[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 29 Oktober 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Oct 29 04:42:05 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-28 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 38:36 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    134.122.112.12 -> leakix.net:443: 1 Time(s)
    91.239.130.31 -> cdn.jsdelivr.net:443: 3 Time(s)
 
 A total of 6 sites probed the server 
    193.142.146.242
    195.216.219.74
    209.141.51.171
    52.53.190.102
    64.227.99.233
    89.248.165.210
 
 Requests with error response codes
    400 Bad Request
       null: 10 Time(s)
       /ab2g: 4 Time(s)
       /ab2h: 4 Time(s)
       /: 3 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s)
       /config/getuser?index=0: 3 Time(s)
       cdn.jsdelivr.net:443: 3 Time(s)
       mstshash=Administr: 2 Time(s)
       ../../proc/: 1 Time(s)
       /.env: 1 Time(s)
       /1xpC: 1 Time(s)
       /bag2: 1 Time(s)
       /c/version.js: 1 Time(s)
       /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s)
       /flu/403.html: 1 Time(s)
       /stalker_portal/c/version.js: 1 Time(s)
       /stream/live.php: 1 Time(s)
       /streaming/clients_live.php: 1 Time(s)
       /system_api.php: 1 Time(s)
       \x8C\x7F\xE3=\x88%: 1 Time(s)
       \xBD\x9D\xA1\x0F\x04tF\xAC\x8FF\x85>U\xAC\ ... \xE4Q'\xBD\x08Y: 1 Time(s)
       \xE3\xDC\xF9XN\xEF\x8BJ`\xA9\x9D\xFE\xC5\x ... AD3\xD8\xAA\xF1: 1 Time(s)
       leakix.net:443: 1 Time(s)
    500 Internal Server Error
       /: 20 Time(s)
       /.env: 3 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /GponForm/diag_Form?style/: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /c/version.js: 1 Time(s)
       /console/: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /flu/403.html: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /robots.txt: 1 Time(s)
       /stalker_portal/c/version.js: 1 Time(s)
       /stream/live.php: 1 Time(s)
       /streaming/clients_live.php: 1 Time(s)
       /system_api.php: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (170.106.115.41): 150 Time(s)
       root (138.68.172.66): 41 Time(s)
       root (118.89.153.32): 34 Time(s)
       root (164.90.155.117): 30 Time(s)
       root (180.100.243.210): 14 Time(s)
       unknown (118.89.153.32): 14 Time(s)
       root (217.117.14.248): 13 Time(s)
       unknown (180.184.64.56): 13 Time(s)
       root (199.195.248.175): 12 Time(s)
       unknown (209.141.33.121): 12 Time(s)
       root (180.184.64.56): 10 Time(s)
       unknown (180.100.243.210): 10 Time(s)
       unknown (164.90.155.117): 9 Time(s)
       root (183.62.15.118): 8 Time(s)
       root (205.185.126.71): 7 Time(s)
       root (113.31.162.175): 6 Time(s)
       root (95.172.47.98): 6 Time(s)
       unknown (167.88.161.219): 6 Time(s)
       unknown (183.62.15.118): 6 Time(s)
       unknown (205.185.126.71): 6 Time(s)
       unknown (209.141.55.232): 6 Time(s)
       root (60.205.114.50): 5 Time(s)
       root (162.191.188.65): 4 Time(s)
       root (209.141.33.121): 4 Time(s)
       root (49.233.181.31): 4 Time(s)
       root (68.183.180.46): 4 Time(s)
       unknown (141.98.10.63): 4 Time(s)
       unknown (217.117.14.248): 4 Time(s)
       unknown (94.232.46.202): 4 Time(s)
       root (45.135.232.159): 3 Time(s)
       unknown (113.31.162.175): 3 Time(s)
       unknown (45.155.204.39): 3 Time(s)
       unknown (61-91-5-144.static.asianet.co.th): 3 Time(s)
       unknown (91.241.19.42): 3 Time(s)
       unknown (210.111.220.86): 2 Time(s)
       unknown (62-46-81-112.adsl.highway.telekom.at): 2 Time(s)
       unknown (cpc99416-lich13-2-0-cust56.3-2.cable.virginm.net): 2 Time(s)
       unknown (host-109-88-29-235.dynamic.voo.be): 2 Time(s)
       unknown (p54819ded.dip0.t-ipconnect.de): 2 Time(s)
       bin (180.184.64.56): 1 Time(s)
       daemon (180.184.64.56): 1 Time(s)
       postgres (61-91-5-144.static.asianet.co.th): 1 Time(s)
       root (198.98.51.254): 1 Time(s)
       root (64.227.21.69): 1 Time(s)
       root (91.241.19.42): 1 Time(s)
       unknown (162.191.188.65): 1 Time(s)
       unknown (177.53.68.193): 1 Time(s)
       unknown (188.126.89.44): 1 Time(s)
       unknown (188.126.89.79): 1 Time(s)
       unknown (198.98.51.254): 1 Time(s)
       unknown (49.233.181.31): 1 Time(s)
       unknown (58.56.177.202): 1 Time(s)
       unknown (60.205.114.50): 1 Time(s)
       unknown (64.227.21.69): 1 Time(s)
       unknown (68.183.180.46): 1 Time(s)
       unknown (chelseamanning.tor-exit.calyxinstitute.org): 1 Time(s)
    Invalid Users:
       Unknown Account: 127 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

