[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Dienstag, 23 Februar 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Tue Feb 23 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Feb-22 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [173:172]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 8 sites probed the server 
    103.145.13.118
    135.125.161.252
    149.81.137.136
    192.241.223.60
    3.25.232.246
    61.219.11.153
    66.240.205.34
    78.189.227.140
 
 Requests with error response codes
    400 Bad Request
       null: 11 Time(s)
       /: 1 Time(s)
       /0bef: 1 Time(s)
       \xA0\xB0s: 1 Time(s)
       mstshash=Administr: 1 Time(s)
    403 Forbidden
       /.git/HEAD: 5 Time(s)
       /.git/config: 1 Time(s)
       /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s)
    404 Not Found
       /robots.txt: 26 Time(s)
       /.git/HEAD: 5 Time(s)
       /wp-login.php: 2 Time(s)
       /download/reader_bw92.pdf: 1 Time(s)
       /download/reader_hb02.pdf: 1 Time(s)
       /download/reader_ka99.pdf: 1 Time(s)
       /download/reader_ma91.pdf: 1 Time(s)
       /download/reader_ma97.pdf: 1 Time(s)
       /download/reader_re94.pdf: 1 Time(s)
       /download/zapfev_satzung.pdf: 1 Time(s)
       /protokolle/Protokoll_MV_12.11.2016.pdf: 1 Time(s)
       /sites/default/files/1987_SoSe_Aachen.pdf: 1 Time(s)
       /sites/default/files/1995_SoSe_Hannover.pdf: 1 Time(s)
       /sites/default/files/2001_SoSe_Erlangen.pdf: 1 Time(s)
       /sites/default/files/2003_WiSe_Bochum.pdf: 1 Time(s)
       /sites/default/files/2004_WiSe_Hamburg.pdf: 1 Time(s)
       /sites/default/files/2005_SoSe_Erlangen.pdf: 1 Time(s)
       /sites/default/files/2011_WiSe_Bonn.pdf: 1 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
    500 Internal Server Error
       /: 28 Time(s)
       /atom.xml: 10 Time(s)
       /robots.txt: 10 Time(s)
       /sitemap_index.xml: 10 Time(s)
       /sitemap.txt: 9 Time(s)
       /sitemap.xml: 8 Time(s)
       /sitemap.xml.gz: 7 Time(s)
       /.env: 4 Time(s)
       /sitemaps.xml: 3 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       //login_sid.lua: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /admin//config.php: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /console/: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /login: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (vmi501273.contaboserver.net): 179 Time(s)
       root (116.126.85.123): 70 Time(s)
       root (157.245.212.8): 70 Time(s)
       root (174.138.20.105): 70 Time(s)
       root (189.14.124.17): 70 Time(s)
       root (68.166.173.62.host.static.ip.kpnqwest.it): 65 Time(s)
       root (163.172.157.193): 64 Time(s)
       root (192.ip-145-239-82.eu): 64 Time(s)
       root (62.4.16.39): 64 Time(s)
       root (120.48.12.77): 63 Time(s)
       root (46.164.143.82): 63 Time(s)
       root (49.51.180.170): 63 Time(s)
       root (track1.glovision.co): 63 Time(s)
       root (vps-fbabd881.vps.ovh.net): 63 Time(s)
       root (104.131.186.240): 62 Time(s)
       root (195.216.207.22): 62 Time(s)
       root (41.ip-51-255-35.eu): 62 Time(s)
       root (46.ip-51-178-47.eu): 62 Time(s)
       root (102.38.50.50): 60 Time(s)
       root (111.67.194.41): 60 Time(s)
       root (61.2.243.4): 58 Time(s)
       root (server.amazonusaa.cf): 58 Time(s)
       root (119.45.243.232): 57 Time(s)
       root (4.17.231.207): 57 Time(s)
       root (124.90.52.90): 56 Time(s)
       root (ellementry360degree.com): 56 Time(s)
       root (115.159.216.109): 55 Time(s)
       root (142.93.3.47): 55 Time(s)
       postgres (vmi501273.contaboserver.net): 54 Time(s)
       root (103.246.240.30): 54 Time(s)
       root (112.6.121.116): 54 Time(s)
