[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Donnerstag, 21 Oktober 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Thu Oct 21 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-20 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 66:65 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 8 sites probed the server 
    125.64.94.136
    161.35.236.158
    161.35.238.241
    172.104.131.24
    178.239.21.101
    185.254.31.134
    209.141.51.171
    89.248.165.210
 
 Requests with error response codes
    400 Bad Request
       null: 7 Time(s)
       /config/getuser?index=0: 5 Time(s)
       mstshash=Administr: 5 Time(s)
       /: 4 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
       &`\x93\x1C\xD2\xE3\xCC\xA3\x0Fse\xF7\xCAz\ ... C4\xB0Q\xB2\xF4: 1 Time(s)
       /.env: 1 Time(s)
       /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s)
...
\x0B\x14l\xE6L&\x03\xE7\x81\xBCZ\xB2\x1C\ ... (\xC0#\xC0'\xC0:
1 Time(s)        T\x90: 1 Time(s)
       \xC0\xF9I\xF2p\x16-a\xFBcA\xC4\xC7: 1 Time(s)
       \xCE\xD7\xC11\xAF\xAF\x139\xB5\xDF\x96:kO? ... x09\xC0\x13\xC0: 1 Time(s)
       \xFC1\x91b\x90T\xBF\x08\x8B\xE9X\x9B\xD0\x ... x09\xC0\x13\xC0: 1 Time(s)
       v\xD6\x16\xCB\xDC\xC0\xEA-\xF3\x96: 1 Time(s)
       yYH\x96: 1 Time(s)
    500 Internal Server Error
       /: 29 Time(s)
       /.env: 7 Time(s)
       /.vscode/sftp.json: 2 Time(s)
       /analytics/jbips/: 2 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /favicon.ico: 2 Time(s)
       /robots.txt: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /ReportServer: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /console/: 1 Time(s)
       /goettingen: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /login: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (gurlstalk.com): 115 Time(s)
       root (64.68.204.37): 106 Time(s)
       root (123.37.4.214): 38 Time(s)
       root (20.39.242.141): 36 Time(s)
       root (221.140.10.81): 36 Time(s)
       root (81.69.193.35): 36 Time(s)
       root (117.54.166.51): 35 Time(s)
       root (197.156.65.138): 35 Time(s)
       root (49.233.180.90): 35 Time(s)
       root (82.156.54.233): 35 Time(s)
       root (101.228.82.55): 34 Time(s)
       root (162-198-89-189.lightspeed.irvnca.sbcglobal.net): 34 Time(s)
       root (180.166.228.228): 34 Time(s)
       root (188.166.211.7): 34 Time(s)
       root (222.107.156.227): 34 Time(s)
       root (112.169.119.249): 33 Time(s)
       root (120.92.149.198): 33 Time(s)
       root (1.117.214.89): 31 Time(s)
       root (185.74.7.240): 31 Time(s)
       root (1-34-164-63.hinet-ip.hinet.net): 29 Time(s)
       root (195-154-118-239.rev.poneytelecom.eu): 29 Time(s)
       root (49.234.218.171): 29 Time(s)
       root (82.222.252.34): 29 Time(s)
       root (1.215.195.10): 28 Time(s)
       root (81.68.176.132): 28 Time(s)
       root (163.172.49.56): 27 Time(s)
       root (175.27.156.124): 27 Time(s)
       root (106.53.91.250): 26 Time(s)
       root (183.134.65.197): 21 Time(s)
       unknown (49.234.218.171): 21 Time(s)
       root (128.201.99.127): 20 Time(s)
       root (200.70.56.204): 20 Time(s)
       unknown (195-154-118-239.rev.poneytelecom.eu): 20 Time(s)
       root (103.167.53.253): 19 Time(s)
       unknown (1-34-164-63.hinet-ip.hinet.net): 19 Time(s)
       unknown (185.74.7.240): 19 Time(s)
       root (49.232.210.62): 17 Time(s)
       unknown (1.117.214.89): 17 Time(s)
       unknown (112.169.119.249): 17 Time(s)
       unknown (120.92.149.198): 17 Time(s)
       unknown (183.134.65.197): 17 Time(s)
       unknown (162-198-89-189.lightspeed.irvnca.sbcglobal.net): 16 Time(s)
       unknown (188.166.211.7): 16 Time(s)
       root (lfbn-cle-1-206-82.w2-3.abo.wanadoo.fr): 15 Time(s)
       unknown (117.54.166.51): 15 Time(s)
       unknown (180.166.228.228): 15 Time(s)
       unknown (197.156.65.138): 15 Time(s)
       unknown (222.107.156.227): 15 Time(s)
       unknown (49.233.180.90): 15 Time(s)
       root (171.244.202.131): 14 Time(s)
       unknown (101.228.82.55): 14 Time(s)
