[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Donnerstag, 9 Dezember 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Thu Dec  9 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Dec-08 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [100:100]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 6 sites probed the server 
    161.35.236.158
    161.35.238.241
    3.92.3.197
    52.151.193.60
    52.186.68.208
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       null: 8 Time(s)
       /: 4 Time(s)
       mstshash=Domain: 4 Time(s)
       mstshash=Administr: 3 Time(s)
       /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 2 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
       /.env: 1 Time(s)
       /.git/config: 1 Time(s)
       /98789357: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       h\xD4\x06/\x1B\xAA\xA1\xAD\xE1z4#w\xE6\x1F ... x09\xC0\x14\xC0: 1 Time(s)
       icap://icap-server.net/server?arg=87: 1 Time(s)
       k\xD1\xD7\xCD\xEA\xBAL\xB7\x07\xB0\xA7N\xABjf\xC7u: 1 Time(s)
       sT\x06\x7F\xC5\xF2\xCB\xB6/\xC0B\xBA@g\xCA ... x09\xC0\x13\xC0: 1 Time(s)
    500 Internal Server Error
       /: 42 Time(s)
       /.env: 21 Time(s)
       /_ignition/execute-solution: 2 Time(s)
       /console/: 2 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /favicon.ico: 2 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /.git/config: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /ReportServer: 1 Time(s)
       /actuator/health: 1 Time(s)
       /admin: 1 Time(s)
       /digit/app/download/list: 1 Time(s)
       /login: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /odd/app/download/list: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /robots.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (81.70.205.210): 37 Time(s)
       root (157.245.168.191): 32 Time(s)
       root (115.182.105.68): 31 Time(s)
       root (42.194.135.90): 30 Time(s)
       root (92.255.85.237): 29 Time(s)
       root (1.117.12.121): 28 Time(s)
       unknown (159.223.85.219): 27 Time(s)
       root (36.134.27.190): 26 Time(s)
       root (171.115.84.233): 24 Time(s)
       root (106.13.6.113): 23 Time(s)
       root (154.114.57.143): 22 Time(s)
       root (61.183.230.9): 21 Time(s)
       root (92.255.85.37): 20 Time(s)
       root (113.31.119.233): 19 Time(s)
       unknown (157.245.168.191): 18 Time(s)
       unknown (92.255.85.37): 18 Time(s)
       root (139.28.235.176): 17 Time(s)
       unknown (92.255.85.237): 17 Time(s)
       unknown (171.115.84.233): 16 Time(s)
       unknown (42.194.135.90): 16 Time(s)
       root (142.182.146.122): 15 Time(s)
       root (157.245.252.34): 15 Time(s)
       unknown (115.182.105.68): 15 Time(s)
       unknown (141.98.10.82): 15 Time(s)
       unknown (1.117.12.121): 14 Time(s)
       unknown (154.114.57.143): 14 Time(s)
       root (134.17.16.196): 13 Time(s)
       root (111.206.4.222): 12 Time(s)
       root (64.227.113.173): 12 Time(s)
       unknown (81.70.205.210): 12 Time(s)
       root (211.45.247.122): 11 Time(s)
       root (221.122.73.130): 11 Time(s)
       root (113.128.39.230): 10 Time(s)
       root (113.57.179.3): 10 Time(s)
       root (159.223.85.219): 10 Time(s)
       root (202.83.16.8): 10 Time(s)
       unknown (142.182.146.122): 10 Time(s)
       unknown (64.227.113.173): 10 Time(s)
       root (167.71.10.210): 9 Time(s)
       unknown (111.206.4.222): 9 Time(s)
       unknown (134.17.16.196): 9 Time(s)
       unknown (157.245.252.34): 8 Time(s)
       unknown (36.134.27.190): 8 Time(s)
       root (113.128.28.171): 7 Time(s)
       root (125.220.160.129): 7 Time(s)
       root (134.209.205.40): 7 Time(s)
       unknown (116.105.77.214): 7 Time(s)
       unknown (194.85.248.40): 7 Time(s)
       unknown (202.83.16.8): 7 Time(s)
       unknown (211.45.247.122): 7 Time(s)
       root (188.166.60.8): 6 Time(s)
