[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Mittwoch, 10 Juli 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Wed Jul 10 04:42:07 2019
        Date Range Processed: yesterday
                              ( 2019-Jul-09 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 73:75 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 3 sites probed the server 
    46.105.101.95
    5.188.210.101
    66.240.236.119
 
 Requests with error response codes
    400 Bad Request
       null: 10 Time(s)
       mstshash=Administr: 3 Time(s)
       http://110.249.212.46/testget?q=23333&port=80: 2 Time(s)
       http://172.247.32.25/ddd.html: 2 Time(s)
       /: 1 Time(s)
       /robots.txt: 1 Time(s)
       /tbl_add.php?action=%22BaseInfo%22&u=%22NT ... NjU1MTQ5NzA=%22: 1 Time(s)
       http://5.188.210.101/echo.php: 1 Time(s)
    404 Not Found
       /robots.txt: 35 Time(s)
       /berlin//apple-touch-icon.png: 1 Time(s)
       /sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s)
       /verein/satzung/%7CSatzung: 1 Time(s)
    500 Internal Server Error
       /: 37 Time(s)
       /robots.txt: 22 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (180.129.90.140): 10 Time(s)
       unknown (180.231.45.132): 10 Time(s)
       unknown (catv-89-133-62-227.catv.broadband.hu): 10 Time(s)
       unknown (62.234.219.27): 9 Time(s)
       unknown (ip100.ip-37-59-158.eu): 8 Time(s)
       unknown (104.168.64.3): 7 Time(s)
       root (117.28.73.197): 6 Time(s)
       root (39.77.189.110): 6 Time(s)
       root (81.25.48.12): 6 Time(s)
       root (fpa4469f55.stmb203.ap.nuro.jp): 6 Time(s)
       unknown (104.248.176.22): 6 Time(s)
       unknown (106.12.28.10): 6 Time(s)
       unknown (111.ip-51-77-140.eu): 6 Time(s)
       unknown (121.126.79.157): 6 Time(s)
       unknown (159.65.153.163): 6 Time(s)
       unknown (165.227.46.221): 6 Time(s)
       unknown (177.124.89.14): 6 Time(s)
       unknown (177.206.87.206.static.gvt.net.br): 6 Time(s)
       unknown (43.242.215.70): 6 Time(s)
       unknown (79.127.55.189): 6 Time(s)
       unknown (94.177.224.127): 6 Time(s)
       root (222.139.201.174): 5 Time(s)
       root (222.141.88.150): 5 Time(s)
       unknown (103.232.120.109): 5 Time(s)
       unknown (105.158.211.33): 5 Time(s)
       unknown (111.230.155.145): 5 Time(s)
       unknown (118.24.83.41): 5 Time(s)
       unknown (121.12.87.83): 5 Time(s)
       unknown (125.22.76.77): 5 Time(s)
       unknown (134.175.28.156): 5 Time(s)
       unknown (139.59.84.55): 5 Time(s)
       unknown (178.128.107.61): 5 Time(s)
       unknown (180.179.227.201): 5 Time(s)
       unknown (45.40.244.197): 5 Time(s)
       unknown (62.234.73.104): 5 Time(s)
       unknown (68.183.113.232): 5 Time(s)
       unknown (104.131.84.59): 4 Time(s)
       unknown (107.174.101.216): 4 Time(s)
       unknown (11.164.197.35.bc.googleusercontent.com): 4 Time(s)
       unknown (115.236.168.35): 4 Time(s)
       unknown (119.29.11.214): 4 Time(s)
       unknown (121.157.229.23): 4 Time(s)
       unknown (167.99.76.71): 4 Time(s)
       unknown (181.49.102.190): 4 Time(s)
