Logwatch for h2361197.stratoserver.net (Linux)

Donnerstag, 14 März 2024

 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Thu Mar 14 04:42:03 2024
        Date Range Processed: yesterday
                              ( 2024-Mar-13 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 

 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 31:31 ]

 ---------------------- fail2ban-messages End ------------------------- 

 --------------------- httpd Begin ------------------------ 

 Connection attempts using mod_proxy:
    185.150.26.251 -> zapf.wiki:443: 1 Time(s)
    87.121.69.25 -> google.com:443: 1 Time(s)
    91.92.244.152 -> zapf.wiki:443: 1 Time(s)

 A total of 12 sites probed the server 
    106.75.175.181
    107.151.243.170
    137.184.255.9
    162.243.132.10
    162.243.150.44
    192.241.223.21
    198.199.112.7
    198.211.96.246
    205.210.31.169
    68.183.196.48
    74.82.47.2
    85.90.246.159

 Requests with error response codes
    400 Bad Request
       null: 17 Time(s)
       /: 5 Time(s)
       mstshash=Administr: 4 Time(s)
       *: 3 Time(s)
       [\x22miner1\x22,: 2 Time(s)
       zapf.wiki:443: 2 Time(s)
       NT: 1 Time(s)
       \xAD\x02\xA7\xF3\x97\xCDb\x9FH\x8A\x14\x1D ... x09\xC0\x13\xC0: 1 Time(s)
       \xAE\xB4~\x96\x92Jg\xD7\xD4\xAB\xDAy\xE5\x ... 00=\x00\x16\xC0: 1 Time(s)
       \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s)
       google.com:443: 1 Time(s)
       http://httpbin.org/ip: 1 Time(s)
    403 Forbidden
       /FrcS3CFURGOhH8IZnOVeEw: 1 Time(s)
    500 Internal Server Error
       /: 31 Time(s)
       /.env: 8 Time(s)
       /favicon.ico: 4 Time(s)
       /robots.txt: 3 Time(s)
       /.well-known/security.txt: 2 Time(s)
       /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 2 Time(s)
       /dqgqoeCXckuwPtxov: 2 Time(s)
       /actuator/health: 1 Time(s)
       /version: 1 Time(s)
    502 Bad Gateway
       /-rCRU_K7RWOzSTXDghlneA/pdf: 1 Time(s)
       /30LaYzroQGCb3t45pYOJpA/pdf: 1 Time(s)
       /4mAvBdYMS2CRIJl9MnI8fg/pdf: 1 Time(s)
       /DigitalZaPF:Selbsthilfe_in_Zeiten_von_Corona/pdf: 1 Time(s)
       /EcC0jCZ4T1W8qjgbqrqHFQ/pdf: 1 Time(s)
       /F0wTGo9bRVeZ9MHALPZ6qA/pdf: 1 Time(s)
       /IG3YmOkURiiNa4rKfiykew/pdf: 1 Time(s)
       /LPV5bWb2RHqvHxvRFmHErA/pdf: 1 Time(s)
       /M4sGyaqdSDCsFaWr3kglLA/pdf: 1 Time(s)
       /Nx09WSCaSyWXcZ7jR5Y1tg/pdf: 1 Time(s)
       /P44e6IVpQG6dIP4QPS_1Og/pdf: 1 Time(s)
       /PnihMtr6Qf6cWqyqSXRJ5g/pdf: 1 Time(s)
       /QINDkUdoTUiAjNuMAyw5OA/pdf: 1 Time(s)
       /TyQ6NU6xQCq7L-4nykHZiQ?edit/: 1 Time(s)
       /Vnd6SuvKQDuMm5PDeazkyQ/pdf: 1 Time(s)
       /W4CAUIGNS8CQR7NTZk3g3A/pdf: 1 Time(s)
       /WimroIaXR5CXrvgv95elSQ/pdf: 1 Time(s)
       /aa3xNKSxRzuWslSYULFYiw/pdf: 1 Time(s)
       /cNLvvGbtQGm2tQV4potgIQ/pdf: 1 Time(s)
       /cdZDOUK6SMuuOAgcE8hemA/pdf: 1 Time(s)
       /hP5Pw0I3R765ZaDNXBPs8w/pdf: 1 Time(s)
       /qjKcGifjT1ane0HIWl4LtA/pdf: 1 Time(s)
       /r1ttsNytwArbeitspad/pdf: 1 Time(s)
       /ra096r0rTouv8Ic0qv7NOw/pdf: 1 Time(s)
       /v7DnD4hVQTudc73ZRJpAVA/pdf: 1 Time(s)
       /vtiGK5IARbm3GZ2zBzrhRg/pdf: 1 Time(s)
       /yeHvln1zT4KUBVio7cnVfg/pdf: 1 Time(s)

