[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Montag, 25 Oktober 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Mon Oct 25 04:42:05 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-24 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 62:63 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    150.255.33.7 -> zapf.wiki:443: 1 Time(s)
    222.186.19.235 -> zapf.wiki:443: 2 Time(s)
 
 A total of 11 sites probed the server 
    107.189.13.26
    195.78.54.101
    205.185.113.41
    209.141.51.171
    222.186.19.235
    3.144.226.242
    34.223.67.65
    45.6.96.41
    45.61.184.37
    5.8.10.202
    66.240.236.119
 
 Requests with error response codes
    400 Bad Request
       null: 22 Time(s)
       /config/getuser?index=0: 5 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s)
       zapf.wiki:443: 3 Time(s)
       /: 2 Time(s)
       /socket.io/?noteId=mxT_vXWdTNumQk1m4bnVrg& ... amNxrFaM7kCAACH: 2 Time(s)
       /bag2: 1 Time(s)
       /manager/text/list: 1 Time(s)
       /socket.io/?noteId=mxT_vXWdTNumQk1m4bnVrg& ... Ei2jsWz27IWAACJ: 1 Time(s)
       /socket.io/?noteId=mxT_vXWdTNumQk1m4bnVrg& ... dofVZgUOMuJAACI: 1 Time(s)
       /socket.io/?noteId=w1op49QpSGyk43xo0up_Aw& ... 8yIevYP0LIyAACM: 1 Time(s)
       /socket.io/?noteId=w1op49QpSGyk43xo0up_Aw& ... WtPM6ZScvOdAACN: 1 Time(s)
       /socket.io/?noteId=w1op49QpSGyk43xo0up_Aw& ... wy17_tBVyMyAACL: 1 Time(s)
       52\x91\x22B\xD2\xA8\x07\xE4D$D\xA0F\xFAL\x ... C0$\xC0\x14\xC0: 1 Time(s)
       \x01\xDE\xBB\x88\x07\xAFO\x08\xBBU\xCF|,\x ... x09\xC0\x14\xC0: 1 Time(s)
       \x04\x18c\xFF\x0C\x99\x86: 1 Time(s)
       mn\xF7\xEF\xD5]\xEC\x00\x01<\xCC\x14\xCC\x ... C0$\xC0\x14\xC0: 1 Time(s)
    499 (undefined)
       /socket.io/?noteId=mxT_vXWdTNumQk1m4bnVrg& ... Ei2jsWz27IWAACJ: 1 Time(s)
       /socket.io/?noteId=mxT_vXWdTNumQk1m4bnVrg& ... Ha63zcaJVIpAACK: 1 Time(s)
       /socket.io/?noteId=mxT_vXWdTNumQk1m4bnVrg& ... amNxrFaM7kCAACH: 1 Time(s)
       /socket.io/?noteId=mxT_vXWdTNumQk1m4bnVrg& ... dofVZgUOMuJAACI: 1 Time(s)
       /socket.io/?noteId=w1op49QpSGyk43xo0up_Aw& ... 584BAwB2DerAACO: 1 Time(s)
       /socket.io/?noteId=w1op49QpSGyk43xo0up_Aw& ... 8yIevYP0LIyAACM: 1 Time(s)
       /socket.io/?noteId=w1op49QpSGyk43xo0up_Aw& ... WtPM6ZScvOdAACN: 1 Time(s)
       /socket.io/?noteId=w1op49QpSGyk43xo0up_Aw& ... wy17_tBVyMyAACL: 1 Time(s)
    500 Internal Server Error
       /.env: 51 Time(s)
       /: 20 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 2 Time(s)
       /Autodiscover/Autodiscover.xml: 2 Time(s)
       /_ignition/execute-solution: 2 Time(s)
       /api/jsonws/invoke: 2 Time(s)
       /console/: 2 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s)
       /mifs/.;/services/LogService: 2 Time(s)
       /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 2 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /actuator/health: 1 Time(s)
       /admin: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /owa/: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /robots.txt: 1 Time(s)
       /sitemap.xml: 1 Time(s)
       /solr/: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (81.68.215.204): 43 Time(s)
       root (13.82.0.138): 39 Time(s)
       root (103.200.21.229): 38 Time(s)
       root (109.206.245.90): 38 Time(s)
       root (159.75.2.58): 36 Time(s)
       root (42.192.183.38): 36 Time(s)
