[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Donnerstag, 4 Februar 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Thu Feb  4 04:42:03 2021
        Date Range Processed: yesterday
                              ( 2021-Feb-03 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [605:601]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 2 sites probed the server 
    120.9.111.175
    61.219.11.153
 
 Requests with error response codes
    400 Bad Request
       /: 3 Time(s)
       /socket.io/?noteId=YsLNyQBHTR2nugRNSqcWsQ& ... lAoFQmW3vNRACDB: 3 Time(s)
       /socket.io/?noteId=argumente_fuer_eine_zap ... KH1XU9lucGkACEy: 3 Time(s)
       /socket.io/?noteId=argumente_fuer_eine_zap ... hude3Pw18vkACEg: 3 Time(s)
       null: 3 Time(s)
       /socket.io/?noteId=YsLNyQBHTR2nugRNSqcWsQ& ... 3ve2dvZnURTACDA: 2 Time(s)
       /socket.io/?noteId=argumente_fuer_eine_zap ... yadxGZrypHJACEY: 2 Time(s)
       /0bef: 1 Time(s)
       /c/version.js: 1 Time(s)
       /client_area/: 1 Time(s)
       /socket.io/?noteId=argumente_fuer_eine_zap ... 1Uo4ALwdfNeACEQ: 1 Time(s)
       /stalker_portal/c/: 1 Time(s)
       /stalker_portal/c/version.js: 1 Time(s)
       /streaming/clients_live.php: 1 Time(s)
       /system_api.php: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       \xDF\xC0Xk\xEA\xF7\xD0{\x99\xE3\xE8\xDBm\x ... x09\xC0\x14\xC0: 1 Time(s)
       mstshash=Administr: 1 Time(s)
    404 Not Found
       /robots.txt: 37 Time(s)
       /xmlrpc.php: 4 Time(s)
       /wp-login.php: 3 Time(s)
       /home/verein: 2 Time(s)
       /home/zapf: 2 Time(s)
       /wp-content/db-cache.php: 2 Time(s)
       /ads.txt: 1 Time(s)
       /blog/wp-login.php: 1 Time(s)
       /humans.txt: 1 Time(s)
       /sites/default/files/1981_SoSe_Mainz.pdf: 1 Time(s)
       /sites/default/files/2005_SoSe_Erlangen.pdf: 1 Time(s)
       /wordpress/wp-login.php: 1 Time(s)
       /wp/wp-login.php: 1 Time(s)
    499 (undefined)
       /favicon.png: 1 Time(s)
       /socket.io/?noteId=argumente_fuer_eine_zap ... yadxGZrypHJACEY: 1 Time(s)
    500 Internal Server Error
       /: 30 Time(s)
       /robots.txt: 9 Time(s)
       /sitemap.xml.gz: 7 Time(s)
       /atom.xml: 6 Time(s)
       /sitemap.xml: 5 Time(s)
       /sitemap_index.xml: 5 Time(s)
       /sitemaps.xml: 4 Time(s)
       /sitemap.txt: 3 Time(s)
       /.env: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /admin//config.php: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /c/version.js: 1 Time(s)
       /client_area/: 1 Time(s)
       /console/: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /stalker_portal/c/: 1 Time(s)
       /stalker_portal/c/version.js: 1 Time(s)
       /streaming/clients_live.php: 1 Time(s)
       /system_api.php: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (222.187.238.87): 62 Time(s)
       unknown (ip93.ip-87-98-182.eu): 58 Time(s)
       root (222.187.239.31): 44 Time(s)
       unknown (111.76.126.109): 42 Time(s)
       unknown (138.197.19.166): 32 Time(s)
       unknown (192.241.131.150): 32 Time(s)
       unknown (200.ip-51-75-24.eu): 32 Time(s)
       unknown (204.ip-54-37-71.eu): 32 Time(s)
       unknown (106.13.2.82): 31 Time(s)
       unknown (114.67.127.240): 31 Time(s)
       unknown (119.29.161.236): 31 Time(s)
       unknown (123.140.114.252): 31 Time(s)
       unknown (124.156.154.55): 31 Time(s)
       unknown (128.199.108.117): 31 Time(s)
       unknown (134.209.248.200): 31 Time(s)
       unknown (139.198.121.63): 31 Time(s)
       unknown (140.143.35.68): 31 Time(s)
       unknown (149.202.161.57): 31 Time(s)
       unknown (167.172.164.73): 31 Time(s)
       unknown (188.254.0.182): 31 Time(s)
       unknown (45.119.83.68): 31 Time(s)
       unknown (bb121-6-219-179.singnet.com.sg): 31 Time(s)