       root (116.232.81.158): 54 Time(s)
       root (115.159.56.151): 53 Time(s)
       root (202.126.93.131): 53 Time(s)
       root (190.24.6.162): 52 Time(s)
       root (124.156.105.251): 51 Time(s)
       root (46.101.194.220): 51 Time(s)
       root (106.13.30.226): 50 Time(s)
       root (119.45.116.10): 50 Time(s)
       root (191.209.88.62): 50 Time(s)
       root (181.16.17.224): 49 Time(s)
       root (106.52.70.240): 48 Time(s)
       root (177.140.196.172): 48 Time(s)
       root (222.112.186.86): 48 Time(s)
       root (net-2-45-185-2.cust.vodafonedsl.it): 48 Time(s)
       root (119.29.74.28): 47 Time(s)
       root (115.159.209.172): 45 Time(s)
       root (132.232.59.78): 45 Time(s)
       root (167.172.154.233): 45 Time(s)
       root (36.89.140.123): 45 Time(s)
       root (134.122.130.38): 44 Time(s)
       root (188.166.158.69): 44 Time(s)
       mysql (vmi501273.contaboserver.net): 43 Time(s)
       root (49.232.223.172): 42 Time(s)
       root (171.84.2.6): 40 Time(s)
       root (221.213.129.46): 40 Time(s)
       root (81.68.215.10): 40 Time(s)
       root (81.70.99.146): 40 Time(s)
       root (106.53.135.98): 39 Time(s)
       root (119.45.10.5): 39 Time(s)
       root (139.215.208.125): 39 Time(s)
       root (120.53.227.201): 38 Time(s)
       root (121.4.162.82): 38 Time(s)
       root (42.193.102.218): 38 Time(s)
       root (49.235.41.58): 38 Time(s)
       root (host-81-86-82-68.static.as9105.net): 38 Time(s)
       root (122.51.248.146): 37 Time(s)
       root (119.84.128.25): 36 Time(s)
       root (132.232.143.211): 36 Time(s)
       root (139.186.143.194): 34 Time(s)
       root (106.75.122.38): 31 Time(s)
       root (119.29.115.153): 30 Time(s)
       root (129.204.125.231): 30 Time(s)
       root (191.205.248.196): 30 Time(s)
       root (36.156.154.218): 30 Time(s)
       unknown (40.ip-144-217-13.net): 30 Time(s)
       root (81.69.33.14): 29 Time(s)
       root (206.189.138.29): 28 Time(s)
       root (48-233-24-185.static.servebyte.com): 28 Time(s)
       root (49.234.28.149): 28 Time(s)
       root (222.187.239.31): 26 Time(s)
       root (vps-0ae1031a.vps.ovh.net): 25 Time(s)
       root (206.189.160.233): 23 Time(s)
       root (40.ip-144-217-13.net): 23 Time(s)
       root (170.106.35.43): 22 Time(s)
       root (222.187.238.87): 21 Time(s)
       root (81.71.136.41): 19 Time(s)
       root (177-56-186-115.3g.claro.net.br): 18 Time(s)
       root (132.232.120.145): 16 Time(s)
       unknown (45.146.164.79): 16 Time(s)
       unknown (81.17.30.198): 16 Time(s)
       root (net-93-149-180-144.cust.vodafonedsl.it): 15 Time(s)
       root (221.181.185.143): 14 Time(s)
       root (81.70.224.17): 14 Time(s)
       root (112.215.113.11): 13 Time(s)
       root (192.241.185.120): 9 Time(s)
       postfix (vmi501273.contaboserver.net): 8 Time(s)
       root (vmi501273.contaboserver.net): 8 Time(s)
       root (187.95.124.103): 7 Time(s)
       root (static-n49-176-146-35.meb4.vic.optusnet.com.au): 7 Time(s)
       root (177.220.173.134): 6 Time(s)
       root (198.199.103.79): 4 Time(s)
       root (81.17.30.198): 4 Time(s)
       root (175.100.138.49): 3 Time(s)
       root (81.161.63.100): 3 Time(s)
       unknown (171.239.254.84): 3 Time(s)
       unknown (194.61.25.28): 3 Time(s)
       unknown (195.54.160.250): 3 Time(s)
       root (170.106.82.81): 2 Time(s)
       root (194.61.25.28): 2 Time(s)
       root (2.57.90.33): 2 Time(s)
       root (4.ip-144-217-85.net): 2 Time(s)
       root (81.161.63.101): 2 Time(s)
       root (81.161.63.103): 2 Time(s)
       unknown (171.251.31.102): 2 Time(s)
       unknown (183.97.39.5): 2 Time(s)
       unknown (45.93.201.193): 2 Time(s)
       news (vmi501273.contaboserver.net): 1 Time(s)
