[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 30 Juli 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Jul 30 04:42:05 2021
        Date Range Processed: yesterday
                              ( 2021-Jul-29 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [251:255]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 5 sites probed the server 
    159.65.14.223
    182.119.117.251
    3.218.240.217
    46.101.155.149
    5.188.210.227
 
 Requests with error response codes
    400 Bad Request
       /: 9 Time(s)
       null: 6 Time(s)
       mstshash=Administr: 3 Time(s)
       /config/getuser?index=0: 1 Time(s)
    404 Not Found
       /robots.txt: 58 Time(s)
       /wp-login.php: 7 Time(s)
       /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 3 Time(s)
       /download/zapfev_satzung.pdf: 2 Time(s)
       /reader/1994-wi-reader_hb94.pdf: 2 Time(s)
       /3index.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt: 1 Time(s)
       /administrator/components/com_jbusinessdir ... sets/upload.php: 1 Time(s)
       /ckeditor/ckfinder/core/connector/php/connector.php: 1 Time(s)
       /components/com_jbusinessdirectory/assets/upload.php: 1 Time(s)
       /download/zapf_satzung.pdf: 1 Time(s)
       /index.php?option=com_jce&task=plugin&plug ... m&action=upload: 1
Time(s)
       /protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 1 Time(s)
       /reader/1993-wi-reader_st93.pdf: 1 Time(s)
       /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s)
       /resolutionen/wise15/Transparenz_in_der_Dr ... sparenz_in_der_: 1 Time(s)
       /sites/all/libraries/elfinder/src/connecto ... p/connector.php: 1 Time(s)
       /sites/default/files/1979_WiSe_Karlsruhe.pdf: 1 Time(s)
       /sites/default/files/1984_SoSe_Konstanz.pdf: 1 Time(s)
       /sites/default/files/2008_SoSe_Konstanz.pdf: 1 Time(s)
       /sites/default/files/2010_SoSe_Frankfurt.pdf: 1 Time(s)
       /sites/default/files/2011_05_Stellungnahme_EQR-DQR_0.pdf: 1 Time(s)
       /sites/default/files/2011_WiSe_Bonn.pdf: 1 Time(s)
       /sites/default/files/2012_WiSe_Karlsruhe.pdf: 1 Time(s)
       /zapf/reader/%7CTagungsreader: 1 Time(s)
    500 Internal Server Error
       /: 49 Time(s)
       /favicon.ico: 8 Time(s)
       /.env: 5 Time(s)
       /robots.txt: 3 Time(s)
       /GponForm/diag_Form?style/: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /console/: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /nice%20ports%2C/Tri%6Eity.txt%2ebak: 1 Time(s)
       /owa/: 1 Time(s)
       /solr/: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (125.74.47.33): 70 Time(s)
       root (132.232.57.135): 70 Time(s)
       root (139.198.120.226): 70 Time(s)
       root (159.203.75.102): 70 Time(s)
       root (191.185.77.208): 70 Time(s)
       root (194.170.156.9): 70 Time(s)
       root (45.174.238.30): 70 Time(s)
       root (77.109.173.12): 58 Time(s)
       root (saratovmeteo.san.ru): 56 Time(s)
       root (167.71.170.71): 55 Time(s)
       root (115.233.227.46): 50 Time(s)
       root (118.193.34.198): 50 Time(s)
       root (132.232.93.220): 50 Time(s)
       root (178.62.199.240): 50 Time(s)
       root (192.141.107.58): 50 Time(s)
       root (201-40-240-171.user3p.brasiltelecom.net.br): 50 Time(s)
       root (52.249.187.189): 50 Time(s)
       root (81.70.100.58): 50 Time(s)
       root (61.155.106.101): 49 Time(s)
       root (198.199.97.218): 48 Time(s)