       unknown (vps-bd5167ba.vps.ovh.net): 31 Time(s)
       unknown (104.131.79.252): 30 Time(s)
       unknown (124.156.99.101): 30 Time(s)
       unknown (165.22.120.146): 30 Time(s)
       unknown (201.111.143.168): 30 Time(s)
       unknown (248.ip-79-137-34.eu): 30 Time(s)
       unknown (49.233.77.12): 30 Time(s)
       unknown (178.128.208.128): 29 Time(s)
       unknown (190.119.197.210): 29 Time(s)
       unknown (207.ip-54-37-71.eu): 29 Time(s)
       unknown (51.15.179.65): 29 Time(s)
       unknown (91.232.4.149): 29 Time(s)
       unknown (mail.pharmust.com): 29 Time(s)
       unknown (129.204.33.4): 28 Time(s)
       unknown (188.166.114.8): 28 Time(s)
       unknown (220.180.112.208): 28 Time(s)
       unknown (43.226.144.175): 28 Time(s)
       unknown (89.205.35.133): 28 Time(s)
       unknown (139.155.68.39): 27 Time(s)
       unknown (187.72.220.62): 27 Time(s)
       unknown (190.186.170.82): 27 Time(s)
       unknown (192.ip-51-68-123.eu): 27 Time(s)
       unknown (prod1.adisoftronics.net): 27 Time(s)
       root (221.181.185.140): 26 Time(s)
       unknown (104.225.216.20): 26 Time(s)
       unknown (139.186.155.116): 26 Time(s)
       unknown (171.ip-79-137-72.eu): 26 Time(s)
       unknown (49.247.208.185): 26 Time(s)
       unknown (123.58.213.220): 25 Time(s)
       unknown (27.128.236.189): 25 Time(s)
       unknown (81.69.251.89): 25 Time(s)
       unknown (81.69.37.18): 25 Time(s)
       unknown (139.155.247.50): 24 Time(s)
       unknown (128.199.25.223): 23 Time(s)
       unknown (139.155.84.160): 23 Time(s)
       unknown (81.70.210.160): 23 Time(s)
       unknown (129.226.165.250): 22 Time(s)
       unknown (172.ip-51-255-171.eu): 22 Time(s)
       unknown (81.68.172.21): 22 Time(s)
       unknown (188.166.158.134): 21 Time(s)
       unknown (81.71.128.77.rev.sfr.net): 21 Time(s)
       root (221.181.185.143): 20 Time(s)
       unknown (27.185.12.20): 20 Time(s)
       unknown (mail.letscraft.me): 19 Time(s)
       unknown (maxze.ro): 19 Time(s)
       unknown (202.88.150.74): 16 Time(s)
       unknown (125.20.32.22): 15 Time(s)
       unknown (1.32.210.109): 13 Time(s)
       unknown (45.146.164.88): 12 Time(s)
       unknown (106.13.20.31): 11 Time(s)
       unknown (net-31-27-35-138.cust.vodafonedsl.it): 10 Time(s)
       root (104.248.196.130): 6 Time(s)
       root (71.214.134.218): 6 Time(s)
       root (vps-6d6083e9.vps.ovh.ca): 6 Time(s)
       unknown (195.54.160.134): 5 Time(s)
       unknown (175.24.235.245): 4 Time(s)
       unknown (180.ip-139-99-90.net): 4 Time(s)
       unknown (191.162.198.139): 4 Time(s)
       root (45.146.164.88): 3 Time(s)
       unknown (104.225.154.136.16clouds.com): 3 Time(s)
       unknown (115.72.135.103): 3 Time(s)
       unknown (27.70.134.169): 3 Time(s)
       unknown (068-190-212-219.res.spectrum.com): 2 Time(s)
       unknown (141.98.80.69): 2 Time(s)
       unknown (141.98.80.71): 2 Time(s)
       unknown (141.98.80.82): 2 Time(s)
       unknown (141.98.80.85): 2 Time(s)
       unknown (45.78.38.184.16clouds.com): 2 Time(s)
       unknown (59-125-28-51.hinet-ip.hinet.net): 2 Time(s)
       unknown (91-172-197-174.subs.proxad.net): 2 Time(s)
       unknown (c193-183-244-183.customer.sandnet.se): 2 Time(s)
       unknown (eos3.neoplus.adsl.tpnet.pl): 2 Time(s)
       unknown (web.f5.com.ua): 2 Time(s)
       backup (195.54.160.134): 1 Time(s)
       lp (149.202.161.57): 1 Time(s)
       lp (27.128.236.189): 1 Time(s)
       lp (51.15.179.65): 1 Time(s)
       postgres (195.54.160.134): 1 Time(s)
       root (141.98.80.70): 1 Time(s)
       root (141.98.80.83): 1 Time(s)
       root (195.54.160.134): 1 Time(s)
       root (81.161.63.101): 1 Time(s)
       unknown (1.204.56.90): 1 Time(s)
       unknown (103.100.210.198): 1 Time(s)
       unknown (103.245.181.2): 1 Time(s)