       root (ip-193-216.sn1.clouditalia.com): 35 Time(s)
       root (101.34.3.70): 32 Time(s)
       root (104.131.1.89): 32 Time(s)
       root (212.64.66.208): 32 Time(s)
       root (124.205.119.183): 29 Time(s)
       root (182.72.235.174): 29 Time(s)
       root (106.52.54.192): 27 Time(s)
       root (1.116.158.251): 26 Time(s)
       root (111.93.88.38): 23 Time(s)
       root (fixed-187-189-52-132.totalplay.net): 22 Time(s)
       unknown (118.195.183.50): 22 Time(s)
       root (186.210.30.160): 21 Time(s)
       root (161.35.12.46): 20 Time(s)
       unknown (106.52.54.192): 20 Time(s)
       unknown (124.205.119.183): 20 Time(s)
       root (106.13.212.203): 18 Time(s)
       root (121.4.12.40): 17 Time(s)
       unknown (104.131.1.89): 17 Time(s)
       unknown (179.124.36.196): 17 Time(s)
       unknown (212.64.66.208): 17 Time(s)
       root (118.195.183.50): 16 Time(s)
       root (66.96.237.170): 16 Time(s)
       unknown (101.34.3.70): 16 Time(s)
       root (134.17.94.181): 15 Time(s)
       unknown (186.210.30.160): 15 Time(s)
       unknown (ip-193-216.sn1.clouditalia.com): 15 Time(s)
       root (106.12.219.184): 14 Time(s)
       root (27.115.50.114): 14 Time(s)
       root (maaketing.nl): 14 Time(s)
       unknown (159.75.2.58): 14 Time(s)
       unknown (182.72.235.174): 13 Time(s)
       unknown (42.192.183.38): 13 Time(s)
       unknown (fixed-187-189-52-132.totalplay.net): 13 Time(s)
       unknown (109.206.245.90): 12 Time(s)
       root (174.138.24.157): 11 Time(s)
       root (v-182-163-90-49.ub-freebit.net): 11 Time(s)
       unknown (1.116.158.251): 11 Time(s)
       unknown (103.200.21.229): 11 Time(s)
       unknown (13.82.0.138): 11 Time(s)
       root (179.124.36.196): 10 Time(s)
       root (204.48.20.154): 10 Time(s)
       unknown (134.17.94.181): 10 Time(s)
       unknown (174.138.24.157): 10 Time(s)
       root (159.223.18.151): 9 Time(s)
       root (82.156.229.10): 9 Time(s)
       unknown (121.4.12.40): 9 Time(s)
       root (61-218-40-145.hinet-ip.hinet.net): 8 Time(s)
       unknown (199.195.251.49): 8 Time(s)
       unknown (61-218-40-145.hinet-ip.hinet.net): 8 Time(s)
       unknown (82.156.229.10): 8 Time(s)
       root (121.28.182.26): 7 Time(s)
       root (81.68.215.204): 7 Time(s)
       unknown (111.93.88.38): 7 Time(s)
       unknown (66.96.237.170): 7 Time(s)
       root (128.187.26.211.sta.commander.net.au): 6 Time(s)
       root (176.99.194.106): 6 Time(s)
       root (188.166.16.107): 6 Time(s)
       root (199.195.248.175): 6 Time(s)
       unknown (106.12.219.184): 6 Time(s)
       unknown (106.13.212.203): 6 Time(s)
       unknown (141.98.10.60): 6 Time(s)
       unknown (167.88.161.219): 6 Time(s)
       unknown (27.115.50.114): 6 Time(s)
       unknown (128.187.26.211.sta.commander.net.au): 5 Time(s)
       unknown (161.35.12.46): 5 Time(s)
       root (134.236.247.145): 4 Time(s)
       unknown (121.28.182.26): 4 Time(s)
       unknown (204.48.20.154): 4 Time(s)
       unknown (51.15.197.4): 4 Time(s)
       root (61-91-5-144.static.asianet.co.th): 3 Time(s)
       unknown (116.105.30.143): 3 Time(s)
       unknown (188.166.16.107): 3 Time(s)
       root (os3-384-25136.vs.sakura.ne.jp): 2 Time(s)
       unknown (116.110.90.138): 2 Time(s)
       unknown (134.236.247.145): 2 Time(s)
       unknown (141.98.10.121): 2 Time(s)
