[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Montag, 22 Februar 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Mon Feb 22 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Feb-21 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [158:161]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 6 sites probed the server 
    161.35.236.158
    172.104.242.173
    185.220.101.9
    40.76.20.119
    52.89.92.80
    64.227.97.195
 
 Requests with error response codes
    400 Bad Request
       mstshash=hello: 7 Time(s)
       null: 6 Time(s)
       /: 5 Time(s)
       /config/getuser?index=0: 2 Time(s)
       mstshash=Administr: 2 Time(s)
       /bag2: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       X\xD4>\x12\x98\xC4<\xE0\x13\xCF\x00\xAC\xA ... 5Cs\x9C\xBD\xCB: 1 Time(s)
       \xFCU]3^\xFAI\xF44\xA2\x7F\xD8e\x8B\x04\xE ... x09\xC0\x14\xC0: 1 Time(s)
    403 Forbidden
       /.git/HEAD: 1 Time(s)
    404 Not Found
       /robots.txt: 42 Time(s)
       /wp-login.php: 3 Time(s)
       /.env: 2 Time(s)
       /.git/HEAD: 2 Time(s)
       /protokolle/Protokoll_MV_2019_01_11_Freiburg.pdf: 2 Time(s)
       /ads.txt: 1 Time(s)
       /backup.sql: 1 Time(s)
       /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 1 Time(s)
       /berlin/apple-touch-icon.png: 1 Time(s)
       /berlin/orientierung/apple-touch-icon.png: 1 Time(s)
       /dump.sql: 1 Time(s)
       /protokolle/Protokoll_MV_2020_11_12_Muenchen.pdf: 1 Time(s)
       /reader/1989-wi-berlin.pdf: 1 Time(s)
       /reader/1993-so-reader_do93.pdf: 1 Time(s)
       /reader/1993-wi-reader_st93.pdf: 1 Time(s)
       /reader/1994-wi-reader_hb94.pdf: 1 Time(s)
       /reader/1995-so-reader_ha95.pdf: 1 Time(s)
       /reader/1995-wi-reader_bn95.pdf: 1 Time(s)
       /reader/1998-so-reader_ro98.pdf: 1 Time(s)
       /sites/all/libraries/elfinder/connectors/php/connector.php: 1 Time(s)
       /sites/all/libraries/elfinder/elfinder.html: 1 Time(s)
       /sites/all/libraries/elfinder/src/connecto ... p/connector.php: 1 Time(s)
       /sites/all/libraries/plupload/examples/upload.php: 1 Time(s)
       /sites/default/files/2006_SoSe_Dresden.pdf: 1 Time(s)
    499 (undefined)
       /build/af7ae505a9eed503f8b8e6982036873e.woff2: 1 Time(s)
       /fonts/SourceSansPro-Semibold.woff: 1 Time(s)
    500 Internal Server Error
       /: 37 Time(s)
       /robots.txt: 8 Time(s)
       /sitemap.xml: 6 Time(s)
       /sitemap.xml.gz: 6 Time(s)
       /sitemap_index.xml: 6 Time(s)
       /atom.xml: 5 Time(s)
       /sitemap.txt: 5 Time(s)
       /sitemaps.xml: 5 Time(s)
       /.env: 3 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /admin//config.php: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /console/: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /nette.micro?callback=shell_exec&cmd=cd%20 ... rm%20-rf%20b%2A: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (vmi501273.contaboserver.net): 231 Time(s)
       root (196.37.111.217): 81 Time(s)
       root (62.234.113.86): 70 Time(s)
       root (49.234.201.237): 67 Time(s)
       root (157.230.12.188): 65 Time(s)
       root (46.101.116.212): 65 Time(s)
       root (104.236.125.73): 64 Time(s)
       root (104.248.205.24): 64 Time(s)
       root (111.67.192.149): 63 Time(s)
       root (128.199.150.71): 63 Time(s)
       root (vps-dfbeacd0.vps.ovh.net): 63 Time(s)
       root (113.105.247.21): 62 Time(s)
       root (120.132.12.162): 62 Time(s)
       root (170.106.5.200): 62 Time(s)