       unknown (163.172.49.56): 14 Time(s)
       unknown (20.39.242.141): 14 Time(s)
       unknown (81.69.193.35): 14 Time(s)
       unknown (82.156.54.233): 14 Time(s)
       unknown (221.140.10.81): 13 Time(s)
       unknown (123.37.4.214): 12 Time(s)
       unknown (171.244.202.131): 12 Time(s)
       unknown (200.70.56.204): 12 Time(s)
       unknown (49.232.210.62): 12 Time(s)
       unknown (81.68.176.132): 12 Time(s)
       root (123.134.167.62): 11 Time(s)
       root (20.206.131.16): 11 Time(s)
       unknown (103.167.53.253): 11 Time(s)
       unknown (123.134.167.62): 11 Time(s)
       root (106.55.47.184): 10 Time(s)
       root (113.120.36.156): 10 Time(s)
       unknown (1.215.195.10): 10 Time(s)
       unknown (82.222.252.34): 10 Time(s)
       unknown (106.53.91.250): 9 Time(s)
       unknown (20.206.131.16): 9 Time(s)
       unknown (lfbn-cle-1-206-82.w2-3.abo.wanadoo.fr): 9 Time(s)
       unknown (128.201.99.127): 8 Time(s)
       unknown (175.27.156.124): 7 Time(s)
       root (116.90.230.243): 6 Time(s)
       root (117.248.249.70): 6 Time(s)
       root (122.55.221.172): 6 Time(s)
       root (176.111.173.238): 6 Time(s)
       root (60.170.247.162): 6 Time(s)
       root (66.44.108.151): 6 Time(s)
       unknown (199.195.251.49): 6 Time(s)
       root (pool-71-190-143-79.nycmny.fios.verizon.net): 5 Time(s)
       root (139.59.144.149): 4 Time(s)
       root (81.70.224.95): 4 Time(s)
       unknown (106.55.47.184): 4 Time(s)
       unknown (113.120.36.156): 4 Time(s)
       unknown (188.126.222.53): 4 Time(s)
       unknown (209.141.53.99): 4 Time(s)
       root (113.120.25.165): 3 Time(s)
       root (209.141.42.29): 3 Time(s)
       unknown (122.55.221.172): 3 Time(s)
       unknown (141.98.10.60): 3 Time(s)
       unknown (212.193.30.101): 3 Time(s)
       unknown (45.135.232.159): 3 Time(s)
       unknown (45.155.204.39): 3 Time(s)
       root (136.144.41.253): 2 Time(s)
       root (176.111.173.237): 2 Time(s)
       unknown (136.144.41.253): 2 Time(s)
       unknown (141.98.10.82): 2 Time(s)
       unknown (188.126.89.46): 2 Time(s)
       unknown (199.19.224.76): 2 Time(s)
       unknown (221.163.103.143): 2 Time(s)
       unknown (dynamic-077-008-112-022.77.8.pool.telefonica.de): 2 Time(s)
       unknown (net-93-67-135-228.cust.vodafonedsl.it): 2 Time(s)
       bin (20.206.131.16): 1 Time(s)
       postgres (195-154-118-239.rev.poneytelecom.eu): 1 Time(s)
       postgres (222.107.156.227): 1 Time(s)
       root (112.10.214.122): 1 Time(s)
       root (185.73.124.100): 1 Time(s)
       root (58.246.251.27): 1 Time(s)
       sys (106.55.47.184): 1 Time(s)
       unknown (119.29.180.74): 1 Time(s)
       unknown (139.59.144.149): 1 Time(s)
       unknown (193.169.254.234): 1 Time(s)
       unknown (198.98.50.112): 1 Time(s)
       unknown (209.141.42.29): 1 Time(s)
       unknown (81.161.61.152): 1 Time(s)
       unknown (81.70.224.95): 1 Time(s)
       unknown (pool-71-190-143-79.nycmny.fios.verizon.net): 1 Time(s)
       www-data (lfbn-cle-1-206-82.w2-3.abo.wanadoo.fr): 1 Time(s)
    Invalid Users:
       Unknown Account: 540 Time(s)
       Bad User: --: 1 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        6   Miscellaneous warnings  
 
   15.812K  Bytes accepted                              16,192
   15.812K  Bytes sent via SMTP                         16,192
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        6   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        6   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      329   Connections             
       58   Connections lost (inbound) 
      329   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        3   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 4 Time(s)
 
 Failed logins from:
    1.34.164.63 (1-34-164-63.hinet-ip.hinet.net): 29 times
    1.117.214.89: 31 times
    1.215.195.10: 28 times
    2.3.53.82 (lfbn-cle-1-206-82.w2-3.abo.wanadoo.fr): 16 times
    20.39.242.141: 36 times
    20.206.131.16: 12 times
    49.232.210.62: 17 times
    49.233.180.90: 35 times
