[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Samstag, 27 April 2024


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sat Apr 27 04:42:03 2024
        Date Range Processed: yesterday
                              ( 2024-Apr-26 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [207:206]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    152.42.176.18 -> zapf.wiki:443: 1 Time(s)
    87.121.69.52 -> google.com:443: 2 Time(s)
 
 A total of 4 sites probed the server 
    172.104.242.173
    174.138.61.44
    198.235.24.49
    78.153.140.179
 
 Requests with error response codes
    400 Bad Request
       null: 4 Time(s)
       /: 3 Time(s)
       google.com:443: 2 Time(s)
       *: 1 Time(s)
       7: 1 Time(s)
       T\x9BRJy\x85\x0Ey?\xA1\xE9L\xBD\x8D\xCEM-5 ... x00\x01\x02\x00: 1 Time(s)
       Z\xB3]\x1B\xEE4\x18O\xB7\x97\x0E\x83a\xAE^ ... x09\xC0\x13\xC0: 1 Time(s)
       \x97\xC0\xD2\xDE^q\x15\x01j+\xE2\x18C\xD5\ ... x09\xC0\x13\xC0: 1 Time(s)
       \xB9$\x84H\xD7\x14\x92!\xE7\xCDw\xF3\xE9{\ ... x09\xC0\x13\xC0: 1 Time(s)
       \xCDC\x9B-\x0E\x0C\x83\x1E=\xF9\x8C\xF6\xA ... x00\x01\x02\x00: 1 Time(s)
       \xFA\xB8G\xB8\x87\xCB_\xD7\xEFT\xCF\x87u\x ... x00\x01\x02\x00: 1 Time(s)
       hq\x98\x83\xDF\xCD\xBC\xE3\xA7`gM\x8F\xD7\ ... 4\x85u\x92\xEAy: 1 Time(s)
       zapf.wiki:443: 1 Time(s)
    499 (undefined)
       /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s)
    500 Internal Server Error
       /: 12 Time(s)
       /?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB: 1 Time(s)
       /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
    502 Bad Gateway
       /LHl0Tj9sTpmYwPo9u-KOnA/pdf: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (183.81.169.238): 54 Time(s)
       unknown (41.231.85.76): 36 Time(s)
       root (195.88.120.62): 24 Time(s)
       root (179.43.180.108): 13 Time(s)
       root (71.70.165.8): 13 Time(s)
       root (212.70.149.150): 11 Time(s)
       root (43.134.189.40): 10 Time(s)
       unknown (139.59.25.164): 10 Time(s)
       root (103.128.175.34.bc.googleusercontent.com): 9 Time(s)
       root (107.173.85.161): 9 Time(s)
       root (121.225.97.248): 9 Time(s)
       root (124.156.203.50): 9 Time(s)
       root (124.220.216.243): 9 Time(s)
       root (157.245.58.108): 9 Time(s)
       root (43.153.27.98): 9 Time(s)
       root (static-190-181-4-12.acelerate.net): 9 Time(s)
       unknown (124.156.213.251): 9 Time(s)
       unknown (65.181.73.155): 9 Time(s)
       root (186.122.177.140): 8 Time(s)
       root (190.210.182.179): 8 Time(s)
       root (43.130.3.230): 8 Time(s)
       root (43.156.109.253): 8 Time(s)
       root (43.163.217.205): 8 Time(s)
       root (50.173.49.234): 8 Time(s)
       root (64.227.122.198): 8 Time(s)
       unknown (210.187.80.132): 8 Time(s)
       unknown (212.70.149.150): 8 Time(s)
       unknown (43.128.72.250): 8 Time(s)
       unknown (43.134.175.155): 8 Time(s)
       root (103.234.151.55): 7 Time(s)
       root (120.48.163.216): 7 Time(s)
       root (14.63.62.165): 7 Time(s)
       root (185.118.175.34.bc.googleusercontent.com): 7 Time(s)
