[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Donnerstag, 27 Januar 2022


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Thu Jan 27 04:42:04 2022
        Date Range Processed: yesterday
                              ( 2022-Jan-26 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [382:384]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    162.250.127.202 -> zapf.wiki:443: 1 Time(s)
 
 A total of 13 sites probed the server 
    103.156.91.51
    161.35.230.183
    164.92.210.84
    167.71.102.95
    171.38.145.72
    172.104.131.24
    222.186.19.235
    23.250.19.242
    34.86.35.27
    45.134.144.108
    47.242.118.213
    61.219.11.151
    89.248.165.74
 
 Requests with error response codes
    400 Bad Request
       null: 19 Time(s)
       /manager/html: 4 Time(s)
       mstshash=Domain: 4 Time(s)
       /: 3 Time(s)
       mstshash=Administr: 3 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
       http://fuwu.sogou.com/404/index.html: 2 Time(s)
       /bag2: 1 Time(s)
       /config/getuser?index=0: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       7: 1 Time(s)
       \xB9\xDB\x0CEN#5h[\xE4\xC5\x16\xF7wBr=\xB1: 1 Time(s)
       zapf.wiki:443: 1 Time(s)
    500 Internal Server Error
       /: 23 Time(s)
       /.env: 8 Time(s)
       /favicon.ico: 3 Time(s)
       /robots.txt: 3 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 3 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /ReportServer: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /console/: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /login: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /sitemap.xml: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (200.142.113.150): 70 Time(s)
       root (41.182.130.37): 43 Time(s)
       root (137.184.201.230): 36 Time(s)
       root (159.75.38.169): 36 Time(s)
       root (1.15.98.138): 35 Time(s)
       root (103.81.195.66): 35 Time(s)
       root (77.52.12.151): 35 Time(s)
       root (117.144.178.162): 33 Time(s)
       root (122.51.179.104): 30 Time(s)
       root (123.31.29.192): 30 Time(s)
       root (125.209.84.51): 30 Time(s)
       root (134.175.55.42): 30 Time(s)
       root (143.198.118.99): 30 Time(s)
       root (167.99.12.43): 30 Time(s)
       root (188.166.187.117): 30 Time(s)
       root (202.112.61.110): 30 Time(s)
       root (203.176.78.120): 30 Time(s)
       root (223.112.5.112): 30 Time(s)
       root (45.86.74.14): 30 Time(s)
       root (58.87.73.46): 30 Time(s)
       root (cloud.powertel.co.id): 30 Time(s)
       root (118.195.132.206): 29 Time(s)
       root (122.224.240.99): 29 Time(s)
       root (157.230.105.246): 29 Time(s)
       root (186.10.245.152): 29 Time(s)
       root (120.92.33.108): 28 Time(s)
       root (37.252.190.224): 28 Time(s)
       root (140.83.62.163): 27 Time(s)
       root (185.201.89.122): 27 Time(s)
       root (89.249.55.95): 27 Time(s)
       root (113.31.117.79): 26 Time(s)
       root (134.122.69.50): 26 Time(s)
       root (156.241.132.97): 26 Time(s)
       root (165.22.224.150): 26 Time(s)
       root (167.172.52.210): 26 Time(s)
       root (167.99.153.214): 26 Time(s)
       root (45.62.112.135.16clouds.com): 26 Time(s)
       root (81.68.92.105): 26 Time(s)
       root (mail.wooree42.com): 26 Time(s)
       root (122.51.229.206): 25 Time(s)
       root (129.211.81.193): 25 Time(s)
       root (49.234.219.31): 25 Time(s)
       root (115.246.15.18): 24 Time(s)
