[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Sonntag, 8 Januar 2023


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sun Jan  8 04:42:03 2023
        Date Range Processed: yesterday
                              ( 2023-Jan-07 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [279:284]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    80.94.95.25 -> google.com:443: 1 Time(s)
 
 A total of 10 sites probed the server 
    143.110.172.214
    172.104.11.34
    172.104.131.24
    174.138.61.44
    198.199.112.16
    198.199.98.188
    205.185.118.237
    43.153.208.98
    45.61.186.176
    45.61.188.172
 
 Requests with error response codes
    400 Bad Request
       null: 16 Time(s)
       mstshash=Administr: 5 Time(s)
       /: 4 Time(s)
       *: 3 Time(s)
       /.env: 2 Time(s)
       7: 2 Time(s)
       /admin/console/: 1 Time(s)
       \xE00\xCC\xBAU]<\x15\x14\xBA\xC7W7c\x02\x9 ... 9\x87KE\xE1\x86: 1 Time(s)
       \xF5\xD8v#\xD1\xF2\xFC\x0C\x03\xDB\xEDAI\x ... D\xC0$\xC0(\xC0: 1 Time(s)
       google.com:443: 1 Time(s)
    404 Not Found
       /: 1 Time(s)
    500 Internal Server Error
       /: 23 Time(s)
       /.env: 5 Time(s)
       /.git/config: 2 Time(s)
       /.DS_Store: 1 Time(s)
       /.aws/credentials: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       /actuator/gateway/routes: 1 Time(s)
       /actuator/health: 1 Time(s)
       /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s)
       /autodiscover/autodiscover.json?a..foo.var ... ol=%50owershell: 1 Time(s)
       /cgi-bin/luci: 1 Time(s)
       /config.json: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /idx_config/: 1 Time(s)
       /info.php: 1 Time(s)
       /owa/: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /server-status: 1 Time(s)
       /telescope/requests: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (61.177.173.13): 162 Time(s)
       root (alanmachado.com): 117 Time(s)
       unknown (59.7.196.52): 50 Time(s)
       unknown (185.81.68.74): 40 Time(s)
       unknown (64.227.136.47): 40 Time(s)
       unknown (194.110.203.109): 30 Time(s)
       root (59.7.196.52): 28 Time(s)
       unknown (159.89.200.177): 24 Time(s)
       root (64.227.136.47): 19 Time(s)
       root (20.164.40.106): 18 Time(s)
       unknown (102.216.205.21): 15 Time(s)
       unknown (103.147.4.36): 15 Time(s)
       root (176.111.173.164): 14 Time(s)
       unknown (119.4.250.94): 13 Time(s)
       unknown (181.121.103.228): 13 Time(s)
       unknown (195.226.194.142): 13 Time(s)
       unknown (195.226.194.242): 13 Time(s)
       unknown (218.146.103.48): 13 Time(s)
       unknown (65.181.73.155): 13 Time(s)
       root (195.226.194.242): 12 Time(s)
       unknown (103.185.239.10): 12 Time(s)
       unknown (104.42.148.242): 12 Time(s)
       unknown (109.167.197.20): 12 Time(s)
       unknown (134.17.89.151): 12 Time(s)
       unknown (141.147.37.68): 12 Time(s)
       unknown (43.134.237.29): 12 Time(s)
       unknown (43.134.81.232): 12 Time(s)
       unknown (43.156.6.188): 12 Time(s)
       unknown (45.8.46.124): 12 Time(s)
       unknown (61.82.54.57): 12 Time(s)
       unknown (64.227.180.17): 12 Time(s)
       unknown (mail.ejercito.mil.bo): 12 Time(s)
       unknown (r190-64-136-124.ir-static.anteldata.net.uy): 12 Time(s)
       unknown (vmi1127993.contaboserver.net): 12 Time(s)
       unknown (43.240.103.140): 11 Time(s)
       unknown (59.103.236.74): 11 Time(s)
       unknown (113.21.232.39): 10 Time(s)
       unknown (20.164.40.106): 10 Time(s)
       unknown (dslbc247b06.fixip.t-online.hu): 10 Time(s)
       unknown (103.129.108.14): 9 Time(s)
       unknown (103.183.74.28): 9 Time(s)
       unknown (104.131.13.185): 9 Time(s)
