[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Dienstag, 14 Mai 2024


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Tue May 14 04:42:03 2024
        Date Range Processed: yesterday
                              ( 2024-May-13 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [100:100]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    141.98.11.79 -> google.com:443: 1 Time(s)
    87.121.69.52 -> google.com:443: 1 Time(s)
 
 A total of 2 sites probed the server 
    198.235.24.183
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       google.com:443: 2 Time(s)
       null: 2 Time(s)
       /: 1 Time(s)
       \x5C\xDBn\x09\x95\xE2@j\xD5\xEA\xA2i\xA5\x ... 5\xAD\x167\xB1c: 1 Time(s)
       mstshash=Administr: 1 Time(s)
    499 (undefined)
       /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s)
    500 Internal Server Error
       /: 2 Time(s)
       /.env: 1 Time(s)
       /.git/config: 1 Time(s)
       /agent/login: 1 Time(s)
       /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 1 Time(s)
       /favicon-32x32.png: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
    502 Bad Gateway
       /dWSnkpmUTNyWpi6hr2tiDg/pdf: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (183.81.169.238): 24 Time(s)
       root (79.110.62.145): 15 Time(s)
       unknown (159.203.134.148): 15 Time(s)
       unknown (79.110.62.145): 13 Time(s)
       root (179.43.180.108): 12 Time(s)
       unknown (159.65.5.50): 12 Time(s)
       unknown (static-200-119-46-62.static.etb.net.co): 12 Time(s)
       unknown (143.255.140.129): 11 Time(s)
       unknown (43.134.250.195): 10 Time(s)
       root (180.242.130.19): 9 Time(s)
       unknown (180.242.130.19): 9 Time(s)
       unknown (85.209.11.254): 9 Time(s)
       root (119.28.232.181): 8 Time(s)
       root (43.134.167.81): 8 Time(s)
       root (43.153.98.47): 8 Time(s)
       unknown (106.12.159.126): 8 Time(s)
       unknown (185.126.34.211): 8 Time(s)
       unknown (222.ip-151-80-118.eu): 8 Time(s)
       unknown (43.131.63.203): 8 Time(s)
       unknown (43.153.96.13): 8 Time(s)
       unknown (49.51.248.225): 8 Time(s)
       root (139.59.117.243): 7 Time(s)
       unknown (149.62.189.250): 7 Time(s)
       unknown (43.163.195.123): 7 Time(s)
       unknown (51-159-23-188.rev.poneytelecom.eu): 7 Time(s)
       unknown (85.209.11.27): 7 Time(s)
       unknown (sehati.tanjabtimkab.go.id): 7 Time(s)
       root (101.91.200.172): 6 Time(s)
       root (122.224.37.86): 6 Time(s)
       root (159.203.134.148): 6 Time(s)
       root (183.105.99.81): 6 Time(s)
       root (220.80.110.205): 6 Time(s)
       root (sehati.tanjabtimkab.go.id): 6 Time(s)
       unknown (101.36.112.113): 6 Time(s)
       unknown (119.28.232.181): 6 Time(s)
       unknown (124.156.2.182): 6 Time(s)
       unknown (139.59.117.243): 6 Time(s)
       unknown (14.29.247.62): 6 Time(s)
       unknown (163.172.155.110): 6 Time(s)
       unknown (170.106.189.85): 6 Time(s)