       unknown (188.131.163.59): 4 Time(s)
       unknown (197.232.47.210): 4 Time(s)
       unknown (223.214.194.114): 4 Time(s)
       unknown (23-30-117-166-static.hfc.comcastbusiness.net): 4 Time(s)
       unknown (50-248-154-57-static.hfc.comcastbusiness.net): 4 Time(s)
       unknown (91.224.60.75): 4 Time(s)
       unknown (106.12.213.162): 3 Time(s)
       unknown (115.159.216.187): 3 Time(s)
       unknown (116.193.217.138): 3 Time(s)
       unknown (120.ip-51-38-190.eu): 3 Time(s)
       unknown (128-76-133-62-static.dk.customer.tdc.net): 3 Time(s)
       unknown (132.232.90.20): 3 Time(s)
       unknown (154.ip-54-37-204.eu): 3 Time(s)
       unknown (178.128.156.144): 3 Time(s)
       unknown (254.ip-54-37-154.eu): 3 Time(s)
       unknown (34.ip-92-222-84.eu): 3 Time(s)
       unknown (67.ip-137-74-175.eu): 3 Time(s)
       unknown (68.183.122.94): 3 Time(s)
       unknown (78.152.116.182): 3 Time(s)
       unknown (93.152.159.11): 3 Time(s)
       unknown (ip242.ip-164-132-209.eu): 3 Time(s)
       root (104.168.64.3): 2 Time(s)
       root (2e6b6666.dsl.pool.telekom.hu): 2 Time(s)
       root (46.101.26.63): 2 Time(s)
       root (62.234.219.27): 2 Time(s)
       root (62.234.8.41): 2 Time(s)
       unknown (157.230.237.76): 2 Time(s)
       unknown (193.32.163.182): 2 Time(s)
       unknown (196.1.99.12): 2 Time(s)
       unknown (206.189.197.48): 2 Time(s)
       unknown (2e6b6666.dsl.pool.telekom.hu): 2 Time(s)
       unknown (46.101.26.63): 2 Time(s)
       unknown (46.101.27.6): 2 Time(s)
       unknown (62.234.8.41): 2 Time(s)
       daemon (139.59.17.173): 1 Time(s)
       openproject (178.128.107.61): 1 Time(s)
       postgres (105.158.211.33): 1 Time(s)
       postgres (116.193.217.138): 1 Time(s)
       postgres (223.171.42.175): 1 Time(s)
       postgres (254.ip-54-37-154.eu): 1 Time(s)
       root (104.236.81.204): 1 Time(s)
       root (11.164.197.35.bc.googleusercontent.com): 1 Time(s)
       root (115.236.168.35): 1 Time(s)
       root (116.193.217.138): 1 Time(s)
       root (119.29.11.214): 1 Time(s)
       root (120.ip-51-38-190.eu): 1 Time(s)
       root (121.157.229.23): 1 Time(s)
       root (121.190.197.205): 1 Time(s)
       root (124.243.198.187): 1 Time(s)
       root (128-76-133-62-static.dk.customer.tdc.net): 1 Time(s)
       root (128.199.182.235): 1 Time(s)
       root (132.232.90.20): 1 Time(s)
       root (134.175.42.162): 1 Time(s)
       root (154.ip-54-37-204.eu): 1 Time(s)
       root (159.65.153.163): 1 Time(s)
       root (165.227.97.108): 1 Time(s)
       root (167.99.76.71): 1 Time(s)
       root (178.128.107.61): 1 Time(s)
       root (178.128.79.169): 1 Time(s)
       root (181.49.102.190): 1 Time(s)
       root (188.131.163.59): 1 Time(s)
       root (197.232.47.210): 1 Time(s)
       root (218.92.0.143): 1 Time(s)
       root (218.92.0.188): 1 Time(s)
       root (223.214.194.114): 1 Time(s)
       root (34.ip-92-222-84.eu): 1 Time(s)
       root (36.89.209.22): 1 Time(s)
       root (41.249.153.249): 1 Time(s)
       root (46.101.127.49): 1 Time(s)
       root (62.234.73.104): 1 Time(s)
