[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Sonntag, 24 Oktober 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sun Oct 24 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-23 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 90:89 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    113.128.170.208 -> zapf.wiki:443: 1 Time(s)
    60.191.125.35 -> zapf.wiki:443: 1 Time(s)
 
 A total of 9 sites probed the server 
    116.26.10.71
    172.104.131.24
    185.254.31.134
    186.33.88.52
    209.141.51.171
    51.120.120.76
    66.240.205.34
    71.6.146.130
    91.134.146.186
 
 Requests with error response codes
    400 Bad Request
       null: 16 Time(s)
       /: 8 Time(s)
       /config/getuser?index=0: 5 Time(s)
       /socket.io/?noteId=reso_BerlHG&EIO=3&trans ... twyIIJ31Vl3AACB: 2 Time(s)
       zapf.wiki:443: 2 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s)
       /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s)
       \xED+5\x22\xC6\xE7M\xE1: 1 Time(s)
       ^\xDD\x8A\x9E\xE3P\xC5[\xAF\xC7>\x82Q: 1 Time(s)
       l\xCF\xE4\xE3oN\xD0\x0C6.\x94\xE5D\xD4\x81 ... (\xC0#\xC0'\xC0: 1 Time(s)
       mstshash=Administr: 1 Time(s)
    499 (undefined)
       /socket.io/?noteId=MApt-oVrSQm6vCe9f-WUsQ& ... FxJU8g3ey04AACA: 1 Time(s)
       /socket.io/?noteId=reso_BerlHG&EIO=3&trans ... ZOiyxyuPMWtAACD: 1 Time(s)
       /socket.io/?noteId=reso_BerlHG&EIO=3&trans ... twyIIJ31Vl3AACB: 1 Time(s)
    500 Internal Server Error
       /.env: 45 Time(s)
       /: 19 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /GponForm/diag_Form?style/: 1 Time(s)
       /Telerik.Web.UI.WebResource.axd?type=rau: 1 Time(s)
       /actuator/health: 1 Time(s)
       /bag2: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /robots.txt: 1 Time(s)
       /wls-wsat/CoordinatorPortType: 1 Time(s)
       /wp-login.php: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (188.166.245.67): 261 Time(s)
       unknown (193.112.42.13): 40 Time(s)
       root (181.188.186.158): 39 Time(s)
       root (183.250.160.58): 39 Time(s)
       root (139.219.15.52): 38 Time(s)
       root (119.29.0.209): 37 Time(s)
       root (152.136.212.92): 36 Time(s)
       root (42.192.183.38): 36 Time(s)
       root (12.12.171.213): 35 Time(s)
       root (132.232.4.140): 35 Time(s)
       root (81.70.161.94): 35 Time(s)
       root (61.76.173.244): 34 Time(s)
       root (173-161-87-170-illinois.hfc.comcastbusiness.net): 33 Time(s)
       root (2-228-139-162.ip191.fastwebnet.it): 33 Time(s)
       root (server-176.53.43.111.as42926.net): 33 Time(s)
       root (103.154.101.11): 32 Time(s)
       root (106.52.174.219): 32 Time(s)
       root (182.254.212.32): 32 Time(s)
       root (183.214.193.196): 32 Time(s)
       root (ec2-3-109-134-184.ap-south-1.compute.amazonaws.com): 32 Time(s)
       root (202.111.30.6): 31 Time(s)
       root (218.17.46.204): 31 Time(s)
       root (113.185.0.13): 30 Time(s)
       root (82.156.249.184): 30 Time(s)
       root (201.218.215.106): 27 Time(s)
       root (121.28.182.26): 26 Time(s)
       root (200.31.122.174): 23 Time(s)
       root (vmi694307.contaboserver.net): 23 Time(s)
       unknown (201.218.215.106): 23 Time(s)
       root (1.15.25.243): 21 Time(s)
       root (43.254.153.84): 21 Time(s)
       root (82.222.252.34): 20 Time(s)
