[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 29 Januar 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Jan 29 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Jan-28 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [351:349]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    222.186.136.150 -> ip.ws.126.net:443: 1 Time(s)
 
 A total of 4 sites probed the server 
    103.61.108.218
    182.126.119.205
    31.7.62.112
    61.219.11.153
 
 Requests with error response codes
    400 Bad Request
       null: 3 Time(s)
       mstshash=Administr: 2 Time(s)
       /: 1 Time(s)
       /config/getuser?index=0: 1 Time(s)
       ip.ws.126.net:443: 1 Time(s)
       zapf.in: 1 Time(s)
    404 Not Found
       /robots.txt: 76 Time(s)
       /wp-login.php: 5 Time(s)
       /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 4 Time(s)
       /download/zapfev_satzung.pdf: 3 Time(s)
       /reader/1993-wi-reader_st93.pdf: 3 Time(s)
       /reader/1995-wi-reader_bn95.pdf: 3 Time(s)
       /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 3 Time(s)
       /.env: 2 Time(s)
       /.git/config: 2 Time(s)
       /config/database.yml: 2 Time(s)
       /%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e: 1 Time(s)
       /.composer/composer.json: 1 Time(s)
       /.htpasswd: 1 Time(s)
       /.svn/entries: 1 Time(s)
       /.svn/prop-base/: 1 Time(s)
       /.svn/text-base/: 1 Time(s)
       /.well-known/acme-challenge/iE_WO2fFVnnsnj ... tARiQgPP-C6fzqk: 1 Time(s)
       /Dockerrun.aws.json: 1 Time(s)
       /_profiler/phpinfo: 1 Time(s)
       /_profiler/phpinfo.php: 1 Time(s)
       /admin/.env: 1 Time(s)
       /airflow.cfg: 1 Time(s)
       /ansible.cfg: 1 Time(s)
       /api/.env: 1 Time(s)
       /berlin/orientierung/apple-touch-icon.png: 1 Time(s)
       /blog/.env: 1 Time(s)
       /composer.json: 1 Time(s)
       /composer.lock: 1 Time(s)
       /config/databases.yml: 1 Time(s)
       /download/reader_hb02.pdf: 1 Time(s)
       /elmah.axd: 1 Time(s)
       /laravel/.env: 1 Time(s)
       /opcache-status/: 1 Time(s)
       /owncloud/config/: 1 Time(s)
       /package-lock.json: 1 Time(s)
       /php-opcache-status/: 1 Time(s)
       /protokolle/Protokoll_MV_2019_01_11_Freiburg.pdf: 1 Time(s)
       /protokolle/Protokoll_MV_7.5.2016.pdf: 1 Time(s)
       /server-status: 1 Time(s)
       /sitemap.txt: 1 Time(s)
       /sites/.env: 1 Time(s)
       /sites/all/libraries/elfinder/connectors/php/connector.php: 1 Time(s)
       /sites/all/libraries/elfinder/elfinder.html: 1 Time(s)
       /sites/all/libraries/elfinder/src/connecto ... p/connector.php: 1 Time(s)
       /sites/all/modules/elfinder/connectors/php/connector.php: 1 Time(s)
       /sites/all/modules/elfinder/src/connectors/php/connector.php: 1 Time(s)
       /sites/all/modules/libraries/elfinder/conn ... p/connector.php: 1 Time(s)
       /sites/default/files/2006_SoSe_Dresden.pdf: 1 Time(s)
       /store/app/etc/local.xml: 1 Time(s)
       /test/.env: 1 Time(s)
       /vendor/.env: 1 Time(s)
       /vendor/composer/installed.json: 1 Time(s)
       /web.config: 1 Time(s)
       /wp-admin/admin-ajax.php?action=revslider_ ... ./wp-config.php: 1 Time(s)
       /wp-json/wp/v2/users/: 1 Time(s)
    405 Method Not Allowed
       /: 1 Time(s)
    499 (undefined)
       /build/8.common.fef3ca2736298be630a4.js: 1 Time(s)
       /build/MathJax/MathJax.js: 1 Time(s)
       /build/font-pack.fef3ca2736298be630a4.css: 1 Time(s)
       /build/index-styles-pack.fef3ca2736298be630a4.css: 1 Time(s)
       /build/index-styles.fef3ca2736298be630a4.css: 1 Time(s)