       root (67.ip-137-74-175.eu): 1 Time(s)
       root (89.38.145.31): 1 Time(s)
       root (93.152.159.11): 1 Time(s)
       root (ip242.ip-164-132-209.eu): 1 Time(s)
       unknown (098-127-130-049.biz.spectrum.com): 1 Time(s)
       unknown (104.236.102.16): 1 Time(s)
       unknown (106.12.100.119): 1 Time(s)
       unknown (112.16.196.104.bc.googleusercontent.com): 1 Time(s)
       unknown (114.215.175.1): 1 Time(s)
       unknown (119.201.214.130): 1 Time(s)
       unknown (122.154.134.38): 1 Time(s)
       unknown (124.205.9.241): 1 Time(s)
       unknown (128.199.133.249): 1 Time(s)
       unknown (128.199.182.235): 1 Time(s)
       unknown (132.255.29.228): 1 Time(s)
       unknown (138.68.146.186): 1 Time(s)
       unknown (139.59.79.56): 1 Time(s)
       unknown (142.93.39.29): 1 Time(s)
       unknown (159.65.175.37): 1 Time(s)
       unknown (159.65.236.58): 1 Time(s)
       unknown (159.65.245.203): 1 Time(s)
       unknown (167.99.66.166): 1 Time(s)
       unknown (167.99.75.174): 1 Time(s)
       unknown (178.128.124.83): 1 Time(s)
       unknown (178.184.73.19): 1 Time(s)
       unknown (188.166.216.84): 1 Time(s)
       unknown (190.119.190.122): 1 Time(s)
       unknown (220.247.175.58): 1 Time(s)
       unknown (223.197.216.112): 1 Time(s)
       unknown (223.94.95.221): 1 Time(s)
       unknown (244.ip-164-132-230.eu): 1 Time(s)
       unknown (27.50.24.83): 1 Time(s)
       unknown (36.66.149.211): 1 Time(s)
       unknown (41.249.153.249): 1 Time(s)
       unknown (45.248.133.36): 1 Time(s)
       unknown (45.55.12.248): 1 Time(s)
       unknown (60-251-202-133.hinet-ip.hinet.net): 1 Time(s)
       unknown (76.ip-37-59-104.eu): 1 Time(s)
       unknown (85.37.38.195): 1 Time(s)
       unknown (crushdigital.co.uk): 1 Time(s)
       unknown (ip-104-238-116-94.ip.secureserver.net): 1 Time(s)
       unknown (ll81-2-74-10-192-81.ll81-2.iam.net.ma): 1 Time(s)
       unknown (mail.matrixtelecoms.com): 1 Time(s)
       unknown (mail.taccm.com): 1 Time(s)
       unknown (mm-237-207-122-178.mgts.dynamic.pppoe.byfly.by): 1 Time(s)
       unknown (oc-129-150-112-159.compute.oraclecloud.com): 1 Time(s)
       unknown (pd9eea671.dip0.t-ipconnect.de): 1 Time(s)
       www-data (104.168.64.3): 1 Time(s)
       www-data (132.232.90.20): 1 Time(s)
    Invalid Users:
       Unknown Account: 349 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       10   Miscellaneous warnings  
 
   19.060K  Bytes accepted                              19,517
   19.060K  Bytes sent via SMTP                         19,517
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        4   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        4   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       20   Connections             
       11   Connections lost (inbound) 
       20   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 4 Time(s)
 
 Failed logins from:
    35.197.164.11 (11.164.197.35.bc.googleusercontent.com): 1 time
    36.89.209.22: 1 time
    39.77.189.110: 6 times
    41.249.153.249: 1 time
    46.101.26.63 (107537-81967.cloudwaysapps.com): 2 times
