[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 3 Mai 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri May  3 04:42:04 2019
        Date Range Processed: yesterday
                              ( 2019-May-02 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 59:57 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 1 sites probed the server 
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       /: 1 Time(s)
       /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s)
       7: 1 Time(s)
       mstshash=Administr: 1 Time(s)
       null: 1 Time(s)
    404 Not Found
       /robots.txt: 26 Time(s)
       /imp.html: 1 Time(s)
       /node: 1 Time(s)
       /reader/2016_sose_konstanz_lang.pdf: 1 Time(s)
       /resolutionen/sose12/Reso_Interdisziplinae ... f;Stellungnahme: 1 Time(s)
       /resolutionen/sose14/reso_sose14_zusammenarbeitzapf-che.pdf: 1 Time(s)
       /sites/default/files/1983_WiSe_Darmstadt.pdf: 1 Time(s)
    500 Internal Server Error
       /: 23 Time(s)
       /robots.txt: 2 Time(s)
       /admin/: 1 Time(s)
       /admin//config.php: 1 Time(s)
       /admin/config.php: 1 Time(s)
       /api/v1/namespaces/kube-system/services/ht ... shboard:/proxy/: 1 Time(s)
       /backup/: 1 Time(s)
       /db/: 1 Time(s)
       /dbadmin/: 1 Time(s)
       /myadmin/: 1 Time(s)
       /nx8j78af1b.jsp: 1 Time(s)
       /phpMyAdmin/: 1 Time(s)
       /phpmyadmin/: 1 Time(s)
       /pma/: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (180.151.3.103): 56 Time(s)
       unknown (139.99.40.27): 37 Time(s)
       unknown (210.4.64.57): 36 Time(s)
       unknown (186.96.102.198): 30 Time(s)
       root (202.131.237.182): 6 Time(s)
       root (218.151.6.90): 6 Time(s)
       root (222.133.66.248): 6 Time(s)
       root (n11211974244.netvigator.com): 6 Time(s)
       root (net-93-71-161-237.cust.vodafonedsl.it): 6 Time(s)
       unknown (103.253.145.219): 6 Time(s)
       unknown (177.125.31.6): 6 Time(s)
       unknown (45.232.253.3): 6 Time(s)
       unknown (ns3077451.ip-188-165-242.eu): 5 Time(s)
       unknown (193.32.163.89): 3 Time(s)
       root (132.145.36.12): 2 Time(s)
       root (198.211.99.103): 2 Time(s)
       root (206.189.131.213): 2 Time(s)
       root (206.189.188.223): 2 Time(s)
       root (212.129.49.177): 2 Time(s)
       unknown (134.red-80-28-234.staticip.rima-tde.net): 2 Time(s)
       unknown (138.197.72.48): 2 Time(s)
       unknown (157.230.103.135): 2 Time(s)
       unknown (159.65.245.203): 2 Time(s)
       unknown (190.129.0.147): 2 Time(s)
       unknown (212.129.49.177): 2 Time(s)
       unknown (244.ip-164-132-230.eu): 2 Time(s)
       unknown (45.252.249.148): 2 Time(s)
       unknown (ip182.ip-51-254-51.eu): 2 Time(s)
       gnats (186.96.102.198): 1 Time(s)
       gnats (ec2-34-217-230-141.us-west-2.compute.amazonaws.com): 1 Time(s)
       mysql (104.236.102.16): 1 Time(s)
       mysql (221.160.100.14): 1 Time(s)
       news (139.99.40.27): 1 Time(s)
       nobody (139.99.40.27): 1 Time(s)
