[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 5 März 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Mar  5 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Mar-04 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [111:113]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    36.5.223.118 -> zapf.wiki:443: 1 Time(s)
 
 A total of 5 sites probed the server 
    117.194.160.73
    172.104.242.173
    59.96.36.201
    66.240.205.34
    88.119.170.150
 
 Requests with error response codes
    400 Bad Request
       /: 5 Time(s)
       null: 4 Time(s)
       /socket.io/?noteId=YsLNyQBHTR2nugRNSqcWsQ& ... c1dKNReVnK8AEFb: 3 Time(s)
       /config/getuser?index=0: 2 Time(s)
       /socket.io/?noteId=YsLNyQBHTR2nugRNSqcWsQ& ... HzZf76D6UxJAEEQ: 2 Time(s)
       mstshash=Administr: 2 Time(s)
       /0bef: 1 Time(s)
       /favicon.ico: 1 Time(s)
       X\xD4>\x12\x98\xC4<\xE0\x13\xCF\x00\xAC\xA ... 5Cs\x9C\xBD\xCB: 1 Time(s)
       zapf.wiki:443: 1 Time(s)
    404 Not Found
       /robots.txt: 38 Time(s)
       /wp-login.php: 5 Time(s)
       /blog/wp-login.php: 2 Time(s)
       /wordpress/wp-login.php: 2 Time(s)
       /wp-config.php.bak: 2 Time(s)
       /wp-config.php.save: 2 Time(s)
       /wp-config.php_bak: 2 Time(s)
       /wp-config.php~: 2 Time(s)
       /wp/wp-login.php: 2 Time(s)
       /berlin/bower_components/scrollmagic/scrol ... ollmagic.min.js: 1 Time(s)
       /cpanel: 1 Time(s)
       /neuigkeiten/einladung-mgv-ws2011: 1 Time(s)
       /sites/default/files/1982_WiSe_Stuttgart.pdf: 1 Time(s)
       /sites/default/files/2006_SoSe_Dresden.pdf: 1 Time(s)
       /sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
       /user: 1 Time(s)
       /wp-admin/admin-ajax.php?action=revslider_ ... ./wp-config.php: 1 Time(s)
       /wp-config-good: 1 Time(s)
       /wp-config.bak: 1 Time(s)
       /wp-config.good: 1 Time(s)
       /wp-config.php-bak: 1 Time(s)
       /wp-config.php-original: 1 Time(s)
       /wp-config.php.0: 1 Time(s)
       /wp-config.php.1: 1 Time(s)
       /wp-config.php.2: 1 Time(s)
       /wp-config.php.3: 1 Time(s)
       /wp-config.php.4: 1 Time(s)
       /wp-config.php.5: 1 Time(s)
       /wp-config.php.6: 1 Time(s)
       /wp-config.php.7: 1 Time(s)
       /wp-config.php.8: 1 Time(s)
       /wp-config.php.9: 1 Time(s)
       /wp-config.php.a: 1 Time(s)
       /wp-config.php.b: 1 Time(s)
       /wp-config.php.backup: 1 Time(s)
       /wp-config.php.bak1: 1 Time(s)
       /wp-config.php.bk: 1 Time(s)
       /wp-config.php.cust: 1 Time(s)
       /wp-config.php.disabled: 1 Time(s)
       /wp-config.php.new: 1 Time(s)
       /wp-config.php.old: 1 Time(s)
       /wp-config.php.orig: 1 Time(s)
       /wp-config.php.original: 1 Time(s)
       /wp-config.php.swn: 1 Time(s)
       /wp-config.php.swo: 1 Time(s)
       /wp-config.php.swp: 1 Time(s)
       /wp-config.php_: 1 Time(s)
       /wp-config.php_1: 1 Time(s)
       /wp-config.php_Old: 1 Time(s)
       /wp-config.php_new: 1 Time(s)
       /wp-config.php_orig: 1 Time(s)
       /wp-config.php_original: 1 Time(s)
       /wp-config.phporiginal: 1 Time(s)
       /wp-config_good: 1 Time(s)
    500 Internal Server Error
       /: 26 Time(s)
       /robots.txt: 6 Time(s)