       root (154.92.18.5): 61 Time(s)
       root (184.70.244.67): 61 Time(s)
       root (149.202.175.11): 60 Time(s)
       root (152.67.227.26): 60 Time(s)
       root (60.177.122.204): 60 Time(s)
       root (114.67.181.192): 58 Time(s)
       root (140.82.40.232): 58 Time(s)
       root (170.210.214.50): 58 Time(s)
       root (static-47-180-96-157.lsan.ca.frontiernet.net): 58 Time(s)
       root (vps-ebd1ba02.vps.ovh.net): 58 Time(s)
       root (106.12.221.83): 57 Time(s)
       root (128.199.144.54): 56 Time(s)
       root (159.65.5.164): 56 Time(s)
       root (222.240.223.85): 56 Time(s)
       root (200.44.92.34.bc.googleusercontent.com): 55 Time(s)
       root (128.199.213.194): 54 Time(s)
       root (139.186.77.46): 54 Time(s)
       root (201.144.122.243): 54 Time(s)
       root (190.202.147.253): 52 Time(s)
       root (vps-03cdee8b.vps.ovh.net): 52 Time(s)
       root (104.248.172.241): 51 Time(s)
       root (157.230.245.91): 51 Time(s)
       root (179.131.10.103): 50 Time(s)
       root (103.130.214.77): 49 Time(s)
       root (117.158.151.7): 49 Time(s)
       root (81.70.105.82): 49 Time(s)
       root (125.88.169.233): 48 Time(s)
       root (146.185.159.124): 47 Time(s)
       root (74.120.174.17.16clouds.com): 47 Time(s)
       root (111.231.223.88): 46 Time(s)
       root (134.209.106.118): 46 Time(s)
       root (142.93.3.47): 46 Time(s)
       root (111.231.59.18): 45 Time(s)
       root (121.4.133.10): 45 Time(s)
       root (211.169.228.35.bc.googleusercontent.com): 44 Time(s)
       root (64.213.148.44): 43 Time(s)
       root (203.125.29.136): 42 Time(s)
       root (81.68.123.185): 42 Time(s)
       root (139.199.126.221): 41 Time(s)
       root (139.59.112.146): 41 Time(s)
       root (180.76.111.55): 41 Time(s)
       root (4.17.231.194): 41 Time(s)
       root (116.112.92.5): 40 Time(s)
       root (130.61.255.187): 40 Time(s)
       root (142.93.63.163): 40 Time(s)
       root (222.168.18.227): 39 Time(s)
       root (111.230.234.180): 38 Time(s)
       root (118.97.119.130): 38 Time(s)
       root (198.154.99.221): 38 Time(s)
       root (82.140.113.229): 38 Time(s)
       root (138-219-100-78.meganetscm.net.br): 37 Time(s)
       root (139.199.74.92): 37 Time(s)
       root (106.52.129.28): 36 Time(s)
       root (82.156.111.238): 36 Time(s)
       root (srv09.siprosa.gob.ar): 34 Time(s)
       root (81.70.208.33): 33 Time(s)
       root (159.65.228.149): 32 Time(s)
       root (144.34.226.207.16clouds.com): 31 Time(s)
       root (v150-95-36-199.a005.g.jpt1.static.cnode.io): 31 Time(s)
       root (159.203.188.141): 30 Time(s)
       root (209.97.130.60): 30 Time(s)
       root (49.234.219.217): 29 Time(s)
       root (122.51.199.197): 27 Time(s)
       root (139.59.27.92): 27 Time(s)
       root (48-233-24-185.static.servebyte.com): 26 Time(s)
       root (150.136.196.4): 25 Time(s)
       root (167.71.228.224): 25 Time(s)
       root (206.189.160.233): 25 Time(s)
       root (host81-156-142-165.range81-156.btcentralplus.com): 25 Time(s)
       root (121.32.150.82): 24 Time(s)
       root (59.56.99.130): 23 Time(s)
       root (81.71.138.119): 23 Time(s)
       root (81.70.224.17): 21 Time(s)
       root (106.12.186.56): 20 Time(s)
       root (106.52.249.134): 20 Time(s)
       root (182.208.98.210): 19 Time(s)
       root (121.122.40.109): 18 Time(s)
       root (221.181.185.143): 18 Time(s)
       root (132.232.77.33): 17 Time(s)
       root (106.13.72.139): 16 Time(s)