       postgres (159.89.28.131): 1 Time(s)
       postgres (165.227.140.123): 1 Time(s)
       postgres (c-73-12-65-212.hsd1.va.comcast.net): 1 Time(s)
       root (101.89.217.244): 1 Time(s)
       root (103.237.147.69): 1 Time(s)
       root (103.245.72.15): 1 Time(s)
       root (104.248.178.100): 1 Time(s)
       root (106.13.87.50): 1 Time(s)
       root (111.230.204.123): 1 Time(s)
       root (117.255.216.116): 1 Time(s)
       root (119.28.57.220): 1 Time(s)
       root (125.212.254.144): 1 Time(s)
       root (138.68.20.158): 1 Time(s)
       root (139.59.143.213): 1 Time(s)
       root (151-236-46-104.static.as29550.net): 1 Time(s)
       root (159.65.245.203): 1 Time(s)
       root (159.89.28.131): 1 Time(s)
       root (165.227.138.245): 1 Time(s)
       root (167.99.8.158): 1 Time(s)
       root (181.63.245.127): 1 Time(s)
       root (190.187.67.67): 1 Time(s)
       root (194.44.111.130): 1 Time(s)
       root (206.189.197.48): 1 Time(s)
       root (217.218.21.242): 1 Time(s)
       root (36.189.241.250): 1 Time(s)
       root (45.55.42.17): 1 Time(s)
       root (58.42.226.219): 1 Time(s)
       root (96.76.166.105): 1 Time(s)
       root (hb41.as-s.be): 1 Time(s)
       root (nilsriecker.de): 1 Time(s)
       root (ns543834.ip-139-99-144.net): 1 Time(s)
       root (oc-144-21-68-128.compute.oraclecloud.com): 1 Time(s)
       root (s17783852.onlinehome-server.info): 1 Time(s)
       root (static-200-105-174-20.acelerate.net): 1 Time(s)
       unknown (103.237.147.69): 1 Time(s)
       unknown (103.77.126.133): 1 Time(s)
       unknown (103.94.130.4): 1 Time(s)
       unknown (104.248.235.0): 1 Time(s)
       unknown (106.13.37.207): 1 Time(s)
       unknown (106.225.198.251): 1 Time(s)
       unknown (106.74.36.141): 1 Time(s)
       unknown (111.ip-51-75-250.eu): 1 Time(s)
       unknown (112.216.6.43): 1 Time(s)
       unknown (112.220.104.210): 1 Time(s)
       unknown (113.16.199.94): 1 Time(s)
       unknown (114.112.69.185): 1 Time(s)
       unknown (114.203.229.35.bc.googleusercontent.com): 1 Time(s)
       unknown (123.30.238.211): 1 Time(s)
       unknown (124.205.9.241): 1 Time(s)
       unknown (124.67.81.2): 1 Time(s)
       unknown (125.212.192.201): 1 Time(s)
       unknown (125.212.254.144): 1 Time(s)
       unknown (128.199.100.253): 1 Time(s)
       unknown (128.199.133.249): 1 Time(s)
       unknown (132.255.29.228): 1 Time(s)
       unknown (134.175.200.70): 1 Time(s)
       unknown (138.68.146.186): 1 Time(s)
       unknown (139.199.37.92): 1 Time(s)
       unknown (139.59.180.53): 1 Time(s)
       unknown (14.177.151.67): 1 Time(s)
       unknown (142.93.164.7): 1 Time(s)
       unknown (142.93.170.244): 1 Time(s)
       unknown (142.93.177.246): 1 Time(s)
       unknown (142.93.210.164): 1 Time(s)
       unknown (143.ip-51-38-179.eu): 1 Time(s)
       unknown (157.230.184.128): 1 Time(s)
       unknown (159.65.144.233): 1 Time(s)
       unknown (159.65.54.221): 1 Time(s)
       unknown (159.65.7.56): 1 Time(s)
       unknown (159.89.164.167): 1 Time(s)