 ---------------------- httpd End ------------------------- 

 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (212.70.149.150): 95 Time(s)
       root (179.43.180.106): 41 Time(s)
       root (212.70.149.150): 30 Time(s)
       unknown (170.64.221.219): 23 Time(s)
       unknown (194.169.175.35): 17 Time(s)
       unknown (139.59.47.104): 16 Time(s)
       unknown (170.64.151.95): 15 Time(s)
       root (mail.rokor.kz): 12 Time(s)
       unknown (137.184.170.19): 12 Time(s)
       unknown (194.169.175.36): 12 Time(s)
       unknown (85.209.11.254): 12 Time(s)
       root (194.169.175.36): 11 Time(s)
       unknown (170.64.167.64): 11 Time(s)
       root (170.64.167.64): 10 Time(s)
       root (195.88.120.62): 10 Time(s)
       root (c151-177-15-89.bredband.tele2.se): 7 Time(s)
       unknown (202.165.16.209): 7 Time(s)
       root (101.126.4.240): 6 Time(s)
       root (170.64.151.95): 6 Time(s)
       root (170.64.221.219): 6 Time(s)
       root (85.209.11.27): 6 Time(s)
       root (c151-177-201-230.bredband.tele2.se): 6 Time(s)
       unknown (85.209.11.27): 6 Time(s)
       root (182.230.163.173): 5 Time(s)
       root (85.209.11.254): 5 Time(s)
       root (194.169.175.35): 4 Time(s)
       unknown (19010730117.ip71.static.mediacommerce.com.co): 4 Time(s)
       unknown (210.126.78.57): 4 Time(s)
       unknown (45.71.24.198): 4 Time(s)
       unknown (185.191.126.213): 3 Time(s)
       unknown (185.196.8.151): 3 Time(s)
       nobody (202.165.16.209): 2 Time(s)
       root (139.59.47.104): 2 Time(s)
       sys (170.64.221.219): 2 Time(s)
       unknown (110.39.180.190): 2 Time(s)
       unknown (182.253.215.12): 2 Time(s)
       unknown (36.137.22.65): 2 Time(s)
       unknown (37.114.208.13): 2 Time(s)
       unknown (88-175-186-160.subs.proxad.net): 2 Time(s)
       unknown (dsl-dhcp-katytxxchrc-64-92-44-93.consolidated.net): 2 Time(s)
       daemon (212.70.149.150): 1 Time(s)
       nobody (118.98.90.22): 1 Time(s)
       nobody (190.107.71.200): 1 Time(s)
       nobody (65.20.216.248): 1 Time(s)
       nobody (65.20.250.102): 1 Time(s)
       nobody (softbank060120138170.bbtec.net): 1 Time(s)
       sshd (85.209.11.27): 1 Time(s)
       unknown (103.157.115.10): 1 Time(s)
       unknown (103.157.115.146): 1 Time(s)
       unknown (103.203.210.119): 1 Time(s)
       unknown (112.28.128.172): 1 Time(s)
       unknown (113.203.193.224): 1 Time(s)
       unknown (115.241.38.14): 1 Time(s)
       unknown (115.247.148.18): 1 Time(s)
       unknown (116.97.202.14): 1 Time(s)
       unknown (116.97.240.172): 1 Time(s)
       unknown (117.220.162.66): 1 Time(s)
       unknown (117.241.148.33): 1 Time(s)
       unknown (117.4.136.219): 1 Time(s)
       unknown (117.69.255.239): 1 Time(s)
       unknown (121.202.204.251): 1 Time(s)
       unknown (122.225.203.106): 1 Time(s)
       unknown (124.195.200.102): 1 Time(s)
       unknown (124244010182.ctinets.com): 1 Time(s)
       unknown (128.199.67.1): 1 Time(s)
       unknown (134.249.147.136): 1 Time(s)
       unknown (136.255.154.170): 1 Time(s)
       unknown (137.63.134.152): 1 Time(s)
       unknown (14.98.28.43): 1 Time(s)
       unknown (152.230.106.235): 1 Time(s)