       root (58.208.84.93): 19 Time(s)
       root (82.156.89.184): 19 Time(s)
       unknown (218.17.46.204): 19 Time(s)
       root (109.227.63.3): 18 Time(s)
       unknown (103.154.101.11): 18 Time(s)
       unknown (106.52.174.219): 18 Time(s)
       unknown (113.185.0.13): 18 Time(s)
       unknown (182.254.212.32): 18 Time(s)
       unknown (211.220.27.191): 18 Time(s)
       unknown (82.156.249.184): 18 Time(s)
       unknown (183.214.193.196): 17 Time(s)
       unknown (2-228-139-162.ip191.fastwebnet.it): 17 Time(s)
       unknown (ec2-3-109-134-184.ap-south-1.compute.amazonaws.com): 17 Time(s)
       root (45.114.192.154): 16 Time(s)
       unknown (173-161-87-170-illinois.hfc.comcastbusiness.net): 16 Time(s)
       unknown (61.76.173.244): 16 Time(s)
       root (120.92.79.133): 15 Time(s)
       unknown (132.232.4.140): 15 Time(s)
       unknown (202.111.30.6): 15 Time(s)
       unknown (42.192.183.38): 15 Time(s)
       unknown (81.70.161.94): 15 Time(s)
       unknown (server-176.53.43.111.as42926.net): 15 Time(s)
       root (211.220.27.191): 14 Time(s)
       unknown (12.12.171.213): 14 Time(s)
       unknown (152.136.212.92): 14 Time(s)
       root (170.245.14.173): 13 Time(s)
       root (117.119.100.210): 12 Time(s)
       root (182-237-16-190.fibertel.com.ar): 12 Time(s)
       root (186.16.210.34): 12 Time(s)
       root (58.48.141.127): 12 Time(s)
       root (ip-107-180-88-176.ip.secureserver.net): 12 Time(s)
       root (v160-251-8-225.fswu.static.cnode.io): 12 Time(s)
       unknown (119.29.0.209): 12 Time(s)
       unknown (139.219.15.52): 12 Time(s)
       root (fixed-187-189-52-132.totalplay.net): 11 Time(s)
       unknown (181.188.186.158): 11 Time(s)
       unknown (182-237-16-190.fibertel.com.ar): 11 Time(s)
       unknown (183.250.160.58): 11 Time(s)
       unknown (200.31.122.174): 10 Time(s)
       unknown (43.254.153.84): 10 Time(s)
       unknown (82.222.252.34): 10 Time(s)
       unknown (vmi694307.contaboserver.net): 10 Time(s)
       root (186.210.30.160): 9 Time(s)
       root (193.112.42.13): 9 Time(s)
       unknown (1.15.25.243): 9 Time(s)
       unknown (141.98.10.60): 9 Time(s)
       unknown (v160-251-8-225.fswu.static.cnode.io): 9 Time(s)
       root (111-243-66-152.dynamic-ip.hinet.net): 8 Time(s)
       root (159.223.18.151): 8 Time(s)
       unknown (109.227.63.3): 8 Time(s)
       unknown (45.114.192.154): 8 Time(s)
       root (182.72.235.174): 7 Time(s)
       root (177.238.130.15): 6 Time(s)
       unknown (1.116.158.251): 6 Time(s)
       unknown (117.119.100.210): 6 Time(s)
       unknown (170.245.14.173): 6 Time(s)
       unknown (194.5.177.98): 6 Time(s)
       unknown (58.208.84.93): 6 Time(s)
       unknown (82.156.89.184): 6 Time(s)
       root (1.116.158.251): 5 Time(s)
       root (209.141.49.147): 5 Time(s)
       unknown (111-243-66-152.dynamic-ip.hinet.net): 5 Time(s)
       unknown (120.92.79.133): 5 Time(s)
       unknown (186.210.30.160): 5 Time(s)
       unknown (ip-107-180-88-176.ip.secureserver.net): 5 Time(s)
       root (113.120.33.49): 4 Time(s)
       root (113.128.11.215): 4 Time(s)
       root (122.4.29.160): 4 Time(s)
       root (139.59.144.149): 4 Time(s)
       root (68.183.180.46): 4 Time(s)
       unknown (141.98.10.81): 4 Time(s)
       unknown (167.88.161.219): 4 Time(s)