       unknown (159.89.165.127): 1 Time(s)
       unknown (164.160.142.85): 1 Time(s)
       unknown (167.99.161.15): 1 Time(s)
       unknown (170.231.81.165): 1 Time(s)
       unknown (178.128.81.125): 1 Time(s)
       unknown (178.62.117.82): 1 Time(s)
       unknown (180.250.18.20): 1 Time(s)
       unknown (182.61.137.108): 1 Time(s)
       unknown (182.61.177.66): 1 Time(s)
       unknown (189.56.127.250): 1 Time(s)
       unknown (19.ip-37-187-193.eu): 1 Time(s)
       unknown (195.62.162.156): 1 Time(s)
       unknown (196.203.31.154): 1 Time(s)
       unknown (202.38.79.85): 1 Time(s)
       unknown (210.212.249.228): 1 Time(s)
       unknown (211.110.140.200): 1 Time(s)
       unknown (213-44-247-110.abo.bbox.fr): 1 Time(s)
       unknown (243.78.126.177.iknettelecom.com.br): 1 Time(s)
       unknown (36.22.187.34): 1 Time(s)
       unknown (37.139.13.105): 1 Time(s)
       unknown (41.86.104.180): 1 Time(s)
       unknown (46.101.235.214): 1 Time(s)
       unknown (59.150.236.245): 1 Time(s)
       unknown (59.8.177.80): 1 Time(s)
       unknown (60.12.26.9): 1 Time(s)
       unknown (68.183.105.52): 1 Time(s)
       unknown (68.183.150.54): 1 Time(s)
       unknown (80-101-91-189.ip.xs4all.nl): 1 Time(s)
       unknown (92.44.83.52): 1 Time(s)
       unknown (c-24-5-207-11.hsd1.ca.comcast.net): 1 Time(s)
       unknown (c-76-121-12-28.hsd1.wa.comcast.net): 1 Time(s)
       unknown (ec2-13-59-56-143.us-east-2.compute.amazonaws.com): 1 Time(s)
       unknown (ec2-34-221-158-91.us-west-2.compute.amazonaws.com): 1 Time(s)
       unknown (edeen.pl): 1 Time(s)
       unknown (ip-176-199-252-116.hsi06.unitymediagroup.de): 1 Time(s)
       unknown (ip113.ip-54-38-175.eu): 1 Time(s)
       unknown (ip125.ip-147-135-158.eu): 1 Time(s)
       unknown (klatenkab.go.id): 1 Time(s)
       unknown (mail.nemchem.co.zw): 1 Time(s)
       unknown (mcp.org.py): 1 Time(s)
       unknown (mx-ll-183.88.57-153.dynamic.3bb.co.th): 1 Time(s)
       unknown (nilsriecker.de): 1 Time(s)
       unknown (nkym.com.ph): 1 Time(s)
       unknown (ns207822.ip-94-23-215.eu): 1 Time(s)
       unknown (oc-129-144-158-190.compute.oraclecloud.com): 1 Time(s)
       unknown (oict-135-80-73-105.inwitelecom.com): 1 Time(s)
       unknown (p4febb85b.dip0.t-ipconnect.de): 1 Time(s)
       unknown (vps-1118498-13712.manage.myhosting.com): 1 Time(s)
       uucp (210.4.64.57): 1 Time(s)
    Invalid Users:
       Unknown Account: 287 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  
 
   22.235K  Bytes accepted                              22,769
   22.235K  Bytes sent via SMTP                         22,769
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
     1518   Connections             
     1485   Connections lost (inbound) 
     1518   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    invalid : 3 Time(s)
    root : 4 Time(s)
 
 Failed logins from:
    34.217.230.141 (ec2-34-217-230-141.us-west-2.compute.amazonaws.com): 1 time
    36.189.241.250: 1 time
    45.55.42.17: 1 time
