[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Mittwoch, 20 Oktober 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Wed Oct 20 04:42:03 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-19 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 62:62 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    123.171.242.54 -> zapf.wiki:443: 1 Time(s)
    222.186.19.235 -> zapf.wiki:443: 2 Time(s)
    45.148.10.241 -> zapf.wiki:443: 1 Time(s)
 
 A total of 7 sites probed the server 
    143.198.86.60
    209.141.51.171
    222.186.19.235
    27.115.124.100
    45.61.184.37
    5.135.42.95
    89.248.165.120
 
 Requests with error response codes
    400 Bad Request
       null: 11 Time(s)
       zapf.wiki:443: 4 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s)
       /: 2 Time(s)
       /config/getuser?index=0: 2 Time(s)
       #\xAF\xC4~\xB6x\xCA\x85]\xEA\xEC\xD3S\xA1: 1 Time(s)
       /.env: 1 Time(s)
       /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       \x1F\xB8\xD4\x93\x9Fe8: 1 Time(s)
       \x8E\xCB9\x94\x85]kX\xE2M6\x94+\xB1\x113\x ... x09\xC0\x14\xC0: 1 Time(s)
       \xB6\x11F\x8D\x16P5\xF9\xD0\xD9\xC3\x8E\x1 ... x09\xC0\x13\xC0: 1 Time(s)
       anonymous: 1 Time(s)
       mstshash=Administr: 1 Time(s)
       t\xCB\xB0\x9Bw[\x80\x08z\xE3: 1 Time(s)
    404 Not Found
       /berlin/orientierung/apple-touch-icon.png: 1 Time(s)
    500 Internal Server Error
       /: 48 Time(s)
       /favicon.ico: 12 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s)
       /.env: 3 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 2 Time(s)
       /Autodiscover/Autodiscover.xml: 2 Time(s)
       /_ignition/execute-solution: 2 Time(s)
       /api/jsonws/invoke: 2 Time(s)
       /console/: 2 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s)
       /mifs/.;/services/LogService: 2 Time(s)
       /robots.txt: 2 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s)
       ///.env: 1 Time(s)
       /GponForm/diag_Form?style/: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/v1/.env: 1 Time(s)
       /app/.env: 1 Time(s)
       /blog/.env: 1 Time(s)
       /core/.env: 1 Time(s)
       /laravel/.env: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /portal/.env: 1 Time(s)
       /school/.env: 1 Time(s)
       /sitemap.xml: 1 Time(s)
       /test/.env: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (119.45.176.133): 39 Time(s)
       root (161.35.112.155): 39 Time(s)
       root (210.207.104.150): 38 Time(s)
       root (36.153.5.227): 38 Time(s)
       root (49.233.68.90): 37 Time(s)
       root (134.209.236.191): 35 Time(s)
       root (93.186.198.72): 35 Time(s)
       root (1.117.193.129): 34 Time(s)
       root (58.229.240.81): 33 Time(s)
       root (1.15.222.164): 32 Time(s)
       root (121.161.122.176): 32 Time(s)
       root (159.224.220.209): 31 Time(s)
       root (202.117.147.215): 31 Time(s)
       root (81.70.151.21): 31 Time(s)
       root (181.30.35.202): 30 Time(s)
       root (58.96.209.38): 30 Time(s)
       root (36-227-137-128.dynamic-ip.hinet.net): 29 Time(s)
       root (212.64.3.194): 27 Time(s)
       root (218.18.161.186): 27 Time(s)
       root (91.192.4.91): 26 Time(s)
       root (95.141.232.2): 26 Time(s)