       /build/index.fef3ca2736298be630a4.css: 1 Time(s)
       /js/mathjax-config-extra.js: 1 Time(s)
    500 Internal Server Error
       /: 36 Time(s)
       /robots.txt: 16 Time(s)
       /atom.xml: 10 Time(s)
       /sitemap.xml: 10 Time(s)
       /sitemap.xml.gz: 10 Time(s)
       /sitemap_index.xml: 10 Time(s)
       /sitemaps.xml: 8 Time(s)
       /.env: 2 Time(s)
       /admin//config.php: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (ip78.ip-51-77-9.eu): 270 Time(s)
       root (61.177.172.104): 96 Time(s)
       root (218.92.0.248): 90 Time(s)
       root (221.181.185.140): 88 Time(s)
       root (189.2.141.83): 75 Time(s)
       root (104.248.45.204): 72 Time(s)
       root (183.165.60.142): 69 Time(s)
       root (5.19.164.33): 68 Time(s)
       root (122.226.113.66): 67 Time(s)
       root (191.ip-54-37-68.eu): 65 Time(s)
       root (176.31.31.185): 64 Time(s)
       root (182.72.142.62): 64 Time(s)
       root (ip223.ip-51-254-63.eu): 64 Time(s)
       root (c83-191-163-133.bredband.comhem.se): 63 Time(s)
       root (101.33.117.207): 62 Time(s)
       root (101.36.178.20): 62 Time(s)
       root (103.124.95.136): 62 Time(s)
       root (118.40.248.20): 62 Time(s)
       root (124.156.158.178): 62 Time(s)
       root (167.71.228.31): 62 Time(s)
       root (106.54.217.12): 61 Time(s)
       root (45.55.134.210): 61 Time(s)
       root (81.68.65.90): 61 Time(s)
       root (vps-7854dc0b.vps.ovh.net): 61 Time(s)
       root (160.ip-46-105-29.eu): 60 Time(s)
       root (164.132.70.6): 60 Time(s)
       root (6.ip-193-70-2.eu): 60 Time(s)
       root (95.163.207.184.16clouds.com): 60 Time(s)
       root (vps-cc906481.vps.ovh.net): 60 Time(s)
       root (120-88-46-226.snat21.hns.net.in): 59 Time(s)
       root (118.25.155.104): 58 Time(s)
       root (207.ip-51-255-203.eu): 57 Time(s)
       root (42.112.16.74): 57 Time(s)
       root (107.170.134.125): 56 Time(s)
       root (180.180.241.93): 56 Time(s)
       root (148.70.229.221): 55 Time(s)
       root (178.62.187.136): 55 Time(s)
       root (27.106.18.218): 55 Time(s)
       root (119.45.202.43): 54 Time(s)
       root (120.92.137.192): 54 Time(s)
       root (139.87.70.118): 54 Time(s)
       root (152.136.130.218): 54 Time(s)
       root (107.175.33.240): 53 Time(s)
       root (117.247.238.10): 53 Time(s)
       root (157.230.143.1): 53 Time(s)
       root (164.155.89.7): 53 Time(s)
       root (189.89.221.81): 53 Time(s)
       root (49.233.203.30): 53 Time(s)
       root (106.124.132.105): 52 Time(s)
       root (165.22.49.42): 52 Time(s)
       root (167.99.77.94): 52 Time(s)
       root (61.177.144.130): 52 Time(s)
       root (157.245.63.101): 51 Time(s)
       root (81.70.195.174): 51 Time(s)
       root (81.71.38.138): 51 Time(s)
       root (106.53.105.168): 50 Time(s)
       root (106.55.15.66): 50 Time(s)
       root (139.59.249.95): 50 Time(s)
       root (149.129.252.182): 50 Time(s)
       root (188.168.82.246): 50 Time(s)
       root (46.101.248.180): 50 Time(s)
       root (106.54.44.202): 49 Time(s)
       root (119.82.135.244): 49 Time(s)
       root (140.238.177.83): 49 Time(s)
       root (211.144.221.226): 49 Time(s)
       root (46.101.174.244): 49 Time(s)
       root (95.141.232.2): 49 Time(s)
       root (167.99.70.135): 48 Time(s)
       root (129.28.165.182): 47 Time(s)
       root (178.128.28.241): 46 Time(s)
       root (222.187.238.87): 44 Time(s)
       root (128.199.170.33): 43 Time(s)
       root (157.230.115.139): 43 Time(s)
       root (106.55.170.47): 42 Time(s)
       root (150.158.172.248): 41 Time(s)