       openldap (vmi501273.contaboserver.net): 1 Time(s)
       root (106.53.236.114): 1 Time(s)
       root (111.231.55.75): 1 Time(s)
       root (115.159.142.211): 1 Time(s)
       root (119.39.54.6): 1 Time(s)
       root (119.45.193.82): 1 Time(s)
       root (120.133.136.75): 1 Time(s)
       root (120.48.26.72): 1 Time(s)
       root (128.199.52.4): 1 Time(s)
       root (129.213.89.251): 1 Time(s)
       root (129.28.78.8): 1 Time(s)
       root (138.197.178.159): 1 Time(s)
       root (139.199.5.50): 1 Time(s)
       root (150.158.153.133): 1 Time(s)
       root (157.230.231.39): 1 Time(s)
       root (157.245.140.49): 1 Time(s)
       root (171.251.31.102): 1 Time(s)
       root (182.148.53.170): 1 Time(s)
       root (190.190.229.75): 1 Time(s)
       root (45.186.132.130): 1 Time(s)
       root (45.55.39.193): 1 Time(s)
       root (49.233.119.93): 1 Time(s)
       root (49.234.126.204): 1 Time(s)
       root (52.149.224.242): 1 Time(s)
       root (81.68.143.165): 1 Time(s)
       root (91.232.197.100): 1 Time(s)
       root (94.191.75.220): 1 Time(s)
       root (ip115.ip-137-74-219.eu): 1 Time(s)
       root (ip134.ip-151-80-183.eu): 1 Time(s)
       sshd (45.146.164.79): 1 Time(s)
       temp (45.93.201.193): 1 Time(s)
       unknown (132.232.143.211): 1 Time(s)
       unknown (60.166.8.174): 1 Time(s)
       unknown (h-107-91.a317.priv.bahnhof.se): 1 Time(s)
    Invalid Users:
       Unknown Account: 259 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       13   Miscellaneous warnings  
 
   20.381K  Bytes accepted                              20,870
   20.381K  Bytes sent via SMTP                         20,870
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        4   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        4   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       62   Connections             
       13   Connections lost (inbound) 
       62   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 48 times
    2.57.90.33: 2 times
    4.17.231.207: 57 times
    36.89.140.123: 45 times
    36.156.154.218: 30 times
    42.193.102.218: 38 times
    45.55.39.193 (demo.nirmanascan.net): 1 time
    45.93.201.193: 1 time
    45.146.164.79: 1 time
    45.186.132.130: 1 time
    46.101.194.220: 51 times
    46.164.143.82: 63 times
    49.51.180.170: 63 times
    49.176.146.35 (static-n49-176-146-35.meb4.vic.optusnet.com.au): 7 times
    49.232.223.172: 42 times
    49.233.119.93: 1 time
    49.234.28.149: 28 times
    49.234.126.204: 1 time
    49.235.41.58: 38 times
    51.68.137.63 (vps-0ae1031a.vps.ovh.net): 25 times
    51.178.47.46 (46.ip-51-178-47.eu): 62 times
    51.178.139.41 (vps-fbabd881.vps.ovh.net): 63 times
    51.255.35.41 (41.ip-51-255-35.eu): 62 times
    52.149.224.242: 1 time
    61.2.243.4 (static.ftth.kta.61.2.243.4.bsnl.in): 58 times
    62.4.16.39: 64 times
    62.173.166.68 (68.166.173.62.host.static.ip.kpnqwest.it): 65 times
    81.17.30.198 (cabinetstogo.com): 4 times
    81.68.143.165: 1 time
    81.68.215.10: 40 times
    81.69.33.14: 29 times
    81.70.99.146: 40 times
    81.70.224.17: 14 times
    81.71.136.41: 19 times
    81.86.82.68 (host-81-86-82-68.static.as9105.net): 38 times
    81.161.63.100: 3 times
    81.161.63.101: 2 times
    81.161.63.103: 2 times
    91.232.197.100: 1 time
    93.149.180.144 (net-93-149-180-144.cust.vodafonedsl.it): 15 times
    94.191.75.220: 1 time
    102.38.50.50: 60 times
    103.246.240.30 (103.246.240.30.soipl.co.in): 54 times
    104.131.186.240: 62 times
    106.13.30.226: 50 times
    106.52.70.240: 48 times
    106.53.135.98: 39 times
    106.53.236.114: 1 time
    106.75.122.38: 31 times
    111.67.194.41: 60 times
    111.231.55.75: 1 time
    112.6.121.116: 54 times