       root (198.199.125.69): 7 Time(s)
       root (43.134.51.181): 7 Time(s)
       root (43.156.49.75): 7 Time(s)
       root (62-210-122-52.rev.poneytelecom.eu): 7 Time(s)
       root (64.226.120.7): 7 Time(s)
       root (65.181.73.155): 7 Time(s)
       root (vps-5efa49b3.vps.ovh.net): 7 Time(s)
       unknown (101.33.79.22): 7 Time(s)
       unknown (101.33.80.181): 7 Time(s)
       unknown (103.171.162.91): 7 Time(s)
       unknown (103.83.5.39): 7 Time(s)
       unknown (129.226.145.176): 7 Time(s)
       unknown (129.226.88.173): 7 Time(s)
       unknown (156.236.74.13): 7 Time(s)
       unknown (159.223.207.229): 7 Time(s)
       unknown (181.90.218.235): 7 Time(s)
       unknown (186.13.25.168): 7 Time(s)
       unknown (210.149.90.125): 7 Time(s)
       unknown (43.128.89.189): 7 Time(s)
       unknown (43.134.105.17): 7 Time(s)
       unknown (49.51.194.240): 7 Time(s)
       unknown (ns3224238.ip-57-128-33.eu): 7 Time(s)
       unknown (vps-679e502e.vps.ovh.net): 7 Time(s)
       root (101.42.97.143): 6 Time(s)
       root (122.38.251.9): 6 Time(s)
       root (142.93.34.124): 6 Time(s)
       root (167.99.204.235): 6 Time(s)
       root (210.149.90.125): 6 Time(s)
       root (221.159.243.96): 6 Time(s)
       root (43.134.124.74): 6 Time(s)
       root (43.155.187.190): 6 Time(s)
       root (ns3224238.ip-57-128-33.eu): 6 Time(s)
       root (ua-83-227-148-118.bbcust.telenor.se): 6 Time(s)
       root (vps-222a9171.vps.ovh.net): 6 Time(s)
       unknown (101.34.15.74): 6 Time(s)
       unknown (103.128.175.34.bc.googleusercontent.com): 6 Time(s)
       unknown (103.234.151.55): 6 Time(s)
       unknown (121.34.239.124): 6 Time(s)
       unknown (122.38.251.9): 6 Time(s)
       unknown (14.63.62.165): 6 Time(s)
       unknown (167.99.204.235): 6 Time(s)
       unknown (185.118.175.34.bc.googleusercontent.com): 6 Time(s)
       unknown (190.210.182.179): 6 Time(s)
       unknown (43.134.124.74): 6 Time(s)
       unknown (43.155.187.190): 6 Time(s)
       unknown (43.156.109.253): 6 Time(s)
       unknown (68.183.10.68): 6 Time(s)
       unknown (82.157.194.136): 6 Time(s)
       unknown (static-190-181-4-12.acelerate.net): 6 Time(s)
       unknown (vps-222a9171.vps.ovh.net): 6 Time(s)
       root (101.33.79.22): 5 Time(s)
       root (101.33.80.181): 5 Time(s)
       root (103.171.162.91): 5 Time(s)
       root (103.83.5.39): 5 Time(s)
       root (111.26.43.89): 5 Time(s)
       root (118.25.189.79): 5 Time(s)
       root (129.226.145.176): 5 Time(s)
       root (129.226.88.173): 5 Time(s)
       root (134.175.129.189): 5 Time(s)
       root (141.11.74.148): 5 Time(s)
       root (221.158.108.137): 5 Time(s)
       root (43.128.89.189): 5 Time(s)
       root (43.134.105.17): 5 Time(s)
       root (43.153.51.250): 5 Time(s)
       root (45.150.236.42): 5 Time(s)
       root (49.51.75.211): 5 Time(s)
       root (5.2.65.174): 5 Time(s)
       unknown (111.26.43.89): 5 Time(s)
       unknown (124.156.203.50): 5 Time(s)
       unknown (124.220.216.243): 5 Time(s)
       unknown (157.245.58.108): 5 Time(s)
       unknown (186.122.177.140): 5 Time(s)
       unknown (43.130.3.230): 5 Time(s)