       root (49.232.101.33): 39 Time(s)
       root (81.70.154.62): 39 Time(s)
       root (83.239.138.38): 39 Time(s)
       root (106.12.215.238): 37 Time(s)
       root (122.51.52.154): 37 Time(s)
       root (191.205.136.34): 37 Time(s)
       root (202.110.125.217): 37 Time(s)
       root (ns3120718.ip-5-135-181.eu): 37 Time(s)
       root (104.248.248.126): 36 Time(s)
       root (net-188-217-181-18.cust.vodafonedsl.it): 35 Time(s)
       root (198.98.53.169): 34 Time(s)
       root (221.181.185.141): 34 Time(s)
       root (150.158.162.240): 31 Time(s)
       root (165.227.167.31): 31 Time(s)
       root (178.128.83.28): 31 Time(s)
       root (201-217-195-226-host.ifx.net.co): 29 Time(s)
       root (81.70.197.188): 28 Time(s)
       root (221.181.185.143): 26 Time(s)
       root (vmi469074.contaboserver.net): 25 Time(s)
       unknown (220-132-75-140.hinet-ip.hinet.net): 24 Time(s)
       root (24.92.187.5): 23 Time(s)
       root (h-85-24-194-41.na.cust.bahnhof.se): 23 Time(s)
       root (222.187.239.31): 22 Time(s)
       root (112.85.42.200): 21 Time(s)
       root (120.53.233.197): 18 Time(s)
       root (112.85.42.230): 17 Time(s)
       root (112.85.42.119): 16 Time(s)
       root (58.210.88.98): 16 Time(s)
       root (104.248.170.169): 14 Time(s)
       root (80.64.165.113): 14 Time(s)
       root (112.85.42.184): 12 Time(s)
       root (182.201.242.129): 12 Time(s)
       unknown (201-217-195-226-host.ifx.net.co): 12 Time(s)
       root (112.85.42.174): 11 Time(s)
       root (112.85.42.110): 10 Time(s)
       root (112.85.42.13): 10 Time(s)
       root (112.85.42.151): 10 Time(s)
       root (112.85.42.98): 10 Time(s)
       root (122.194.229.59): 10 Time(s)
       root (218.56.11.236): 8 Time(s)
       root (140.143.230.109): 7 Time(s)
       root (112.85.42.172): 6 Time(s)
       root (112.85.42.183): 6 Time(s)
       root (120.29.125.240): 6 Time(s)
       root (71-208-251-116.ftmy.qwest.net): 6 Time(s)
       root (71-213-124-224.mnfd.qwest.net): 6 Time(s)
       root (71.219.201.68): 6 Time(s)
       root (75.165.105.23): 6 Time(s)
       root (97.112.91.169): 6 Time(s)
       root (nc-184-3-166-186.dhcp.embarqhsd.net): 6 Time(s)
       root (112.85.42.47): 5 Time(s)
       unknown (195.54.160.134): 5 Time(s)
       root (222.187.238.97): 4 Time(s)
       root (40.74.231.133): 4 Time(s)
       root (ip78.ip-51-77-9.eu): 4 Time(s)
       postgres (ip78.ip-51-77-9.eu): 3 Time(s)
       root (49.234.94.59): 3 Time(s)
       root (51.161.31.128): 3 Time(s)
       unknown (188.126.89.28): 3 Time(s)
       unknown (121.154.148.202): 2 Time(s)
       unknown (185.220.101.203): 2 Time(s)
       unknown (51.161.31.128): 2 Time(s)
       root (103.60.137.117): 1 Time(s)
       root (104.211.34.53): 1 Time(s)
       root (106.38.158.131): 1 Time(s)
       root (106.53.249.98): 1 Time(s)
       root (106.53.26.197): 1 Time(s)
       root (109.116.41.238): 1 Time(s)
       root (111.67.194.41): 1 Time(s)
       root (111.67.199.85): 1 Time(s)
       root (113.108.195.242): 1 Time(s)
       root (113.31.117.196): 1 Time(s)
       root (119.123.176.129): 1 Time(s)
       root (125.124.44.135): 1 Time(s)
       root (125.65.82.7): 1 Time(s)
       root (134.209.81.185): 1 Time(s)
       root (139.199.32.22): 1 Time(s)
       root (150.109.113.254): 1 Time(s)
       root (150.136.21.3): 1 Time(s)
       root (157.92.13.155): 1 Time(s)
       root (165.22.213.9): 1 Time(s)
       root (174.138.42.143): 1 Time(s)
       root (190.5.228.74): 1 Time(s)
       root (195.54.160.134): 1 Time(s)