       unknown (104.248.158.100): 1 Time(s)
       unknown (104.41.34.120): 1 Time(s)
       unknown (106.12.160.17): 1 Time(s)
       unknown (111.67.204.220): 1 Time(s)
       unknown (114.88.92.236): 1 Time(s)
       unknown (116.196.85.126): 1 Time(s)
       unknown (119.45.139.59): 1 Time(s)
       unknown (123.22.212.99): 1 Time(s)
       unknown (123.58.5.36): 1 Time(s)
       unknown (124.205.119.183): 1 Time(s)
       unknown (124.205.84.5): 1 Time(s)
       unknown (128.199.254.188): 1 Time(s)
       unknown (139.198.122.76): 1 Time(s)
       unknown (139.198.17.31): 1 Time(s)
       unknown (157.230.38.150): 1 Time(s)
       unknown (164.90.225.28): 1 Time(s)
       unknown (167.99.66.74): 1 Time(s)
       unknown (175.198.80.24): 1 Time(s)
       unknown (176.202.232.190): 1 Time(s)
       unknown (185.156.74.65): 1 Time(s)
       unknown (195.223.211.242): 1 Time(s)
       unknown (200.216.31.148): 1 Time(s)
       unknown (27.123.171.65): 1 Time(s)
       unknown (42.192.50.24): 1 Time(s)
       unknown (43.229.55.61): 1 Time(s)
       unknown (45.228.138.18): 1 Time(s)
       unknown (49.235.221.172): 1 Time(s)
       unknown (49.235.78.105): 1 Time(s)
       unknown (51.15.205.46): 1 Time(s)
       unknown (52.187.132.240): 1 Time(s)
       unknown (58.221.62.191): 1 Time(s)
       unknown (60.6.209.7): 1 Time(s)
       unknown (68.183.12.80): 1 Time(s)
       unknown (68.183.189.30): 1 Time(s)
       unknown (host-186-101-233-58.netlife.ec): 1 Time(s)
       unknown (host-85-172-189-189.stavropol.ru): 1 Time(s)
       unknown (ip73.ip-167-114-203.net): 1 Time(s)
    Invalid Users:
       Unknown Account: 1950 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        6   Miscellaneous warnings  
 
   33.875K  Bytes accepted                              34,688
   33.875K  Bytes sent via SMTP                         34,688
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        5   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        5   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      198   Connections             
       22   Connections lost (inbound) 
      198   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 2 Time(s)
 
 Failed logins from:
    27.128.236.189: 1 time
    45.146.164.88: 3 times
    51.15.179.65 (51-15-179-65.rev.poneytelecom.eu): 1 time
    51.222.139.65 (vps-6d6083e9.vps.ovh.ca): 6 times
    71.214.134.218 (71-214-134-218.orlf.qwest.net): 6 times
    81.161.63.101: 1 time
    104.248.196.130: 6 times
    141.98.80.70: 1 time
    141.98.80.83: 1 time
    149.202.161.57 (ip-149-202-161.eu): 1 time
    195.54.160.134: 3 times
    221.181.185.140: 30 times
    221.181.185.143: 24 times
    222.187.238.87: 66 times
    222.187.239.31: 48 times
 
 Illegal users from:
    undef: 679 times
    1.32.210.109: 13 times
    1.204.56.90: 1 time
    27.70.134.169 (localhost): 3 times
    27.123.171.65: 1 time
    27.128.236.189: 25 times
    27.185.12.20: 20 times
    31.27.35.138 (net-31-27-35-138.cust.vodafonedsl.it): 10 times
    37.120.171.33 (mail.letscraft.me): 19 times
    42.192.50.24: 1 time
    43.226.144.175: 28 times
    43.229.55.61: 1 time
    45.78.38.184 (45.78.38.184.16clouds.com): 2 times
    45.119.83.68: 31 times
    45.146.164.88: 12 times
    45.228.138.18: 1 time
    49.233.77.12: 30 times
    49.235.78.105: 1 time
    49.235.221.172: 1 time
    49.247.208.185: 26 times
    51.15.179.65 (51-15-179-65.rev.poneytelecom.eu): 29 times
    51.15.205.46 (46-205-15-51.instances.scw.cloud): 1 time
    51.68.123.192 (192.ip-51-68-123.eu): 27 times
    51.75.24.200 (200.ip-51-75-24.eu): 32 times
    51.75.66.92 (maxze.ro): 19 times
    51.77.231.236 (vps-bd5167ba.vps.ovh.net): 31 times
    51.83.74.126 (mail.pharmust.com): 29 times