       root (1.15.76.31): 47 Time(s)
       root (117.54.15.187): 47 Time(s)
       root (119.28.23.168): 47 Time(s)
       root (128.199.242.246): 44 Time(s)
       root (170.245.200.100): 44 Time(s)
       root (172.81.251.217): 44 Time(s)
       root (202.153.134.34.bc.googleusercontent.com): 44 Time(s)
       root (152.32.150.194): 43 Time(s)
       root (181.49.117.166): 42 Time(s)
       root (152.136.152.195): 41 Time(s)
       root (171.244.140.174): 41 Time(s)
       root (115.159.110.192): 40 Time(s)
       root (122.51.154.84): 40 Time(s)
       root (rrcs-24-172-172-2.central.biz.rr.com): 40 Time(s)
       unknown (210.114.19.133): 38 Time(s)
       root (109.167.197.20): 37 Time(s)
       root (43.129.189.102): 37 Time(s)
       root (49.234.209.4): 37 Time(s)
       root (58.243.181.70): 37 Time(s)
       root (195.70.60.100): 36 Time(s)
       root (da.up2uhost.com): 34 Time(s)
       root (vps-b1a9d427.vps.ovh.ca): 34 Time(s)
       root (129.211.171.105): 32 Time(s)
       root (112.217.169.138): 31 Time(s)
       root (124.105.173.17): 31 Time(s)
       root (106.13.196.160): 30 Time(s)
       root (178.57.125.78): 30 Time(s)
       root (210.177.223.252): 30 Time(s)
       root (211.38.143.242): 30 Time(s)
       root (104.131.161.146): 28 Time(s)
       root (157.245.140.49): 27 Time(s)
       root (89.252.140.21): 27 Time(s)
       root (118.195.158.166): 26 Time(s)
       root (124.156.136.201): 26 Time(s)
       root (176.79.92.39): 26 Time(s)
       root (188.166.243.253): 26 Time(s)
       unknown (104.236.136.200): 26 Time(s)
       root (157.231.113.130): 25 Time(s)
       root (167.99.148.145): 25 Time(s)
       root (175.24.190.162): 25 Time(s)
       root (dsl51b6fe7c.fixip.t-online.hu): 25 Time(s)
       root (177.8.172.137): 24 Time(s)
       root (5.141.85.82): 24 Time(s)
       root (dsl-92-39.bl27.telepac.pt): 24 Time(s)
       root (150.161.30.72): 23 Time(s)
       unknown (ns3045808.ip-5-39-88.eu): 23 Time(s)
       root (82.156.72.109): 21 Time(s)
       unknown (179.216.18.168): 20 Time(s)
       unknown (36.89.25.220): 20 Time(s)
       unknown (47.245.35.63): 20 Time(s)
       root (157.230.58.208): 19 Time(s)
       root (111.90.190.52): 18 Time(s)
       root (209.97.143.9): 18 Time(s)
       root (49.232.104.170): 18 Time(s)
       unknown (206.189.34.241): 18 Time(s)
       unknown (81.69.38.86): 18 Time(s)
       unknown (106.52.106.170): 15 Time(s)
       unknown (106.54.109.29): 15 Time(s)
       unknown (141.98.10.203): 15 Time(s)
       unknown (188.166.243.253): 15 Time(s)
       unknown (82.156.72.109): 15 Time(s)
       root (111.198.33.54): 14 Time(s)
       unknown (111.198.33.54): 14 Time(s)
       unknown (89.216.47.154): 14 Time(s)
       unknown (165.227.196.229): 13 Time(s)
       root (206.189.34.241): 12 Time(s)
       root (89.193.151.203.sta.inet.co.th): 12 Time(s)
       unknown (106.55.23.240): 12 Time(s)
       unknown (118.195.158.166): 12 Time(s)
       unknown (141.98.10.27): 12 Time(s)
       unknown (150.161.30.72): 12 Time(s)
       unknown (185.94.216.67): 12 Time(s)
       root (51.158.104.101): 11 Time(s)
       root (209.141.56.41): 9 Time(s)
       root (210.114.19.133): 9 Time(s)
       root (42.192.52.98): 9 Time(s)
       root (81.69.38.86): 9 Time(s)
       unknown (106.75.153.166): 9 Time(s)
       unknown (205.185.127.25): 9 Time(s)