       unknown (157.ip-51-75-142.eu): 1 Time(s)
       unknown (159.89.18.106): 1 Time(s)
       unknown (167.99.68.29): 1 Time(s)
       unknown (171.212.103.245): 1 Time(s)
       unknown (179.131.11.68): 1 Time(s)
       unknown (179.60.244.18): 1 Time(s)
       unknown (183179126061.ctinets.com): 1 Time(s)
       unknown (190.107.30.117): 1 Time(s)
       unknown (190.107.71.200): 1 Time(s)
       unknown (190.155.233.179): 1 Time(s)
       unknown (19010730116.ip71.static.mediacommerce.com.co): 1 Time(s)
       unknown (192.12.113.10): 1 Time(s)
       unknown (193.32.203.138): 1 Time(s)
       unknown (2.184.217.81): 1 Time(s)
       unknown (200.85.41.38): 1 Time(s)
       unknown (202.52.243.214): 1 Time(s)
       unknown (209.66.246.220.static.netvigator.com): 1 Time(s)
       unknown (211-22-6-234.hinet-ip.hinet.net): 1 Time(s)
       unknown (211.218.194.133): 1 Time(s)
       unknown (218.150.98.41): 1 Time(s)
       unknown (218.248.17.227): 1 Time(s)
       unknown (223.171.91.142): 1 Time(s)
       unknown (228.sub-166-253-218.myvzw.com): 1 Time(s)
       unknown (27.116.52.180): 1 Time(s)
       unknown (31-10-205-51.static.upc.ch): 1 Time(s)
       unknown (36.93.138.212): 1 Time(s)
       unknown (37.114.208.9): 1 Time(s)
       unknown (43.245.87.237): 1 Time(s)
       unknown (45.127.59.202): 1 Time(s)
       unknown (45.19.251.7): 1 Time(s)
       unknown (62.201.223.132): 1 Time(s)
       unknown (65.20.150.2): 1 Time(s)
       unknown (65.20.158.170): 1 Time(s)
       unknown (65.20.174.161): 1 Time(s)
       unknown (65.20.190.84): 1 Time(s)
       unknown (65.20.205.18): 1 Time(s)
       unknown (65.20.209.146): 1 Time(s)
       unknown (65.20.214.198): 1 Time(s)
       unknown (65.20.216.248): 1 Time(s)
       unknown (65.20.223.117): 1 Time(s)
       unknown (65.20.235.177): 1 Time(s)
       unknown (75.99.158.78): 1 Time(s)
       unknown (78-107-253-237.static.corbina.ru): 1 Time(s)
       unknown (94.45.113.113): 1 Time(s)
       unknown (c-24-61-48-36.hsd1.ct.comcast.net): 1 Time(s)
       unknown (c-67-183-162-103.hsd1.wa.comcast.net): 1 Time(s)
       unknown (c-73-138-72-68.hsd1.fl.comcast.net): 1 Time(s)
       unknown (c-73-229-141-94.hsd1.co.comcast.net): 1 Time(s)
       unknown (c-98-52-116-108.hsd1.il.comcast.net): 1 Time(s)
       unknown (c188-148-131-159.bredband.tele2.se): 1 Time(s)
       unknown (c188-151-63-219.bredband.tele2.se): 1 Time(s)
       unknown (cm222-166-167-89.hkcable.com.hk): 1 Time(s)
       unknown (fixed-187-188-244-134.totalplay.net): 1 Time(s)
       unknown (fp73a31e6e.stmb122.ap.nuro.jp): 1 Time(s)
       unknown (mx-ll-183.88.213-176.dynamic.3bb.co.th): 1 Time(s)
       unknown (mx-ll-183.89.210-225.dynamic.3bb.co.th): 1 Time(s)
       unknown (n058152129013.netvigator.com): 1 Time(s)
       unknown (node-abo.pool-182-53.dynamic.totinternet.net): 1 Time(s)
       unknown (ool-1826d6c2.dyn.optonline.net): 1 Time(s)
       unknown (ool-43522457.dyn.optonline.net): 1 Time(s)
       unknown (static-188-137-34-72.leon.com.pl): 1 Time(s)
       uucp (212.70.149.150): 1 Time(s)
    Invalid Users:
       Unknown Account: 349 Time(s)