    58.42.226.219: 1 time
    73.12.65.212 (c-73-12-65-212.hsd1.va.comcast.net): 1 time
    82.165.35.17 (s17783852.onlinehome-server.info): 1 time
    93.71.161.237 (net-93-71-161-237.cust.vodafonedsl.it): 6 times
    96.76.166.105 (96-76-166-105-static.hfc.comcastbusiness.net): 1 time
    101.89.217.244: 1 time
    103.237.147.69: 1 time
    103.245.72.15: 1 time
    104.236.102.16: 1 time
    104.248.178.100: 1 time
    106.13.87.50: 1 time
    111.230.204.123: 1 time
    112.119.74.244 (n11211974244.netvigator.com): 6 times
    117.255.216.116: 1 time
    119.28.57.220: 1 time
    125.212.254.144: 1 time
    132.145.36.12: 2 times
    138.68.20.158: 1 time
    139.59.143.213: 1 time
    139.99.40.27 (27.ip-139-99-40.eu): 2 times
    139.99.144.16 (ns543834.ip-139-99-144.net): 1 time
    144.21.68.128 (oc-144-21-68-128.compute.oraclecloud.com): 1 time
    151.236.46.104 (151-236-46-104.static.as29550.net): 1 time
    159.65.245.203: 1 time
    159.89.28.131: 2 times
    165.227.138.245: 1 time
    165.227.140.123: 1 time
    165.227.151.59 (nilsriecker.de): 1 time
    167.99.8.158: 1 time
    181.63.245.127 (static-ip-cr18163245127.cable.net.co): 1 time
    185.58.96.76 (hb41.as-s.be): 1 time
    186.96.102.198 (azteca-comunicaciones.com): 1 time
    190.187.67.67: 1 time
    194.44.111.130: 1 time
    198.211.99.103: 2 times
    200.105.174.20 (static-200-105-174-20.acelerate.net): 1 time
    202.131.237.182: 6 times
    206.189.131.213: 2 times
    206.189.188.223: 2 times
    206.189.197.48: 1 time
    210.4.64.57 (210-4-64-57.office.bdcom.com): 1 time
    212.129.49.177 (212-129-49-177.rev.poneytelecom.eu): 2 times
    217.218.21.242: 1 time
    218.151.6.90: 6 times
    221.160.100.14: 1 time
    222.133.66.248: 6 times
 
 Illegal users from:
    undef: 191 times
    13.59.56.143 (ec2-13-59-56-143.us-east-2.compute.amazonaws.com): 1 time
    14.177.151.67 (static.vnpt.vn): 1 time
    24.5.207.11 (c-24-5-207-11.hsd1.ca.comcast.net): 1 time
    34.221.158.91 (ec2-34-221-158-91.us-west-2.compute.amazonaws.com): 1 time
    35.229.203.114 (114.203.229.35.bc.googleusercontent.com): 1 time
    36.22.187.34: 1 time
    37.139.13.105: 1 time
    37.187.193.19 (19.ip-37-187-193.eu): 1 time
    41.86.104.180 (41-86-104-180.mweb.co.za): 1 time
    45.232.253.3: 6 times
    45.252.249.148: 2 times
    46.101.235.214: 1 time
    51.38.179.143 (143.ip-51-38-179.eu): 1 time
    51.75.250.111 (111.ip-51-75-250.eu): 1 time
    51.254.51.182 (ip182.ip-51-254-51.eu): 2 times
    54.38.175.113 (ip113.ip-54-38-175.eu): 1 time
    59.8.177.80: 1 time
    59.150.236.245: 1 time
    60.12.26.9: 1 time
    68.183.105.52: 1 time
    68.183.150.54: 1 time
    76.121.12.28 (c-76-121-12-28.hsd1.wa.comcast.net): 1 time
    79.235.184.91 (p4FEBB85B.dip0.t-ipconnect.de): 1 time
    80.28.234.134 (134.red-80-28-234.staticip.rima-tde.net): 2 times
    80.101.91.189 (80-101-91-189.ip.xs4all.nl): 1 time
    92.44.83.52 (host-92-44-83-52.reverse.superonline.net): 1 time
