[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Dienstag, 19 Oktober 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Tue Oct 19 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-18 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 75:77 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    149.129.50.37 -> zapf.wiki:443: 1 Time(s)
 
 A total of 13 sites probed the server 
    103.167.243.17
    107.189.28.85
    149.129.50.37
    160.116.22.17
    162.62.14.156
    205.185.113.41
    209.141.51.171
    209.141.54.186
    35.171.82.107
    45.61.184.37
    64.227.97.195
    66.240.205.34
    91.132.58.79
 
 Requests with error response codes
    400 Bad Request
       null: 20 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 3 Time(s)
       /: 2 Time(s)
       /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s)
       /config/getuser?index=0: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s)
       /manager/html: 1 Time(s)
       /secure/Dashboard.jspa: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       S\x00\x00\x00\x00\x00: 1 Time(s)
       \x5Cxbf\x5Cx02\x5Cx00\x5Cx88\x5Cx13\x5Cx00 ... \x5Cx9e\x5Cx16E: 1 Time(s)
       \x9DI\xE6\xE7\x99\x04D\xE6\xEA\xB5\xF4F\xC ... x09\xC0\x13\xC0: 1 Time(s)
       \xBF\x02\x00\x88\x13\x00\x00\x87\x00\x00\x ... 0\x00/\x9E\x16E: 1 Time(s)
       zapf.wiki:443: 1 Time(s)
    499 (undefined)
       /socket.io/?noteId=berlin17_ak_physik_nebe ... HZm7E5Frv4wAAB4: 1 Time(s)
    500 Internal Server Error
       /: 54 Time(s)
       /favicon.ico: 8 Time(s)
       /.env: 7 Time(s)
       /login.action: 3 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /.DS_Store: 1 Time(s)
       /.git/config: 1 Time(s)
       /.json: 1 Time(s)
       ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /GponForm/diag_Form?style/: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /api/search?folderIds=0: 1 Time(s)
       /config.json: 1 Time(s)
       /console/: 1 Time(s)
       /debug/default/view?panel=config: 1 Time(s)
       /frontend_dev.php/$: 1 Time(s)
       /idx_config/: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /info.php: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /robots.txt: 1 Time(s)
       /s/lkx/_/;/META-INF/maven/com.atlassian.ji ... /pom.properties: 1 Time(s)
       /server-status: 1 Time(s)
       /telescope/requests: 1 Time(s)
       /v2/_catalog: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (fixed-187-188-132-86.totalplay.net): 39 Time(s)
       root (52.160.125.155): 38 Time(s)
       root (101.34.3.70): 36 Time(s)
       root (203.106.40.110): 36 Time(s)
       root (106.55.254.112): 35 Time(s)
       root (106.75.57.20): 33 Time(s)
       root (106.51.78.188): 30 Time(s)
       root (106.51.71.157): 28 Time(s)
       root (40.70.0.187): 25 Time(s)
       root (119.82.135.226): 24 Time(s)
       root (42.192.234.117): 22 Time(s)
       root (118.195.183.50): 21 Time(s)
       root (mbl-109-61-121.dsl.net.pk): 21 Time(s)
       root (120.92.134.94): 20 Time(s)
       root (49.235.66.151): 19 Time(s)
       root (106.54.112.173): 18 Time(s)
       root (122.55.221.172): 18 Time(s)
       root (36-227-137-128.dynamic-ip.hinet.net): 18 Time(s)
       root (1.116.140.147): 17 Time(s)
       root (112.169.119.249): 17 Time(s)
       root (211.244.172.136): 17 Time(s)
       unknown (49.235.66.151): 17 Time(s)
       root (107.92-221-156.customer.lyse.net): 16 Time(s)
       root (161.4.138.58.dy.bbexcite.jp): 16 Time(s)
       unknown (106.51.78.188): 15 Time(s)
       unknown (101.34.3.70): 14 Time(s)
       unknown (106.55.254.112): 14 Time(s)
       unknown (119.82.135.226): 14 Time(s)
       root (114.6.29.30): 13 Time(s)
       root (182-237-16-190.fibertel.com.ar): 13 Time(s)
       unknown (40.70.0.187): 13 Time(s)
       unknown (42.192.234.117): 13 Time(s)
       root (171.39.0.3): 12 Time(s)
       root (64.225.13.173): 12 Time(s)