       unknown (43.134.51.181): 5 Time(s)
       unknown (43.153.48.75): 5 Time(s)
       unknown (43.156.49.75): 5 Time(s)
       unknown (43.163.217.205): 5 Time(s)
       unknown (45.150.236.42): 5 Time(s)
       unknown (5.2.65.174): 5 Time(s)
       unknown (71.70.165.8): 5 Time(s)
       root (101.34.15.74): 4 Time(s)
       root (113.233.104.26): 4 Time(s)
       root (121.34.239.124): 4 Time(s)
       root (125.41.182.238): 4 Time(s)
       root (139.59.25.164): 4 Time(s)
       root (156.236.74.13): 4 Time(s)
       root (181.90.218.235): 4 Time(s)
       root (186.13.25.168): 4 Time(s)
       root (43.128.72.250): 4 Time(s)
       root (43.134.175.155): 4 Time(s)
       root (43.153.48.75): 4 Time(s)
       root (50.206.19.62): 4 Time(s)
       root (68.183.10.68): 4 Time(s)
       unknown (107.173.85.161): 4 Time(s)
       unknown (118.25.189.79): 4 Time(s)
       unknown (141.11.74.148): 4 Time(s)
       unknown (142.93.34.124): 4 Time(s)
       unknown (185.196.8.151): 4 Time(s)
       unknown (198.199.125.69): 4 Time(s)
       unknown (43.153.51.250): 4 Time(s)
       unknown (50.173.49.234): 4 Time(s)
       unknown (50.206.19.62): 4 Time(s)
       unknown (81.70.241.228): 4 Time(s)
       root (159.223.207.229): 3 Time(s)
       root (210.187.80.132): 3 Time(s)
       root (49.51.194.240): 3 Time(s)
       root (81.70.241.228): 3 Time(s)
       root (82.157.194.136): 3 Time(s)
       unknown (101.42.97.143): 3 Time(s)
       unknown (120.48.163.216): 3 Time(s)
       unknown (121.225.97.248): 3 Time(s)
       unknown (134.175.129.189): 3 Time(s)
       unknown (139.59.16.110): 3 Time(s)
       unknown (152.89.245.140): 3 Time(s)
       unknown (43.134.189.40): 3 Time(s)
       unknown (49.51.75.211): 3 Time(s)
       unknown (62-210-122-52.rev.poneytelecom.eu): 3 Time(s)
       unknown (64.226.120.7): 3 Time(s)
       unknown (vps-5efa49b3.vps.ovh.net): 3 Time(s)
       root (124.156.213.251): 2 Time(s)
       root (vps-679e502e.vps.ovh.net): 2 Time(s)
       unknown (113.233.104.26): 2 Time(s)
       unknown (125.41.182.238): 2 Time(s)
       unknown (43.153.27.98): 2 Time(s)
       unknown (64.227.122.198): 2 Time(s)
       postgres (181.90.218.235): 1 Time(s)
       postgres (186.13.25.168): 1 Time(s)
       postgres (49.51.75.211): 1 Time(s)
       root (125.46.247.43): 1 Time(s)
       root (213.42.158.250): 1 Time(s)
       unknown (121.138.133.83): 1 Time(s)
       unknown (121.183.211.13): 1 Time(s)
       unknown (122.96.63.50): 1 Time(s)
       unknown (156.196.55.148): 1 Time(s)
       unknown (159.203.7.38): 1 Time(s)
       unknown (218.145.3.137): 1 Time(s)
       unknown (41.231.85.75): 1 Time(s)
       unknown (45.183.134.1): 1 Time(s)
       unknown (49.248.17.75): 1 Time(s)
       unknown (50.209.97.141): 1 Time(s)
    Invalid Users:
       Unknown Account: 471 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        4   Miscellaneous warnings  
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       10   Connections             
        9   Connections lost (inbound) 
       10   Disconnections          
 