    112.215.113.11: 13 times
    115.159.56.151: 53 times
    115.159.142.211: 1 time
    115.159.209.172: 45 times
    115.159.216.109: 55 times
    116.126.85.123: 70 times
    116.232.81.158: 54 times
    119.29.74.28: 47 times
    119.29.115.153: 30 times
    119.39.54.6: 1 time
    119.45.10.5: 39 times
    119.45.116.10: 50 times
    119.45.193.82: 1 time
    119.45.243.232: 57 times
    119.84.128.25: 36 times
    120.48.12.77: 63 times
    120.48.26.72: 1 time
    120.53.227.201: 38 times
    120.133.136.75: 1 time
    121.4.162.82: 38 times
    122.51.248.146: 37 times
    124.90.52.90: 56 times
    124.156.105.251: 51 times
    128.199.52.4: 1 time
    129.28.78.8: 1 time
    129.204.125.231: 30 times
    129.213.89.251: 1 time
    132.232.59.78: 45 times
    132.232.120.145: 16 times
    132.232.143.211: 36 times
    134.122.130.38: 44 times
    134.209.149.43 (ellementry360degree.com): 56 times
    137.74.219.115 (ip115.ip-137-74-219.eu): 1 time
    138.197.178.159: 1 time
    139.186.143.194: 34 times
    139.199.5.50: 1 time
    139.215.208.125 (125.208.215.139.adsl-pool.jlccptt.net.cn): 39 times
    142.93.3.47: 55 times
    144.91.84.171 (vmi501273.contaboserver.net): 115 times
    144.217.13.40 (40.ip-144-217-13.net): 23 times
    144.217.85.4 (4.ip-144-217-85.net): 2 times
    145.239.82.192 (192.ip-145-239-82.eu): 64 times
    150.158.153.133: 1 time
    151.80.183.134 (ip134.ip-151-80-183.eu): 1 time
    157.230.90.18 (server.amazonusaa.cf): 58 times
    157.230.231.39 (singulart.tech-ubuntu-s-1vcpu-1gb-nyc1-01): 1 time
    157.245.140.49: 1 time
    157.245.212.8: 70 times
    163.172.157.193 (193-157-172-163.instances.scw.cloud): 64 times
    167.172.154.233: 45 times
    170.106.35.43: 22 times
    170.106.82.81: 2 times
    171.84.2.6: 40 times
    171.251.31.102 (dynamic-ip-adsl.viettel.vn): 1 time
    174.138.20.105: 70 times
    175.100.138.49 (49-138-100-175.static.youbroadband.in): 3 times
    177.56.186.115 (177-56-186-115.3g.claro.net.br): 18 times
    177.140.196.172 (b18cc4ac.virtua.com.br): 48 times
    177.220.173.134 (134.173.220.177.rfc6598.dynamic.copelfibra.com.br): 6 times
    181.16.17.224 (host-181-16-17-224.telered.com.ar): 49 times
    182.148.53.170: 1 time
    185.24.233.48 (48-233-24-185.static.servebyte.com): 28 times
    187.95.124.103 (103.124.95.187.static.copel.net): 7 times
    188.166.158.69: 44 times
    189.14.124.17: 70 times
    190.24.6.162 (corporativos246-162.etb.net.co): 52 times
    190.190.229.75 (75-229-190-190.cab.prima.net.ar): 1 time
    191.205.248.196 (191-205-248-196.user.vivozap.com.br): 30 times
    191.209.88.62 (191-209-88-62.user.vivozap.com.br): 50 times
    192.241.185.120: 9 times
    194.61.25.28: 2 times
    195.216.207.22 (unname.z-tele.com.ua): 62 times
    198.27.66.37 (track1.glovision.co): 63 times
    198.199.103.79: 4 times
    202.126.93.131: 53 times
    206.189.138.29: 28 times
    206.189.160.233: 23 times
    221.181.185.143: 18 times
    221.213.129.46: 40 times
    222.112.186.86: 48 times
    222.187.238.87: 21 times
    222.187.239.31: 30 times
 
 Illegal users from:
    undef: 118 times
    45.93.201.193: 2 times
    45.146.164.79: 16 times
    60.166.8.174: 1 time
    65.49.20.66 (scan-17.shadowserver.org): 1 time
    81.17.30.198 (cabinetstogo.com): 16 times
    132.232.143.211: 1 time
    144.91.84.171 (vmi501273.contaboserver.net): 179 times
    144.217.13.40 (40.ip-144-217-13.net): 30 times
    158.174.107.91 (h-107-91.A317.priv.bahnhof.se): 1 time
    171.239.254.84 (dynamic-ip-adsl.viettel.vn): 3 times
    171.251.31.102 (dynamic-ip-adsl.viettel.vn): 2 times
    183.97.39.5: 2 times
    194.61.25.28: 3 times
    195.54.160.250: 3 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)