[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon May 31 04:42:04 2021 Date Range Processed: yesterday ( 2021-May-30 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [577:574] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 5 sites probed the server 125.64.94.136 162.62.123.46 201.202.236.22 217.182.193.49 66.240.205.34 Requests with error response codes 400 Bad Request null: 6 Time(s) /0bef: 2 Time(s) /: 1 Time(s) /api/v1: 1 Time(s) 12.2.1: 1 Time(s) mstshash=Administr: 1 Time(s) 404 Not Found /robots.txt: 61 Time(s) /wp-login.php: 4 Time(s) /.env: 1 Time(s) /blog/wp-login.php: 1 Time(s) /download/zapfev_satzung.pdf: 1 Time(s) /neuigkeiten/einladung-mgv-ss2011: 1 Time(s) /node: 1 Time(s) /protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 1 Time(s) /protokolle/Protokoll_MV_2019_01_11_Freiburg.pdf: 1 Time(s) /reader/2016_SoSe_Konstanz_kurz.pdf%7CReader: 1 Time(s) /reader/2016_sose_konstanz_lang.pdf: 1 Time(s) /reader/commit/09360d9fceaee264132be600f2762d7b2827fd01: 1 Time(s) /resolutionen/sose21/fdm/fdm.pdf: 1 Time(s) /resolutionen/wise15/Transparenz_in_der_: 1 Time(s) /resolutionen/wise15/WissZeitVG/Stellungnahme_WiSe15_: 1 Time(s) /resolutionen/wise17/Akkreditierung_PosPap/Pospap_: 1 Time(s) /stapf: 1 Time(s) /verein/satzung/%7CSatzung: 1 Time(s) /wordpress/wp-login.php: 1 Time(s) /wp/wp-login.php: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 3 Time(s) 500 Internal Server Error /: 46 Time(s) /robots.txt: 5 Time(s) /favicon.ico: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) //a2billing/customer/templates/default/footer.tpl: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /api/v1: 1 Time(s) /bag2: 1 Time(s) /console/: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (150.158.173.227): 73 Time(s) unknown (95.169.5.166.16clouds.com): 52 Time(s) unknown (119.45.173.117): 51 Time(s) unknown (119.28.100.102): 49 Time(s) unknown (157.245.39.243): 44 Time(s) unknown (81.68.106.106): 44 Time(s) unknown (r190-64-213-156.su-static.adinet.com.uy): 44 Time(s) unknown (128.199.167.161): 43 Time(s) unknown (139.59.7.177): 43 Time(s) unknown (159.192.143.249): 43 Time(s) unknown (178.128.84.92): 43 Time(s) unknown (178.176.224.36): 43 Time(s) unknown (180.153.91.15): 43 Time(s) unknown (27.111.44.196): 42 Time(s) unknown (mail.box.sh): 42 Time(s) unknown (159.203.7.62): 41 Time(s) unknown (20.64.172.31): 41 Time(s) unknown (206.189.189.7): 41 Time(s) unknown (81.70.246.81): 41 Time(s) unknown (106.53.121.179): 40 Time(s) unknown (58.62.18.194): 40 Time(s) unknown (172.81.246.239): 39 Time(s) unknown (v2202102140260141724.megasrv.de): 39 Time(s) unknown (121.4.34.147): 36 Time(s) unknown (139.198.4.21): 35 Time(s) unknown (174.138.182.102): 35 Time(s) unknown (106.13.207.159): 34 Time(s) unknown (115-186-130-3.nayatel.pk): 34 Time(s) unknown (178.128.116.50): 34 Time(s) unknown (119.45.193.252): 