       unknown (141.98.10.81): 2 Time(s)
       unknown (159.223.18.151): 2 Time(s)
       unknown (209.141.53.99): 2 Time(s)
       unknown (45.135.232.159): 2 Time(s)
       unknown (62.175.19.95.dynamic.jazztel.es): 2 Time(s)
       unknown (82-65-190-68.subs.proxad.net): 2 Time(s)
       unknown (82.66.59.170): 2 Time(s)
       unknown (v-182-163-90-49.ub-freebit.net): 2 Time(s)
       bin (45.135.232.159): 1 Time(s)
       bin (61-91-5-144.static.asianet.co.th): 1 Time(s)
       mail (51.15.197.4): 1 Time(s)
       mysql (104.131.1.89): 1 Time(s)
       root (1.116.69.189): 1 Time(s)
       root (116.105.77.117): 1 Time(s)
       root (176.111.173.237): 1 Time(s)
       root (176.111.173.238): 1 Time(s)
       root (222.134.143.4): 1 Time(s)
       root (81.71.83.240): 1 Time(s)
       root (oc-129-150-65-77.compute.oraclecloud.com): 1 Time(s)
       unknown (109.86.216.240): 1 Time(s)
       unknown (116.105.77.117): 1 Time(s)
       unknown (116.110.124.53): 1 Time(s)
       unknown (123-205-169-138.adsl.dynamic.seed.net.tw): 1 Time(s)
       unknown (185.220.102.245): 1 Time(s)
       unknown (188.126.89.154): 1 Time(s)
       unknown (36.80.48.9): 1 Time(s)
       unknown (5.183.209.217): 1 Time(s)
       unknown (61-91-5-144.static.asianet.co.th): 1 Time(s)
       unknown (ns4.jth.net): 1 Time(s)
       unknown (tor-exit-relay-7.anonymizing-proxy.digitalcourage.de): 1 Time(s)
       www-data (106.52.54.192): 1 Time(s)
       www-data (66.96.237.170): 1 Time(s)
    Invalid Users:
       Unknown Account: 458 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

   19.351K  Bytes accepted                              19,815
   19.351K  Bytes sent via SMTP                         19,815
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        3   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        3   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       85   Connections             
       49   Connections lost (inbound) 
       85   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   SMTP dialog errors      
        1   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 1 Time(s)
 
 Failed logins from:
    1.116.69.189: 1 time
    1.116.158.251: 26 times
    13.82.0.138: 39 times
    27.115.50.114: 14 times
    42.192.183.38: 36 times
    45.135.232.159: 1 time
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 1 time
    61.91.5.144 (61-91-5-144.static.asianet.co.th): 4 times
    61.218.40.145 (61-218-40-145.hinet-ip.hinet.net): 8 times
    62.94.193.216 (ip-193-216.sn1.clouditalia.com): 35 times
    66.96.237.170 (host-66-96-237-170.myrepublic.co.id): 17 times
    81.68.215.204: 7 times
    81.71.83.240: 1 time
    82.156.229.10: 9 times
    101.34.3.70: 32 times
    103.200.21.229: 38 times
    104.131.1.89: 33 times
    106.12.219.184: 14 times
    106.13.212.203: 18 times
    106.52.54.192: 28 times
    109.206.245.90: 38 times
    111.93.88.38 (static-38.88.93.111-tataidc.co.in): 23 times
    116.105.77.117: 1 time
    118.195.183.50: 16 times
    121.4.12.40: 17 times
    121.28.182.26: 7 times
    124.205.119.183: 29 times
    129.150.65.77 (oc-129-150-65-77.compute.oraclecloud.com): 1 time
    133.167.108.140 (os3-384-25136.vs.sakura.ne.jp): 2 times
    134.17.94.181 (181-94-17-134-cloud.mts.by): 15 times
    134.209.94.207 (maaketing.nl): 14 times