       unknown (104.168.102.21): 9 Time(s)
       unknown (104.248.204.184): 9 Time(s)
       unknown (130.162.45.164): 9 Time(s)
       unknown (147.182.128.252): 9 Time(s)
       unknown (153.92.208.167): 9 Time(s)
       unknown (164.92.156.120): 9 Time(s)
       unknown (178.128.229.120): 9 Time(s)
       unknown (178.251.140.3): 9 Time(s)
       unknown (178.47.41.254): 9 Time(s)
       unknown (187.51.208.158): 9 Time(s)
       unknown (190.120.254.76): 9 Time(s)
       unknown (192.227.174.167): 9 Time(s)
       unknown (20.194.60.135): 9 Time(s)
       unknown (207.249.96.164): 9 Time(s)
       unknown (27.50.54.52): 9 Time(s)
       unknown (41.33.118.92): 9 Time(s)
       unknown (43.135.154.66): 9 Time(s)
       unknown (43.153.68.101): 9 Time(s)
       unknown (45.175.18.29): 9 Time(s)
       unknown (68.183.238.182): 9 Time(s)
       unknown (82.114.193.41): 9 Time(s)
       unknown (ai151213.dynamic.ppp.asahi-net.or.jp): 9 Time(s)
       unknown (fixed-187-190-40-6.totalplay.net): 9 Time(s)
       unknown (static.194.18.119.168.clients.your-server.de): 9 Time(s)
       root (195.226.194.142): 8 Time(s)
       unknown (14.225.254.5): 8 Time(s)
       unknown (164.92.192.229): 8 Time(s)
       unknown (46.101.244.79): 8 Time(s)
       unknown (51.15.130.203): 8 Time(s)
       unknown (58.27.95.2): 8 Time(s)
       unknown (95.85.124.33): 8 Time(s)
       root (185.81.68.74): 7 Time(s)
       unknown (123-195-33-169.dynamic.kbronet.com.tw): 7 Time(s)
       unknown (13.67.221.136): 7 Time(s)
       unknown (146.190.72.102): 7 Time(s)
       unknown (158.69.75.179): 7 Time(s)
       unknown (190.246.155.29): 7 Time(s)
       unknown (46.101.249.11): 7 Time(s)
       unknown (92.36.180.104): 7 Time(s)
       root (123-195-33-169.dynamic.kbronet.com.tw): 6 Time(s)
       root (158.69.75.179): 6 Time(s)
       root (222.168.30.19): 6 Time(s)
       root (46.101.249.11): 6 Time(s)
       root (r179-27-60-34.static.adinet.com.uy): 6 Time(s)
       unknown (141.98.10.158): 6 Time(s)
       unknown (157.230.113.181): 6 Time(s)
       unknown (46.101.73.246): 6 Time(s)
       unknown (92.36.169.95): 6 Time(s)
       unknown (r179-27-60-34.static.adinet.com.uy): 6 Time(s)
       root (14.225.254.5): 5 Time(s)
       root (157.230.113.181): 5 Time(s)
       unknown (31.41.244.124): 5 Time(s)
       unknown (host-82-53-161-78.retail.telecomitalia.it): 5 Time(s)
       root (45.8.46.124): 4 Time(s)
       unknown (107.189.30.59): 4 Time(s)
       unknown (128.199.212.131): 4 Time(s)
       bin (64.227.136.47): 3 Time(s)
       root (209.141.55.27): 3 Time(s)
       unknown (smtp5.antaresbc.com): 3 Time(s)
       postgres (45.8.46.124): 2 Time(s)
       root (164.92.192.229): 2 Time(s)
       root (95.85.124.33): 2 Time(s)
       unknown (141.98.11.26): 2 Time(s)
       unknown (194.169.175.102): 2 Time(s)
       unknown (209.141.56.48): 2 Time(s)
       unknown (88.168.61.98): 2 Time(s)
       unknown (ip-176-198-096-239.um43.pools.vodafone-ip.de): 2 Time(s)
       backup (185.81.68.74): 1 Time(s)
       list (59.103.236.74): 1 Time(s)
       mail (141.98.10.158): 1 Time(s)
       mailman (157.230.113.181): 1 Time(s)
       nobody (185.81.68.74): 1 Time(s)
       opendkim (43.134.81.232): 1 Time(s)
       postgres (185.81.68.74): 1 Time(s)
       postgres (20.164.40.106): 1 Time(s)
       postgres (59.7.196.52): 1 Time(s)
       root (159.89.200.177): 1 Time(s)
       root (189.40.66.136): 1 Time(s)
       root (31.41.244.124): 1 Time(s)
       sshd (185.81.68.74): 1 Time(s)
       temp (14.225.254.5): 1 Time(s)
       unknown (81.17.25.50): 1 Time(s)
    Invalid Users:
       Unknown Account: 914 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  
 