       root (112.122.54.162): 25 Time(s)
       unknown (128.199.185.42): 25 Time(s)
       root (50-250-123-42-static.hfc.comcastbusiness.net): 24 Time(s)
       root (ip-198-12-227-59.ip.secureserver.net): 23 Time(s)
       unknown (181.30.35.202): 20 Time(s)
       unknown (112.122.54.162): 19 Time(s)
       root (237.86.237.35.bc.googleusercontent.com): 18 Time(s)
       unknown (121.161.122.176): 18 Time(s)
       unknown (202.117.147.215): 18 Time(s)
       unknown (237.86.237.35.bc.googleusercontent.com): 18 Time(s)
       unknown (36-227-137-128.dynamic-ip.hinet.net): 18 Time(s)
       root (171.212.139.233): 17 Time(s)
       root (175.24.2.73): 17 Time(s)
       unknown (58.229.240.81): 17 Time(s)
       root (1.116.140.147): 16 Time(s)
       root (106.52.187.68): 16 Time(s)
       unknown (1.117.193.129): 16 Time(s)
       root (161.35.45.62): 15 Time(s)
       root (189-089-221-246.static.stratus.com.br): 15 Time(s)
       unknown (81.70.151.21): 15 Time(s)
       unknown (93.186.198.72): 15 Time(s)
       unknown (ip-198-12-227-59.ip.secureserver.net): 15 Time(s)
       root (128.199.123.0): 14 Time(s)
       unknown (182.61.144.129): 14 Time(s)
       unknown (212.64.3.194): 14 Time(s)
       unknown (95.141.232.2): 14 Time(s)
       root (200.70.56.204): 13 Time(s)
       unknown (159.224.220.209): 13 Time(s)
       root (199.19.226.61): 12 Time(s)
       unknown (141.98.10.82): 12 Time(s)
       unknown (210.207.104.150): 12 Time(s)
       unknown (49.233.68.90): 12 Time(s)
       unknown (1.15.222.164): 11 Time(s)
       unknown (119.45.176.133): 11 Time(s)
       unknown (128.199.123.0): 11 Time(s)
       unknown (161.35.112.155): 11 Time(s)
       unknown (218.18.161.186): 11 Time(s)
       unknown (36.153.5.227): 11 Time(s)
       unknown (58.96.209.38): 11 Time(s)
       unknown (81.68.212.36): 11 Time(s)
       root (179.43.175.26): 10 Time(s)
       root (49.235.66.151): 10 Time(s)
       unknown (134.209.236.191): 10 Time(s)
       root (114.67.68.191): 9 Time(s)
       unknown (1.116.140.147): 9 Time(s)
       unknown (106.52.187.68): 9 Time(s)
       unknown (175.24.2.73): 9 Time(s)
       unknown (189-089-221-246.static.stratus.com.br): 9 Time(s)
       unknown (50-250-123-42-static.hfc.comcastbusiness.net): 9 Time(s)
       root (175.119.224.20): 8 Time(s)
       root (182.23.67.49): 8 Time(s)
       root (209.141.56.75): 8 Time(s)
       root (51.13.102.121): 8 Time(s)
       root (81.68.212.36): 8 Time(s)
       unknown (161.35.45.62): 8 Time(s)
       unknown (171.212.139.233): 8 Time(s)
       unknown (51.13.102.121): 7 Time(s)
       unknown (91.192.4.91): 7 Time(s)
       unknown (45.155.204.39): 6 Time(s)
       root (128.199.185.42): 5 Time(s)
       unknown (179.43.175.26): 5 Time(s)
       unknown (200.70.56.204): 5 Time(s)
       root (68.183.180.46): 4 Time(s)
       unknown (114.67.68.191): 4 Time(s)
       unknown (120.92.134.94): 4 Time(s)
       unknown (176.111.173.237): 4 Time(s)
       unknown (49.235.66.151): 4 Time(s)
       root (120.92.134.94): 3 Time(s)
       root (203.106.40.110): 3 Time(s)
       unknown (136.144.41.253): 3 Time(s)
       unknown (175.119.224.20): 3 Time(s)