       root (170.106.82.81): 16 Time(s)
       root (42.194.146.74): 16 Time(s)
       root (138.121.170.194.dnsgigas.es): 15 Time(s)
       root (61.247.224.4): 15 Time(s)
       root (121.4.49.180): 13 Time(s)
       root (157.245.101.31): 12 Time(s)
       root (161.35.112.95): 12 Time(s)
       root (222.187.238.87): 12 Time(s)
       root (222.187.239.31): 12 Time(s)
       unknown (196.200.43.186): 12 Time(s)
       root (49.235.179.234): 11 Time(s)
       mysql (vmi501273.contaboserver.net): 9 Time(s)
       unknown (45.146.164.79): 8 Time(s)
       root (1.234.58.194): 7 Time(s)
       root (221.181.185.140): 6 Time(s)
       root (45.146.164.79): 6 Time(s)
       unknown (206.189.2.121): 5 Time(s)
       root (106.12.218.202): 3 Time(s)
       root (196.61.32.34): 3 Time(s)
       unknown (116.110.108.227): 3 Time(s)
       unknown (171.235.87.181): 3 Time(s)
       unknown (59.56.99.130): 3 Time(s)
       unknown (v118-27-4-225.o4kn.static.cnode.io): 3 Time(s)
       root (103.242.56.122): 2 Time(s)
       root (45.93.201.193): 2 Time(s)
       unknown (59.2.207.18): 2 Time(s)
       unknown (77.39.8.64): 2 Time(s)
       unknown (91-160-19-34.subs.proxad.net): 2 Time(s)
       unknown (c-68-55-218-198.hsd1.mi.comcast.net): 2 Time(s)
       mysql (45.146.164.79): 1 Time(s)
       root (06.systemx1.work): 1 Time(s)
       root (1.180.211.138): 1 Time(s)
       root (101.32.30.196): 1 Time(s)
       root (104.131.13.185): 1 Time(s)
       root (104.236.23.159): 1 Time(s)
       root (106.12.158.133): 1 Time(s)
       root (106.55.4.71): 1 Time(s)
       root (106.75.45.180): 1 Time(s)
       root (111.ip-51-75-71.eu): 1 Time(s)
       root (114.247.84.102): 1 Time(s)
       root (120.53.124.220): 1 Time(s)
       root (120.71.147.93): 1 Time(s)
       root (129.211.205.136): 1 Time(s)
       root (129.211.50.239): 1 Time(s)
       root (152.136.122.172): 1 Time(s)
       root (157.245.118.3): 1 Time(s)
       root (171.235.87.181): 1 Time(s)
       root (190.128.169.222): 1 Time(s)
       root (196.200.43.186): 1 Time(s)
       root (210.74.11.97): 1 Time(s)
       root (212.33.250.241): 1 Time(s)
       root (219.153.33.234): 1 Time(s)
       root (222.128.14.106): 1 Time(s)
       root (23-115-127-149.lightspeed.irvnca.sbcglobal.net): 1 Time(s)
       root (27.128.161.18): 1 Time(s)
       root (36.110.202.226): 1 Time(s)
       root (36.189.253.226): 1 Time(s)
       root (36.ip-51-77-201.eu): 1 Time(s)
       root (37.139.1.197): 1 Time(s)
       root (41.79.224.178): 1 Time(s)
       root (42.193.101.204): 1 Time(s)
       root (49.236.195.39): 1 Time(s)
       root (62.234.20.26): 1 Time(s)
       root (74.120.170.183.16clouds.com): 1 Time(s)
       root (81.161.63.253): 1 Time(s)
       root (81.29.211.35): 1 Time(s)
       root (81.71.32.248): 1 Time(s)
       root (92.80.217.82): 1 Time(s)
       root (ns319899.ip-91-121-86.eu): 1 Time(s)
       root (portal.ruckus.net.nz): 1 Time(s)
       root (v118-27-4-225.o4kn.static.cnode.io): 1 Time(s)
       root (vps-05548e5a.vps.ovh.net): 1 Time(s)
       root (vps-78815a29.vps.ovh.net): 1 Time(s)
       root (xtypos.static.otenet.gr): 1 Time(s)
       sshd (45.146.164.79): 1 Time(s)
       unknown (114.134.187.162): 1 Time(s)
       unknown (45.93.201.193): 1 Time(s)
       unknown (62-210-105-116.rev.poneytelecom.eu): 1 Time(s)
       unknown (88.151.254.76): 1 Time(s)
    Invalid Users:
