[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Feb 24 04:42:03 2021 Date Range Processed: yesterday ( 2021-Feb-23 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [184:184] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 222.186.136.150 -> zapf.wiki:443: 2 Time(s) A total of 7 sites probed the server 222.186.136.150 37.49.229.191 52.89.92.80 54.234.159.100 61.219.11.153 64.227.23.46 68.183.10.58 Requests with error response codes 400 Bad Request null: 9 Time(s) /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... T_lM_WvFcDrADiK: 2 Time(s) /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... Wv87Qer2fpAADiM: 2 Time(s) mstshash=Administr: 2 Time(s) zapf.wiki:443: 2 Time(s) /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... -2p7nujWDcmADiL: 1 Time(s) P\xB8H\xFC)\xD2c\x8E\x9D\xFB\x84\xBA\xB6\x ... (\xC0#\xC0'\xC0: 1 Time(s) \xFB\x8A\x5C\x83\xD2!\xFB5: 1 Time(s) 404 Not Found /robots.txt: 118 Time(s) /wp-login.php: 5 Time(s) /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 2 Time(s) /home/verein: 2 Time(s) /protokolle/Protokoll_MV_2019_01_11_Freiburg.pdf: 2 Time(s) /.env: 1 Time(s) /download/reader_aa87.pdf: 1 Time(s) /download/zapfev_satzung.pdf: 1 Time(s) /home/zapf: 1 Time(s) /neuigkeiten/einladung-mgv-ss2011: 1 Time(s) /neuigkeiten/einladung-zapf-sose2011: 1 Time(s) /reader/1995-wi-reader_bn95.pdf: 1 Time(s) /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 1 Time(s) /sites/default/files/2006_SoSe_Dresden.pdf: 1 Time(s) /sites/default/files/2011_SoSe_Dresden.pdf: 1 Time(s) /xmlrpc.php: 1 Time(s) 499 (undefined) /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... -2p7nujWDcmADiL: 1 Time(s) /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... T_lM_WvFcDrADiK: 1 Time(s) /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... Wv87Qer2fpAADiM: 1 Time(s) 500 Internal Server Error /: 78 Time(s) /robots.txt: 9 Time(s) /atom.xml: 7 Time(s) /sitemap_index.xml: 7 Time(s) /.env: 6 Time(s) /sitemap.txt: 6 Time(s) /sitemap.xml: 6 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s) /?XDEBUG_SESSION_START=phpstorm: 2 Time(s) /Autodiscover/Autodiscover.xml: 2 Time(s) /_ignition/execute-solution: 2 Time(s) /api/jsonws/invoke: 2 Time(s) /console/: 2 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s) /mifs/.;/services/LogService: 2 Time(s) /sitemap.xml.gz: 2 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s) /admin//config.php: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /sitemaps.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (vmi501273.contaboserver.net): 401 Time(s) unknown (138.197.193.191): 278 Time(s) root (159.75.42.65): 70 Time(s) root (177.22.35.126): 70 Time(s) root (thebitcoin.exchange): 69 Time(s) root (109.ip-51-91-100.eu): 68 Time(s) root (211.184.187.129): 66 Time(s) root (5.3.6.82): 66 Time(s) root (157.245.81.242): 64 Time(s) root (139.59.158.239): 63 Time(s) root (vps-75e1d53d.vps.ovh.net): 63 Time(s) root (178.128.147.114): 62 Time(s) root (212.33.250.241): 62 Time(s) root (4.ip-144-217-85.net): 62 Time(s) root (h-212-156.a357.priv.bahnhof.se): 62 Time(s) root (vps-a4a0af34.vps.ovh.ca): 62 Time(s) root (haztech.com.my): 61 Time(s) root (112.217.11.203): 60 Time(s) root (178.128.84.47): 60 Time(s) root (45.240.88.197): 60 Time(s) root (109.227.63.3): 59 Time(s) root (138.197.69.184): 59 Time(s) root (212.64.91.114): 59 Time(s) root (65.151.188.94): 59 Time(s) root (82.196.5.221): 59 Time(s) root (103.105.130.136): 58 Time(s) root (61.155.138.100): 58 