       root (198.23.148.137): 1 Time(s)
       root (49.232.139.183): 1 Time(s)
       root (81.70.174.192): 1 Time(s)
       temp (ip78.ip-51-77-9.eu): 1 Time(s)
       unknown (193.27.229.200): 1 Time(s)
       unknown (81.70.197.188): 1 Time(s)
    Invalid Users:
       Unknown Account: 322 Time(s)
 
 systemd-user:
    Unknown Entries:
       session closed for user root: 2 Time(s)
       session opened for user root by (uid=0): 2 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        5   Miscellaneous warnings  
 
   18.220K  Bytes accepted                              18,657
   18.220K  Bytes sent via SMTP                         18,657
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      170   Connections             
        5   Connections lost (inbound) 
      170   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 65 Time(s)
 
 Failed logins from:
    5.19.164.33 (5x19x164x33.static-business.spb.ertelecom.ru): 68 times
    5.135.181.53 (ns3120718.ip-5-135-181.eu): 37 times
    24.92.187.5: 23 times
    27.106.18.218 (218.18.106.27.mysipl.com): 55 times
    40.74.231.133: 4 times
    42.112.16.74: 57 times
    45.55.134.210: 61 times
    46.101.174.244: 49 times
    46.101.248.180 (django.ubuntu.18.04): 50 times
    46.105.29.160 (160.ip-46-105-29.eu): 60 times
    49.232.101.33: 39 times
    49.232.139.183: 1 time
    49.233.203.30: 53 times
    49.234.94.59: 3 times
    51.75.78.168 (vps-cc906481.vps.ovh.net): 60 times
    51.77.9.78 (ip78.ip-51-77-9.eu): 8 times
    51.161.31.128 (play.hypershock.hyaxe.com): 3 times
    51.254.63.223 (ip223.ip-51-254-63.eu): 64 times
    51.255.203.207 (207.ip-51-255-203.eu): 57 times
    54.37.68.191 (191.ip-54-37-68.eu): 65 times
    58.210.88.98: 16 times
    61.177.144.130: 52 times
    61.177.172.104: 96 times
    71.208.251.116 (71-208-251-116.ftmy.qwest.net): 6 times
    71.213.124.224 (71-213-124-224.mnfd.qwest.net): 6 times
    71.219.201.68 (71-219-201-68.chvl.qwest.net): 6 times
    75.165.105.23 (75-165-105-23.crls.qwest.net): 6 times
    80.64.165.113 (113.165.64.80.sta.211.ru): 14 times
    81.68.65.90: 61 times
    81.70.154.62: 39 times
    81.70.174.192: 1 time
    81.70.195.174: 51 times
    81.70.197.188: 28 times
    81.71.38.138: 51 times
    83.191.163.133 (c83-191-163-133.bredband.comhem.se): 63 times
    83.239.138.38: 39 times
    85.24.194.41 (h-85-24-194-41.NA.cust.bahnhof.se): 23 times
    95.141.232.2 (static-232-2.netbynet.ru): 49 times
    95.163.207.184 (95.163.207.184.16clouds.com): 60 times
    97.112.91.169 (97-112-91-169.ksca.centurylink.net): 6 times
    101.33.117.207: 62 times
    101.36.178.20: 62 times
    103.60.137.117: 1 time
    103.124.95.136: 62 times
    104.211.34.53: 1 time
    104.248.45.204: 72 times
    104.248.170.169: 14 times
    104.248.248.126: 36 times
    106.12.215.238: 37 times
    106.38.158.131: 1 time
    106.53.26.197: 1 time
    106.53.105.168: 50 times
    106.53.249.98: 1 time
    106.54.44.202: 49 times
    106.54.217.12: 61 times
    106.55.15.66: 50 times
    106.55.170.47: 42 times
    106.124.132.105: 52 times
    107.170.134.125: 56 times
    107.175.33.240 (107-175-33-240-host.colocrossing.com): 53 times
    109.116.41.238: 1 time
    111.67.194.41: 1 time
    111.67.199.85: 1 time
    112.85.42.13: 10 times
    112.85.42.47: 5 times
    112.85.42.98: 10 times
    112.85.42.110: 10 times
    112.85.42.119: 16 times
    112.85.42.151: 10 times
    112.85.42.172: 6 times
    112.85.42.174: 11 times
    112.85.42.183: 6 times
    112.85.42.184: 12 times
    112.85.42.200: 21 times