       /sitemap.txt: 5 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 2 Time(s)
       /Autodiscover/Autodiscover.xml: 2 Time(s)
       /_ignition/execute-solution: 2 Time(s)
       /api/jsonws/invoke: 2 Time(s)
       /console/: 2 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s)
       /mifs/.;/services/LogService: 2 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s)
       /.env: 1 Time(s)
       /actuator/health: 1 Time(s)
       /admin//config.php: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (119.4.250.94): 158 Time(s)
       root (118.25.192.122): 146 Time(s)
       root (121.4.68.192): 131 Time(s)
       root (106.13.78.235): 120 Time(s)
       root (165.227.84.172): 117 Time(s)
       root (188.131.140.185): 105 Time(s)
       root (42.192.3.193): 105 Time(s)
       root (218.92.0.184): 90 Time(s)
       root (102.69.163.144): 86 Time(s)
       root (167.99.128.147): 83 Time(s)
       root (ley.pp.ua): 83 Time(s)
       root (119.45.206.237): 82 Time(s)
       root (192.241.141.197): 82 Time(s)
       root (165.22.76.158): 81 Time(s)
       root (101.71.51.192): 79 Time(s)
       root (178.128.72.84): 79 Time(s)
       root (119.45.188.40): 77 Time(s)
       root (ip4d14ce36.dynamic.kabel-deutschland.de): 77 Time(s)
       root (188.93.235.237): 75 Time(s)
       root (218.92.0.165): 68 Time(s)
       root (121.4.29.160): 67 Time(s)
       root (203.195.205.202): 66 Time(s)
       root (218.92.0.171): 65 Time(s)
       root (116.6.18.115): 64 Time(s)
       root (81.68.72.231): 64 Time(s)
       root (n058153178025.netvigator.com): 64 Time(s)
       root (host-186-4-174-138.netlife.ec): 62 Time(s)
       root (209.45.63.254): 61 Time(s)
       root (v118-27-9-23.6lby.static.cnode.io): 56 Time(s)
       root (152.32.201.49): 55 Time(s)
       root (190.223.38.195): 55 Time(s)
       root (221.181.185.141): 55 Time(s)
       root (36.134.27.190): 54 Time(s)
       root (61.177.172.104): 53 Time(s)
       root (117.158.107.107): 52 Time(s)
       root (134.209.98.180): 51 Time(s)
       root (61.98.205.218): 51 Time(s)
       root (117.107.193.98): 47 Time(s)
       root (119.28.27.176): 47 Time(s)
       root (167.99.137.75): 47 Time(s)
       root (58.87.67.226): 42 Time(s)
       root (210.245.92.136): 41 Time(s)
       unknown (128.199.0.205): 37 Time(s)
       root (139.199.78.228): 36 Time(s)
       root (218.92.0.145): 36 Time(s)
       root (221.181.185.140): 34 Time(s)
       root (vps-eb900a86.vps.ovh.net): 34 Time(s)
       root (81.69.44.144): 33 Time(s)
       root (218.92.0.247): 30 Time(s)
       root (106.55.150.24): 29 Time(s)
       root (152.136.131.242): 28 Time(s)
       root (81.70.216.41): 28 Time(s)
       root (139.155.251.145): 27 Time(s)
       root (41.72.224.9): 27 Time(s)
       root (81.70.175.232): 27 Time(s)
       root (128.199.133.125): 26 Time(s)
       root (221.181.185.143): 26 Time(s)
       root (221.181.185.237): 24 Time(s)
       root (218.92.0.138): 23 Time(s)
       root (23.105.214.228.16clouds.com): 22 Time(s)
       root (119.29.91.153): 21 Time(s)
       root (125.114.71.91): 21 Time(s)
       root (188.168.82.246): 21 Time(s)
       root (59.29.227.55): 21 Time(s)
       root (49.51.188.139): 20 Time(s)
       root (49.51.94.140): 20 Time(s)