       root (91.192.4.91): 12 Time(s)
       unknown (106.51.71.157): 12 Time(s)
       unknown (52.160.125.155): 12 Time(s)
       root (fixed-187-188-132-86.totalplay.net): 11 Time(s)
       unknown (112.169.119.249): 10 Time(s)
       unknown (142.93.203.254): 10 Time(s)
       root (106.53.56.213): 9 Time(s)
       root (118.24.123.34): 9 Time(s)
       root (ip-198-12-227-59.ip.secureserver.net): 9 Time(s)
       unknown (106.75.57.20): 9 Time(s)
       unknown (161.4.138.58.dy.bbexcite.jp): 9 Time(s)
       unknown (171.39.0.3): 9 Time(s)
       unknown (203.106.40.110): 9 Time(s)
       unknown (64.225.13.173): 9 Time(s)
       root (119.84.122.107): 8 Time(s)
       root (20.206.98.57): 8 Time(s)
       root (68.183.180.46): 8 Time(s)
       unknown (1.116.140.147): 8 Time(s)
       unknown (106.54.112.173): 8 Time(s)
       unknown (199.19.224.76): 8 Time(s)
       unknown (211.244.172.136): 8 Time(s)
       root (49.231.182.35): 7 Time(s)
       unknown (107.92-221-156.customer.lyse.net): 7 Time(s)
       unknown (118.195.183.50): 7 Time(s)
       unknown (122.55.221.172): 7 Time(s)
       unknown (36-227-137-128.dynamic-ip.hinet.net): 7 Time(s)
       unknown (118.24.123.34): 6 Time(s)
       unknown (141.98.10.82): 6 Time(s)
       unknown (49.231.182.35): 6 Time(s)
       root (142.93.203.254): 5 Time(s)
       unknown (114.6.29.30): 5 Time(s)
       unknown (176.111.173.237): 5 Time(s)
       unknown (91.192.4.91): 5 Time(s)
       root (176.111.173.238): 4 Time(s)
       unknown (176.111.173.238): 4 Time(s)
       unknown (182-237-16-190.fibertel.com.ar): 4 Time(s)
       unknown (199.195.251.49): 4 Time(s)
       unknown (119.84.122.107): 3 Time(s)
       unknown (176.111.173.226): 3 Time(s)
       unknown (212.193.30.101): 3 Time(s)
       unknown (51.15.197.4): 3 Time(s)
       unknown (ip-198-12-227-59.ip.secureserver.net): 3 Time(s)
       unknown (mbl-109-61-121.dsl.net.pk): 3 Time(s)
       unknown (075-113-213-108.res.spectrum.com): 2 Time(s)
       unknown (106.53.56.213): 2 Time(s)
       unknown (120.92.134.94): 2 Time(s)
       unknown (141.98.10.121): 2 Time(s)
       unknown (141.98.10.81): 2 Time(s)
       unknown (183.104.206.223): 2 Time(s)
       unknown (20.206.98.57): 2 Time(s)
       unknown (45.155.204.39): 2 Time(s)
       unknown (68.183.180.46): 2 Time(s)
       mysql (203.106.40.110): 1 Time(s)
       postgres (106.53.56.213): 1 Time(s)
       postgres (171.39.0.3): 1 Time(s)
       root (103.133.57.250): 1 Time(s)
       root (150.164.33.41): 1 Time(s)
       root (167.71.193.8): 1 Time(s)
       root (183.240.157.2): 1 Time(s)
       root (51.15.197.4): 1 Time(s)
       sshd (45.155.204.39): 1 Time(s)
       unknown (159.255.124.94): 1 Time(s)
       unknown (185.31.175.215): 1 Time(s)
       unknown (188.126.89.148): 1 Time(s)
       unknown (188.126.89.150): 1 Time(s)
       unknown (192.42.116.16): 1 Time(s)
       unknown (206.223.33.121): 1 Time(s)
       unknown (36.89.68.35): 1 Time(s)
       unknown (41.137.137.92): 1 Time(s)
       unknown (45.153.160.130): 1 Time(s)
       unknown (58.56.177.202): 1 Time(s)
       unknown (89.163.249.192): 1 Time(s)
       unknown (marcuse-1.nos-oignons.net): 1 Time(s)
       unknown (tor-exit.duckhecker.com): 1 Time(s)
    Invalid Users:
       Unknown Account: 382 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       15   Miscellaneous warnings  
 
   14.863K  Bytes accepted                              15,220
   14.863K  Bytes sent via SMTP                         15,220
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      310   Connections             
       89   Connections lost (inbound) 
      310   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.116.140.147: 17 times
    20.206.98.57: 8 times
    36.227.137.128 (36-227-137-128.dynamic-ip.hinet.net): 18 times
    40.70.0.187: 25 times
    42.192.234.117: 22 times
