[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Mittwoch, 6 März 2024

 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Wed Mar  6 04:42:03 2024
        Date Range Processed: yesterday
                              ( 2024-Mar-05 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 

 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 36:35 ]

 ---------------------- fail2ban-messages End ------------------------- 

 --------------------- httpd Begin ------------------------ 

 Connection attempts using mod_proxy:
    185.216.71.4 -> pro.ip-api.com:443: 1 Time(s)

 A total of 8 sites probed the server 
    122.194.11.112
    157.245.69.67
    167.71.236.182
    178.128.174.149
    192.241.198.41
    205.210.31.177
    45.128.232.191
    74.82.47.2

 Requests with error response codes
    400 Bad Request
       null: 10 Time(s)
       /: 5 Time(s)
       /.env: 2 Time(s)
       mstshash=Administr: 2 Time(s)
       *: 1 Time(s)
       /../../mnt/mtd/Config/Account1: 1 Time(s)
       /../../mnt/mtd/Config/Account2: 1 Time(s)
       /0bef: 1 Time(s)
       /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 1 Time(s)
       12.1.2: 1 Time(s)
       \x00cO\x07VW\x19~\x85\xEEO\xC7x\x87:7A\xF0 ... 00=\x00\x16\xC0: 1 Time(s)
       \x16\x06\xEC\x8A\xC8W\xD5|\xB8\xBBH\xE5\xB ... x09\xC0\x13\xC0: 1 Time(s)
       \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s)
       \xCC\xEE\xC0Y\xA58\xE3.\xCE0\xE1T.'\xE1\x8 ... D\xC0$\xC0(\xC0: 1 Time(s)
       \xCF\xB9\xD2\xF4z\xA4\xF2m{\xC8\xBAw\xAB'\ ... CA\x95r\x84\xA7: 1 Time(s)
       pro.ip-api.com:443: 1 Time(s)
    500 Internal Server Error
       /: 18 Time(s)
       /.env: 8 Time(s)
       /favicon.ico: 3 Time(s)
       /.git/config: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /actuator/gateway/routes: 1 Time(s)
       /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s)
       /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s)
       /geoserver/web/: 1 Time(s)
       /login: 1 Time(s)
       /manager/html: 1 Time(s)
       /pub/time.series/overview.txt: 1 Time(s)
       /robots.txt: 1 Time(s)
       /script: 1 Time(s)
       /users/sign_in: 1 Time(s)
       /version: 1 Time(s)
       /webui/: 1 Time(s)
    502 Bad Gateway
       /-S9MXoBxT0OMhDssROVsEg/pdf: 1 Time(s)