 ---------------------- pam_unix End ------------------------- 

 --------------------- Postfix Begin ------------------------ 

       11   Miscellaneous warnings  

    8.582K  Bytes accepted                               8,788
    8.582K  Bytes sent via SMTP                          8,788
 ========   ==================================================

        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================

        3   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        3   Total 4xx Rejects                          100.00%
 ========   ==================================================

      157   Connections             
       19   Connections lost (inbound) 
      157   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           

        1   SMTP dialog errors      
        3   Hostname verification errors (FCRDNS) 

 ---------------------- Postfix End ------------------------- 

 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)

 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Disconnecting after too many authentication failures for user:
    root : 3 Time(s)

 Failed logins from:
    60.120.138.170 (softbank060120138170.bbtec.net): 1 time
    65.20.216.248: 1 time
    65.20.250.102: 1 time
    85.209.11.27: 7 times
    85.209.11.254: 5 times
    101.126.4.240: 6 times
    118.98.90.22: 1 time
    139.59.47.104: 2 times
    151.177.15.89 (c151-177-15-89.bredband.tele2.se): 7 times
    151.177.201.230 (c151-177-201-230.bredband.tele2.se): 6 times
    170.64.151.95: 6 times
    170.64.167.64: 10 times
    170.64.221.219: 8 times
    178.88.167.38 (mail.rokor.kz): 12 times
    179.43.180.106 (hostedby.privatelayer.com): 41 times
    182.230.163.173: 6 times
    190.107.71.200: 1 time
    194.169.175.35: 4 times
    194.169.175.36: 11 times
    195.88.120.62 (195-88-120-62.parustelecom.ru): 10 times
    202.165.16.209: 2 times
    212.70.149.150: 32 times