   32.283K  Bytes accepted                              33,058
   32.283K  Bytes sent via SMTP                         33,058
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
      256   Connections             
      191   Connections lost (inbound) 
      256   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        7   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 1 Time(s)
 
 Failed logins from:
    14.225.254.5: 6 times
    20.164.40.106: 19 times
    31.41.244.124: 1 time
    43.134.81.232: 1 time
    45.8.46.124 (softwarely.online): 6 times
    46.101.249.11: 6 times
    59.7.196.52: 29 times
    59.103.236.74: 1 time
    61.177.173.13: 174 times
    64.227.136.47: 22 times
    95.85.124.33: 2 times
    123.195.33.169 (123-195-33-169.dynamic.kbronet.com.tw): 6 times
    141.98.10.158: 1 time
    157.230.113.181: 6 times
    158.69.75.179: 6 times
    159.89.200.177: 1 time
    164.92.192.229: 2 times
    165.227.2.252 (alanmachado.com): 117 times
    176.111.173.164: 15 times
    179.27.60.34 (r179-27-60-34.static.adinet.com.uy): 6 times
    185.81.68.74: 11 times
    189.40.66.136: 1 time
    195.226.194.142: 8 times
    195.226.194.242: 12 times
    209.141.55.27 (mta2.ohne-rezept-bestellen.info): 3 times
    222.168.30.19: 6 times
 