    51.255.171.172 (172.ip-51-255-171.eu): 22 times
    52.187.132.240: 1 time
    54.37.71.204 (204.ip-54-37-71.eu): 32 times
    54.37.71.207 (207.ip-54-37-71.eu): 29 times
    58.221.62.191: 1 time
    59.125.28.51 (59-125-28-51.HINET-IP.hinet.net): 2 times
    60.6.209.7: 1 time
    65.49.20.68 (scan-19.shadowserver.org): 1 time
    68.183.12.80 (chbluxury.com.ng): 1 time
    68.183.189.30: 1 time
    68.190.212.219 (068-190-212-219.res.spectrum.com): 2 times
    77.128.71.81 (81.71.128.77.rev.sfr.net): 21 times
    79.137.34.248 (248.ip-79-137-34.eu): 30 times
    79.137.72.171 (171.ip-79-137-72.eu): 26 times
    81.68.172.21: 22 times
    81.69.37.18: 25 times
    81.69.251.89: 25 times
    81.70.210.160: 23 times
    83.20.34.3 (eos3.neoplus.adsl.tpnet.pl): 2 times
    85.172.189.189 (host-85-172-189-189.stavropol.ru): 1 time
    87.98.182.93 (ip93.ip-87-98-182.eu): 58 times
    89.205.35.133 (89.205.35.133.robi.com.mk): 28 times
    91.172.197.174 (91-172-197-174.subs.proxad.net): 2 times
    91.232.4.149: 29 times
    103.100.210.198: 1 time
    103.245.181.2: 1 time
    103.248.33.51 (prod1.adisoftronics.net): 27 times
    104.41.34.120: 1 time
    104.131.79.252: 30 times
    104.225.154.136 (104.225.154.136.16clouds.com): 3 times
    104.225.216.20: 26 times
    104.248.158.100: 1 time
    106.12.160.17: 1 time
    106.13.2.82: 31 times
    106.13.20.31: 11 times
    111.67.204.220: 1 time
    111.76.126.109: 42 times
    114.67.127.240: 31 times
    114.88.92.236: 1 time
    115.72.135.103 (adsl.viettel.vn): 3 times
    116.196.85.126: 1 time
    119.29.161.236: 31 times
    119.45.139.59: 1 time
    121.6.219.179 (bb121-6-219-179.singnet.com.sg): 31 times
    123.22.212.99: 1 time
    123.58.5.36: 1 time
    123.58.213.220: 25 times
    123.140.114.252: 31 times
    124.156.99.101: 30 times
    124.156.154.55: 31 times
    124.205.84.5: 1 time
    124.205.119.183: 1 time
    125.20.32.22: 15 times
    128.199.25.223: 23 times
    128.199.108.117: 31 times
    128.199.254.188: 1 time
    129.204.33.4: 28 times
    129.226.165.250: 22 times
    134.209.248.200: 31 times
    138.197.19.166: 32 times
    139.99.90.180 (180.ip-139-99-90.net): 4 times
    139.155.68.39: 27 times
    139.155.84.160: 23 times
    139.155.247.50: 24 times
    139.162.122.110 (scan-8.security.ipip.net): 2 times
    139.186.155.116: 26 times
    139.198.17.31: 1 time
    139.198.121.63: 31 times
    139.198.122.76: 1 time
    140.143.35.68: 31 times
    141.98.80.69: 2 times
    141.98.80.70: 1 time
    141.98.80.71: 2 times
    141.98.80.82: 2 times
    141.98.80.83: 1 time
    141.98.80.85: 2 times
    144.91.94.247 (web.f5.com.ua): 2 times
    149.202.161.57 (ip-149-202-161.eu): 31 times
    157.230.38.150: 1 time
    164.90.225.28: 1 time
    165.22.120.146: 30 times
    167.99.66.74: 1 time
    167.114.203.73 (ip73.ip-167-114-203.net): 1 time
    167.172.164.73: 31 times
    175.24.235.245: 4 times
    175.198.80.24: 1 time
    176.202.232.190: 1 time
    178.128.208.128: 29 times
    185.156.74.65 (185-156-74-65.pro-telecom.net): 1 time
    186.101.233.58 (host-186-101-233-58.netlife.ec): 1 time
    187.72.220.62 (187-072-220-062.static.ctbctelecom.com.br): 27 times
    188.166.114.8: 28 times
    188.166.158.134: 21 times
    188.254.0.182: 31 times
    190.119.197.210: 29 times
    190.186.170.82 (linkisrv180.dvcimportaciones.com): 27 times
    191.162.198.139 (139.198.162.191.isp.timbrasil.com.br): 4 times
    192.241.131.150: 32 times
    193.183.244.183 (c193-183-244-183.customer.sandnet.se): 2 times
    195.54.160.134: 5 times
    195.223.211.242: 1 time
    200.216.31.148: 1 time
    201.111.143.168 (dup-201-111-143-168.prod-dial.com.mx): 30 times
    202.88.150.74: 16 times
    220.180.112.208: 28 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)