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- Connections (secure-log) Begin ------------------------ 

 
 **Unmatched Entries**
    systemd-logind: New seat seat0.: 1 Time(s)
 
 ---------------------- Connections (secure-log) End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 SSHD Started: 2 Time(s)
 
 Disconnecting after too many authentication failures for user:
    root : 3 Time(s)
 
 Failed logins from:
    5.2.65.174: 5 times
    14.63.62.165: 7 times
    34.175.118.185 (185.118.175.34.bc.googleusercontent.com): 7 times
    34.175.128.103 (103.128.175.34.bc.googleusercontent.com): 9 times
    37.187.225.175 (vps-5efa49b3.vps.ovh.net): 7 times
    43.128.72.250: 4 times
    43.128.89.189: 5 times
    43.130.3.230: 8 times
    43.134.51.181: 7 times
    43.134.105.17: 5 times
    43.134.124.74: 6 times
    43.134.175.155: 4 times
    43.134.189.40: 10 times
    43.153.27.98: 9 times
    43.153.48.75: 4 times
    43.153.51.250: 5 times
    43.155.187.190: 6 times
    43.156.49.75: 7 times
    43.156.109.253: 8 times
    43.163.217.205: 8 times
    45.150.236.42: 5 times
    49.51.75.211: 6 times
    49.51.194.240: 3 times
    50.173.49.234 (c-50-173-49-234.unallocated.comcastbusiness.net): 8 times
    50.206.19.62: 4 times
    51.178.141.222 (vps-222a9171.vps.ovh.net): 6 times
    54.37.40.111 (vps-679e502e.vps.ovh.net): 2 times
    57.128.33.157 (ns3224238.ip-57-128-33.eu): 6 times
    62.210.122.52 (62-210-122-52.rev.poneytelecom.eu): 7 times
    64.226.120.7: 7 times
    64.227.122.198: 8 times
    65.181.73.155 (65-181-73-155.static.imsbiz.com): 7 times
    68.183.10.68: 4 times
    71.70.165.8 (syn-071-070-165-008.res.spectrum.com): 13 times
    81.70.241.228: 3 times
    82.157.194.136: 3 times
    83.227.148.118 (ua-83-227-148-118.bbcust.telenor.se): 6 times
    101.33.79.22: 5 times
    101.33.80.181: 5 times
    101.34.15.74: 4 times
    101.42.97.143: 6 times
    103.83.5.39 (ip-103-83-5-39.moratelindo.net.id): 5 times
    103.171.162.91: 5 times
    103.234.151.55: 7 times
    107.173.85.161 (107-173-85-161-host.colocrossing.com): 9 times
    111.26.43.89: 5 times
    113.233.104.26: 4 times
    118.25.189.79: 5 times
    120.48.163.216: 7 times
    121.34.239.124: 4 times
    121.225.97.248: 9 times
    122.38.251.9: 6 times
    124.156.203.50: 9 times
    124.156.213.251: 2 times
    124.220.216.243: 9 times
    125.41.182.238 (hn.kd.ny.adsl): 4 times
    125.46.247.43 (hn.kd.ny.adsl): 1 time
    129.226.88.173: 5 times
    129.226.145.176: 5 times
    134.175.129.189: 5 times
    139.59.25.164: 4 times
    141.11.74.148: 5 times
    142.93.34.124: 6 times
    156.236.74.13: 4 times
    157.245.58.108: 9 times
    159.223.207.229: 3 times
    167.99.204.235: 6 times
    179.43.180.108 (hostedby.privatelayer.com): 13 times
    181.90.218.235: 5 times
    183.81.169.238: 54 times
    186.13.25.168 (host168.186-13-25.telmex.net.ar): 5 times
    186.122.177.140 (host140.186-122-177.telmex.net.ar): 8 times
    190.181.4.12 (static-190-181-4-12.acelerate.net): 9 times
    190.210.182.179 (customer-static-210-182-179.iplannetworks.net): 8 times
    195.88.120.62 (195-88-120-62.parustelecom.ru): 24 times
    198.199.125.69 (sexobal.com-1524831123323-s-1vcpu-1gb-ams2-01): 7 times
    210.149.90.125: 6 times
    210.187.80.132: 3 times
    212.70.149.150: 11 times
    213.42.158.250: 1 time
    221.158.108.137: 6 times
    221.159.243.96: 6 times
 