 Illegal users from:
    2001:470:1:332::4 (scan-38af.shadowserver.org): 1 time
    undef: 105 times
    2.184.217.81: 1 time
    14.98.28.43: 1 time
    24.38.214.194 (ool-1826d6c2.dyn.optonline.net): 1 time
    24.61.48.36 (c-24-61-48-36.hsd1.ct.comcast.net): 1 time
    27.116.52.180: 1 time
    31.10.205.51 (31-10-205-51.static.upc.ch): 1 time
    36.93.138.212: 1 time
    36.137.22.65: 2 times
    37.114.208.9: 1 time
    37.114.208.13: 2 times
    43.245.87.237: 1 time
    45.19.251.7 (45-19-251-7.lightspeed.rcsntx.sbcglobal.net): 1 time
    45.71.24.198: 4 times
    45.127.59.202 (static-45-127-59-202.pol.net.in): 1 time
    51.75.142.157 (157.ip-51-75-142.eu): 1 time
    58.152.129.13 (n058152129013.netvigator.com): 1 time
    62.201.223.132: 1 time
    64.92.44.93 (dsl-dhcp-katytxxchrc-64-92-44-93.consolidated.net): 2 times
    65.20.150.2: 1 time
    65.20.158.170: 1 time
    65.20.174.161: 1 time
    65.20.190.84: 1 time
    65.20.205.18: 1 time
    65.20.209.146: 1 time
    65.20.214.198: 1 time
    65.20.216.248: 1 time
    65.20.223.117: 1 time
    65.20.235.177: 1 time
    65.49.1.64 (scan-55m.shadowserver.org): 1 time
    67.82.36.87 (ool-43522457.dyn.optonline.net): 1 time
    67.183.162.103 (c-67-183-162-103.hsd1.wa.comcast.net): 1 time
    73.138.72.68 (c-73-138-72-68.hsd1.fl.comcast.net): 1 time
    73.229.141.94 (c-73-229-141-94.hsd1.co.comcast.net): 1 time
    75.99.158.78 (ool-4b639e4e.static.optonline.net): 1 time
    78.107.253.237 (78-107-253-237.static.corbina.ru): 1 time
    85.209.11.27: 7 times
    85.209.11.254: 12 times
    88.175.186.160 (88-175-186-160.subs.proxad.net): 2 times
    94.45.113.113: 1 time
    98.52.116.108 (c-98-52-116-108.hsd1.il.comcast.net): 1 time
    103.157.115.10 (10.115.157.103.Ai-bkti-hts.iforte.net.id): 1 time
    103.157.115.146 (146.115.157.103.Ai-bkti-hts.iforte.net.id): 1 time
    103.203.210.119: 1 time
    110.39.180.190 (WGPON-39180-190.wateen.net): 2 times
    112.28.128.172: 1 time
    113.203.193.224: 1 time
    115.163.30.110 (fp73a31e6e.stmb122.ap.nuro.jp): 1 time
    115.241.38.14: 1 time
    115.247.148.18: 1 time
    116.97.202.14 (dynamic-adsl.viettel.vn): 1 time
    116.97.240.172 (dynamic-adsl.viettel.vn): 1 time
    117.4.136.219 (localhost): 1 time
    117.69.255.239: 1 time
    117.220.162.66: 1 time
    117.241.148.33 (static.ftth.hpr.117.241.148.33.bsnl.in): 1 time
    121.202.204.251 (m121-202-204-251.smartone.com): 1 time
    122.225.203.106: 1 time
    124.195.200.102: 1 time
    124.244.10.182 (124244010182.ctinets.com): 1 time
    128.199.67.1: 1 time
    134.249.147.136 (134-249-147-136.broadband.kyivstar.net): 1 time
    136.255.154.170: 1 time
    137.63.134.152: 1 time
    137.184.170.19: 12 times
    139.59.47.104: 16 times
    152.230.106.235 (static.152.230.106.235.gtdinternet.com): 1 time
    159.89.18.106: 1 time
    166.253.218.228 (228.sub-166-253-218.myvzw.com): 1 time
    167.99.68.29: 1 time
    170.64.151.95: 16 times
    170.64.167.64: 11 times
    170.64.221.219: 23 times
    171.212.103.245: 1 time
    179.60.244.18 (179-60-244-18.wisp.net.ec): 1 time
    179.131.11.68: 1 time
    182.53.52.68 (node-abo.pool-182-53.dynamic.totinternet.net): 1 time
    182.253.215.12 (nyadin001.yanmar.co.id): 2 times
    183.88.213.176 (mx-ll-183.88.213-176.dynamic.3bb.co.th): 1 time
    183.89.210.225 (mx-ll-183.89.210-225.dynamic.3bb.co.th): 1 time
    183.179.126.61 (183179126061.ctinets.com): 1 time
    185.191.126.213: 3 times
    185.196.8.151: 3 times
    187.188.244.134 (fixed-187-188-244-134.totalplay.net): 1 time
    188.137.34.72 (static-188-137-34-72.leon.com.pl): 1 time
    188.148.131.159 (c188-148-131-159.bredband.tele2.se): 1 time
    188.151.63.219 (c188-151-63-219.bredband.tele2.se): 1 time
    190.107.30.116 (19010730116.ip71.static.mediacommerce.com.co): 1 time
    190.107.30.117 (19010730117.ip71.static.mediacommerce.com.co): 5 times
    190.107.71.200: 1 time
    190.155.233.179 (179.190-155-233.uio.satnet.net): 1 time
    192.12.113.10: 1 time
    193.32.203.138 (ip-138.203.yonl.ru): 1 time
    194.169.175.35: 17 times
    194.169.175.36: 15 times
    195.88.120.62 (195-88-120-62.parustelecom.ru): 16 times
    200.85.41.38: 1 time
    202.52.243.214: 1 time
    202.165.16.209: 7 times
    210.126.78.57: 5 times
    211.22.6.234 (211-22-6-234.hinet-ip.hinet.net): 1 time
    211.218.194.133: 5 times
    212.70.149.150: 98 times
    218.150.98.41: 5 times
    218.248.17.227: 1 time
    220.246.66.209 (209.66.246.220.static.netvigator.com): 1 time
    222.166.167.89 (cm222-166-167-89.hkcable.com.hk): 1 time
    223.171.91.142: 1 time

 **Unmatched Entries**
 fatal: buffer_get_string: buffer error [preauth] : 1 time(s)
 Protocol major versions differ for 165.154.164.21: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
vs. SSH-1.5-Server : 1 time(s)
 Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 1 time(s)
 error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s)

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop19598p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End ######################### 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016