    46.101.127.49: 1 time
    46.107.102.102 (2E6B6666.dsl.pool.telekom.hu): 2 times
    51.38.190.120 (120.ip-51-38-190.eu): 1 time
    54.37.154.254 (254.ip-54-37-154.eu): 1 time
    54.37.204.154 (154.ip-54-37-204.eu): 1 time
    62.234.8.41: 2 times
    62.234.73.104: 1 time
    62.234.219.27: 2 times
    81.25.48.12 (ppp-81-25-48-12.ultranet.ru): 6 times
    89.38.145.31 (host31-145-38-89.static.arubacloud.com): 1 time
    92.222.84.34 (34.ip-92-222-84.eu): 1 time
    93.152.159.11: 1 time
    104.168.64.3 (104-168-64-3-host.colocrossing.com): 3 times
    104.236.81.204: 1 time
    105.158.211.33: 1 time
    115.236.168.35: 1 time
    116.193.217.138: 2 times
    117.28.73.197 (197.73.28.117.broad.np.fj.dynamic.163data.com.cn): 6 times
    119.29.11.214: 1 time
    121.157.229.23: 1 time
    121.190.197.205: 1 time
    124.243.198.187: 1 time
    128.76.133.62 (128-76-133-62-static.dk.customer.tdc.net): 1 time
    128.199.182.235: 1 time
    132.232.90.20: 2 times
    134.175.42.162: 1 time
    137.74.175.67 (67.ip-137-74-175.eu): 1 time
    139.59.17.173: 1 time
    159.65.153.163: 1 time
    164.70.159.85 (fpa4469f55.stmb203.ap.nuro.jp): 6 times
    164.132.209.242 (ip242.ip-164-132-209.eu): 1 time
    165.227.97.108: 1 time
    167.99.76.71: 1 time
    178.128.79.169: 1 time
    178.128.107.61: 2 times
    181.49.102.190: 1 time
    188.131.163.59: 1 time
    197.232.47.210: 1 time
    218.92.0.143: 5 times
    218.92.0.188: 2 times
    222.139.201.174 (hn.kd.ny.adsl): 5 times
    222.141.88.150 (hn.kd.ny.adsl): 5 times
    223.171.42.175: 1 time
    223.214.194.114: 1 time
 
 Illegal users from:
    undef: 288 times
    23.30.117.166 (23-30-117-166-static.hfc.comcastbusiness.net): 4 times
    27.50.24.83 (ip-27-50-24-83.cepat.net.id): 1 time
    35.197.164.11 (11.164.197.35.bc.googleusercontent.com): 4 times
    36.66.149.211: 1 time
    37.59.104.76 (76.ip-37-59-104.eu): 1 time
    37.59.158.100 (ip100.ip-37-59-158.eu): 8 times
    41.211.116.32 (mail.matrixtelecoms.com): 2 times
    41.249.153.249: 1 time
    43.242.215.70 (static-43-242-215-70.ctrls.in): 6 times
    45.40.244.197: 5 times
    45.55.12.248 (hostmaster.vitalconnectionuniversity.com): 1 time
    45.248.133.36: 1 time
    46.101.26.63 (107537-81967.cloudwaysapps.com): 2 times
    46.101.27.6: 2 times
    46.101.88.10 (crushdigital.co.uk): 1 time
    46.107.102.102 (2E6B6666.dsl.pool.telekom.hu): 2 times
    50.248.154.57 (50-248-154-57-static.hfc.comcastbusiness.net): 4 times
    51.38.190.120 (120.ip-51-38-190.eu): 3 times
    51.77.140.111 (111.ip-51-77-140.eu): 6 times
    54.37.154.254 (254.ip-54-37-154.eu): 3 times
    54.37.204.154 (154.ip-54-37-204.eu): 3 times
    60.251.202.133 (60-251-202-133.HINET-IP.hinet.net): 1 time
    62.234.8.41: 2 times
    62.234.73.104: 5 times
    62.234.219.27: 9 times
    68.183.113.232: 5 times
    68.183.122.94: 3 times
    78.152.116.182 (78-152-116-182.ip.welcomeitalia.it): 3 times
    79.127.55.189: 6 times
    81.192.10.74 (ll81-2-74-10-192-81.ll81-2.iam.net.ma): 1 time
    85.37.38.195: 1 time
    89.133.62.227 (catv-89-133-62-227.catv.broadband.hu): 10 times