 ---------------------- httpd End ------------------------- 

 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (218.92.0.52): 24 Time(s)
       root (218.92.0.53): 18 Time(s)
       root (218.92.0.59): 18 Time(s)
       root (mail.rokor.kz): 18 Time(s)
       unknown (170.64.197.19): 16 Time(s)
       root (218.92.0.28): 12 Time(s)
       root (218.92.0.47): 12 Time(s)
       root (218.92.0.55): 12 Time(s)
       unknown (139.59.16.110): 12 Time(s)
       root (218.92.0.45): 11 Time(s)
       unknown (85.209.11.27): 10 Time(s)
       unknown (194.169.175.36): 8 Time(s)
       unknown (85.209.11.254): 8 Time(s)
       root (141.98.11.11): 6 Time(s)
       root (170.64.197.19): 6 Time(s)
       root (218.92.0.40): 6 Time(s)
       root (218.92.0.43): 6 Time(s)
       root (218.92.0.51): 6 Time(s)
       root (27.128.247.35): 6 Time(s)
       unknown (185.11.61.88): 5 Time(s)
       unknown (185.196.8.151): 5 Time(s)
       unknown (194.169.175.35): 5 Time(s)
       root (194.169.175.35): 4 Time(s)
       root (85.209.11.27): 4 Time(s)
       root (85.209.11.254): 3 Time(s)
       unknown (175.206.96.66): 3 Time(s)
       unknown (62.122.184.252): 3 Time(s)
       root (113.125.9.250): 2 Time(s)
       root (194.169.175.36): 2 Time(s)
       root (60.170.105.154): 2 Time(s)
       root (62.122.184.252): 2 Time(s)
       unknown (202.165.16.209): 2 Time(s)
       nobody (111.10.242.56): 1 Time(s)
       nobody (45.151.126.91): 1 Time(s)
       nobody (n112119122248.netvigator.com): 1 Time(s)
       postgres (170.64.197.19): 1 Time(s)
       root (112.31.107.31): 1 Time(s)
       root (115.23.23.91): 1 Time(s)
       root (117.107.135.197): 1 Time(s)
       root (190.107.71.200): 1 Time(s)
       root (218.21.247.66): 1 Time(s)
       root (36.103.241.107): 1 Time(s)
       root (51-159-21-239.rev.poneytelecom.eu): 1 Time(s)
       root (60.213.9.146): 1 Time(s)
       root (78-71-83-248-no271.tbcn.telia.com): 1 Time(s)
       sshd (194.169.175.35): 1 Time(s)
       sshd (62.122.184.252): 1 Time(s)
       sshd (85.209.11.27): 1 Time(s)
       unknown (074-218-078-006.biz.spectrum.com): 1 Time(s)
       unknown (101.183.8.201): 1 Time(s)
       unknown (103.157.115.122): 1 Time(s)
       unknown (110-175-220-250.static.tpgi.com.au): 1 Time(s)
       unknown (111-70-26-53.emome-ip.hinet.net): 1 Time(s)
       unknown (111.23.182.154): 1 Time(s)
       unknown (112.6.11.184): 1 Time(s)
       unknown (113.197.48.165): 1 Time(s)
       unknown (116.9.120.88): 1 Time(s)
       unknown (117.30.160.151): 1 Time(s)
       unknown (120.236.109.91): 1 Time(s)
       unknown (122.14.197.21): 1 Time(s)
       unknown (122.154.156.234): 1 Time(s)
       unknown (122.169.42.241): 1 Time(s)
       unknown (122.179.130.147): 1 Time(s)
       unknown (122.180.84.109): 1 Time(s)
       unknown (122.225.203.106): 1 Time(s)
       unknown (123.157.67.142): 1 Time(s)
       unknown (124.89.116.178): 1 Time(s)
       unknown (138.75.204.180): 1 Time(s)
       unknown (148.70.157.154): 1 Time(s)
       unknown (162.184.145.1): 1 Time(s)
       unknown (178.137.114.144): 1 Time(s)
       unknown (178.150.135.19): 1 Time(s)
       unknown (178.71.143.130): 1 Time(s)
       unknown (183.233.177.34): 1 Time(s)
       unknown (183.62.20.2): 1 Time(s)
       unknown (185.199.102.254): 1 Time(s)
       unknown (190.107.71.200): 1 Time(s)
       unknown (217-210-89-93-no2663.tbcn.telia.com): 1 Time(s)
       unknown (221.158.238.240): 1 Time(s)
       unknown (41.207.248.204): 1 Time(s)
       unknown (45.71.24.198): 1 Time(s)
       unknown (47-184-248-240.dlls.tx.frontiernet.net): 1 Time(s)
       unknown (58.18.81.242): 1 Time(s)
       unknown (59-120-179-121.hinet-ip.hinet.net): 1 Time(s)
       unknown (59.96.58.125): 1 Time(s)
       unknown (60.214.127.246): 1 Time(s)
       unknown (61.164.202.218): 1 Time(s)
       unknown (61.19.255.10): 1 Time(s)
       unknown (62.201.228.210): 1 Time(s)
       unknown (82.193.120.85): 1 Time(s)
       unknown (85.193.65.110): 1 Time(s)
       unknown (94.158.91.186): 1 Time(s)
       unknown (apn-46-77-79-31.static.gprs.plus.pl): 1 Time(s)
       unknown (c-73-12-136-55.hsd1.ca.comcast.net): 1 Time(s)
       unknown (c-98-52-116-108.hsd1.il.comcast.net): 1 Time(s)
       unknown (h88-129-111-221.cust.bredband2.com): 1 Time(s)
       www-data (185.11.61.88): 1 Time(s)
    Invalid Users:
       Unknown Account: 125 Time(s)

 ---------------------- pam_unix End ------------------------- 

 --------------------- Postfix Begin ------------------------ 

    8.358K  Bytes accepted                               8,559
    8.358K  Bytes sent via SMTP                          8,559
 ========   ==================================================

        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================

        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================

       60   Connections             
        8   Connections lost (inbound) 
       60   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           

        1   SMTP dialog errors      
        2   Hostname verification errors (FCRDNS) 

 ---------------------- Postfix End ------------------------- 

 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)

 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Disconnecting after too many authentication failures for user:
    root : 21 Time(s)