       root (101.127.232.199): 18 Time(s)
       root (218.92.0.185): 18 Time(s)
       root (vmi525609.contaboserver.net): 18 Time(s)
       root (159.226.73.77): 17 Time(s)
       root (122.52.48.92): 14 Time(s)
       root (128.199.64.71): 14 Time(s)
       root (58.87.85.37): 14 Time(s)
       root (103.117.156.44): 13 Time(s)
       root (106.12.77.212): 13 Time(s)
       root (218.92.0.133): 12 Time(s)
       root (212.233.112.134): 11 Time(s)
       root (202.62.10.250): 8 Time(s)
       root (31.210.20.24): 8 Time(s)
       root (192.144.227.36): 7 Time(s)
       root (203.163.247.42): 6 Time(s)
       root (220.225.126.55): 6 Time(s)
       root (222.187.239.31): 6 Time(s)
       unknown (116.110.19.52): 4 Time(s)
       root (36.66.48.187): 3 Time(s)
       unknown (116.110.154.43): 3 Time(s)
       unknown (195.54.160.250): 3 Time(s)
       root (142.93.129.81): 2 Time(s)
       root (152.67.97.9): 2 Time(s)
       root (42.193.186.35): 2 Time(s)
       unknown (121.154.148.202): 2 Time(s)
       unknown (27.78.87.71): 2 Time(s)
       unknown (31.210.20.24): 2 Time(s)
       unknown (ip68-5-173-208.oc.oc.cox.net): 2 Time(s)
       root (119.28.151.212): 1 Time(s)
       root (120.53.226.233): 1 Time(s)
       root (121.241.244.92): 1 Time(s)
       root (128.199.1.140): 1 Time(s)
       root (134.209.185.4): 1 Time(s)
       root (136.228.129.62): 1 Time(s)
       root (14.102.74.99): 1 Time(s)
       root (171.240.193.9): 1 Time(s)
       root (178.128.215.76): 1 Time(s)
       root (178.33.67.12): 1 Time(s)
       root (211.45.247.122): 1 Time(s)
       root (27.78.87.71): 1 Time(s)
       root (36.71.140.48): 1 Time(s)
       root (85.136.47.215.dyn.user.ono.com): 1 Time(s)
       root (91.176.33.231): 1 Time(s)
       root (mail.movers-india.com): 1 Time(s)
       unknown (171.251.24.211): 1 Time(s)
    Invalid Users:
       Unknown Account: 56 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       10   Miscellaneous warnings  
 
   13.602K  Bytes accepted                              13,928
   13.602K  Bytes sent via SMTP                         13,928
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       68   Connections             
        5   Connections lost (inbound) 
       68   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        3   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 66 Time(s)
 
 Failed logins from:
    14.102.74.99: 1 time
    23.105.214.228 (23.105.214.228.16clouds.com): 22 times
    27.78.87.71 (localhost): 1 time
    31.210.20.24: 8 times
    36.66.48.187: 3 times
    36.71.140.48: 1 time
    36.134.27.190: 54 times
    41.72.224.9: 27 times
    42.192.3.193: 105 times
    42.193.186.35: 2 times
    49.51.94.140: 20 times
    49.51.188.139: 20 times
    54.37.233.126 (vps-eb900a86.vps.ovh.net): 34 times
    58.87.67.226: 42 times
    58.87.85.37: 14 times
    58.153.178.25 (n058153178025.netvigator.com): 64 times
    59.29.227.55: 21 times
    61.98.205.218: 51 times
    61.177.172.104: 53 times
    77.20.206.54 (ip4d14ce36.dynamic.kabel-deutschland.de): 77 times
    81.68.72.231: 64 times
    81.69.44.144: 33 times
    81.70.175.232: 27 times
    81.70.216.41: 28 times