   11.537K  Bytes accepted                              11,814
   11.537K  Bytes sent via SMTP                         11,814
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
     2296   Connections             
     1304   Connections lost (inbound) 
     2296   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        2   Timeouts (inbound)      
        4   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 1 Time(s)
 
 Failed logins from:
    45.135.232.159: 3 times
    49.233.181.31: 4 times
    60.205.114.50: 5 times
    61.91.5.144 (61-91-5-144.static.asianet.co.th): 1 time
    64.227.21.69: 1 time
    68.183.180.46: 4 times
    91.241.19.42: 1 time
    95.172.47.98: 6 times
    113.31.162.175: 6 times
    118.89.153.32: 34 times
    138.68.172.66: 41 times
    162.191.188.65: 4 times
    164.90.155.117: 30 times
    170.106.115.41: 150 times
    180.100.243.210: 14 times
    180.184.64.56: 12 times
    183.62.15.118: 8 times
    198.98.51.254 (Gummy.net): 1 time
    199.195.248.175: 12 times
    205.185.126.71 (beta.bigislandrp.org): 7 times
    209.141.33.121: 4 times
    217.117.14.248: 13 times
 
 Illegal users from:
    undef: 65 times
    45.155.204.39: 3 times
    49.233.181.31: 1 time
    58.56.177.202: 1 time
    60.205.114.50: 1 time
    61.91.5.144 (61-91-5-144.static.asianet.co.th): 3 times
    62.46.81.112 (62-46-81-112.adsl.highway.telekom.at): 2 times
    64.227.21.69: 1 time
    65.49.20.68 (scan-19.shadowserver.org): 1 time
    68.183.180.46: 1 time
    81.97.64.57 (cpc99416-lich13-2-0-cust56.3-2.cable.virginm.net): 2 times
    84.129.157.237 (p54819ded.dip0.t-ipconnect.de): 2 times
    91.241.19.42: 3 times
    94.232.46.202: 4 times
    109.88.29.235 (host-109-88-29-235.dynamic.voo.be): 2 times
    113.31.162.175: 3 times
    118.89.153.32: 14 times
    141.98.10.63: 4 times
    154.89.5.44: 1 time
    162.191.188.65: 1 time
    164.90.155.117: 9 times
    167.88.161.219 (smtp21.gftvrsr.xyz): 6 times
    177.53.68.193: 1 time
    178.73.215.171 (178-73-215-171-static.glesys.net): 1 time
    180.100.243.210: 10 times
    180.184.64.56: 13 times
    183.62.15.118: 6 times
    185.220.103.5 (chelseamanning.tor-exit.calyxinstitute.org): 1 time
    188.126.89.44: 1 time
    188.126.89.79: 1 time
    198.98.51.254 (Gummy.net): 1 time
    205.185.126.71 (beta.bigislandrp.org): 6 times
    209.141.33.121: 12 times
    209.141.55.232: 6 times
    210.111.220.86: 2 times
    217.117.14.248: 4 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)