    134.236.247.145: 4 times
    159.75.2.58: 36 times
    159.223.18.151: 9 times
    161.35.12.46: 20 times
    174.138.24.157: 11 times
    176.99.194.106 (176.99.194.106.inetcom.ru): 6 times
    176.111.173.237: 1 time
    176.111.173.238: 1 time
    179.124.36.196 (196.36.124.179.static.sp2.alog.com.br): 10 times
    182.72.235.174 (nsg-static-174.235.72.182.airtel.in): 29 times
    182.163.90.49 (v-182-163-90-49.ub-freebit.net): 11 times
    186.210.30.160 (186-210-030-160.xd-dynamic.algarnetsuper.com.br): 21 times
    187.189.52.132 (fixed-187-189-52-132.totalplay.net): 22 times
    188.166.16.107: 6 times
    199.195.248.175: 6 times
    204.48.20.154: 10 times
    211.26.187.128 (128.187.26.211.sta.commander.net.au): 6 times
    212.64.66.208: 32 times
    222.134.143.4: 1 time
 
 Illegal users from:
    undef: 325 times
    1.116.158.251: 11 times
    5.183.209.217: 1 time
    13.82.0.138: 11 times
    27.115.50.114: 6 times
    36.80.48.9: 1 time
    42.192.183.38: 13 times
    45.135.232.159: 2 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 4 times
    61.91.5.144 (61-91-5-144.static.asianet.co.th): 1 time
    61.218.40.145 (61-218-40-145.hinet-ip.hinet.net): 8 times
    62.94.193.216 (ip-193-216.sn1.clouditalia.com): 15 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    66.96.237.170 (host-66-96-237-170.myrepublic.co.id): 7 times
    81.68.215.204: 43 times
    82.65.190.68 (82-65-190-68.subs.proxad.net): 2 times
    82.66.59.170 (mar92-2_migr-82-66-59-170.fbx.proxad.net): 2 times
    82.156.229.10: 8 times
    95.19.175.62 (62.175.19.95.dynamic.jazztel.es): 2 times
    95.154.24.73 (ns4.jth.net): 1 time
    101.34.3.70: 16 times
    103.200.21.229: 11 times
    104.131.1.89: 17 times
    106.12.219.184: 6 times
    106.13.212.203: 6 times
    106.52.54.192: 20 times
    109.86.216.240 (240.216.86.109.triolan.net): 1 time
    109.206.245.90: 12 times
    111.93.88.38 (static-38.88.93.111-tataidc.co.in): 7 times
    116.105.30.143: 3 times
    116.105.77.117: 1 time
    116.110.90.138: 2 times
    116.110.124.53: 1 time
    118.195.183.50: 22 times
    121.4.12.40: 9 times
    121.28.182.26: 4 times
    123.205.169.138 (123-205-169-138.adsl.dynamic.seed.net.tw): 1 time
    124.205.119.183: 20 times
    134.17.94.181 (181-94-17-134-cloud.mts.by): 10 times
    134.236.247.145: 2 times
    141.98.10.60: 6 times
    141.98.10.81: 2 times
    141.98.10.121: 2 times
    159.75.2.58: 14 times
    159.223.18.151: 2 times
    161.35.12.46: 5 times
    167.88.161.219 (smtp21.gftvrsr.xyz): 6 times
    174.138.24.157: 10 times
    179.124.36.196 (196.36.124.179.static.sp2.alog.com.br): 17 times
    182.72.235.174 (nsg-static-174.235.72.182.airtel.in): 13 times
    182.163.90.49 (v-182-163-90-49.ub-freebit.net): 2 times
    185.220.102.245 (185-220-102-245.torservers.net): 1 time
    185.220.102.253 (tor-exit-relay-7.anonymizing-proxy.digitalcourage.de): 1 time
    186.210.30.160 (186-210-030-160.xd-dynamic.algarnetsuper.com.br): 15 times
    187.189.52.132 (fixed-187-189-52-132.totalplay.net): 13 times
    188.126.89.154: 1 time
    188.166.16.107: 3 times
    199.195.251.49: 8 times
    204.48.20.154: 4 times
    209.141.53.99 (abbrinym.com): 2 times
    211.26.187.128 (128.187.26.211.sta.commander.net.au): 5 times
    212.64.66.208: 17 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)