 Failed logins from:
    27.128.247.35: 6 times
    36.103.241.107: 1 time
    45.151.126.91 (rev-45-151-126-91.remoteadmin.store): 1 time
    51.159.21.239 (51-159-21-239.rev.poneytelecom.eu): 1 time
    60.170.105.154: 2 times
    60.213.9.146: 1 time
    62.122.184.252: 3 times
    78.71.83.248 (78-71-83-248-no271.tbcn.telia.com): 1 time
    85.209.11.27: 5 times
    85.209.11.254: 3 times
    111.10.242.56: 1 time
    112.31.107.31: 1 time
    112.119.122.248 (n112119122248.netvigator.com): 1 time
    113.125.9.250: 2 times
    115.23.23.91: 1 time
    117.107.135.197: 1 time
    141.98.11.11 (axon-stall.riddlecamera.net): 6 times
    170.64.197.19: 7 times
    178.88.167.38 (mail.rokor.kz): 18 times
    185.11.61.88: 1 time
    190.107.71.200: 1 time
    194.169.175.35: 5 times
    194.169.175.36: 2 times
    218.21.247.66: 1 time
    218.92.0.28: 12 times
    218.92.0.40: 6 times
    218.92.0.43: 6 times
    218.92.0.45: 11 times
    218.92.0.47: 12 times
    218.92.0.51: 6 times
    218.92.0.52: 24 times
    218.92.0.53: 18 times
    218.92.0.55: 12 times
    218.92.0.59: 18 times

 Illegal users from:
    2001:470:1:332::2 (scan-36af.shadowserver.org): 1 time
    undef: 56 times
    41.207.248.204: 1 time
    43.134.92.75: 1 time
    45.71.24.198: 1 time
    45.80.35.247 (911206907.box.freepro.com): 6 times
    46.77.79.31 (apn-46-77-79-31.static.gprs.plus.pl): 1 time
    47.184.248.240 (47-184-248-240.dlls.tx.frontiernet.net): 1 time
    58.18.81.242: 1 time
    59.96.58.125: 1 time
    59.120.179.121 (59-120-179-121.hinet-ip.hinet.net): 1 time
    60.214.127.246: 1 time
    61.19.255.10 (www.princessfoods.co.th): 1 time
    61.164.202.218: 1 time
    62.122.184.252: 3 times
    62.201.228.210: 1 time
    64.62.197.175 (scan-49i.shadowserver.org): 1 time
    73.12.136.55 (c-73-12-136-55.hsd1.ca.comcast.net): 1 time
    74.218.78.6 (074-218-078-006.biz.spectrum.com): 1 time
    82.193.120.85 (82.193.120.85.ipnet.ua): 1 time
    85.193.65.110 (internet.volnamobile.ru): 1 time
    85.209.11.27: 10 times
    85.209.11.254: 8 times
    88.129.111.221 (h88-129-111-221.cust.bredband2.com): 1 time
    94.158.91.186: 1 time
    98.52.116.108 (c-98-52-116-108.hsd1.il.comcast.net): 1 time
    101.183.8.201 (cpe-101-183-8-201.nb17.nsw.asp.telstra.net): 1 time
    103.157.115.122 (122.115.157.103.Ai-bkti-hts.iforte.net.id): 1 time
    110.175.220.250 (110-175-220-250.static.tpgi.com.au): 1 time
    111.23.182.154: 1 time
    111.70.26.53 (111-70-26-53.emome-ip.hinet.net): 1 time
    112.6.11.184: 1 time
    113.197.48.165: 1 time
    116.9.120.88: 1 time
    117.30.160.151 (151.160.30.117.broad.xm.fj.dynamic.163data.com.cn): 1 time
    120.236.109.91: 1 time
    122.14.197.21: 1 time
    122.154.156.234: 1 time
    122.169.42.241
(abts-mum-dynamic-122.169.x.x-airtelbroadband.in.241.42.169.122.airtelbroadband.in): 1
time
    122.179.130.147 (abts-mum-static-147.130.179.122.airtelbroadband.in): 1 time
    122.180.84.109 (abts-north-static-109.84.180.122.airtelbroadband.in): 1 time
    122.225.203.106: 1 time
    123.157.67.142: 1 time
    124.89.116.178: 1 time
    138.75.204.180 (180.204.75.138.unknown.m1.com.sg): 1 time
    139.59.16.110: 12 times
    148.70.157.154: 1 time
    162.184.145.1: 1 time
    170.64.197.19: 17 times
    175.206.96.66: 4 times
    178.71.143.130: 1 time
    178.137.114.144 (178-137-114-144.broadband.kyivstar.net): 1 time
    178.150.135.19 (19.135.150.178.triolan.net): 1 time
    183.62.20.2: 1 time
    183.233.177.34: 1 time
    185.11.61.88: 5 times
    185.196.8.151: 5 times
    185.199.102.254: 1 time
    190.107.71.200: 1 time
    194.169.175.35: 5 times
    194.169.175.36: 8 times
    202.165.16.209: 2 times
    217.210.89.93 (217-210-89-93-no2663.tbcn.telia.com): 1 time
    221.158.238.240: 1 time

 **Unmatched Entries**
 Corrupted MAC on input. [preauth] : 1 time(s)
 Disconnecting: Packet corrupt [preauth] : 1 time(s)
 Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 1 time(s)

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop59766p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End ######################### 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)