       Unknown Account: 280 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       27   Miscellaneous warnings  
 
   21.268K  Bytes accepted                              21,778
   21.268K  Bytes sent via SMTP                         21,778
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
       86   Connections             
       26   Connections lost (inbound) 
       86   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        3   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.180.211.138: 1 time
    1.234.58.194: 7 times
    4.17.231.194: 41 times
    23.115.127.149 (23-115-127-149.lightspeed.irvnca.sbcglobal.net): 1 time
    27.128.161.18: 1 time
    34.92.44.200 (200.44.92.34.bc.googleusercontent.com): 55 times
    35.228.169.211 (211.169.228.35.bc.googleusercontent.com): 44 times
    36.110.202.226: 1 time
    36.189.253.226: 1 time
    37.139.1.197: 1 time
    41.79.224.178: 1 time
    42.193.101.204: 1 time
    42.194.146.74: 16 times
    45.93.201.193: 2 times
    45.146.164.79: 8 times
    46.101.116.212: 65 times
    47.180.96.157 (static-47-180-96-157.lsan.ca.frontiernet.net): 58 times
    49.234.201.237: 67 times
    49.234.219.217: 29 times
    49.235.179.234: 11 times
    49.236.195.39: 1 time
    51.75.71.111 (111.ip-51-75-71.eu): 1 time
    51.77.201.36 (36.ip-51-77-201.eu): 1 time
    51.83.131.123 (vps-03cdee8b.vps.ovh.net): 52 times
    51.178.46.207 (vps-ebd1ba02.vps.ovh.net): 58 times
    51.195.116.201 (vps-05548e5a.vps.ovh.net): 1 time
    51.210.183.93 (vps-78815a29.vps.ovh.net): 1 time
    59.56.99.130: 23 times
    60.177.122.204 (204.122.177.60.broad.hz.zj.dynamic.163data.com.cn): 60 times
    61.247.224.4 (abts-north-static-004.224.247.61.airtelbroadband.in): 15 times
    62.234.20.26: 1 time
    62.234.113.86: 70 times
    64.213.148.44: 43 times
    74.120.170.183 (74.120.170.183.16clouds.com): 1 time
    74.120.174.17 (74.120.174.17.16clouds.com): 47 times
    79.129.29.237 (xtypos.static.otenet.gr): 1 time
    81.29.211.35: 1 time
    81.68.123.185: 42 times
    81.70.105.82: 49 times
    81.70.208.33: 33 times
    81.70.224.17: 21 times
    81.71.32.248: 1 time
    81.71.138.119: 23 times
    81.156.142.165 (host81-156-142-165.range81-156.btcentralplus.com): 25 times
    81.161.63.253: 1 time
    82.140.113.229: 38 times
    82.156.111.238: 36 times
    91.121.86.22 (ns319899.ip-91-121-86.eu): 1 time
    92.80.217.82: 1 time
    101.32.30.196: 1 time
    103.130.214.77: 49 times
    103.242.56.122: 2 times
    104.131.13.185: 1 time
    104.223.143.101 (06.systemx1.work): 1 time
    104.236.23.159: 1 time
    104.236.125.73: 64 times
    104.248.172.241: 51 times
    104.248.205.24: 64 times
    106.12.158.133: 1 time
    106.12.186.56: 20 times
    106.12.218.202: 3 times
    106.12.221.83: 57 times
    106.13.72.139: 16 times
    106.52.129.28: 36 times
    106.52.249.134: 20 times
    106.55.4.71: 1 time
    106.75.45.180: 1 time
    111.67.192.149: 63 times
    111.230.234.180: 38 times
    111.231.59.18: 45 times
    111.231.223.88: 46 times
    113.105.247.21: 62 times
    114.67.181.192: 58 times
    114.247.84.102: 1 time
    116.112.92.5: 40 times
    117.158.151.7: 49 times
    118.27.4.225 (v118-27-4-225.o4kn.static.cnode.io): 1 time
    118.97.119.130 (130.subnet118-97-119.static.astinet.telkom.net.id): 38 times
    120.53.124.220: 1 time
    120.71.147.93: 1 time
    120.132.12.162: 62 times
    121.4.49.180: 13 times
    121.4.133.10: 45 times
    121.32.150.82: 24 times