       unknown (199.195.251.49): 4 Time(s)
       unknown (209.141.49.147): 4 Time(s)
       root (122.4.49.132): 3 Time(s)
       root (194.5.177.98): 3 Time(s)
       root (58.221.101.182): 3 Time(s)
       unknown (058177171112.ctinets.com): 3 Time(s)
       unknown (116.105.30.143): 3 Time(s)
       unknown (134.236.247.145): 3 Time(s)
       unknown (186.16.210.34): 3 Time(s)
       unknown (193.169.254.138): 3 Time(s)
       unknown (209.141.55.232): 3 Time(s)
       unknown (212.193.30.101): 3 Time(s)
       root (058177171112.ctinets.com): 2 Time(s)
       root (113.120.28.167): 2 Time(s)
       root (113.120.38.82): 2 Time(s)
       root (113.128.120.67): 2 Time(s)
       root (122.4.51.227): 2 Time(s)
       root (122.4.52.213): 2 Time(s)
       root (122.4.54.160): 2 Time(s)
       unknown (1.222.105.28): 2 Time(s)
       unknown (113.120.28.167): 2 Time(s)
       unknown (113.128.120.67): 2 Time(s)
       unknown (113.128.39.103): 2 Time(s)
       unknown (116.105.219.169): 2 Time(s)
       unknown (159.223.18.151): 2 Time(s)
       unknown (171.252.225.177): 2 Time(s)
       unknown (209.144.135.77.rev.sfr.net): 2 Time(s)
       unknown (58.221.101.182): 2 Time(s)
       unknown (fixed-187-189-52-132.totalplay.net): 2 Time(s)
       unknown (p5787269f.dip0.t-ipconnect.de): 2 Time(s)
       irc (119.29.0.209): 1 Time(s)
       mysql (173-161-87-170-illinois.hfc.comcastbusiness.net): 1 Time(s)
       mysql (183.214.193.196): 1 Time(s)
       mysql (ec2-3-109-134-184.ap-south-1.compute.amazonaws.com): 1 Time(s)
       root (113.120.36.66): 1 Time(s)
       root (113.128.122.139): 1 Time(s)
       root (113.128.39.103): 1 Time(s)
       root (116.105.170.25): 1 Time(s)
       root (134.236.247.145): 1 Time(s)
       root (176.111.173.238): 1 Time(s)
       root (39.170.80.185): 1 Time(s)
       root (58.246.251.27): 1 Time(s)
       unknown (103.144.82.250): 1 Time(s)
       unknown (113.120.33.49): 1 Time(s)
       unknown (113.120.38.82): 1 Time(s)
       unknown (113.128.122.139): 1 Time(s)
       unknown (121.28.182.26): 1 Time(s)
       unknown (122.4.29.160): 1 Time(s)
       unknown (122.4.49.132): 1 Time(s)
       unknown (122.4.52.213): 1 Time(s)
       unknown (139.59.144.149): 1 Time(s)
       unknown (182.72.235.174): 1 Time(s)
       unknown (185.220.102.243): 1 Time(s)
       unknown (188.126.89.37): 1 Time(s)
       unknown (188.126.89.40): 1 Time(s)
       unknown (68.183.180.46): 1 Time(s)
       unknown (node2.nodnetwork.org): 1 Time(s)
       unknown (schuetz.magix.com.sg): 1 Time(s)
    Invalid Users:
       Unknown Account: 647 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

   12.852K  Bytes accepted                              13,160
   12.852K  Bytes sent via SMTP                         13,160
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        3   4xx Reject relay denied                     75.00%
        1   4xx Reject VRFY                             25.00%
 --------   --------------------------------------------------
        4   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       70   Connections             
       31   Connections lost (inbound) 
       70   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.15.25.243: 21 times
    1.116.158.251: 5 times
    2.228.139.162 (2-228-139-162.ip191.fastwebnet.it): 33 times