    49.234.218.171: 29 times
    58.246.251.27: 1 time
    60.170.247.162: 6 times
    64.68.204.37 (64.68.204.37.host.easydns.com): 106 times
    66.44.108.151 (66-44-108-151.s1173.c3-0.grg-cbr2.lnh-grg.md.cable.rcncustomer.com): 6
times
    71.190.143.79 (pool-71-190-143-79.nycmny.fios.verizon.net): 5 times
    81.68.176.132: 28 times
    81.69.193.35: 36 times
    81.70.224.95: 4 times
    82.156.54.233: 35 times
    82.222.252.34 (host-82-222-252-34.reverse.superonline.net): 29 times
    101.228.82.55: 34 times
    103.167.53.253: 19 times
    104.248.168.195 (gurlstalk.com): 115 times
    106.53.91.250: 26 times
    106.55.47.184: 11 times
    112.10.214.122: 1 time
    112.169.119.249: 33 times
    113.120.25.165: 3 times
    113.120.36.156: 10 times
    116.90.230.243: 6 times
    117.54.166.51: 35 times
    117.248.249.70: 6 times
    120.92.149.198: 33 times
    122.55.221.172 (122.55.221.172.static.pldt.net): 6 times
    123.37.4.214: 38 times
    123.134.167.62: 11 times
    128.201.99.127: 20 times
    136.144.41.253: 2 times
    139.59.144.149: 4 times
    162.198.89.189 (162-198-89-189.lightspeed.irvnca.sbcglobal.net): 34 times
    163.172.49.56 (163-172-49-56.rev.poneytelecom.eu): 27 times
    171.244.202.131: 14 times
    175.27.156.124: 27 times
    176.111.173.237: 2 times
    176.111.173.238: 6 times
    180.166.228.228: 34 times
    183.134.65.197: 21 times
    185.73.124.100: 1 time
    185.74.7.240: 31 times
    188.166.211.7: 34 times
    195.154.118.239 (195-154-118-239.rev.poneytelecom.eu): 30 times
    197.156.65.138: 35 times
    200.70.56.204 (host204.advance.com.ar): 20 times
    209.141.42.29: 3 times
    221.140.10.81: 36 times
    222.107.156.227: 35 times
 
 Illegal users from:
    undef: 373 times
    1.34.164.63 (1-34-164-63.hinet-ip.hinet.net): 19 times
    1.117.214.89: 17 times
    1.215.195.10: 10 times
    2.3.53.82 (lfbn-cle-1-206-82.w2-3.abo.wanadoo.fr): 9 times
    20.39.242.141: 14 times
    20.206.131.16: 9 times
    45.135.232.159: 3 times
    45.155.204.39: 3 times
    49.232.210.62: 12 times
    49.233.180.90: 15 times
    49.234.218.171: 21 times
    65.49.20.66 (scan-17.shadowserver.org): 1 time
    71.190.143.79 (pool-71-190-143-79.nycmny.fios.verizon.net): 1 time
    77.8.112.22 (dynamic-077-008-112-022.77.8.pool.telefonica.de): 2 times
    81.68.176.132: 12 times
    81.69.193.35: 14 times
    81.70.224.95: 1 time
    81.161.61.152: 1 time
    82.156.54.233: 14 times
    82.222.252.34 (host-82-222-252-34.reverse.superonline.net): 10 times
    93.67.135.228 (net-93-67-135-228.cust.vodafonedsl.it): 2 times
    101.228.82.55: 14 times
    103.167.53.253: 11 times
    106.53.91.250: 9 times
    106.55.47.184: 4 times
    112.169.119.249: 17 times
    113.120.36.156: 4 times
    117.54.166.51: 15 times
    119.29.180.74: 1 time
    120.92.149.198: 17 times
    122.55.221.172 (122.55.221.172.static.pldt.net): 3 times
    123.37.4.214: 12 times
    123.134.167.62: 11 times
    128.201.99.127: 8 times
    136.144.41.253: 2 times
    139.59.144.149: 1 time
    141.98.10.60: 3 times
    141.98.10.82: 2 times
    162.198.89.189 (162-198-89-189.lightspeed.irvnca.sbcglobal.net): 16 times
    163.172.49.56 (163-172-49-56.rev.poneytelecom.eu): 14 times
    171.244.202.131: 12 times
    175.27.156.124: 7 times
    180.166.228.228: 15 times
    183.134.65.197: 18 times
    185.74.7.240: 19 times
    188.126.89.46: 2 times
    188.126.222.53 (cm-188.126.222.53.get.no): 4 times
    188.166.211.7: 16 times
    193.169.254.234: 1 time
    195.154.118.239 (195-154-118-239.rev.poneytelecom.eu): 20 times
    197.156.65.138: 15 times
    198.98.50.112 (tor.your-domain.tld): 1 time
    199.19.224.76 (kon.is.hentai): 2 times
    199.195.251.49: 6 times
    200.70.56.204 (host204.advance.com.ar): 12 times
    209.141.42.29: 1 time
    209.141.53.99 (abbrinym.com): 4 times
    212.193.30.101 (slot0.iglogi-camo.com): 3 times
    221.140.10.81: 13 times
    221.163.103.143: 2 times
    222.107.156.227: 15 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)