       unknown (176.111.173.218): 3 Time(s)
       unknown (199.19.226.61): 3 Time(s)
       root (114.67.104.59): 2 Time(s)
       root (182.61.144.129): 2 Time(s)
       root (proxmox1-tc2.macrolan.co.za): 2 Time(s)
       unknown (114.67.104.59): 2 Time(s)
       unknown (141.98.10.60): 2 Time(s)
       unknown (193.169.254.234): 2 Time(s)
       unknown (199.19.224.76): 2 Time(s)
       unknown (209.141.56.75): 2 Time(s)
       unknown (c-73-164-13-142.hsd1.mn.comcast.net): 2 Time(s)
       mysql (189-089-221-246.static.stratus.com.br): 1 Time(s)
       root (058177171112.ctinets.com): 1 Time(s)
       root (123.139.56.70): 1 Time(s)
       root (150.158.164.53): 1 Time(s)
       root (176.111.173.237): 1 Time(s)
       root (36.80.78.62): 1 Time(s)
       root (91.144.135.82): 1 Time(s)
       unknown (185.247.225.79): 1 Time(s)
       unknown (188.126.89.70): 1 Time(s)
       unknown (203.106.40.110): 1 Time(s)
       unknown (45.153.160.131): 1 Time(s)
       unknown (68.183.180.46): 1 Time(s)
       unknown (marylou.nos-oignons.net): 1 Time(s)
       unknown (proxmox1-tc2.macrolan.co.za): 1 Time(s)
       unknown (tor-exit-relay-4.anonymizing-proxy.digitalcourage.de): 1 Time(s)
       unknown (tor-exit.greektor.net): 1 Time(s)
       unknown (tor-exit0-readme.dfri.se): 1 Time(s)
    Invalid Users:
       Unknown Account: 544 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       10   Miscellaneous warnings  
 
   15.142K  Bytes accepted                              15,505
   15.142K  Bytes sent via SMTP                         15,505
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        6   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        6   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      299   Connections             
       86   Connections lost (inbound) 
      299   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.15.222.164: 32 times
    1.116.140.147: 16 times
    1.117.193.129: 34 times
    35.237.86.237 (237.86.237.35.bc.googleusercontent.com): 18 times
    36.80.78.62: 1 time
    36.153.5.227: 38 times
    36.227.137.128 (36-227-137-128.dynamic-ip.hinet.net): 29 times
    49.233.68.90: 37 times
    49.235.66.151: 10 times
    50.250.123.42 (50-250-123-42-static.hfc.comcastbusiness.net): 24 times
    51.13.102.121: 8 times
    58.96.209.38 (38.209.96.58.starhub.net.sg): 30 times
    58.177.171.112 (058177171112.ctinets.com): 1 time
    58.229.240.81: 33 times
    68.183.180.46: 4 times
    81.68.212.36: 8 times
    81.70.151.21: 31 times
    91.144.135.82 (91x144x135x82.static-business.chel.ertelecom.ru): 1 time
    91.192.4.91: 26 times
    93.186.198.72: 35 times
    95.141.232.2 (static-232-2.netbynet.ru): 26 times
    106.52.187.68: 16 times
    112.122.54.162: 25 times
    114.67.68.191: 9 times
    114.67.104.59: 2 times
    119.45.176.133: 39 times
    120.92.134.94: 3 times
    121.161.122.176: 32 times
    123.139.56.70: 1 time
    128.199.123.0: 14 times
    128.199.185.42 (boutique.snssystem.com): 5 times
    134.209.236.191: 35 times
    150.158.164.53: 1 time
    154.70.208.66 (proxmox1-tc2.macrolan.co.za): 2 times
    159.224.220.209 (209.220.224.159.triolan.net): 31 times
    161.35.45.62: 15 times