    85.136.47.215 (85.136.47.215.dyn.user.ono.com): 1 time
    91.176.33.231 (231.33-176-91.adsl-dyn.isp.belgacom.be): 1 time
    101.71.51.192: 79 times
    101.127.232.199: 18 times
    102.69.163.144: 86 times
    103.117.156.44: 13 times
    106.12.77.212: 13 times
    106.13.78.235: 120 times
    106.55.150.24: 29 times
    116.6.18.115: 64 times
    117.107.193.98: 47 times
    117.158.107.107: 52 times
    117.192.42.33 (mail.movers-india.com): 1 time
    118.25.192.122: 146 times
    118.27.9.23 (v118-27-9-23.6lby.static.cnode.io): 56 times
    119.4.250.94: 158 times
    119.28.27.176: 47 times
    119.28.151.212: 1 time
    119.29.91.153: 21 times
    119.45.188.40: 77 times
    119.45.206.237: 82 times
    120.53.226.233: 1 time
    121.4.29.160: 67 times
    121.4.68.192: 131 times
    121.241.244.92: 1 time
    122.52.48.92 (122.52.48.92.static.pldt.net): 14 times
    125.114.71.91: 21 times
    128.199.1.140: 1 time
    128.199.64.71: 14 times
    128.199.133.125: 26 times
    134.209.98.180: 51 times
    134.209.185.4: 1 time
    136.228.129.62 (62.129.228.136.sinet.com.kh): 1 time
    138.197.178.85 (ley.pp.ua): 83 times
    139.155.251.145: 27 times
    139.199.78.228: 36 times
    142.93.129.81: 2 times
    152.32.201.49: 55 times
    152.67.97.9: 2 times
    152.136.131.242: 28 times
    159.226.73.77: 17 times
    161.97.139.19 (vmi525609.contaboserver.net): 18 times
    165.22.76.158: 81 times
    165.227.84.172: 117 times
    167.99.128.147: 83 times
    167.99.137.75: 47 times
    171.240.193.9 (dynamic-adsl.viettel.vn): 1 time
    178.33.67.12 (vps2.d3soft.ma): 1 time
    178.128.72.84: 79 times
    178.128.215.76: 1 time
    186.4.174.138 (host-186-4-174-138.netlife.ec): 62 times
    188.93.235.237: 75 times
    188.131.140.185: 105 times
    188.168.82.246: 21 times
    190.223.38.195: 55 times
    192.144.227.36: 7 times
    192.241.141.197: 82 times
    202.62.10.250 (250.10.62.202.iconpln.net.id): 8 times
    203.163.247.42: 6 times
    203.195.205.202: 66 times
    209.45.63.254: 61 times
    210.245.92.136: 41 times
    211.45.247.122: 1 time
    212.233.112.134: 11 times
    218.92.0.133: 12 times
    218.92.0.138: 23 times
    218.92.0.145: 36 times
    218.92.0.165: 72 times
    218.92.0.171: 68 times
    218.92.0.184: 90 times
    218.92.0.185: 18 times
    218.92.0.247: 30 times
    220.225.126.55: 6 times
    221.181.185.140: 36 times
    221.181.185.141: 66 times
    221.181.185.143: 30 times
    221.181.185.237: 30 times
    222.187.239.31: 6 times
 
 Illegal users from:
    undef: 48 times
    27.78.87.71 (localhost): 3 times
    31.210.20.24: 2 times
    65.49.20.68 (scan-19.shadowserver.org): 1 time
    68.5.173.208 (ip68-5-173-208.oc.oc.cox.net): 2 times
    116.110.19.52: 4 times
    116.110.154.43: 3 times
    117.28.113.143 (143.113.28.117.broad.xm.fj.dynamic.163data.com.cn): 2 times
    121.154.148.202: 2 times
    128.199.0.205: 37 times
    171.251.24.211 (dynamic-adsl.viettel.vn): 1 time
    178.73.215.171 (178-73-215-171-static.glesys.net): 1 time
    195.54.160.250: 3 times
 
 **Unmatched Entries**
 error: Received disconnect from 27.78.87.71: 3: com.jcraft.jsch.JSchException: Auth fail
[preauth] : 3 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)