Time(s) root (181.49.118.185): 57 Time(s) root (207.154.243.194): 57 Time(s) root (61.178.178.156): 57 Time(s) root (116-59-25-201.emome-ip.hinet.net): 56 Time(s) root (139.59.244.237): 56 Time(s) root (159.65.30.66): 56 Time(s) root (218.245.1.169): 56 Time(s) root (106.75.169.24): 55 Time(s) root (138.197.130.138): 55 Time(s) root (182.18.144.99): 55 Time(s) root (68.183.188.159): 55 Time(s) root (128.199.94.218): 54 Time(s) root (139.59.102.170): 53 Time(s) root (189.254.242.60): 53 Time(s) root (159.89.114.40): 52 Time(s) root (181.126.83.37): 52 Time(s) root (61.164.41.76): 52 Time(s) root (111.204.204.72): 51 Time(s) root (101.36.178.20): 49 Time(s) root (180.76.148.87): 49 Time(s) root (120.131.9.167): 47 Time(s) root (132.232.4.33): 47 Time(s) root (118.123.244.100): 46 Time(s) root (49.234.59.246): 46 Time(s) root (128.199.228.115): 45 Time(s) root (139.59.31.173): 44 Time(s) root (185.91.142.202): 42 Time(s) root (42.194.203.226): 42 Time(s) root (49.235.29.185): 41 Time(s) root (81.68.212.67): 41 Time(s) root (106.13.89.74): 40 Time(s) root (152.136.16.233): 40 Time(s) root (120.53.12.94): 39 Time(s) root (206.221.80.253): 39 Time(s) root (117.51.150.202): 38 Time(s) root (111.67.199.85): 37 Time(s) root (161.35.227.204): 37 Time(s) root (150.136.162.158): 36 Time(s) root (68.168.142.29.16clouds.com): 36 Time(s) root (119.28.9.138): 35 Time(s) root (193.112.160.226): 35 Time(s) root (81.69.58.254): 35 Time(s) root (143.110.190.26): 34 Time(s) root (152.136.179.135): 34 Time(s) root (94.57.252.147): 34 Time(s) root (49.232.161.221): 33 Time(s) root (82.156.111.238): 33 Time(s) root (96-91-109-121-static.hfc.comcastbusiness.net): 32 Time(s) root (106.52.54.192): 31 Time(s) root (157.245.89.43): 30 Time(s) root (181.40.122.2): 29 Time(s) root (106.52.214.183): 28 Time(s) root (mail.swedmobil.ru): 27 Time(s) root (115.159.71.95): 26 Time(s) root (189.20.98.204): 24 Time(s) root (81.71.83.218): 24 Time(s) root (smtp.swedmobil.ru): 24 Time(s) root (165.227.46.89): 22 Time(s) unknown (218.60.39.190): 22 Time(s) root (128.199.116.139): 21 Time(s) root (119.29.85.229): 20 Time(s) root (bl21-166-137.dsl.telepac.pt): 20 Time(s) root (157.230.231.39): 19 Time(s) root (165.227.163.85): 18 Time(s) root (52.149.180.228): 18 Time(s) root (212.64.3.194): 17 Time(s) root (218.60.39.190): 16 Time(s) root (221.181.185.143): 16 Time(s) root (107.182.176.142.16clouds.com): 14 Time(s) root (net-2-45-185-2.cust.vodafonedsl.it): 13 Time(s) root (222.187.238.87): 12 Time(s) root (222.187.239.31): 12 Time(s) root (45-14-10-16.pool.giganet.hu): 12 Time(s) root (119.84.128.25): 11 Time(s) root (102.38.50.50): 10 Time(s) root (139.215.208.125): 10 Time(s) root (49.232.43.126): 8 Time(s) root (13.92.232.23): 6 Time(s) root (161.35.218.118): 6 Time(s) root (221.181.185.140): 6 Time(s) root (64.225.112.216): 6 Time(s) root (1.234.58.166): 5 Time(s) unknown (45.146.165.213): 5 Time(s) bin (138.197.193.191): 4 Time(s) root (138.197.193.191): 4 Time(s) root (121.4.207.159): 3 Time(s) root (149.129.97.102): 3 Time(s) root (45.93.201.193): 3 Time(s) unknown (45.93.201.193): 3 Time(s) unknown (jiffix.com.ng): 3 Time(s) unknown (v118-27-4-225.o4kn.static.cnode.io): 3 Time(s) postgres (138.197.193.191): 2 Time(s) root (175.100.138.49): 2 Time(s) unknown (141.98.80.29): 2 Time(s) unknown (141.98.80.90): 2 Time(s) unknown (141.98.80.93): 2 Time(s) unknown (195.54.160.250): 2 Time(s) unknown (rosaluxemburg.tor-exit.calyxinstitute.org): 2 Time(s) news (138.197.193.191): 