       root (118.25.187.178): 24 Time(s)
       root (139.214.222.227): 24 Time(s)
       root (139.59.35.178): 24 Time(s)
       root (159.89.200.236): 24 Time(s)
       root (162.243.169.210): 24 Time(s)
       root (175.24.66.114): 24 Time(s)
       root (43.128.35.99): 24 Time(s)
       root (49.233.196.120): 24 Time(s)
       root (69.55.54.65): 24 Time(s)
       root (81.70.20.177): 24 Time(s)
       root (113.31.114.182): 23 Time(s)
       root (139.59.47.208): 23 Time(s)
       root (153.148.232.35.bc.googleusercontent.com): 23 Time(s)
       root (20.77.9.146): 23 Time(s)
       root (104.239.136.67): 22 Time(s)
       root (42-119-111-155.higio.net): 22 Time(s)
       root (1.179.186.174): 21 Time(s)
       root (111.229.231.238): 21 Time(s)
       root (120.88.186.22): 21 Time(s)
       root (167.99.68.65): 21 Time(s)
       root (188.166.226.209): 21 Time(s)
       root (39.155.222.61): 21 Time(s)
       root (43.154.102.138): 21 Time(s)
       root (122.166.65.49): 20 Time(s)
       root (softbank126113024098.biz.bbtec.net): 20 Time(s)
       root (138.68.82.194): 19 Time(s)
       root (167.71.239.134): 19 Time(s)
       root (183.111.96.15): 19 Time(s)
       root (202.232.108.93.rev.vodafone.pt): 19 Time(s)
       root (89-97-218-142.ip19.fastwebnet.it): 19 Time(s)
       root (103.214.233.21): 18 Time(s)
       root (111.229.48.141): 18 Time(s)
       root (112.64.45.29): 18 Time(s)
       root (121.227.31.13): 18 Time(s)
       root (13.71.46.226): 18 Time(s)
       root (134.175.154.92): 18 Time(s)
       root (134.209.252.189): 18 Time(s)
       root (142.246.238.35.bc.googleusercontent.com): 18 Time(s)
       root (143.198.155.147): 18 Time(s)
       root (165.227.84.172): 18 Time(s)
       root (45.64.213.154): 18 Time(s)
       root (46.101.150.110): 18 Time(s)
       root (64.ip-158-69-48.net): 18 Time(s)
       root (86.126.134.147): 18 Time(s)
       root (dedicated-aig195.rev.nazwa.pl): 18 Time(s)
       root (h-213-164-205-171.na.cust.bahnhof.se): 18 Time(s)
       root (143.198.160.124): 17 Time(s)
       root (mail.mc-miller.net): 15 Time(s)
       root (121.5.23.65): 13 Time(s)
       root (125.212.203.113): 13 Time(s)
       root (165.22.49.42): 12 Time(s)
       root (213.141.131.22): 12 Time(s)
       root (43.156.48.199): 12 Time(s)
       root (119.82.68.253): 6 Time(s)
       root (159.203.7.62): 6 Time(s)
       root (159.65.64.70): 6 Time(s)
       root (61.147.209.2): 6 Time(s)
       root (68.183.188.14): 6 Time(s)
       unknown (165.22.49.42): 6 Time(s)
       unknown (ec2-13-232-216-148.ap-south-1.compute.amazonaws.com): 6 Time(s)
       root (175.138.108.78): 5 Time(s)
       root (191.191.12.169): 5 Time(s)
       root (106.12.158.42): 4 Time(s)
       root (fa178.46.fix-addr.vsi.ru): 4 Time(s)
       unknown (1.117.79.143): 4 Time(s)
       unknown (106.12.144.225): 4 Time(s)
       root (106.53.2.93): 3 Time(s)
       root (ec2-3-143-184-59.us-east-2.compute.amazonaws.com): 3 Time(s)
       unknown (014136104038.ctinets.com): 3 Time(s)
       unknown (1.116.229.124): 3 Time(s)
       unknown (101.34.45.249): 3 Time(s)
       unknown (103.122.246.25): 3 Time(s)
       unknown (103.123.25.80): 3 Time(s)
       unknown (107.175.33.240): 3 Time(s)
       unknown (109.227.63.3): 3 Time(s)
       unknown (122.114.161.193): 3 Time(s)
       unknown (123.114.208.30): 3 Time(s)
       unknown (125.143.2.73): 3 Time(s)
       unknown (128.199.99.204): 3 Time(s)