    94.23.215.158 (ns207822.ip-94-23-215.eu): 1 time
    103.77.126.133 (103.77.126.133.reverse.charotarbroadband.in): 1 time
    103.94.130.4: 1 time
    103.108.187.5 (klatenkab.go.id): 1 time
    103.237.147.69: 1 time
    103.253.145.219: 6 times
    104.131.93.33 (mcp.org.py): 1 time
    104.248.235.0: 1 time
    105.73.80.135 (oict-135-80-73-105.inwitelecom.com): 1 time
    106.13.37.207: 1 time
    106.74.36.141: 1 time
    106.225.198.251: 1 time
    112.216.6.43: 1 time
    112.220.104.210: 1 time
    113.16.199.94: 1 time
    114.112.69.185: 1 time
    122.55.19.115 (nkym.com.ph): 1 time
    123.30.238.211 (static.vnpt.vn): 1 time
    124.67.81.2: 1 time
    124.205.9.241: 1 time
    125.212.192.201: 1 time
    125.212.254.144: 1 time
    128.199.100.253: 1 time
    128.199.133.249 (152717.cloudwaysapps.com): 1 time
    129.144.158.190 (oc-129-144-158-190.compute.oraclecloud.com): 1 time
    132.255.29.228 (132-255-29-228.informac.com.br): 1 time
    134.175.200.70: 1 time
    138.68.146.186 (server.fsxapp.xyz): 1 time
    138.197.72.48 (closed-purtiersales.com): 2 times
    139.59.180.53: 1 time
    139.99.40.27 (27.ip-139-99-40.eu): 37 times
    139.199.37.92: 1 time
    142.93.164.7: 1 time
    142.93.170.244: 1 time
    142.93.177.246: 1 time
    142.93.210.164: 1 time
    147.135.158.125 (ip125.ip-147-135-158.eu): 1 time
    157.230.103.135: 2 times
    157.230.184.128: 1 time
    159.65.7.56: 1 time
    159.65.54.221: 1 time
    159.65.144.233: 1 time
    159.65.245.203: 2 times
    159.89.164.167: 1 time
    159.89.165.127: 1 time
    164.132.230.244 (244.ip-164-132-230.eu): 2 times
    164.160.142.85: 1 time
    165.227.151.59 (nilsriecker.de): 1 time
    167.99.161.15: 1 time
    170.231.81.165: 1 time
    176.199.252.116 (ip-176-199-252-116.hsi06.unitymediagroup.de): 1 time
    177.125.31.6 (177.125.31.6.snbandalarga.com.br): 6 times
    177.126.78.243 (243.78.126.177.iknettelecom.com.br): 1 time
    178.62.55.200 (edeen.pl): 1 time
    178.62.117.82: 1 time
    178.128.81.125: 1 time
    180.151.3.103 (kbase.velocis.info): 56 times
    180.250.18.20: 1 time
    182.61.137.108: 1 time
    182.61.177.66: 1 time
    183.88.57.153 (mx-ll-183.88.57-153.dynamic.3bb.co.th): 1 time
    186.96.102.198 (azteca-comunicaciones.com): 30 times
    188.165.242.200 (ns3077451.ip-188-165-242.eu): 5 times
    189.56.127.250 (189-56-127-250.customer.tdatabrasil.net.br): 1 time
    190.129.0.147: 2 times
    193.32.163.89: 3 times
    195.62.162.156: 1 time
    196.203.31.154: 1 time
    197.155.236.50 (mail.nemchem.co.zw): 1 time
    202.38.79.85: 1 time
    210.4.64.57 (210-4-64-57.office.bdcom.com): 36 times
    210.212.249.228: 1 time
    211.110.140.200: 1 time
    212.129.49.177 (212-129-49-177.rev.poneytelecom.eu): 2 times
    213.44.247.110 (213-44-247-110.abo.bbox.fr): 1 time
    216.224.162.95 (vps-1118498-13712.manage.myhosting.com): 1 time
 
 **Unmatched Entries**
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 3 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)