       unknown (106.13.6.113): 6 Time(s)
       unknown (113.31.119.233): 6 Time(s)
       unknown (125.220.160.129): 6 Time(s)
       unknown (134.236.247.145): 6 Time(s)
       root (114.67.104.59): 5 Time(s)
       unknown (113.57.179.3): 5 Time(s)
       unknown (116.110.19.131): 5 Time(s)
       unknown (141.98.10.60): 5 Time(s)
       unknown (212.192.241.124): 5 Time(s)
       unknown (221.122.73.130): 5 Time(s)
       root (200.49.244.6): 4 Time(s)
       unknown (114.67.104.59): 4 Time(s)
       unknown (116.110.9.69): 4 Time(s)
       unknown (139.28.235.176): 4 Time(s)
       unknown (146.185.79.101): 4 Time(s)
       root (113.120.36.87): 3 Time(s)
       root (193.169.254.234): 3 Time(s)
       root (ec2-13-59-1-40.us-east-2.compute.amazonaws.com): 3 Time(s)
       unknown (104.236.42.124): 3 Time(s)
       unknown (115.73.24.113): 3 Time(s)
       unknown (116.105.164.97): 3 Time(s)
       unknown (116.110.92.217): 3 Time(s)
       unknown (134.209.205.40): 3 Time(s)
       unknown (193.169.254.234): 3 Time(s)
       unknown (209.141.53.74): 3 Time(s)
       unknown (31.184.198.71): 3 Time(s)
       unknown (45.155.204.39): 3 Time(s)
       postgres (159.223.85.219): 2 Time(s)
       root (116.105.77.214): 2 Time(s)
       root (116.110.19.131): 2 Time(s)
       root (122.4.54.14): 2 Time(s)
       root (141.98.10.246): 2 Time(s)
       root (45.88.137.253): 2 Time(s)
       unknown (113.128.28.171): 2 Time(s)
       unknown (116.105.77.83): 2 Time(s)
       unknown (122.4.54.14): 2 Time(s)
       unknown (141.98.10.202): 2 Time(s)
       unknown (141.98.10.246): 2 Time(s)
       unknown (167.71.10.210): 2 Time(s)
       unknown (179.43.187.37): 2 Time(s)
       unknown (209.141.34.220): 2 Time(s)
       unknown (212.192.241.37): 2 Time(s)
       unknown (23.183.82.180): 2 Time(s)
       unknown (91.223.67.146): 2 Time(s)
       unknown (92.255.195.14): 2 Time(s)
       daemon (92.255.85.237): 1 Time(s)
       proxy (92.255.85.237): 1 Time(s)
       root (109.227.63.3): 1 Time(s)
       root (116.105.164.97): 1 Time(s)
       root (116.110.9.69): 1 Time(s)
       root (116.110.92.217): 1 Time(s)
       root (201.140.178.19): 1 Time(s)
       root (36.91.61.178): 1 Time(s)
       root (81.68.212.201): 1 Time(s)
       root (91.223.67.146): 1 Time(s)
       unknown (106.38.121.162): 1 Time(s)
       unknown (109.227.63.3): 1 Time(s)
       unknown (112.33.16.34): 1 Time(s)
       unknown (134.209.83.158): 1 Time(s)
       unknown (200.49.244.6): 1 Time(s)
       unknown (205.185.115.39): 1 Time(s)
       unknown (209.141.44.102): 1 Time(s)
       unknown (209.141.47.245): 1 Time(s)
       unknown (23.183.81.227): 1 Time(s)
       unknown (23.183.81.249): 1 Time(s)
       unknown (5.199.143.202): 1 Time(s)
       unknown (61.183.230.9): 1 Time(s)
       unknown (81.71.83.240): 1 Time(s)
       unknown (slot0.epaperitaliait.com): 1 Time(s)
    Invalid Users:
       Unknown Account: 394 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  
 
   13.222K  Bytes accepted                              13,539
   13.222K  Bytes sent via SMTP                         13,539
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        7   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        7   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       50   Connections             
       36   Connections lost (inbound) 
       50   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.117.12.121: 28 times
    13.59.1.40 (ec2-13-59-1-40.us-east-2.compute.amazonaws.com): 3 times
    36.91.61.178: 1 time
    36.134.27.190: 26 times
    42.194.135.90: 30 times
    45.88.137.253: 2 times
    61.183.230.9: 21 times
    64.227.113.173: 12 times
    81.68.212.201: 1 time
    81.70.205.210: 37 times
    91.223.67.146: 1 time
    92.255.85.37: 20 times
    92.255.85.237: 31 times
    106.13.6.113: 23 times
    109.227.63.3 (srv-109-227-63-3.static.a1.hr): 1 time