       unknown (42.192.52.98): 9 Time(s)
       unknown (141.98.10.56): 8 Time(s)
       unknown (199.195.248.154): 8 Time(s)
       unknown (209.141.56.41): 8 Time(s)
       root (165.227.155.91): 6 Time(s)
       root (36.156.184.132): 6 Time(s)
       root (36.89.25.220): 6 Time(s)
       root (43.128.5.240): 6 Time(s)
       root (60.8.87.190): 6 Time(s)
       root (dndz.gov.ua): 6 Time(s)
       root (ns3045808.ip-5-39-88.eu): 6 Time(s)
       unknown (45.93.201.148): 6 Time(s)
       unknown (89.193.151.203.sta.inet.co.th): 6 Time(s)
       root (106.52.106.170): 5 Time(s)
       root (47.245.35.63): 5 Time(s)
       root (1-34-215-77.hinet-ip.hinet.net): 4 Time(s)
       root (117.111.12.154): 4 Time(s)
       root (117.132.159.151): 4 Time(s)
       unknown (107.189.1.174): 4 Time(s)
       unknown (40.73.17.36): 4 Time(s)
       unknown (58.243.181.70): 4 Time(s)
       root (165.227.196.229): 3 Time(s)
       root (179.216.18.168): 3 Time(s)
       unknown (104.236.42.124): 3 Time(s)
       unknown (141.98.10.29): 3 Time(s)
       unknown (164.163.99.10): 3 Time(s)
       unknown (165.227.155.91): 3 Time(s)
       unknown (171.251.26.14): 3 Time(s)
       unknown (45.155.204.39): 3 Time(s)
       postgres (106.55.23.240): 2 Time(s)
       root (106.55.23.240): 2 Time(s)
       root (39.155.222.61): 2 Time(s)
       root (89.216.47.154): 2 Time(s)
       unknown (117.102.199.15.static.zoot.jp): 2 Time(s)
       unknown (141.98.10.179): 2 Time(s)
       unknown (142.93.105.220): 2 Time(s)
       unknown (167.99.118.199): 2 Time(s)
       unknown (205.185.125.109): 2 Time(s)
       unknown (209.141.47.35): 2 Time(s)
       unknown (39.155.222.61): 2 Time(s)
       unknown (p2e5c5423.dip0.t-ipconnect.de): 2 Time(s)
       deployment (210.114.19.133): 1 Time(s)
       mysql (104.236.136.200): 1 Time(s)
       mysql (107.189.1.174): 1 Time(s)
       postgres (210.114.19.133): 1 Time(s)
       postgres (47.245.35.63): 1 Time(s)
       root (101.227.103.83): 1 Time(s)
       root (103.215.82.159): 1 Time(s)
       root (104.236.136.200): 1 Time(s)
       root (104.244.78.233): 1 Time(s)
       root (107.189.30.47): 1 Time(s)
       root (109.232.109.58): 1 Time(s)
       root (112.18.69.127): 1 Time(s)
       root (119.136.27.138): 1 Time(s)
       root (121.4.80.40): 1 Time(s)
       root (143.198.106.44): 1 Time(s)
       root (167.99.118.199): 1 Time(s)
       root (184.70.244.67): 1 Time(s)
       root (193.168.195.70): 1 Time(s)
       root (46.28.89.34): 1 Time(s)
       root (47.74.234.121): 1 Time(s)
       root (ip-160-153-252-38.ip.secureserver.net): 1 Time(s)
       root (tor.t-3.net): 1 Time(s)
       temp (106.55.23.240): 1 Time(s)
       unknown (1-34-215-77.hinet-ip.hinet.net): 1 Time(s)
       unknown (101.231.146.36): 1 Time(s)
       unknown (109.232.109.58): 1 Time(s)
       unknown (116.110.157.86): 1 Time(s)
       unknown (117.111.12.154): 1 Time(s)
       unknown (117.132.159.151): 1 Time(s)
       unknown (148.70.241.56): 1 Time(s)
       unknown (165.227.180.20): 1 Time(s)
       unknown (171.232.241.136): 1 Time(s)
       unknown (171.251.28.74): 1 Time(s)
       unknown (195.133.40.158): 1 Time(s)
       unknown (45.55.167.87): 1 Time(s)
       unknown (79-67-29-187.dynamic.dsl.as9105.com): 1 Time(s)
       unknown (90.218.164.246): 1 Time(s)
       www-data (ns3045808.ip-5-39-88.eu): 1 Time(s)
    Invalid Users:
       Unknown Account: 482 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        4   Miscellaneous warnings  
 
   27.683K  Bytes accepted                              28,347
   27.683K  Bytes sent via SMTP                         28,347
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        3   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        3   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      826   Connections             
      666   Connections lost (inbound) 
      826   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
       11   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 1 Time(s)
 
 Failed logins from:
    1.15.76.31: 47 times
    1.34.215.77 (1-34-215-77.HINET-IP.hinet.net): 4 times
    5.39.88.4 (ns3045808.ip-5-39-88.eu): 7 times
    5.141.85.82: 24 times
    24.172.172.2 (rrcs-24-172-172-2.central.biz.rr.com): 40 times
    34.134.153.202 (202.153.134.34.bc.googleusercontent.com): 44 times
    36.89.25.220: 6 times
    36.156.184.132: 6 times
    39.155.222.61: 2 times
    42.192.52.98: 9 times
    43.128.5.240: 6 times
    43.129.189.102: 37 times
    45.174.238.30 (45.174.238.30.viutelecom.com.br): 70 times
    46.28.89.34: 1 time
    47.74.234.121: 1 time
    47.245.35.63: 6 times
    49.232.104.170: 18 times
    49.234.209.4: 37 times
    51.79.65.236 (vps-b1a9d427.vps.ovh.ca): 34 times
    51.158.104.101 (101-104-158-51.instances.scw.cloud): 11 times
    52.249.187.189: 50 times
    58.243.181.70: 37 times
    60.8.87.190: 6 times
    61.155.106.101: 49 times
    64.113.32.29 (tor.t-3.net): 1 time
    77.109.173.12 (77.109.173.12.easyzone.ch): 58 times
    81.69.38.86: 9 times
    81.70.100.58: 50 times
    81.182.254.124 (dsl51B6FE7C.fixip.t-online.hu): 25 times
    82.156.72.109: 21 times
    82.207.87.24 (dndz.gov.ua): 6 times
    88.147.254.66 (saratovmeteo.san.ru): 56 times
    89.216.47.154: 2 times
    89.252.140.21: 26 times
    101.227.103.83: 1 time
    103.215.82.159: 1 time
    104.131.161.146: 28 times
    104.236.136.200: 2 times
    104.244.78.233 (This-is-a-tor-exit.ignorelist.com): 1 time
    106.13.196.160: 30 times
    106.52.106.170: 5 times
    106.55.23.240: 5 times
    107.189.1.174: 1 time
    107.189.30.47: 1 time
    109.167.197.20 (109-167-197-20.westcall.net): 37 times
    109.232.109.58: 1 time
    111.90.190.52: 18 times
    111.198.33.54: 14 times
    112.18.69.127: 1 time
    112.217.169.138: 31 times
    115.159.110.192: 40 times
    115.233.227.46: 50 times
    117.54.15.187 (rev-117-54-15-187.indo.net.id): 47 times
    117.111.12.154: 4 times
    117.132.159.151 (error.arpa): 4 times
    118.193.34.198: 50 times
    118.195.158.166: 26 times
    119.28.23.168: 47 times
    119.136.27.138: 1 time
    121.4.80.40: 1 time
    122.51.154.84: 40 times
    124.105.173.17: 31 times
    124.156.136.201: 26 times
    125.74.47.33: 70 times
    128.199.242.246: 44 times
    129.211.171.105: 32 times
    132.232.57.135: 70 times
    132.232.93.220: 50 times
    139.198.120.226: 70 times
    143.198.106.44 (polysafe.server): 1 time
    150.161.30.72: 23 times
    152.32.150.194: 43 times
    152.136.152.195: 41 times
    157.230.58.208: 19 times
    157.231.113.130: 25 times
    157.245.140.49: 27 times
    159.203.75.102: 70 times
    160.153.252.38 (ip-160-153-252-38.ip.secureserver.net): 1 time
    165.227.155.91: 6 times
    165.227.196.229: 3 times
    167.71.170.71: 55 times
