[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 7 Januar 2022


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Jan  7 04:42:04 2022
        Date Range Processed: yesterday
                              ( 2022-Jan-06 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 38:39 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    103.145.13.223 -> zapf.wiki:443: 2 Time(s)
    125.72.95.248 -> zapf.wiki:443: 1 Time(s)
    60.191.125.35 -> zapf.wiki:443: 1 Time(s)
 
 A total of 8 sites probed the server 
    138.201.231.140
    139.162.145.250
    139.59.83.186
    161.35.230.3
    161.35.238.241
    185.142.236.41
    200.73.112.67
    34.229.218.88
 
 Requests with error response codes
    400 Bad Request
       null: 18 Time(s)
       /phpmyadmin/scripts/setup.php: 4 Time(s)
       zapf.wiki:443: 4 Time(s)
       /: 3 Time(s)
       /.env: 2 Time(s)
       mstshash=Domain: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       /bag2: 1 Time(s)
       /c/version.js: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /flu/403.html: 1 Time(s)
       /robots.txt: 1 Time(s)
       /stalker_portal/c/version.js: 1 Time(s)
       /stream/live.php: 1 Time(s)
       /streaming/clients_live.php: 1 Time(s)
       /system_api.php: 1 Time(s)
       /w3Nd: 1 Time(s)
       7: 1 Time(s)
      
XP|'|'|No|'|'|0.6.4|'|'|..|'|'||'|'|[endof]: 1
Time(s)
       \x00\x00\x00\x00: 1 Time(s)
       \xB1\xBET\xA4\x9AZ\x9A\xA0?\x90\xE0\xF2t0\ ... J\xA9<\xBD\xDA`: 1 Time(s)
    403 Forbidden
       /FrcS3CFURGOhH8IZnOVeEw?both: 1 Time(s)
    500 Internal Server Error
       /: 48 Time(s)
       /.env: 17 Time(s)
       /robots.txt: 8 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 2 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s)
       /mifs/.;/services/LogService: 2 Time(s)
       /owa/auth/logon.aspx: 2 Time(s)
       /owa/auth/logon.aspx?replaceCurrent=1&url= ... apf.in%2Fowa%2F: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /actuator/health: 1 Time(s)
       /c/version.js: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /flu/403.html: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s)
       /sitemap.xml: 1 Time(s)
       /stalker_portal/c/version.js: 1 Time(s)
       /stream/live.php: 1 Time(s)
       /streaming/clients_live.php: 1 Time(s)
       /system_api.php: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (113.57.109.73): 40 Time(s)
       root (104.248.160.14): 36 Time(s)
       root (175.0.164.244): 36 Time(s)
       root (116.255.131.3): 25 Time(s)
       root (199.115.162.210): 21 Time(s)
       root (static-201-151-6-30.alestra.net.mx): 21 Time(s)
       unknown (static-201-151-6-30.alestra.net.mx): 21 Time(s)
       root (121.61.115.66): 20 Time(s)
       root (157.245.101.31): 20 Time(s)
       root (101.69.200.162): 18 Time(s)
       root (154.83.14.152): 18 Time(s)
       root (85-192-133-13.dsl.esoo.ru): 16 Time(s)
       unknown (104.248.160.14): 14 Time(s)
       unknown (116.255.131.3): 12 Time(s)
       root (ns3152155.ip-151-106-38.eu): 10 Time(s)
       unknown (113.57.109.73): 10 Time(s)
       unknown (175.0.164.244): 10 Time(s)
       unknown (121.61.115.66): 9 Time(s)
       unknown (157.245.101.31): 9 Time(s)
       unknown (199.115.162.210): 9 Time(s)
       unknown (101.69.200.162): 7 Time(s)
       unknown (154.83.14.152): 7 Time(s)
       unknown (85-192-133-13.dsl.esoo.ru): 7 Time(s)
       unknown (ns3152155.ip-151-106-38.eu): 7 Time(s)
       root (118.195.145.14): 4 Time(s)
       root (177.188.164.230): 4 Time(s)
       root (211.36.141.106): 4 Time(s)
       root (59.89.168.111): 4 Time(s)
       root (121.66.109.90): 3 Time(s)
       root (128.199.115.81): 3 Time(s)
       unknown (81.69.45.101): 3 Time(s)
       root (122.51.53.176): 2 Time(s)
       root (168.121.104.255): 2 Time(s)
       unknown (128.199.115.81): 2 Time(s)
       unknown (50.45.186.194): 2 Time(s)
       unknown (81.200.28.9): 2 Time(s)
       unknown (82.66.76.43): 2 Time(s)
       unknown (n219078076028.netvigator.com): 2 Time(s)
       postgres (154.83.14.152): 1 Time(s)
       root (188.166.102.204): 1 Time(s)
       root (81.69.45.101): 1 Time(s)
       root (h-37-123-163-58.a785.priv.bahnhof.se): 1 Time(s)
       temp (85-192-133-13.dsl.esoo.ru): 1 Time(s)
       unknown (103.154.101.11): 1 Time(s)
       unknown (116.110.89.215): 1 Time(s)
       unknown (121.66.109.90): 1 Time(s)
       unknown (141.98.10.202): 1 Time(s)
       unknown (141.98.10.60): 1 Time(s)
       unknown (171.252.186.42): 1 Time(s)
       unknown (177.188.164.230): 1 Time(s)
       unknown (2.58.149.221): 1 Time(s)
       unknown (211.36.141.106): 1 Time(s)
       unknown (59.89.168.111): 1 Time(s)
       unknown (92.255.85.237): 1 Time(s)
    Invalid Users:
       Unknown Account: 146 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  
 