       unknown (138.68.8.198): 3 Time(s)
       unknown (139.215.217.180): 3 Time(s)
       unknown (142.93.42.206): 3 Time(s)
       unknown (183.250.161.254): 3 Time(s)
       unknown (198.211.113.126): 3 Time(s)
       unknown (206.189.138.174): 3 Time(s)
       unknown (209.141.42.128): 3 Time(s)
       unknown (222.190.125.133): 3 Time(s)
       unknown (36.133.35.228): 3 Time(s)
       unknown (38.72.132.227): 3 Time(s)
       unknown (42.192.82.13): 3 Time(s)
       unknown (43.154.101.144): 3 Time(s)
       unknown (43.155.75.135): 3 Time(s)
       unknown (52.170.31.174): 3 Time(s)
       unknown (77.52.12.151): 3 Time(s)
       unknown (adsl-130-87-192-81.adsl2.iam.net.ma): 3 Time(s)
       unknown (conm200-116-110-25.epm.net.co): 3 Time(s)
       unknown (ip-72-167-226-188.ip.secureserver.net): 3 Time(s)
       unknown (net-2-42-138-122.cust.vodafonedsl.it): 3 Time(s)
       unknown (vmi687819.contaboserver.net): 3 Time(s)
       root (203.95.212.41): 2 Time(s)
       root (209.141.42.128): 2 Time(s)
       unknown (143.176.228.86): 2 Time(s)
       unknown (host-79-49-100-48.retail.telecomitalia.it): 2 Time(s)
       backup (conm200-116-110-25.epm.net.co): 1 Time(s)
       mysql (103.122.246.25): 1 Time(s)
       mysql (117.102.82.42): 1 Time(s)
       postgres (206.189.138.174): 1 Time(s)
       root (1.117.168.186): 1 Time(s)
       root (103.25.36.194): 1 Time(s)
       root (121.242.232.157): 1 Time(s)
       root (180.250.248.169): 1 Time(s)
       root (188.128.39.127): 1 Time(s)
       root (191.251.93.204): 1 Time(s)
       root (201.119.42.20): 1 Time(s)
       root (84.54.21.161): 1 Time(s)
       root (89.146.238.45): 1 Time(s)
       root (dsl-emcali-190.1.203.180.emcali.net.co): 1 Time(s)
       root (dsl-emcali-200.29.120.94.emcali.net.co): 1 Time(s)
       root (rede44-10.total.psi.br): 1 Time(s)
       temp (43.155.75.135): 1 Time(s)
       unknown (103.235.170.195): 1 Time(s)
       unknown (117.102.82.42): 1 Time(s)
       unknown (143.198.160.124): 1 Time(s)
       unknown (163.53.247.122): 1 Time(s)
       unknown (180.76.112.15): 1 Time(s)
       unknown (181.23.75.28): 1 Time(s)
       unknown (185.201.89.122): 1 Time(s)
       unknown (185.217.1.246): 1 Time(s)
       unknown (185.220.102.241): 1 Time(s)
       unknown (189.254.255.3): 1 Time(s)
       unknown (196.41.243.3): 1 Time(s)
       unknown (60.172.23.155): 1 Time(s)
       unknown (61.155.2.142): 1 Time(s)
       unknown (fa178.46.fix-addr.vsi.ru): 1 Time(s)
       unknown (mx1.ics.sn): 1 Time(s)
    Invalid Users:
       Unknown Account: 132 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

      125   Miscellaneous warnings  
 
   22.194K  Bytes accepted                              22,727
   22.194K  Bytes sent via SMTP                         22,727
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        6   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        6   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      211   Connections             
       28   Connections lost (inbound) 
      211   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        2   SMTP dialog errors      
        1   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.15.98.138: 35 times
    1.117.168.186: 1 time
    1.179.186.174: 21 times
    3.143.184.59 (ec2-3-143-184-59.us-east-2.compute.amazonaws.com): 3 times
    13.71.46.226: 18 times
    20.77.9.146: 23 times
