
    117.50.45.241: 1 time
    118.89.235.217: 41 times
    118.125.106.12: 15 times
    119.28.194.66: 63 times
    119.29.183.138: 44 times
    119.45.222.118: 31 times
    119.45.242.37: 41 times
    120.48.31.123: 68 times
    123.207.78.83: 10 times
    124.156.133.54: 1 time
    124.205.84.8: 1 time
    128.199.116.139: 36 times
    128.199.129.68: 53 times
    129.211.124.204: 22 times
    129.226.170.65: 32 times
    132.232.89.186: 51 times
    133.130.118.86 (v133-130-118-86.a049.g.tyo1.static.cnode.io): 59 times
    134.122.19.213 (dev.pana.mirror): 33 times
    134.209.155.240: 1 time
    138.68.40.92: 1 time
    138.94.192.131 (customer-138-94-192-131.agtnet.com.br): 6 times
    139.59.3.114 (dev.mobibooks.in): 62 times
    139.59.72.206: 56 times
    139.129.108.135: 1 time
    139.215.217.181 (181.217.215.139.adsl-pool.jlccptt.net.cn): 65 times
    141.98.80.70: 1 time
    141.98.80.83: 1 time
    144.91.84.171 (vmi501273.contaboserver.net): 228 times
    144.217.15.88 (88.ip-144-217-15.net): 9 times
    144.217.243.216 (216.ip-144-217-243.net): 58 times
    149.56.80.91 (ip91.ip-149-56-80.net): 57 times
    149.56.130.248 (248.ip-149-56-130.net): 83 times
    150.136.21.3: 72 times
    151.80.146.85 (85.ip-151-80-146.eu): 10 times
    157.230.33.158: 42 times
    157.230.55.192: 1 time
    157.230.215.145: 64 times
    159.75.115.172: 35 times
    159.89.202.95: 4 times
    159.203.181.218: 66 times
    161.35.49.78: 47 times
    165.227.46.89: 16 times
    165.227.119.220 (smtp.algonews.space): 32 times
    165.227.163.85: 33 times
    165.227.165.102 (bigarena.net): 92 times
    167.160.188.190 (167.160.188.190.static.quadranet.com): 25 times
    172.81.239.224: 40 times
    176.109.0.30: 33 times
    176.235.221.83: 61 times
    177.69.119.161 (smtp2.visto-web.com.br): 42 times
    178.154.228.6: 9 times
    179.127.167.201: 46 times
    180.76.161.127: 55 times
    181.49.118.185: 1 time
    182.52.90.164 (node-hwk.pool-182-52.dynamic.totinternet.net): 51 times
    182.254.150.136: 43 times
    183.239.21.44: 39 times
    188.131.135.227: 59 times
    188.254.0.172: 60 times
    191.255.210.82 (191-255-210-82.dsl.telesp.net.br): 40 times
    192.144.230.43: 13 times
    192.144.254.35: 1 time
    192.241.185.120: 36 times
    194.152.206.47: 62 times
    195.43.3.231 (msr-pc04.msr.sci.eg): 7 times
    195.54.160.250: 1 time
    202.61.133.80: 1 time
    203.46.223.176: 45 times
    203.195.141.177: 48 times
    206.189.122.104: 65 times
    209.141.35.155 (zeta.serubin.net): 60 times
    210.71.232.236 (210-71-232-236.HINET-IP.hinet.net): 56 times
    210.147.152.88 (FL1-210-147-152-88.kng.mesh.ad.jp): 40 times
    211.252.87.42: 51 times
    212.64.3.194: 41 times
    218.30.91.130: 45 times
    218.92.0.133: 6 times
    218.92.0.138: 6 times
    218.92.0.165: 18 times
    218.92.0.171: 18 times
    218.92.0.184: 6 times
    218.92.0.248: 18 times
    218.95.182.38: 1 time
    221.0.94.20: 37 times
    221.181.185.140: 12 times
    221.181.185.143: 24 times
    221.213.129.46: 52 times
    221.231.125.146: 26 times
    222.187.238.87: 18 times
    222.239.124.19: 1 time
    223.113.4.34: 1 time
    223.255.28.203: 54 times
 
 Illegal users from:
    undef: 21 times
    49.205.84.209 (broadband.actcorp.in): 15 times
    54.39.16.73 (ns555166.ip-54-39-16.net): 2 times
    65.49.20.68 (scan-19.shadowserver.org): 1 time
    73.15.44.227 (c-73-15-44-227.hsd1.ca.comcast.net): 4 times
    77.69.205.18 (dynamic.ip.77.69.205.18.batelco.com.bh): 2 times
    141.98.80.69: 2 times
    141.98.80.70: 1 time
    141.98.80.71: 2 times
    141.98.80.82: 2 times
    141.98.80.83: 1 time
    141.98.80.85: 2 times
    178.253.237.18 (free-237-18.mediaworksit.net): 1 time
    195.54.160.250: 2 times
    200.216.31.20: 1 time
    206.189.2.121: 3 times
    221.0.94.20: 7 times
 
 **Unmatched Entries**
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)