    3.109.134.184 (ec2-3-109-134-184.ap-south-1.compute.amazonaws.com): 33 times
    12.12.171.213: 35 times
    39.170.80.185: 1 time
    42.192.183.38: 36 times
    43.254.153.84: 21 times
    45.114.192.154 (154-192-114-45.intechonline.net): 16 times
    58.48.141.127: 12 times
    58.177.171.112 (058177171112.ctinets.com): 2 times
    58.208.84.93: 19 times
    58.221.101.182: 3 times
    58.246.251.27: 1 time
    61.76.173.244: 34 times
    68.183.180.46: 4 times
    81.70.161.94: 35 times
    82.156.89.184: 19 times
    82.156.249.184: 30 times
    82.222.252.34 (host-82-222-252-34.reverse.superonline.net): 20 times
    103.154.101.11: 32 times
    106.52.174.219: 32 times
    107.180.88.176 (ip-107-180-88-176.ip.secureserver.net): 12 times
    109.227.63.3 (srv-109-227-63-3.static.a1.hr): 18 times
    111.243.66.152 (111-243-66-152.dynamic-ip.hinet.net): 8 times
    113.120.28.167: 2 times
    113.120.33.49: 4 times
    113.120.36.66: 1 time
    113.120.38.82: 2 times
    113.128.11.215: 4 times
    113.128.39.103: 1 time
    113.128.120.67: 2 times
    113.128.122.139: 1 time
    113.185.0.13 (static.vnpt.vn): 30 times
    116.105.170.25: 1 time
    117.119.100.210: 12 times
    119.29.0.209: 38 times
    120.92.79.133: 15 times
    121.28.182.26: 26 times
    122.4.29.160 (160.29.4.122.broad.jn.sd.dynamic.163data.com.cn): 4 times
    122.4.49.132 (132.49.4.122.broad.jn.sd.dynamic.163data.com.cn): 3 times
    122.4.51.227 (227.51.4.122.broad.jn.sd.dynamic.163data.com.cn): 2 times
    122.4.52.213 (213.52.4.122.broad.jn.sd.dynamic.163data.com.cn): 2 times
    122.4.54.160 (160.54.4.122.broad.jn.sd.dynamic.163data.com.cn): 2 times
    132.232.4.140: 35 times
    134.236.247.145: 1 time
    139.59.144.149: 4 times
    139.219.15.52: 38 times
    152.136.212.92: 36 times
    159.223.18.151: 8 times
    160.251.8.225 (v160-251-8-225.fswu.static.cnode.io): 12 times
    170.245.14.173 (neorede.com.br): 13 times
    173.161.87.170 (173-161-87-170-Illinois.hfc.comcastbusiness.net): 34 times
    176.53.43.111 (server-176.53.43.111.as42926.net): 33 times
    176.111.173.238: 1 time
    177.238.130.15 (177.238.130.15.cable.dyn.cableonline.com.mx): 6 times
    181.188.186.158 (LPZ-181-188-186-00158.tigo.bo): 39 times
    182.72.235.174 (nsg-static-174.235.72.182.airtel.in): 7 times
    182.254.212.32: 32 times
    183.214.193.196: 33 times
    183.250.160.58: 39 times
    186.16.210.34 (pool-34-210-16-186.telecel.com.py): 12 times
    186.210.30.160 (186-210-030-160.xd-dynamic.algarnetsuper.com.br): 9 times
    187.189.52.132 (fixed-187-189-52-132.totalplay.net): 11 times
    188.166.245.67: 261 times
    190.16.237.182 (182-237-16-190.fibertel.com.ar): 12 times
    193.112.42.13: 9 times
    194.5.177.98: 3 times
    194.163.143.209 (vmi694307.contaboserver.net): 23 times
    200.31.122.174 (host-200-31-122-174.americatelnet.com.pe): 23 times
    201.218.215.106: 27 times
    202.111.30.6: 31 times
    209.141.49.147: 5 times
    211.220.27.191: 14 times
    218.17.46.204: 31 times
 
 Illegal users from:
    undef: 431 times
    1.15.25.243: 9 times
    1.116.158.251: 6 times
    1.222.105.28: 2 times
    2.228.139.162 (2-228-139-162.ip191.fastwebnet.it): 17 times
    3.109.134.184 (ec2-3-109-134-184.ap-south-1.compute.amazonaws.com): 17 times
    12.12.171.213: 14 times