 Illegal users from:
    undef: 224 times
    5.2.65.174: 5 times
    14.63.62.165: 6 times
    34.175.118.185 (185.118.175.34.bc.googleusercontent.com): 6 times
    34.175.128.103 (103.128.175.34.bc.googleusercontent.com): 6 times
    37.187.225.175 (vps-5efa49b3.vps.ovh.net): 3 times
    41.231.85.75: 1 time
    41.231.85.76: 36 times
    43.128.72.250: 8 times
    43.128.89.189: 7 times
    43.130.3.230: 5 times
    43.134.51.181: 5 times
    43.134.105.17: 7 times
    43.134.124.74: 6 times
    43.134.175.155: 8 times
    43.134.189.40: 3 times
    43.153.27.98: 2 times
    43.153.48.75: 5 times
    43.153.51.250: 4 times
    43.155.187.190: 6 times
    43.156.49.75: 5 times
    43.156.109.253: 6 times
    43.163.217.205: 5 times
    45.150.236.42: 5 times
    45.183.134.1: 1 time
    49.51.75.211: 3 times
    49.51.194.240: 7 times
    49.248.17.75 (static-75.17.248.49-tataidc.co.in): 1 time
    50.173.49.234 (c-50-173-49-234.unallocated.comcastbusiness.net): 4 times
    50.206.19.62: 4 times
    50.209.97.141: 1 time
    51.178.141.222 (vps-222a9171.vps.ovh.net): 6 times
    54.37.40.111 (vps-679e502e.vps.ovh.net): 7 times
    57.128.33.157 (ns3224238.ip-57-128-33.eu): 7 times
    62.210.122.52 (62-210-122-52.rev.poneytelecom.eu): 3 times
    64.62.156.44 (scan-62-6.shadowserver.org): 1 time
    64.226.120.7: 3 times
    64.227.122.198: 2 times
    65.181.73.155 (65-181-73-155.static.imsbiz.com): 9 times
    68.183.10.68: 6 times
    71.70.165.8 (syn-071-070-165-008.res.spectrum.com): 5 times
    81.70.241.228: 4 times
    82.157.194.136: 6 times
    101.33.79.22: 7 times
    101.33.80.181: 7 times
    101.34.15.74: 6 times
    101.42.97.143: 3 times
    103.83.5.39 (ip-103-83-5-39.moratelindo.net.id): 7 times
    103.171.162.91: 7 times
    103.234.151.55: 6 times
    107.173.85.161 (107-173-85-161-host.colocrossing.com): 4 times
    111.26.43.89: 5 times
    113.233.104.26: 2 times
    118.25.189.79: 4 times
    120.48.163.216: 3 times
    121.34.239.124: 6 times
    121.138.133.83: 5 times
    121.183.211.13: 5 times
    121.225.97.248: 3 times
    122.38.251.9: 6 times
    122.96.63.50: 1 time
    124.156.203.50: 5 times
    124.156.213.251: 9 times
    124.220.216.243: 5 times
    125.41.182.238 (hn.kd.ny.adsl): 2 times
    129.226.88.173: 7 times
    129.226.145.176: 7 times
    134.175.129.189: 3 times
    139.59.16.110: 3 times
    139.59.25.164: 10 times
    141.11.74.148: 4 times
    142.93.34.124: 4 times
    152.89.245.140 (bluerivercommunications.org.uk): 3 times
    156.196.55.148 (host-156.196.148.55-static.tedata.net): 1 time
    156.236.74.13: 7 times
    157.245.58.108: 5 times
    159.203.7.38: 1 time
    159.223.207.229: 7 times
    167.99.204.235: 6 times
    181.90.218.235: 7 times
    185.196.8.151: 4 times
    186.13.25.168 (host168.186-13-25.telmex.net.ar): 7 times
    186.122.177.140 (host140.186-122-177.telmex.net.ar): 5 times
    190.181.4.12 (static-190-181-4-12.acelerate.net): 6 times
    190.210.182.179 (customer-static-210-182-179.iplannetworks.net): 6 times
    195.88.120.62 (195-88-120-62.parustelecom.ru): 16 times
    198.199.125.69 (sexobal.com-1524831123323-s-1vcpu-1gb-ams2-01): 4 times
    210.149.90.125: 7 times
    210.187.80.132: 8 times
    212.70.149.150: 8 times
    218.145.3.137: 5 times
 
 **Unmatched Entries**
 error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s)
 fatal: buffer_get_string: buffer error [preauth] : 1 time(s)
 Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop22185p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)