    35.232.148.153 (153.148.232.35.bc.googleusercontent.com): 23 times
    35.238.246.142 (142.246.238.35.bc.googleusercontent.com): 18 times
    37.252.190.224: 28 times
    39.155.222.61: 21 times
    41.182.130.37: 43 times
    42.119.111.155 (42-119-111-155.higio.net): 22 times
    43.128.35.99: 24 times
    43.154.102.138: 21 times
    43.155.75.135: 1 time
    43.156.48.199: 12 times
    45.62.112.135 (45.62.112.135.16clouds.com): 26 times
    45.64.213.154 (45.64.213.154.static.charotarbroadband.in): 18 times
    45.86.74.14: 30 times
    46.101.150.110: 18 times
    49.233.196.120: 24 times
    49.234.219.31: 25 times
    50.73.185.125 (mail.mc-miller.net): 15 times
    58.87.73.46: 30 times
    61.147.209.2: 6 times
    68.183.188.14: 6 times
    69.55.54.65: 24 times
    77.52.12.151 (77-52-12-151.staticip.vf-ua.net): 35 times
    77.55.214.195 (dedicated-aig195.rev.nazwa.pl): 18 times
    80.82.46.178 (fa178.46.fix-addr.vsi.ru): 4 times
    81.68.92.105: 26 times
    81.70.20.177: 24 times
    84.54.21.161 (oconnell.praiseblin.com): 1 time
    86.126.134.147 (147-134-126-86.static.rdsnet.ro): 18 times
    89.97.218.142 (89-97-218-142.ip19.fastwebnet.it): 19 times
    89.146.238.45 (no.ptr.set.yet): 1 time
    89.249.55.95: 27 times
    93.108.232.202 (202.232.108.93.rev.vodafone.pt): 19 times
    103.25.36.194: 1 time
    103.81.195.66: 35 times
    103.122.246.25: 1 time
    103.214.233.21: 18 times
    104.239.136.67: 22 times
    106.12.158.42: 4 times
    106.53.2.93: 3 times
    111.229.48.141: 18 times
    111.229.231.238: 21 times
    112.64.45.29: 18 times
    113.31.114.182: 23 times
    113.31.117.79: 26 times
    115.246.15.18 (115.246.15.18.static.jio.com): 24 times
    117.102.82.42: 1 time
    117.144.178.162 (.): 33 times
    118.25.187.178: 24 times
    118.195.132.206: 29 times
    119.82.68.253 (119.82.68.253.reverse.spectranet.in): 6 times
    120.88.186.22: 21 times
    120.92.33.108: 28 times
    121.5.23.65: 13 times
    121.227.31.13: 18 times
    121.242.232.157 (121.242.232.157.static-chennai.vsnl.net.in): 1 time
    122.51.179.104: 30 times
    122.51.229.206: 25 times
    122.166.65.49 (abts-kk-static-049.65.166.122.airtelbroadband.in): 20 times
    122.224.240.99: 29 times
    123.31.29.192 (static.vnpt.vn): 30 times
    125.209.84.51 (125-209-84-51.multi.net.pk): 30 times
    125.212.203.113: 14 times
    126.113.24.98 (softbank126113024098.biz.bbtec.net): 20 times
    129.211.81.193: 25 times
    134.122.69.50: 26 times
    134.175.55.42: 30 times
    134.175.154.92: 18 times
    134.209.252.189: 18 times
    137.184.201.230: 36 times
    138.68.82.194 (s1.nassidj.com): 19 times
    139.59.35.178: 24 times
    139.59.47.208: 23 times
    139.214.222.227 (227.222.214.139.adsl-pool.jlccptt.net.cn): 24 times
    140.83.62.163: 27 times
    143.198.118.99: 30 times
    143.198.155.147: 18 times
    143.198.160.124: 17 times
    156.241.132.97: 26 times
    157.230.105.246: 29 times
    158.69.48.64 (64.ip-158-69-48.net): 18 times
    159.65.64.70: 6 times
    159.75.38.169: 36 times
    159.89.200.236: 24 times
    159.203.7.62: 6 times
    162.243.169.210: 24 times
    165.22.49.42: 12 times
    165.22.224.150: 26 times
    165.227.84.172: 18 times
    167.71.239.134: 19 times
    167.99.12.43: 30 times
    167.99.68.65: 21 times
    167.99.153.214: 26 times
    167.172.52.210: 26 times
    175.24.66.114: 24 times
    175.138.108.78: 5 times