    42.192.183.38: 15 times
    43.254.153.84: 10 times
    45.114.192.154 (154-192-114-45.intechonline.net): 8 times
    58.177.171.112 (058177171112.ctinets.com): 3 times
    58.208.84.93: 6 times
    58.221.101.182: 2 times
    61.76.173.244: 16 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    68.183.180.46: 1 time
    77.135.144.209 (209.144.135.77.rev.sfr.net): 2 times
    81.70.161.94: 15 times
    82.156.89.184: 6 times
    82.156.249.184: 18 times
    82.222.252.34 (host-82-222-252-34.reverse.superonline.net): 10 times
    87.135.38.159 (p5787269f.dip0.t-ipconnect.de): 2 times
    103.144.82.250: 1 time
    103.154.101.11: 18 times
    106.52.174.219: 18 times
    107.180.88.176 (ip-107-180-88-176.ip.secureserver.net): 5 times
    109.227.63.3 (srv-109-227-63-3.static.a1.hr): 8 times
    111.243.66.152 (111-243-66-152.dynamic-ip.hinet.net): 5 times
    113.120.28.167: 2 times
    113.120.33.49: 1 time
    113.120.38.82: 1 time
    113.128.39.103: 2 times
    113.128.120.67: 2 times
    113.128.122.139: 1 time
    113.185.0.13 (static.vnpt.vn): 18 times
    116.105.30.143: 3 times
    116.105.219.169: 2 times
    117.119.100.210: 6 times
    119.29.0.209: 12 times
    120.92.79.133: 5 times
    121.28.182.26: 1 time
    122.4.29.160 (160.29.4.122.broad.jn.sd.dynamic.163data.com.cn): 1 time
    122.4.49.132 (132.49.4.122.broad.jn.sd.dynamic.163data.com.cn): 1 time
    122.4.52.213 (213.52.4.122.broad.jn.sd.dynamic.163data.com.cn): 1 time
    132.232.4.140: 15 times
    134.236.247.145: 3 times
    139.59.144.149: 1 time
    139.219.15.52: 12 times
    141.98.10.60: 9 times
    141.98.10.81: 4 times
    152.136.212.92: 14 times
    159.223.18.151: 2 times
    160.251.8.225 (v160-251-8-225.fswu.static.cnode.io): 9 times
    165.21.73.130 (schuetz.magix.com.sg): 1 time
    167.88.161.219 (smtp21.gftvrsr.xyz): 4 times
    170.245.14.173 (neorede.com.br): 6 times
    171.252.225.177 (dynamic-ip-adsl.viettel.vn): 2 times
    173.161.87.170 (173-161-87-170-Illinois.hfc.comcastbusiness.net): 16 times
    176.53.43.111 (server-176.53.43.111.as42926.net): 15 times
    181.188.186.158 (LPZ-181-188-186-00158.tigo.bo): 11 times
    182.72.235.174 (nsg-static-174.235.72.182.airtel.in): 1 time
    182.254.212.32: 18 times
    183.214.193.196: 17 times
    183.250.160.58: 11 times
    185.220.102.243 (185-220-102-243.torservers.net): 1 time
    186.16.210.34 (pool-34-210-16-186.telecel.com.py): 3 times
    186.210.30.160 (186-210-030-160.xd-dynamic.algarnetsuper.com.br): 5 times
    187.189.52.132 (fixed-187-189-52-132.totalplay.net): 2 times
    188.126.89.37: 1 time
    188.126.89.40: 1 time
    190.16.237.182 (182-237-16-190.fibertel.com.ar): 11 times
    193.112.42.13: 40 times
    193.169.254.138: 3 times
    194.5.177.98: 6 times
    194.163.143.209 (vmi694307.contaboserver.net): 10 times
    199.195.251.49: 4 times
    200.31.122.174 (host-200-31-122-174.americatelnet.com.pe): 10 times
    201.218.215.106: 23 times
    202.111.30.6: 15 times
    209.141.49.147: 4 times
    209.141.55.232: 3 times
    209.141.57.164 (tor-exit.privacifi.net): 1 time
    209.141.59.77 (node2.nodnetwork.org): 1 time
    211.220.27.191: 18 times
    212.193.30.101 (slot0.iglogi-camo.com): 3 times
    218.17.46.204: 19 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)