       unknown (43.134.167.81): 6 Time(s)
       root (14.29.247.62): 5 Time(s)
       root (14.53.134.163): 5 Time(s)
       root (143.255.140.129): 5 Time(s)
       root (149.62.189.250): 5 Time(s)
       root (170.106.189.85): 5 Time(s)
       root (180.76.163.245): 5 Time(s)
       root (43.134.250.195): 5 Time(s)
       root (43.153.96.13): 5 Time(s)
       root (43.163.195.123): 5 Time(s)
       root (51-159-23-188.rev.poneytelecom.eu): 5 Time(s)
       unknown (114.96.86.19): 5 Time(s)
       unknown (134.209.19.26): 5 Time(s)
       unknown (43.153.98.47): 5 Time(s)
       unknown (58.75.221.5): 5 Time(s)
       unknown (lfbn-idf2-1-727-146.w86-247.abo.wanadoo.fr): 5 Time(s)
       root (101.36.112.113): 4 Time(s)
       root (124.156.2.182): 4 Time(s)
       root (134.209.19.26): 4 Time(s)
       root (162.62.127.194): 4 Time(s)
       root (185.126.34.211): 4 Time(s)
       root (222.ip-151-80-118.eu): 4 Time(s)
       root (49.51.248.225): 4 Time(s)
       root (lfbn-idf2-1-727-146.w86-247.abo.wanadoo.fr): 4 Time(s)
       unknown (101.91.200.172): 4 Time(s)
       unknown (162.62.127.194): 4 Time(s)
       unknown (175.178.115.183): 4 Time(s)
       unknown (180.76.163.245): 4 Time(s)
       unknown (223.221.36.42): 4 Time(s)
       root (114.96.86.19): 3 Time(s)
       root (159.65.5.50): 3 Time(s)
       root (175.178.115.183): 3 Time(s)
       root (43.131.63.203): 3 Time(s)
       root (58.75.221.5): 3 Time(s)
       root (static-200-119-46-62.static.etb.net.co): 3 Time(s)
       unknown (159.223.87.140): 3 Time(s)
       unknown (185.196.8.151): 3 Time(s)
       unknown (194.169.175.36): 3 Time(s)
       unknown (36.103.224.85): 3 Time(s)
       root (163.172.155.110): 2 Time(s)
       root (194.169.175.36): 2 Time(s)
       unknown (138.197.159.168): 2 Time(s)
       unknown (188.166.4.191): 2 Time(s)
       unknown (194.169.175.35): 2 Time(s)
       mysql (139.59.117.243): 1 Time(s)
       mysql (180.242.130.19): 1 Time(s)
       mysql (222.ip-151-80-118.eu): 1 Time(s)
       mysql (43.134.167.81): 1 Time(s)
       postgres (14.29.247.62): 1 Time(s)
       postgres (143.255.140.129): 1 Time(s)
       postgres (149.62.189.250): 1 Time(s)
       postgres (159.65.5.50): 1 Time(s)
       postgres (162.62.127.194): 1 Time(s)
       postgres (170.106.189.85): 1 Time(s)
       root (115.20.185.86): 1 Time(s)
       root (223.221.36.42): 1 Time(s)
       root (36.103.224.85): 1 Time(s)
       root (85.209.11.254): 1 Time(s)
       root (85.209.11.27): 1 Time(s)
       unknown (wsip-184-184-194-184.sv.om.cox.net): 1 Time(s)
       www-data (36.103.224.85): 1 Time(s)
    Invalid Users:
       Unknown Account: 286 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        4   Miscellaneous warnings  
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       15   Connections             
        8   Connections lost (inbound) 
       15   Disconnections          
 