    121.122.40.109: 18 times
    122.51.199.197: 27 times
    123.255.46.174 (portal.ruckus.net.nz): 1 time
    125.88.169.233: 48 times
    128.199.144.54: 56 times
    128.199.150.71: 63 times
    128.199.213.194: 54 times
    129.211.50.239: 1 time
    129.211.205.136: 1 time
    130.61.255.187: 40 times
    132.232.77.33: 17 times
    134.209.106.118: 46 times
    138.121.170.194 (138.121.170.194.dnsgigas.es): 15 times
    138.219.100.78 (138-219-100-78.meganetscm.net.br): 37 times
    139.59.27.92: 27 times
    139.59.112.146: 41 times
    139.186.77.46: 54 times
    139.199.74.92: 37 times
    139.199.126.221: 41 times
    140.82.40.232 (140.82.40.232.vultr.com): 58 times
    142.93.3.47: 46 times
    142.93.63.163: 40 times
    144.34.226.207 (144.34.226.207.16clouds.com): 31 times
    144.91.84.171 (vmi501273.contaboserver.net): 9 times
    146.185.159.124: 47 times
    149.202.175.11: 60 times
    150.95.36.199 (v150-95-36-199.a005.g.jpt1.static.cnode.io): 31 times
    150.136.196.4: 25 times
    152.67.227.26: 60 times
    152.136.122.172: 1 time
    154.92.18.5: 61 times
    157.230.12.188: 65 times
    157.230.245.91: 51 times
    157.245.101.31: 12 times
    157.245.118.3: 1 time
    159.65.5.164: 56 times
    159.65.228.149: 32 times
    159.203.188.141: 30 times
    161.35.112.95: 12 times
    167.71.228.224: 25 times
    170.106.5.200: 62 times
    170.106.82.81: 16 times
    170.210.214.50: 58 times
    171.235.87.181 (dynamic-adsl.viettel.vn): 1 time
    179.131.10.103: 50 times
    180.76.111.55: 41 times
    181.13.142.141 (srv09.siprosa.gob.ar): 34 times
    182.208.98.210: 19 times
    184.70.244.67: 61 times
    185.24.233.48 (48-233-24-185.static.servebyte.com): 26 times
    190.128.169.222 (static-222-169-128-190.telecel.com.py): 1 time
    190.202.147.253 (mail.securebyte.com.ve): 52 times
    196.37.111.217: 81 times
    196.61.32.34: 3 times
    196.200.43.186 (196.200.43.186.wananchi.com): 1 time
    198.154.99.221 (infarista.net): 38 times
    201.144.122.243 (static.customer-201-144-122-243.uninet-ide.com.mx): 54 times
    203.125.29.136: 42 times
    206.189.160.233: 25 times
    209.97.130.60: 30 times
    210.74.11.97: 1 time
    212.33.250.241 (212x33x250x241.static-business.perm.ertelecom.ru): 1 time
    217.182.205.27 (vps-dfbeacd0.vps.ovh.net): 63 times
    219.153.33.234: 1 time
    221.181.185.140: 6 times
    221.181.185.143: 18 times
    222.128.14.106: 1 time
    222.168.18.227: 39 times
    222.187.238.87: 12 times
    222.187.239.31: 12 times
    222.240.223.85: 56 times
 
 Illegal users from:
    undef: 123 times
    45.93.201.193: 1 time
    45.146.164.79: 8 times
    59.2.207.18: 2 times
    59.56.99.130: 3 times
    62.210.105.116 (62-210-105-116.rev.poneytelecom.eu): 1 time
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    68.55.218.198 (c-68-55-218-198.hsd1.mi.comcast.net): 2 times
    77.39.8.64 (host-77-39-8-64.stavropol.ru): 2 times
    88.151.254.76 (subscriber.ipls.ru): 1 time
    91.160.19.34 (91-160-19-34.subs.proxad.net): 2 times
    103.253.41.98: 1 time
    114.134.187.162: 1 time
    116.110.108.227: 3 times
    118.27.4.225 (v118-27-4-225.o4kn.static.cnode.io): 3 times
    144.91.84.171 (vmi501273.contaboserver.net): 231 times
    171.235.87.181 (dynamic-adsl.viettel.vn): 3 times
    196.200.43.186 (196.200.43.186.wananchi.com): 15 times
    206.189.2.121: 5 times
 
 **Unmatched Entries**
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)