 Illegal users from:
    2001:470:1:c84::24: 1 time
    2001:470:1:c84::13: 1 time
    undef: 538 times
    13.67.221.136: 7 times
    14.225.254.5: 8 times
    20.164.40.106: 10 times
    20.194.60.135: 9 times
    27.50.54.52: 9 times
    31.41.244.124: 5 times
    41.33.118.92 (host-41.33.118.92.tedata.net): 9 times
    43.134.81.232: 12 times
    43.134.237.29: 12 times
    43.135.154.66: 9 times
    43.153.68.101: 9 times
    43.156.6.188: 12 times
    43.240.103.140: 11 times
    45.8.46.124 (softwarely.online): 12 times
    45.175.18.29 (45-175-18-29.4efibra.com.br): 9 times
    46.101.73.246: 6 times
    46.101.244.79: 8 times
    46.101.249.11: 7 times
    51.15.130.203 (203-130-15-51.instances.scw.cloud): 8 times
    58.27.95.2: 8 times
    59.7.196.52: 50 times
    59.103.236.74: 11 times
    61.82.54.57: 12 times
    64.62.197.105 (scan-39n.shadowserver.org): 1 time
    64.227.136.47: 41 times
    64.227.180.17: 12 times
    65.181.73.155 (65-181-73-155.static.imsbiz.com): 13 times
    68.183.238.182: 9 times
    81.17.25.50 (hostedby.privatealps.net): 4 times
    82.53.161.78 (host-82-53-161-78.retail.telecomitalia.it): 5 times
    82.114.193.41 (www.zstenis.com): 9 times
    88.168.61.98 (mpl69-2_migr-88-168-61-98.fbx.proxad.net): 2 times
    92.36.169.95: 6 times
    92.36.180.104: 7 times
    95.85.124.33: 8 times
    102.216.205.21: 15 times
    103.129.108.14 (103.129.108.14.ipv4-static-gateway.flashcomnetwork.com): 9 times
    103.147.4.36: 15 times
    103.183.74.28 (ip28.74.183.103.in-addr.arpa.unknwn.cloudhost.asia): 9 times
    103.185.239.10: 12 times
    104.42.148.242: 12 times
    104.131.13.185: 9 times
    104.168.102.21 (104-168-102-21-host.colocrossing.com): 9 times
    104.244.74.6 (smtp5.antaresbc.com): 3 times
    104.248.204.184: 9 times
    107.189.30.59: 4 times
    109.167.197.20 (109-167-197-20.westcall.net): 12 times
    113.21.232.39: 10 times
    119.4.250.94: 13 times
    123.195.33.169 (123-195-33-169.dynamic.kbronet.com.tw): 7 times
    128.199.212.131: 4 times
    130.162.45.164: 9 times
    134.17.89.151 (151-89-17-134-dynamic-pool.internet.mts.by): 12 times
    138.64.151.213 (ai151213.dynamic.ppp.asahi-net.or.jp): 9 times
    141.98.10.158: 6 times
    141.98.11.26 (elate.woinsta.com): 2 times
    141.147.37.68: 12 times
    146.190.72.102: 7 times
    147.182.128.252: 9 times
    153.92.208.167: 9 times
    155.133.27.138 (vmi1127993.contaboserver.net): 12 times
    157.230.113.181: 6 times
    158.69.75.179: 7 times
    159.89.200.177: 24 times
    164.92.156.120: 9 times
    164.92.192.229: 8 times
    168.119.18.194 (static.194.18.119.168.clients.your-server.de): 9 times
    176.198.96.239 (ip-176-198-096-239.um43.pools.vodafone-ip.de): 2 times
    178.47.41.254: 9 times
    178.128.229.120: 9 times
    178.251.140.3 (b32-mgmt-gw.dssv.ru): 9 times
    179.27.60.34 (r179-27-60-34.static.adinet.com.uy): 6 times
    181.121.103.228 (pool-228-103-121-181.telecel.com.py): 13 times
    185.81.68.74: 40 times
    186.121.203.115 (mail.ejercito.mil.bo): 12 times
    187.51.208.158 (187-51-208-158.customer.tdatabrasil.net.br): 9 times
    187.190.40.6 (fixed-187-190-40-6.totalplay.net): 9 times
    188.36.123.6 (dslBC247B06.fixip.t-online.hu): 10 times
    190.64.136.124 (r190-64-136-124.ir-static.anteldata.net.uy): 12 times
    190.120.254.76: 9 times
    190.246.155.29 (29-155-246-190.fibertel.com.ar): 7 times
    192.227.174.167 (192-227-174-167-host.colocrossing.com): 9 times
    194.110.203.109: 30 times
    194.169.175.102 (net-194-169-175-102.cust.as211760.net): 2 times
    195.226.194.142: 13 times
    195.226.194.242: 13 times
    207.249.96.164: 9 times
    209.141.56.48: 2 times
    218.146.103.48: 13 times
 
 **Unmatched Entries**
 Disconnecting: Change of username or service not allowed: (,ssh-connection) ->
(admin,ssh-connection) [preauth] : 1 time(s)
 fatal: no matching cipher found: client aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 1 time(s)
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(cameras,ssh-connection) [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop48368p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)