    167.99.118.199: 1 time
    167.99.148.145: 25 times
    170.245.200.100 (170-245-200-100.redesiminternet.com.br): 44 times
    171.244.140.174: 41 times
    172.81.251.217: 44 times
    175.24.190.162: 25 times
    176.79.92.39 (dsl-92-39.bl27.telepac.pt): 50 times
    177.8.172.137: 24 times
    178.57.125.78: 30 times
    178.62.199.240: 50 times
    179.216.18.168 (b3d812a8.virtua.com.br): 3 times
    181.49.117.166: 42 times
    184.70.244.67: 1 time
    188.166.243.253: 26 times
    191.185.77.208 (bfb94dd0.virtua.com.br): 70 times
    192.141.107.58: 50 times
    193.168.195.70: 1 time
    194.170.156.9: 70 times
    195.70.60.100: 36 times
    198.199.97.218: 48 times
    201.40.240.171 (201-40-240-171.user3p.brasiltelecom.net.br): 50 times
    203.151.21.252 (da.up2uhost.com): 34 times
    203.151.193.89 (89.193.151.203.sta.inet.co.th): 12 times
    206.189.34.241: 12 times
    209.97.143.9: 18 times
    209.141.56.41 (rdns.smartweb.cn): 9 times
    210.114.19.133: 11 times
    210.177.223.252: 30 times
    211.38.143.242: 30 times
 
 Illegal users from:
    undef: 302 times
    1.34.215.77 (1-34-215-77.HINET-IP.hinet.net): 1 time
    5.39.88.4 (ns3045808.ip-5-39-88.eu): 23 times
    36.89.25.220: 20 times
    39.155.222.61: 2 times
    40.73.17.36: 4 times
    42.192.52.98: 9 times
    45.55.167.87: 1 time
    45.93.201.148: 6 times
    45.155.204.39: 3 times
    46.92.84.35 (p2e5c5423.dip0.t-ipconnect.de): 2 times
    47.245.35.63: 20 times
    58.243.181.70: 4 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    79.67.29.187 (79-67-29-187.dynamic.dsl.as9105.com): 1 time
    81.69.38.86: 18 times
    82.156.72.109: 15 times
    89.216.47.154: 14 times
    90.218.164.246 (5adaa4f6.bb.sky.com): 1 time
    101.231.146.36: 1 time
    104.236.42.124: 3 times
    104.236.136.200: 26 times
    106.52.106.170: 15 times
    106.54.109.29: 15 times
    106.55.23.240: 12 times
    106.75.153.166: 9 times
    107.189.1.174: 4 times
    109.232.109.58: 1 time
    111.198.33.54: 14 times
    116.110.157.86: 1 time
    117.102.199.15 (117.102.199.15.static.zoot.jp): 2 times
    117.111.12.154: 1 time
    117.132.159.151 (error.arpa): 1 time
    118.195.158.166: 12 times
    141.98.10.27: 12 times
    141.98.10.29: 3 times
    141.98.10.56: 8 times
    141.98.10.179 (er.includeswitche.com): 2 times
    141.98.10.203: 15 times
    142.93.105.220: 2 times
    148.70.241.56: 1 time
    150.161.30.72: 12 times
    164.163.99.10 (164-163-99-10.isp.infomaistelecom.com.br): 3 times
    165.227.155.91: 3 times
    165.227.180.20: 1 time
    165.227.196.229: 13 times
    167.99.118.199: 2 times
    171.232.241.136 (dynamic-ip-adsl.viettel.vn): 1 time
    171.251.26.14 (dynamic-ip-adsl.viettel.vn): 4 times
    171.251.28.74 (dynamic-adsl.viettel.vn): 1 time
    178.73.215.171 (178-73-215-171-static.glesys.net): 1 time
    179.216.18.168 (b3d812a8.virtua.com.br): 20 times
    185.94.216.67: 15 times
    188.166.243.253: 15 times
    195.133.40.158: 1 time
    199.195.248.154: 8 times
    203.151.193.89 (89.193.151.203.sta.inet.co.th): 6 times
    205.185.125.109: 2 times
    205.185.127.25 (serveroperations.com): 9 times
    206.189.34.241: 18 times
    209.141.47.35: 2 times
    209.141.56.41 (rdns.smartweb.cn): 8 times
    210.114.19.133: 38 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop23974p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)