    112.85.42.230: 17 times
    113.31.117.196: 1 time
    113.108.195.242: 1 time
    117.247.238.10: 53 times
    118.25.155.104: 58 times
    118.40.248.20: 62 times
    119.45.202.43: 54 times
    119.82.135.244 (static.cmcti.vn): 49 times
    119.123.176.129: 1 time
    120.29.125.240: 6 times
    120.53.233.197: 18 times
    120.88.46.226 (120-88-46-226.snat21.hns.net.in): 59 times
    120.92.137.192: 54 times
    122.51.52.154: 37 times
    122.194.229.59: 10 times
    122.226.113.66: 67 times
    124.156.158.178: 62 times
    125.65.82.7 (7.82.65.125.broad.ls.sc.dynamic.163data.com.cn): 1 time
    125.124.44.135: 1 time
    128.199.170.33: 43 times
    129.28.165.182: 47 times
    134.209.81.185: 1 time
    139.59.249.95: 50 times
    139.87.70.118: 54 times
    139.199.32.22: 1 time
    140.143.230.109: 7 times
    140.238.177.83: 49 times
    146.59.155.42 (vps-7854dc0b.vps.ovh.net): 61 times
    148.70.229.221: 55 times
    149.129.252.182: 50 times
    150.109.113.254: 1 time
    150.136.21.3: 1 time
    150.158.162.240: 31 times
    150.158.172.248: 41 times
    152.136.130.218: 54 times
    157.92.13.155: 1 time
    157.230.115.139: 43 times
    157.230.143.1: 53 times
    157.245.63.101: 51 times
    164.68.97.107 (vmi469074.contaboserver.net): 25 times
    164.132.70.6: 60 times
    164.155.89.7: 53 times
    165.22.49.42: 52 times
    165.22.213.9: 1 time
    165.227.167.31: 31 times
    167.71.228.31: 62 times
    167.99.70.135: 48 times
    167.99.77.94: 52 times
    174.138.42.143: 1 time
    176.31.31.185: 64 times
    178.62.187.136 (softteco.com.new): 55 times
    178.128.28.241: 46 times
    178.128.83.28: 31 times
    180.180.241.93: 56 times
    182.72.142.62 (nsg-static-062.142.72.182.airtel.in): 64 times
    182.201.242.129: 12 times
    183.165.60.142: 69 times
    184.3.166.186 (nc-184-3-166-186.dhcp.embarqhsd.net): 6 times
    188.168.82.246: 50 times
    188.217.181.18 (net-188-217-181-18.cust.vodafonedsl.it): 35 times
    189.2.141.83: 75 times
    189.89.221.81: 53 times
    190.5.228.74: 1 time
    191.205.136.34 (191-205-136-34.user.vivozap.com.br): 37 times
    193.70.2.6 (6.ip-193-70-2.eu): 60 times
    195.54.160.134: 1 time
    198.23.148.137 (198-23-148-137-host.colocrossing.com): 1 time
    198.98.53.169: 34 times
    201.217.195.226 (201-217-195-226-host.ifx.net.co): 29 times
    202.110.125.217 (217.125.110.202.ha.cnc): 37 times
    211.144.221.226 (221.226.dsnet): 49 times
    218.56.11.236: 8 times
    218.92.0.248: 90 times
    221.181.185.140: 96 times
    221.181.185.141: 36 times
    221.181.185.143: 30 times
    222.187.238.87: 48 times
    222.187.238.97: 6 times
    222.187.239.31: 24 times
 
 Illegal users from:
    undef: 200 times
    51.77.9.78 (ip78.ip-51-77-9.eu): 270 times
    51.161.31.128 (play.hypershock.hyaxe.com): 2 times
    65.49.20.68 (scan-19.shadowserver.org): 1 time
    81.70.197.188: 1 time
    117.30.209.248 (248.209.30.117.broad.xm.fj.dynamic.163data.com.cn): 2 times
    121.154.148.202: 2 times
    139.162.122.110 (scan-8.security.ipip.net): 1 time
    178.73.215.171 (178-73-215-171-static.glesys.net): 1 time
    185.220.101.203: 2 times
    188.126.89.28: 3 times
    193.27.229.200: 1 time
    195.54.160.134: 5 times
    201.217.195.226 (201-217-195-226-host.ifx.net.co): 12 times
    220.132.75.140 (220-132-75-140.HINET-IP.hinet.net): 24 times
 
 Users logging in through sshd:
    root:
       89.246.60.151 (i59F63C97.versanet.de): 1 time
       198.167.207.116 (c6a7cf74.vpn.njalla.net): 1 time
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)