    161.35.112.155: 39 times
    171.212.139.233: 17 times
    175.24.2.73: 17 times
    175.119.224.20: 8 times
    176.111.173.237: 1 time
    179.43.175.26: 10 times
    181.30.35.202 (202-35-30-181.fibertel.com.ar): 30 times
    182.23.67.49: 8 times
    182.61.144.129: 2 times
    189.89.221.246 (189-089-221-246.static.stratus.com.br): 16 times
    198.12.227.59 (ip-198-12-227-59.ip.secureserver.net): 23 times
    199.19.226.61: 12 times
    200.70.56.204 (host204.advance.com.ar): 13 times
    202.117.147.215: 31 times
    203.106.40.110: 3 times
    209.141.56.75 (eubackup.wemineltc.com): 8 times
    210.207.104.150: 38 times
    212.64.3.194: 27 times
    218.18.161.186: 27 times
 
 Illegal users from:
    undef: 373 times
    1.15.222.164: 11 times
    1.116.140.147: 9 times
    1.117.193.129: 16 times
    35.237.86.237 (237.86.237.35.bc.googleusercontent.com): 18 times
    36.153.5.227: 11 times
    36.227.137.128 (36-227-137-128.dynamic-ip.hinet.net): 18 times
    45.153.160.131: 1 time
    45.155.204.39: 6 times
    49.233.68.90: 12 times
    49.235.66.151: 4 times
    50.250.123.42 (50-250-123-42-static.hfc.comcastbusiness.net): 9 times
    51.13.102.121: 7 times
    58.96.209.38 (38.209.96.58.starhub.net.sg): 11 times
    58.229.240.81: 17 times
    65.49.20.68 (scan-19.shadowserver.org): 1 time
    68.183.180.46: 1 time
    73.164.13.142 (c-73-164-13-142.hsd1.mn.comcast.net): 2 times
    81.68.212.36: 11 times
    81.70.151.21: 15 times
    89.234.157.254 (marylou.nos-oignons.net): 1 time
    91.192.4.91: 7 times
    93.186.198.72: 15 times
    95.141.232.2 (static-232-2.netbynet.ru): 14 times
    106.52.187.68: 9 times
    112.122.54.162: 19 times
    114.67.68.191: 4 times
    114.67.104.59: 2 times
    119.45.176.133: 11 times
    120.92.134.94: 4 times
    121.161.122.176: 18 times
    128.199.123.0: 11 times
    128.199.185.42 (boutique.snssystem.com): 25 times
    134.209.236.191: 10 times
    136.144.41.253: 3 times
    141.98.10.60: 2 times
    141.98.10.82: 12 times
    154.70.208.66 (proxmox1-tc2.macrolan.co.za): 1 time
    159.224.220.209 (209.220.224.159.triolan.net): 13 times
    161.35.45.62: 8 times
    161.35.112.155: 11 times
    171.25.193.20 (tor-exit0-readme.dfri.se): 1 time
    171.212.139.233: 8 times
    175.24.2.73: 9 times
    175.119.224.20: 3 times
    176.111.173.218: 3 times
    176.111.173.237: 4 times
    179.43.175.26: 5 times
    181.30.35.202 (202-35-30-181.fibertel.com.ar): 20 times
    182.61.144.129: 14 times
    185.220.102.250 (tor-exit-relay-4.anonymizing-proxy.digitalcourage.de): 1 time
    185.247.225.79: 1 time
    188.126.89.70: 1 time
    189.89.221.246 (189-089-221-246.static.stratus.com.br): 9 times
    193.169.254.234: 2 times
    198.12.227.59 (ip-198-12-227-59.ip.secureserver.net): 15 times
    199.19.224.76 (kon.is.hentai): 2 times
    199.19.226.61: 3 times
    200.70.56.204 (host204.advance.com.ar): 5 times
    202.117.147.215: 18 times
    203.106.40.110: 1 time
    205.185.117.149 (tor-exit.greektor.net): 1 time
    209.141.56.75 (eubackup.wemineltc.com): 2 times
    210.207.104.150: 12 times
    212.64.3.194: 14 times
    218.18.161.186: 11 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)