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- Connections (secure-log) Begin ------------------------ 

 
 **Unmatched Entries**
    systemd-logind: New seat seat0.: 1 Time(s)
 
 ---------------------- Connections (secure-log) End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 SSHD Started: 2 Time(s)
 
 Disconnecting after too many authentication failures for user:
    root : 4 Time(s)
 
 Failed logins from:
    14.29.247.62: 6 times
    14.53.134.163: 6 times
    36.67.70.198 (sehati.tanjabtimkab.go.id): 6 times
    36.103.224.85: 2 times
    43.131.63.203: 3 times
    43.134.167.81: 9 times
    43.134.250.195: 5 times
    43.153.96.13: 5 times
    43.153.98.47: 8 times
    43.163.195.123: 5 times
    49.51.248.225: 4 times
    51.159.23.188 (51-159-23-188.rev.poneytelecom.eu): 5 times
    58.75.221.5: 3 times
    79.110.62.145: 15 times
    85.209.11.27: 1 time
    85.209.11.254: 1 time
    86.247.176.146 (lfbn-idf2-1-727-146.w86-247.abo.wanadoo.fr): 4 times
    101.36.112.113: 4 times
    101.91.200.172: 6 times
    114.96.86.19: 3 times
    115.20.185.86: 1 time
    119.28.232.181: 8 times
    122.224.37.86: 6 times
    124.156.2.182: 4 times
    134.209.19.26: 4 times
    139.59.117.243: 8 times
    143.255.140.129 (143-255-140-129.giganet.net.py): 6 times
    149.62.189.250 (149.62.189.250.hostvps.it): 6 times
    151.80.118.222 (222.ip-151-80-118.eu): 5 times
    159.65.5.50: 4 times
    159.203.134.148: 6 times
    162.62.127.194: 5 times
    163.172.155.110 (110-155-172-163.instances.scw.cloud): 2 times
    170.106.189.85: 6 times
    175.178.115.183: 3 times
    179.43.180.108 (hostedby.privatelayer.com): 12 times
    180.76.163.245: 5 times
    180.242.130.19: 10 times
    183.81.169.238: 24 times
    183.105.99.81: 6 times
    185.126.34.211: 4 times
    194.169.175.36: 2 times
    200.119.46.62 (static-200-119-46-62.static.etb.net.co): 3 times
    220.80.110.205: 6 times
    223.221.36.42: 1 time
 
 Illegal users from:
    2001:470:1:c84::22 (scan-12n.shadowserver.org): 1 time
    undef: 130 times
    14.29.247.62: 6 times
    36.67.70.198 (sehati.tanjabtimkab.go.id): 7 times
    36.103.224.85: 3 times
    43.131.63.203: 8 times
    43.134.167.81: 6 times
    43.134.250.195: 10 times
    43.153.96.13: 8 times
    43.153.98.47: 5 times
    43.163.195.123: 7 times
    49.51.248.225: 8 times
    51.159.23.188 (51-159-23-188.rev.poneytelecom.eu): 7 times
    58.75.221.5: 5 times
    64.62.197.176 (scan-49j.shadowserver.org): 1 time
    79.110.62.145: 13 times
    85.209.11.27: 7 times
    85.209.11.254: 10 times
    86.247.176.146 (lfbn-idf2-1-727-146.w86-247.abo.wanadoo.fr): 5 times
    101.36.112.113: 6 times
    101.91.200.172: 4 times
    106.12.159.126: 8 times
    114.96.86.19: 5 times
    119.28.232.181: 6 times
    124.156.2.182: 6 times
    134.209.19.26: 5 times
    138.197.159.168: 2 times
    139.19.117.130 (inet-research-scan-6.mpi-inf.mpg.de): 7 times
    139.59.117.243: 6 times
    143.255.140.129 (143-255-140-129.giganet.net.py): 11 times
    149.62.189.250 (149.62.189.250.hostvps.it): 7 times
    151.80.118.222 (222.ip-151-80-118.eu): 8 times
    159.65.5.50: 12 times
    159.203.134.148: 15 times
    159.223.87.140: 3 times
    162.62.127.194: 4 times
    163.172.155.110 (110-155-172-163.instances.scw.cloud): 6 times
    170.106.189.85: 6 times
    175.178.115.183: 4 times
    180.76.163.245: 4 times
    180.242.130.19: 9 times
    184.184.194.184 (wsip-184-184-194-184.sv.om.cox.net): 1 time
    185.126.34.211: 8 times
    185.196.8.151: 3 times
    188.166.4.191: 2 times
    194.169.175.35: 2 times
    194.169.175.36: 3 times
    200.119.46.62 (static-200-119-46-62.static.etb.net.co): 12 times
    223.221.36.42: 4 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop22185p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)