    111.206.4.222: 12 times
    113.31.119.233: 19 times
    113.57.179.3: 10 times
    113.120.36.87: 3 times
    113.128.28.171: 7 times
    113.128.39.230: 10 times
    114.67.104.59: 5 times
    115.182.105.68: 31 times
    116.105.77.214: 2 times
    116.105.164.97: 1 time
    116.110.9.69: 1 time
    116.110.19.131: 2 times
    116.110.92.217: 1 time
    122.4.54.14 (14.54.4.122.broad.jn.sd.dynamic.163data.com.cn): 2 times
    125.220.160.129: 7 times
    134.17.16.196 (196-16-17-134-cloud.mts.by): 13 times
    134.209.205.40: 7 times
    139.28.235.176: 17 times
    141.98.10.246 (while-alerte.flightcrown.com): 2 times
    142.182.146.122: 15 times
    154.114.57.143: 22 times
    157.245.168.191: 32 times
    157.245.252.34 (dev.pana): 15 times
    159.223.85.219: 12 times
    167.71.10.210: 9 times
    171.115.84.233: 24 times
    188.166.60.8: 6 times
    193.169.254.234: 3 times
    200.49.244.6 (ip): 4 times
    201.140.178.19 (tj-201-140-178-19.gtel.net.mx): 1 time
    202.83.16.8 (act20283168.broadband.actcorp.in): 10 times
    211.45.247.122: 11 times
    221.122.73.130 (mx-lt49-130.meituan.com): 12 times
 
 Illegal users from:
    2001:470:1:c84::24: 1 time
    undef: 232 times
    1.117.12.121: 14 times
    5.199.143.202 (ca235.calcit.dedicated.server-hosting.expert): 1 time
    23.183.81.227: 1 time
    23.183.81.249: 1 time
    23.183.82.180: 2 times
    31.184.198.71: 3 times
    35.242.154.162 (162.154.242.35.bc.googleusercontent.com): 6 times
    36.134.27.190: 8 times
    42.194.135.90: 16 times
    45.155.204.39: 3 times
    61.183.230.9: 1 time
    64.227.113.173: 10 times
    65.49.20.66 (scan-17.shadowserver.org): 1 time
    81.70.205.210: 12 times
    81.71.83.240: 1 time
    91.223.67.146: 2 times
    92.255.85.37: 18 times
    92.255.85.237: 17 times
    92.255.195.14 (92x255x195x14.static-customer.kzn.ertelecom.ru): 2 times
    104.236.42.124: 3 times
    106.13.6.113: 6 times
    106.38.121.162: 1 time
    109.227.63.3 (srv-109-227-63-3.static.a1.hr): 1 time
    111.206.4.222: 9 times
    112.33.16.34: 1 time
    113.31.119.233: 6 times
    113.57.179.3: 5 times
    113.128.28.171: 2 times
    114.67.104.59: 4 times
    115.73.24.113 (adsl.viettel.vn): 3 times
    115.182.105.68: 15 times
    116.105.77.83: 2 times
    116.105.77.214: 7 times
    116.105.164.97: 3 times
    116.110.9.69: 4 times
    116.110.19.131: 5 times
    116.110.92.217: 3 times
    122.4.54.14 (14.54.4.122.broad.jn.sd.dynamic.163data.com.cn): 2 times
    125.220.160.129: 6 times
    134.17.16.196 (196-16-17-134-cloud.mts.by): 9 times
    134.209.83.158: 1 time
    134.209.205.40: 3 times
    134.236.247.145: 6 times
    139.28.235.176: 4 times
    141.98.10.60: 5 times
    141.98.10.82: 15 times
    141.98.10.202: 2 times
    141.98.10.246 (while-alerte.flightcrown.com): 2 times
    142.182.146.122: 10 times
    146.185.79.101: 4 times
    154.114.57.143: 14 times
    157.245.168.191: 18 times
    157.245.252.34 (dev.pana): 8 times
    159.223.85.219: 27 times
    167.71.10.210: 2 times
    171.115.84.233: 16 times
    179.43.187.37: 2 times
    193.169.254.234: 3 times
    194.85.248.40: 7 times
    195.133.18.24 (slot0.epaperitaliait.com): 1 time
    200.49.244.6 (ip): 1 time
    202.83.16.8 (act20283168.broadband.actcorp.in): 7 times
    205.185.115.39 (mx.learnmorefun.org): 1 time
    209.141.34.220 (meshlv02.oxds.org): 2 times
    209.141.44.102: 1 time
    209.141.47.245: 1 time
    209.141.53.74: 3 times
    211.45.247.122: 7 times
    212.192.241.37: 2 times
    212.192.241.124: 5 times
    221.122.73.130 (mx-lt49-130.meituan.com): 5 times
 
 **Unmatched Entries**
 Disconnecting: Change of username or service not allowed: (0,ssh-connection) ->
(!root,ssh-connection) [preauth] : 1 time(s)
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(0,ssh-connection) [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)