    180.250.248.169: 1 time
    183.111.96.15: 19 times
    185.201.89.122 (185-201-89-122.perm.1enter.net): 27 times
    186.10.245.152 (z350.entelchile.net): 29 times
    188.128.39.127: 1 time
    188.166.187.117: 30 times
    188.166.226.209: 21 times
    189.50.44.10 (rede44-10.total.psi.br): 1 time
    190.1.203.180 (dsl-emcali-190.1.203.180.emcali.net.co): 1 time
    191.191.12.169 (bfbf0ca9.virtua.com.br): 5 times
    191.251.93.204 (191.251.93.204.dynamic.adsl.gvt.net.br): 1 time
    200.29.120.94 (dsl-emcali-200.29.120.94.emcali.net.co): 1 time
    200.116.110.25 (conm200-116-110-25.epm.net.co): 1 time
    200.142.113.150 (mvx-200-142-113-150.mundivox.com): 70 times
    201.119.42.20: 1 time
    202.112.61.110: 30 times
    203.95.212.41: 2 times
    203.176.78.120: 30 times
    203.190.55.213 (cloud.powertel.co.id): 30 times
    206.189.138.174: 1 time
    209.141.42.128 (gondor.daemondot.net): 2 times
    211.238.111.61 (mail.wooree42.com): 26 times
    213.141.131.22 (pri.msk.ru): 12 times
    213.164.205.171 (h-213-164-205-171.NA.cust.bahnhof.se): 18 times
    223.112.5.112: 30 times
 
 Illegal users from:
    2001:470:1:332::6: 1 time
    undef: 109 times
    1.116.229.124: 3 times
    1.117.79.143: 4 times
    2.42.138.122 (net-2-42-138-122.cust.vodafonedsl.it): 3 times
    13.232.216.148 (ec2-13-232-216-148.ap-south-1.compute.amazonaws.com): 6 times
    14.136.104.38 (014136104038.ctinets.com): 3 times
    36.133.35.228: 3 times
    38.72.132.227: 3 times
    42.192.82.13: 3 times
    43.154.101.144: 3 times
    43.155.75.135: 3 times
    45.9.20.25: 3 times
    52.170.31.174: 3 times
    60.172.23.155: 1 time
    61.155.2.142: 1 time
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    72.167.226.188 (ip-72-167-226-188.ip.secureserver.net): 3 times
    77.52.12.151 (77-52-12-151.staticip.vf-ua.net): 3 times
    79.49.100.48 (host-79-49-100-48.retail.telecomitalia.it): 2 times
    80.82.46.178 (fa178.46.fix-addr.vsi.ru): 1 time
    81.192.87.130 (adsl-130-87-192-81.adsl2.iam.net.ma): 3 times
    95.111.229.106 (vmi687819.contaboserver.net): 3 times
    101.34.45.249: 3 times
    103.122.246.25: 3 times
    103.123.25.80 (host-103-123-25-80.pky.kalteng.go.id): 3 times
    103.235.170.195: 1 time
    106.12.144.225: 4 times
    107.175.33.240 (107-175-33-240-host.colocrossing.com): 3 times
    109.227.63.3 (srv-109-227-63-3.static.a1.hr): 3 times
    117.102.82.42: 1 time
    122.114.161.193: 3 times
    123.114.208.30: 3 times
    125.143.2.73 (carnavi.com): 3 times
    128.199.99.204 (ekualsys.com): 3 times
    138.68.8.198: 3 times
    139.215.217.180 (180.217.215.139.adsl-pool.jlccptt.net.cn): 3 times
    142.93.42.206: 3 times
    143.176.228.86: 2 times
    143.198.160.124: 1 time
    163.53.247.122: 1 time
    165.22.49.42: 6 times
    180.76.112.15: 1 time
    181.23.75.28 (181-23-75-28.speedy.com.ar): 1 time
    183.250.161.254: 3 times
    185.201.89.122 (185-201-89-122.perm.1enter.net): 1 time
    185.217.1.246: 1 time
    185.220.102.241 (185-220-102-241.torservers.net): 1 time
    189.254.255.3 (customer-189-254-255-3-sta.uninet-ide.com.mx): 1 time
    196.41.243.3: 1 time
    198.211.113.126: 3 times
    200.116.110.25 (conm200-116-110-25.epm.net.co): 3 times
    206.189.138.174: 3 times
    209.141.42.128 (gondor.daemondot.net): 3 times
    213.154.70.102 (mx1.ics.sn): 1 time
    222.190.125.133: 3 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)