33 Time(s) unknown (142.93.243.95): 33 Time(s) unknown (179.43.151.202): 33 Time(s) unknown (218.153.89.102): 33 Time(s) unknown (150.138.114.41): 32 Time(s) unknown (49.234.13.139): 32 Time(s) unknown (113.98.193.58): 30 Time(s) unknown (114.96.99.17): 30 Time(s) unknown (121.5.234.48): 30 Time(s) unknown (143.110.225.249): 30 Time(s) unknown (42.192.81.84): 30 Time(s) unknown (101.32.75.101): 29 Time(s) unknown (212.129.248.183): 29 Time(s) unknown (163.ip-198-245-53.net): 25 Time(s) unknown (103.37.151.84): 24 Time(s) unknown (193.27.228.233): 22 Time(s) unknown (190.ip-51-254-143.eu): 20 Time(s) unknown (212.64.38.8): 18 Time(s) unknown (103.254.198.67): 17 Time(s) unknown (42.193.141.202): 17 Time(s) unknown (58.71.15.10): 17 Time(s) unknown (105.28.108.165): 15 Time(s) unknown (159.65.129.42): 15 Time(s) root (159.65.129.42): 14 Time(s) unknown (198.211.107.224): 14 Time(s) unknown (189.151.205.85): 12 Time(s) unknown (222.92.139.158): 12 Time(s) unknown (49.247.208.185): 12 Time(s) unknown (82.156.121.62): 11 Time(s) unknown (104.248.17.39): 10 Time(s) unknown (106.53.136.5): 10 Time(s) root (209.141.52.246): 9 Time(s) unknown (121.5.126.248): 9 Time(s) unknown (103.147.5.89): 8 Time(s) root (193.27.228.233): 7 Time(s) root (87.241.1.186): 7 Time(s) unknown (114.96.78.246): 7 Time(s) unknown (139.198.21.17): 7 Time(s) unknown (14.5.208.178): 7 Time(s) unknown (166.ip-51-254-101.eu): 7 Time(s) root (184.82.91.139): 6 Time(s) root (189.113.131.44): 6 Time(s) unknown (119.45.209.222): 6 Time(s) root (110.247.139.220): 4 Time(s) unknown (106.13.28.142): 4 Time(s) unknown (175.193.13.3): 4 Time(s) root (119.28.100.102): 3 Time(s) root (178.128.116.50): 3 Time(s) root (49.234.13.139): 3 Time(s) unknown (141.98.10.193): 3 Time(s) unknown (157.245.3.2): 3 Time(s) unknown (178.62.237.221): 3 Time(s) unknown (180.250.124.227): 3 Time(s) unknown (185.36.81.182): 3 Time(s) unknown (42.192.141.160): 3 Time(s) unknown (45.13.132.141): 3 Time(s) unknown (45.146.165.72): 3 Time(s) mysql (58.62.18.194): 2 Time(s) postgres (190.ip-51-254-143.eu): 2 Time(s) postgres (95.169.5.166.16clouds.com): 2 Time(s) root (106.13.207.159): 2 Time(s) root (113.98.193.58): 2 Time(s) root (121.5.234.48): 2 Time(s) root (150.158.173.227): 2 Time(s) root (159.192.143.249): 2 Time(s) root (159.203.7.62): 2 Time(s) root (189.151.205.85): 2 Time(s) root (20.64.172.31): 2 Time(s) root (42.192.81.84): 2 Time(s) root (81.70.246.81): 2 Time(s) root (tor-exit-ro.letztermensch.com): 2 Time(s) unknown (194.165.16.105): 2 Time(s) unknown (194.165.16.107): 2 Time(s) unknown (194.165.16.108): 2 Time(s) unknown (194.165.16.89): 2 Time(s) unknown (45.135.232.165): 2 Time(s) unknown (64.225.3.204): 2 Time(s) unknown (93-43-208-131.ip93.fastwebnet.it): 2 Time(s) backup (119.28.100.102): 1 Time(s) backup (180.153.91.15): 1 Time(s) backup (193.27.228.233): 1 Time(s) backup (20.64.172.31): 1 Time(s) backup (212.64.38.8): 1 Time(s) backup (42.192.141.160): 1 Time(s) backup (81.68.106.106): 1 Time(s) backup (81.70.246.81): 1 Time(s) backup (95.169.5.166.16clouds.com): 1 Time(s) list (206.189.189.7): 1 Time(s) mysql (114.96.78.246): 1 Time(s) mysql (114.96.99.17): 1 Time(s) mysql (115-186-130-3.nayatel.pk): 1 Time(s) mysql (150.158.173.227): 1 Time(s) mysql (172.81.246.239): 1 Time(s) mysql (174.138.182.102): 1 Time(s) mysql (178.176.224.36): 1 Time(s) mysql (180.250.124.227): 1 Time(s) mysql (20.64.172.31): 1 Time(s) mysql (212.64.38.8): 1 Time(s) mysql (27.111.44.196): 1 Time(s) mysql (42.192.141.160): 1 Time(s) mysql (58.71.15.10): 1 Time(s) mysql (mail.box.sh): 1 Time(s) news (113.98.193.58): 1 Time(s) postgres (103.254.198.67): 1 Time(s) postgres (105.28.108.165): 1 Time(s) postgres (114.96.99.17): 1 Time(s) postgres (121.4.34.147): 1 Time(s) postgres (121.5.234.48): 1 Time(s) postgres (157.245.39.243): 1 Time(s) postgres (180.153.91.15): 1 Time(s) postgres (198.211.107.224): 1 Time(s) postgres (27.111.44.196): 1 Time(s) postgres (58.62.18.194): 1 Time(s) postgres (82.156.121.62): 1 Time(s) proxy (103.254.198.67): 1 Time(s) proxy (119.45.173.117): 1 Time(s) proxy (157.245.39.243): 1 Time(s) proxy (174.138.182.102): 1 Time(s) proxy (95.169.5.166.16clouds.com): 1 Time(s) root (106.53.121.179): 1 Time(s) root (114.96.99.17): 1 Time(s) root (121.4.34.147): 1 Time(s) root (128.199.167.161): 1 Time(s) root (139.198.4.21): 1 Time(s) root (139.59.7.177): 1 Time(s) root (14.5.208.178): 1 Time(s) root (143.110.225.249): 1 Time(s) root (150.138.114.41): 1 Time(s) root (174.138.182.102): 1 Time(s) root (178.128.84.92): 1 Time(s) root (178.176.224.36): 1 Time(s) root (179.43.151.202): 1 Time(s) root (190.ip-51-254-143.eu): 1 Time(s) root (194.165.16.106): 1 Time(s) root (194.165.16.109): 1 Time(s) root (206.189.189.7): 1 Time(s) root (45.135.232.165): 1 Time(s) root (58.62.18.194): 1 Time(s) root (81.68.106.106): 1 Time(s) root (mail.box.sh): 1 Time(s) root (marylou.nos-oignons.net): 1 Time(s) root (tor-exit0-readme.dfri.se): 1 Time(s) root (v2202102140260141724.megasrv.de): 1 Time(s) unknown (103.60.137.117): 1 Time(s) unknown (110.247.139.220): 1 Time(s) unknown (118.24.237.118): 1 Time(s) unknown (119.29.170.173): 1 Time(s) unknown (119.45.138.160): 1 Time(s) unknown (153.101.65.252): 1 Time(s) unknown (172.81.254.82): 1 Time(s) unknown (172.96.251.154.16clouds.com): 1 Time(s) unknown (192.144.234.61): 1 Time(s) unknown (200.41.42.156): 1 Time(s) unknown (209.141.52.246): 1 Time(s) unknown (5.2.69.42): 1 Time(s) unknown (50-255-64-233-static.hfc.comcastbusiness.net): 1 Time(s) unknown (81.71.38.197): 1 Time(s) unknown (goshift.rayacloud.com): 1 Time(s) unknown (gw1.srv.adviator.com): 1 Time(s) unknown (turing.tor-exit.calyxinstitute.org): 1 Time(s) www-data (115-186-130-3.nayatel.pk): 1 Time(s) www-data (150.158.173.227): 1 Time(s) www-data (212.129.248.183): 1 Time(s) www-data (27.111.44.196): 1 Time(s) www-data (58.62.18.194): 1 Time(s) www-data (mail.box.sh): 1 Time(s) Invalid Users: Unknown Account: 2018 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 87 Miscellaneous warnings 25.266K Bytes accepted 25,872 25.266K Bytes sent via SMTP 25,872 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 10 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 10 Total 4xx Rejects 100.00% ======== ================================================== 288 Connections 167 Connections lost (inbound) 288 Disconnections 1 Removed from queue 1 Sent via SMTP 7 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 3 Time(s) Failed logins from: 14.5.208.178: 1 time 20.64.172.31: 4 times 27.111.44.196: 3 times 42.192.81.84: 2 times 42.192.141.160: 2 times 45.135.232.165: 1 time 49.234.13.139: 3 times 51.159.59.6 (mail.box.sh): 3 times 51.254.143.190 (190.ip-51-254-143.eu): 3 times 58.62.18.194: 5 times 58.71.15.10: 1 time 81.68.106.106: 2 times 81.70.246.81: 3 times 82.156.121.62: 1 time 87.241.1.186: 7 times 89.234.157.254 (marylou.nos-oignons.net): 1 time 94.16.109.121 (v2202102140260141724.megasrv.de): 1 time 95.169.5.166 (95.169.5.166.16clouds.com): 4 times 103.254.198.67: 2 times 105.28.108.165: 1 time 106.13.207.159: 2 times 106.53.121.179: 1 time 110.247.139.220: 4 times 113.98.193.58: 3 times 114.96.78.246: 1 time 114.96.99.17: 3 times 115.186.130.3 (115-186-130-3.nayatel.pk): 2 times 119.28.100.102: 4 times 119.45.173.117: 1 time 121.4.34.147: 2 times 121.5.234.48: 3 times 128.199.167.161: 1 time 139.59.7.177: 1 time 139.198.4.21: 1 time 143.110.225.249: 1 time 150.138.114.41: 1 time 150.158.173.227: 4 times 157.245.39.243: 2 times 159.65.129.42: 14 times 159.192.143.249: 2 times 159.203.7.62: 2 times 171.25.193.20 (tor-exit0-readme.dfri.se): 1 time 172.81.246.239: 1 time 174.138.182.102 (server.healmeroot.com): 3 times 178.128.84.92: 1 time 178.128.116.50: 3 times 178.176.224.36 (clients-36.224.176.178.misp.ru): 2 times 179.43.151.202: 1 time 180.153.91.15: 2 times 180.250.124.227 (swift.id): 1 time 184.82.91.139 (184-82-91-0.24.public.tls1b-bcr01.myaisfibre.com): 6 times 185.247.224.14 (tor-exit-ro.letztermensch.com): 2 times 189.113.131.44 (189-113-131-44.telecall.com.br): 6 times 189.151.205.85 (dsl-189-151-205-85-dyn.prod-infinitum.com.mx): 2 times 193.27.228.233: 8 times 194.165.16.106: 1 time 194.165.16.109: 1 time 198.211.107.224: 1 time 206.189.189.7: 2 times 209.141.52.246 (lab.lv.dgv.dev.br): 9 times 212.64.38.8: 2 times 212.129.248.183: 1 time Illegal users from: undef: 779 times 5.2.69.42: 1 time 14.5.208.178: 7 times 20.64.172.31: 41 times 27.111.44.196: 42 times 42.192.81.84: 30 times 42.192.141.160: 3 times 42.193.141.202: 17 times 45.13.132.141: 3 times 45.135.232.165: 2 times 45.146.165.72: 3 times 