   10.837K  Bytes accepted                              11,097
   10.837K  Bytes sent via SMTP                         11,097
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       71   Connections             
        7   Connections lost (inbound) 
       71   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    37.123.163.58 (h-37-123-163-58.A785.priv.bahnhof.se): 1 time
    59.89.168.111: 4 times
    81.69.45.101: 1 time
    85.192.133.13 (85-192-133-13.dsl.esoo.ru): 17 times
    101.69.200.162: 18 times
    104.248.160.14: 36 times
    113.57.109.73: 40 times
    116.255.131.3: 25 times
    118.195.145.14: 4 times
    121.61.115.66: 20 times
    121.66.109.90: 3 times
    122.51.53.176: 2 times
    128.199.115.81 (128.199.162.143-newcopy): 3 times
    151.106.38.100 (ns3152155.ip-151-106-38.eu): 10 times
    154.83.14.152: 19 times
    157.245.101.31: 20 times
    168.121.104.255: 2 times
    175.0.164.244: 36 times
    177.188.164.230 (177-188-164-230.dsl.telesp.net.br): 4 times
    188.166.102.204: 1 time
    199.115.162.210 (210.162.115.199.IN-ADDR.ARPA.PLBB.US): 21 times
    201.151.6.30 (static-201-151-6-30.alestra.net.mx): 21 times
    211.36.141.106: 4 times
 
 Illegal users from:
    2001:470:1:c84::14: 1 time
    undef: 99 times
    2.58.149.221: 1 time
    50.45.186.194: 2 times
    59.89.168.111: 1 time
    64.62.197.32: 1 time
    81.69.45.101: 3 times
    81.200.28.9 (jat201.su29.ru): 2 times
    82.66.76.43 (mir31-1_migr-82-66-76-43.fbx.proxad.net): 2 times
    85.192.133.13 (85-192-133-13.dsl.esoo.ru): 7 times
    92.255.85.237: 1 time
    101.69.200.162: 7 times
    103.154.101.11: 1 time
    104.248.160.14: 14 times
    113.57.109.73: 10 times
    116.110.89.215: 1 time
    116.255.131.3: 12 times
    121.61.115.66: 9 times
    121.66.109.90: 1 time
    128.199.115.81 (128.199.162.143-newcopy): 2 times
    141.98.10.60: 1 time
    141.98.10.202: 1 time
    151.106.38.100 (ns3152155.ip-151-106-38.eu): 7 times
    154.83.14.152: 7 times
    157.245.101.31: 9 times
    171.252.186.42 (dynamic-adsl.viettel.vn): 1 time
    175.0.164.244: 10 times
    177.188.164.230 (177-188-164-230.dsl.telesp.net.br): 1 time
    178.73.215.171 (178-73-215-171-static.glesys.net): 1 time
    199.115.162.210 (210.162.115.199.IN-ADDR.ARPA.PLBB.US): 9 times
    201.151.6.30 (static-201-151-6-30.alestra.net.mx): 21 times
    211.36.141.106: 1 time
    219.78.76.28 (n219078076028.netvigator.com): 2 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)