1 Time(s) root (101.32.208.137): 1 Time(s) root (114.69.244.238): 1 Time(s) root (115.68.49.169): 1 Time(s) root (119.29.199.247): 1 Time(s) root (119.45.250.197): 1 Time(s) root (121.5.36.65): 1 Time(s) root (121.5.65.156): 1 Time(s) root (122.114.116.59): 1 Time(s) root (124.205.84.15): 1 Time(s) root (141.98.80.89): 1 Time(s) root (141.98.80.91): 1 Time(s) root (141.98.80.92): 1 Time(s) root (162.241.121.37): 1 Time(s) root (163.172.167.225): 1 Time(s) root (180.76.227.138): 1 Time(s) root (191.209.88.62): 1 Time(s) root (200.122.249.203): 1 Time(s) root (221.122.78.202): 1 Time(s) root (27.128.160.79): 1 Time(s) root (27.ip-51-68-226.eu): 1 Time(s) root (46.101.103.207): 1 Time(s) root (49.233.100.14): 1 Time(s) root (49.7.164.54): 1 Time(s) root (57.ip-51-83-73.eu): 1 Time(s) root (81.70.197.147): 1 Time(s) root (87.110.181.30): 1 Time(s) root (host-186-4-136-153.netlife.ec): 1 Time(s) root (v118-27-4-225.o4kn.static.cnode.io): 1 Time(s) root (vps-fbabd881.vps.ovh.net): 1 Time(s) temp (138.197.193.191): 1 Time(s) unknown (141.98.80.89): 1 Time(s) unknown (141.98.80.91): 1 Time(s) unknown (141.98.80.92): 1 Time(s) unknown (39.153.132.29): 1 Time(s) unknown (mailcloud.rapidcompute.com): 1 Time(s) www-data (195.54.160.250): 1 Time(s) Invalid Users: Unknown Account: 329 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 366 Miscellaneous warnings 18.052K Bytes accepted 18,485 18.052K Bytes sent via SMTP 18,485 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 415 Connections 366 Connections lost (inbound) 415 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 1.234.58.166: 5 times 2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 13 times 2.82.166.137 (bl21-166-137.dsl.telepac.pt): 20 times 5.3.6.82 (5x3x6x82.static.ertelecom.ru): 66 times 13.92.232.23: 6 times 27.128.160.79: 1 time 42.194.203.226: 42 times 45.14.10.16 (45-14-10-16.pool.giganet.hu): 12 times 45.93.201.193: 3 times 45.240.88.197: 60 times 46.101.103.207: 1 time 49.7.164.54: 1 time 49.232.43.126: 8 times 49.232.161.221: 33 times 49.233.100.14: 1 time 49.234.59.246: 46 times 49.235.29.185: 41 times 51.68.226.27 (27.ip-51-68-226.eu): 1 time 51.79.66.92 (vps-a4a0af34.vps.ovh.ca): 62 times 51.83.73.57 (57.ip-51-83-73.eu): 1 time 51.91.100.109 (109.ip-51-91-100.eu): 68 times 51.178.139.41 (vps-fbabd881.vps.ovh.net): 1 time 51.195.139.169 (vps-75e1d53d.vps.ovh.net): 63 times 52.149.180.228: 18 times 61.155.138.100: 58 times 61.164.41.76: 52 times 61.178.178.156: 57 times 64.225.112.216: 6 times 65.151.188.94: 59 times 68.168.142.29 (68.168.142.29.16clouds.com): 36 times 68.183.188.159: 55 times 81.68.212.67: 41 times 81.69.58.254: 35 times 81.70.197.147: 1 time 81.71.83.218: 24 times 82.156.111.238: 33 times 82.196.5.221: 59 times 87.110.181.30: 1 time 94.57.252.147: 34 times 96.91.109.121 (96-91-109-121-static.hfc.comcastbusiness.net): 32 times 98.128.212.156 (h-212-156.A357.priv.bahnhof.se): 62 times 101.32.208.137: 1 time 101.36.178.20: 49 times 102.38.50.50: 10 times 103.105.130.136 (IP-130-136.nap.net.id): 58 times 106.13.89.74: 40 times 106.52.54.192: 31 times 106.52.214.183: 28 times 106.75.169.24: 55 times 107.182.176.142 (107.182.176.142.16clouds.com): 14 times 109.227.63.3 (srv-109-227-63-3.static.a1.hr): 59 times 111.67.199.85: 37 times 111.204.204.72: 51 times 112.217.11.203: 60 times 114.69.244.238: 1 time 115.68.49.169: 1 time 115.159.71.95: 26 times 116.59.25.201 (116-59-25-201.emome-ip.hinet.net): 56 times 117.51.150.202: 38 times 