    45.155.204.39: 1 time
    49.231.182.35: 7 times
    49.235.66.151: 19 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 1 time
    52.160.125.155: 38 times
    58.138.4.161 (161.4.138.58.dy.bbexcite.jp): 16 times
    64.225.13.173: 12 times
    68.183.180.46: 8 times
    91.192.4.91: 12 times
    92.221.156.107 (107.92-221-156.customer.lyse.net): 16 times
    101.34.3.70: 36 times
    103.133.57.250: 1 time
    106.51.71.157 (106.51.71.157.actcorp.in): 28 times
    106.51.78.188 (106.51.78.188.actcorp.in): 30 times
    106.53.56.213: 10 times
    106.54.112.173: 18 times
    106.55.254.112: 35 times
    106.75.57.20: 33 times
    112.169.119.249: 17 times
    114.6.29.30 (vpn.pdampadang.co.id): 13 times
    118.24.123.34: 9 times
    118.195.183.50: 21 times
    119.82.135.226 (static.cmcti.vn): 24 times
    119.84.122.107: 8 times
    120.92.134.94: 20 times
    122.55.221.172 (122.55.221.172.static.pldt.net): 18 times
    124.109.61.121 (mbl-109-61-121.dsl.net.pk): 21 times
    142.93.203.254: 5 times
    150.164.33.41 (sala1206m01.eee.eng.ufmg.br): 1 time
    167.71.193.8 (monitoring.tongkolspace.com-new): 1 time
    171.39.0.3: 13 times
    176.111.173.238: 4 times
    183.240.157.2: 1 time
    187.188.132.86 (fixed-187-188-132-86.totalplay.net): 11 times
    190.16.237.182 (182-237-16-190.fibertel.com.ar): 13 times
    198.12.227.59 (ip-198-12-227-59.ip.secureserver.net): 9 times
    203.106.40.110: 37 times
    211.244.172.136: 17 times
 
 Illegal users from:
    undef: 258 times
    1.116.140.147: 8 times
    20.206.98.57: 2 times
    36.89.68.35: 1 time
    36.227.137.128 (36-227-137-128.dynamic-ip.hinet.net): 7 times
    40.70.0.187: 13 times
    41.137.137.92: 1 time
    42.192.234.117: 13 times
    45.153.160.130: 1 time
    45.155.204.39: 2 times
    49.231.182.35: 6 times
    49.235.66.151: 17 times
    51.15.82.176 (tor-exit.duckhecker.com): 1 time
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 3 times
    52.160.125.155: 12 times
    58.56.177.202: 1 time
    58.138.4.161 (161.4.138.58.dy.bbexcite.jp): 9 times
    64.225.13.173: 9 times
    65.49.20.66 (scan-17.shadowserver.org): 1 time
    68.183.180.46: 2 times
    75.113.213.108 (075-113-213-108.res.spectrum.com): 2 times
    89.163.249.192 (srv1116.dedicated.server-hosting.expert): 1 time
    91.192.4.91: 5 times
    92.221.156.107 (107.92-221-156.customer.lyse.net): 7 times
    101.34.3.70: 14 times
    106.51.71.157 (106.51.71.157.actcorp.in): 12 times
    106.51.78.188 (106.51.78.188.actcorp.in): 15 times
    106.53.56.213: 2 times
    106.54.112.173: 8 times
    106.55.254.112: 14 times
    106.75.57.20: 9 times
    112.169.119.249: 10 times
    114.6.29.30 (vpn.pdampadang.co.id): 5 times
    118.24.123.34: 6 times
    118.195.183.50: 7 times
    119.82.135.226 (static.cmcti.vn): 14 times
    119.84.122.107: 3 times
    120.92.134.94: 2 times
    122.55.221.172 (122.55.221.172.static.pldt.net): 7 times
    124.109.61.121 (mbl-109-61-121.dsl.net.pk): 3 times
    141.98.10.81: 2 times
    141.98.10.82: 6 times
    141.98.10.121: 2 times
    142.93.203.254: 10 times
    159.255.124.94: 1 time
    171.39.0.3: 9 times
    176.111.173.226: 3 times
    176.111.173.237: 5 times
    176.111.173.238: 4 times
    178.20.55.16 (marcuse-1.nos-oignons.net): 1 time
    183.104.206.223: 2 times
    185.31.175.215: 1 time
    187.188.132.86 (fixed-187-188-132-86.totalplay.net): 39 times
    188.126.89.148: 1 time
    188.126.89.150: 1 time
    190.16.237.182 (182-237-16-190.fibertel.com.ar): 4 times
    192.42.116.16 (tor-exit.hartvoorinternetvrijheid.nl): 1 time
    198.12.227.59 (ip-198-12-227-59.ip.secureserver.net): 3 times
    199.19.224.76 (kon.is.hentai): 8 times
    199.195.251.49: 4 times
    203.106.40.110: 9 times
    206.223.33.121: 1 time
    211.244.172.136: 8 times
    212.193.30.101 (slot0.iglogi-camo.com): 3 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)