49.234.13.139: 32 times 49.247.208.185: 12 times 50.255.64.233 (50-255-64-233-static.hfc.comcastbusiness.net): 1 time 51.159.59.6 (mail.box.sh): 42 times 51.254.101.166 (166.ip-51-254-101.eu): 7 times 51.254.143.190 (190.ip-51-254-143.eu): 20 times 58.62.18.194: 40 times 58.71.15.10: 17 times 62.210.12.87 (gw1.srv.adviator.com): 1 time 64.225.3.204: 2 times 65.49.20.68 (scan-19.shadowserver.org): 1 time 81.68.106.106: 44 times 81.70.246.81: 41 times 81.71.38.197: 1 time 82.156.121.62: 11 times 93.43.208.131 (93-43-208-131.ip93.fastwebnet.it): 2 times 94.16.109.121 (v2202102140260141724.megasrv.de): 39 times 95.169.5.166 (95.169.5.166.16clouds.com): 52 times 101.32.75.101: 29 times 103.37.151.84: 24 times 103.60.137.117: 1 time 103.147.5.89: 8 times 103.254.198.67: 17 times 104.248.17.39: 10 times 105.28.108.165: 15 times 106.13.28.142: 4 times 106.13.207.159: 34 times 106.53.121.179: 40 times 106.53.136.5: 10 times 110.247.139.220: 1 time 113.98.193.58: 30 times 114.96.78.246: 7 times 114.96.99.17: 30 times 115.186.130.3 (115-186-130-3.nayatel.pk): 34 times 118.24.237.118: 1 time 119.28.100.102: 49 times 119.29.170.173: 1 time 119.45.138.160: 1 time 119.45.173.117: 51 times 119.45.193.252: 33 times 119.45.209.222: 6 times 121.4.34.147: 36 times 121.5.126.248: 9 times 121.5.234.48: 30 times 128.199.167.161: 43 times 139.59.7.177: 43 times 139.198.4.21: 35 times 139.198.21.17: 7 times 141.98.10.193: 3 times 142.93.243.95: 33 times 143.110.225.249: 30 times 150.138.114.41: 32 times 150.158.173.227: 73 times 153.101.65.252: 1 time 157.245.3.2: 3 times 157.245.39.243: 44 times 159.65.129.42: 15 times 159.192.143.249: 43 times 159.203.7.62: 41 times 162.247.74.27 (turing.tor-exit.calyxinstitute.org): 1 time 169.239.39.15 (goshift.rayacloud.com): 1 time 172.81.246.239: 39 times 172.81.254.82: 1 time 172.96.251.154 (172.96.251.154.16clouds.com): 1 time 174.138.182.102 (server.healmeroot.com): 35 times 175.193.13.3: 4 times 178.62.237.221: 3 times 178.128.84.92: 43 times 178.128.116.50: 34 times 178.176.224.36 (clients-36.224.176.178.misp.ru): 43 times 179.43.151.202: 33 times 180.153.91.15: 43 times 180.250.124.227 (swift.id): 3 times 185.36.81.182: 3 times 189.151.205.85 (dsl-189-151-205-85-dyn.prod-infinitum.com.mx): 14 times 190.64.213.156 (r190-64-213-156.su-static.adinet.com.uy): 44 times 192.144.234.61: 1 time 193.27.228.233: 22 times 194.165.16.89: 2 times 194.165.16.105: 2 times 194.165.16.106: 1 time 194.165.16.107: 2 times 194.165.16.108: 2 times 194.165.16.109: 1 time 198.211.107.224: 14 times 198.245.53.163 (163.ip-198-245-53.net): 25 times 200.41.42.156 (200-41-42-156.static.impsat.net.ar): 1 time 206.189.189.7: 41 times 209.141.52.246 (lab.lv.dgv.dev.br): 1 time 212.64.38.8: 18 times 212.129.248.183: 29 times 218.153.89.102: 33 times 222.92.139.158: 12 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################