118.27.4.225 (v118-27-4-225.o4kn.static.cnode.io): 1 time 118.123.244.100: 46 times 119.28.9.138: 35 times 119.29.85.229: 20 times 119.29.199.247: 1 time 119.45.250.197: 1 time 119.84.128.25: 11 times 120.53.12.94: 39 times 120.131.9.167: 47 times 121.4.207.159: 3 times 121.5.36.65: 1 time 121.5.65.156: 1 time 122.114.116.59: 1 time 124.205.84.15: 1 time 128.199.94.218: 54 times 128.199.116.139: 21 times 128.199.228.115: 45 times 132.232.4.33: 47 times 134.209.106.190 (haztech.com.my): 61 times 138.197.69.184: 59 times 138.197.130.138 (shitcointopia-grana.com.py-clima.grana.com.py): 55 times 138.197.193.191: 12 times 139.59.31.173: 44 times 139.59.102.170: 53 times 139.59.158.239: 63 times 139.59.244.237: 56 times 139.215.208.125 (125.208.215.139.adsl-pool.jlccptt.net.cn): 10 times 141.98.80.89: 1 time 141.98.80.91: 1 time 141.98.80.92: 1 time 143.110.190.26: 34 times 144.91.84.171 (vmi501273.contaboserver.net): 401 times 144.217.85.4 (4.ip-144-217-85.net): 62 times 149.129.97.102: 3 times 150.136.162.158: 36 times 152.136.16.233: 40 times 152.136.179.135: 34 times 157.230.231.39 (singulart.tech-ubuntu-s-1vcpu-1gb-nyc1-01): 19 times 157.245.81.242: 64 times 157.245.89.43: 30 times 159.65.30.66: 56 times 159.75.42.65: 70 times 159.89.114.40: 52 times 159.203.184.19 (thebitcoin.exchange): 69 times 161.35.218.118: 6 times 161.35.227.204: 37 times 162.241.121.37 (mail-lb1-int.dca2.superb.net): 1 time 163.172.167.225 (225-167-172-163.instances.scw.cloud): 1 time 165.227.46.89: 22 times 165.227.163.85: 18 times 175.100.138.49 (49-138-100-175.static.youbroadband.in): 2 times 177.22.35.126: 70 times 178.128.84.47: 60 times 178.128.147.114: 62 times 180.76.148.87: 49 times 180.76.227.138: 1 time 181.40.122.2 (static-2-122-40-181.telecel.com.py): 29 times 181.49.118.185: 57 times 181.126.83.37 (pool-37-83-126-181.telecel.com.py): 52 times 182.18.144.99 (static-182-18-144-99.ctrls.in): 55 times 185.91.142.202 (subscr-202.pool-142.microweb.hu): 42 times 186.4.136.153 (host-186-4-136-153.netlife.ec): 1 time 189.20.98.204 (189-20-98-204.customer.tdatabrasil.net.br): 24 times 189.254.242.60 (correo.capitaldezacatecas.gob.mx): 53 times 191.209.88.62 (191-209-88-62.user.vivozap.com.br): 1 time 193.112.160.226: 35 times 195.54.160.250: 1 time 200.122.249.203 (static-dedicado-200-122-249-203.une.net.co): 1 time 206.221.80.253: 39 times 207.154.243.194: 57 times 211.184.187.129: 66 times 212.33.250.241 (212x33x250x241.static-business.perm.ertelecom.ru): 62 times 212.64.3.194: 17 times 212.64.91.114: 59 times 212.119.190.162 (smtp.swedmobil.ru): 51 times 218.60.39.190: 16 times 218.245.1.169: 56 times 221.122.78.202: 1 time 221.181.185.140: 6 times 221.181.185.143: 18 times 222.187.238.87: 12 times 222.187.239.31: 12 times Illegal users from: undef: 194 times 39.153.132.29: 1 time 45.93.201.193: 3 times 45.146.165.213: 5 times 65.49.20.68 (scan-19.shadowserver.org): 1 time 118.27.4.225 (v118-27-4-225.o4kn.static.cnode.io): 3 times 138.197.193.191: 278 times 139.162.122.110 (scan-8.security.ipip.net): 1 time 141.98.80.29: 2 times 141.98.80.89: 1 time 141.98.80.90: 2 times 141.98.80.91: 1 time 141.98.80.92: 1 time 141.98.80.93: 2 times 162.247.74.206 (rosaluxemburg.tor-exit.calyxinstitute.org): 2 times 175.107.195.21 (mailcloud.rapidcompute.com): 1 time 188.166.41.52 (jiffix.com.ng): 3 times 195.54.160.250: 2 times 218.60.39.190: 22 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop47755p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################