    91.224.60.75: 4 times
    92.222.84.34 (34.ip-92-222-84.eu): 3 times
    93.152.159.11: 3 times
    94.177.224.127 (host127-224-177-94.static.arubacloud.de): 6 times
    98.127.130.49 (098-127-130-049.biz.spectrum.com): 5 times
    103.232.120.109: 5 times
    104.131.84.59: 4 times
    104.168.64.3 (104-168-64-3-host.colocrossing.com): 7 times
    104.196.16.112 (112.16.196.104.bc.googleusercontent.com): 1 time
    104.236.102.16: 1 time
    104.238.116.94 (ip-104-238-116-94.ip.secureserver.net): 1 time
    104.248.176.22: 6 times
    105.158.211.33: 5 times
    106.12.28.10: 6 times
    106.12.100.119: 1 time
    106.12.213.162: 3 times
    107.174.101.216 (107-174-101-216-host.colocrossing.com): 4 times
    111.230.155.145: 5 times
    114.215.175.1: 1 time
    115.159.216.187: 3 times
    115.236.168.35: 4 times
    116.193.217.138: 3 times
    118.24.83.41: 5 times
    119.29.11.214: 4 times
    119.201.214.130: 1 time
    121.12.87.83: 5 times
    121.126.79.157: 6 times
    121.157.229.23: 4 times
    122.154.134.38: 1 time
    124.205.9.241: 1 time
    125.22.76.77 (aes-static-077.76.22.125.airtel.in): 5 times
    128.76.133.62 (128-76-133-62-static.dk.customer.tdc.net): 3 times
    128.199.133.249 (152717.cloudwaysapps.com): 1 time
    128.199.182.235: 1 time
    129.150.112.159 (oc-129-150-112-159.compute.oraclecloud.com): 1 time
    132.232.90.20: 3 times
    132.255.29.228 (132-255-29-228.informac.com.br): 1 time
    134.175.28.156: 5 times
    137.74.175.67 (67.ip-137-74-175.eu): 3 times
    138.68.146.186 (server.fsxapp.xyz): 1 time
    139.59.79.56: 1 time
    139.59.84.55: 5 times
    142.93.39.29: 1 time
    157.230.237.76: 2 times
    159.65.153.163: 6 times
    159.65.175.37: 1 time
    159.65.236.58: 1 time
    159.65.245.203: 1 time
    164.132.209.242 (ip242.ip-164-132-209.eu): 3 times
    164.132.230.244 (244.ip-164-132-230.eu): 1 time
    165.227.46.221: 6 times
    167.99.66.166: 1 time
    167.99.75.174: 1 time
    167.99.76.71: 4 times
    177.124.89.14 (static-89-14.skorpionet.com.br): 6 times
    177.206.87.206 (177.206.87.206.static.gvt.net.br): 6 times
    178.122.207.237 (mm-237-207-122-178.mgts.dynamic.pppoe.byfly.by): 1 time
    178.128.107.61: 5 times
    178.128.124.83 (ehalal.io): 1 time
    178.128.156.144: 3 times
    178.184.73.19 (19-73-184-178.pppoe.irtel.ru): 1 time
    180.129.90.140 (140.90.129.180.unknown.m1.com.sg): 10 times
    180.179.227.201: 5 times
    180.231.45.132: 10 times
    181.49.102.190: 4 times
    188.131.163.59: 4 times
    188.166.216.84: 1 time
    190.119.190.122: 1 time
    193.32.163.182 (hosting-by.cloud-home.me): 2 times
    196.1.99.12: 2 times
    197.232.47.210: 4 times
    206.189.197.48: 2 times
    217.238.166.113 (pD9EEA671.dip0.t-ipconnect.de): 1 time
    220.247.175.58 (bandungkab.iconpln.net.id): 1 time
    223.94.95.221: 1 time
    223.197.216.112 (223-197-216-112.static.imsbiz.com): 1 time
    223.214.194.114: 4 times
 
 **Unmatched Entries**
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  242G  159G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)