Logwatch for h2361197.stratoserver.net (Linux)

Montag, 12 Juli 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Mon Jul 12 04:42:05 2021
        Date Range Processed: yesterday
                              ( 2021-Jul-11 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [289:291]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 2 sites probed the server 
    103.145.13.120
    143.244.186.224
 
 Requests with error response codes
    400 Bad Request
       /: 28 Time(s)
       null: 2 Time(s)
       /_profiler/phpinfo: 1 Time(s)
       /config/getuser?index=0: 1 Time(s)
       /manager/text/list: 1 Time(s)
       \x89\xE5%\x00\x01<\xCC\x14\xCC\x13\xCC\x15 ... C0$\xC0\x14\xC0: 1 Time(s)
    403 Forbidden
       /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s)
    404 Not Found
       /robots.txt: 18 Time(s)
       /wp-login.php: 5 Time(s)
       /xmlrpc.php: 3 Time(s)
       /berlin/apple-touch-icon.png: 1 Time(s)
       /berlin/orientierung/apple-touch-icon.png: 1 Time(s)
       /js/mage/cookies.js: 1 Time(s)
       /pub/opt/magento/var/resource_config.json: 1 Time(s)
       /resolutionen/wise12/reso_wise12_openaccess.pdf;: 1 Time(s)
       /sites/default/files/2007_WiSe_Bielefeld.pdf: 1 Time(s)
       /verein/satzung/%7CSatzung: 1 Time(s)
       /wp-content/themes/SqueezeTheme/style.css: 1 Time(s)
    499 (undefined)
       /local/.env: 1 Time(s)
    500 Internal Server Error
       /: 23 Time(s)
       /.env: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       //login_sid.lua: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /admin-app/.env: 1 Time(s)
       /admin/.env: 1 Time(s)
       /api/.env: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /back/.env: 1 Time(s)
       /backend/.env: 1 Time(s)
       /berlin: 1 Time(s)
       /console/: 1 Time(s)
       /cp/.env: 1 Time(s)
       /development/.env: 1 Time(s)
       /docker/.env: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /user/: 1 Time(s)
       /user/?amcontext: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (119.65.3.170): 70 Time(s)
       root (139.215.217.180): 70 Time(s)
       root (175.140.138.193): 70 Time(s)
       root (182.61.19.225): 70 Time(s)
       root (222.139.245.70): 70 Time(s)
       root (94.153.212.78): 70 Time(s)
       root (ecs-80-158-27-31.reverse.open-telekom-cloud.com): 70 Time(s)
       root (101.66.172.72): 67 Time(s)
       root (129.211.124.204): 65 Time(s)
       root (210.212.237.67): 62 Time(s)
       root (49.233.117.138): 60 Time(s)
       root (164.163.24.13): 56 Time(s)
       root (104.131.181.4): 50 Time(s)
       root (159.65.137.48): 50 Time(s)
       root (177.19.226.178): 50 Time(s)
       root (178.62.182.246): 50 Time(s)
       root (42.192.54.145): 50 Time(s)
       root (45.240.88.20): 50 Time(s)
       root (97.105.212.218): 50 Time(s)
       root (static-201-163-162-179.alestra.net.mx): 50 Time(s)
       root (1.15.225.10): 49 Time(s)
       root (110.43.196.228): 49 Time(s)
       root (106.53.249.17): 47 Time(s)
       root (170.106.113.76): 46 Time(s)
       root (49.235.99.81): 46 Time(s)
       root (46.101.0.38): 41 Time(s)
       root (101.71.51.192): 40 Time(s)
       root (122.176.79.222): 40 Time(s)
       root (200.106.192.13): 40 Time(s)
       root (68.183.31.114): 40 Time(s)
       root (68.183.97.244): 40 Time(s)
       root (srv006.davidsouza.co): 40 Time(s)
       root (81.68.243.3): 39 Time(s)
       root (152.136.114.118): 37 Time(s)
       root (36.46.135.38): 37 Time(s)
       root (139.59.176.197): 36 Time(s)
       root (164.90.210.8): 35 Time(s)
       root (58.214.36.86): 34 Time(s)
       root (165.227.169.7): 32 Time(s)
       root (192.144.216.116): 32 Time(s)
       root (104.236.228.230): 30 Time(s)
       root (157.245.13.253): 30 Time(s)
       root (192.241.141.233): 30 Time(s)
       root (pan0138.panoulu.net): 30 Time(s)
       root (161.35.9.18): 26 Time(s)
       root (170.244.44.51): 26 Time(s)
       root (49.234.214.156): 26 Time(s)
       root (157.230.3.50): 25 Time(s)
       root (201.116.54.14): 25 Time(s)
       root (123.58.5.243): 24 Time(s)
       root (183.62.197.115): 24 Time(s)
       unknown (178.150.0.236): 24 Time(s)
       unknown (43.252.230.128): 24 Time(s)
       root (1.15.54.166): 23 Time(s)
       root (46.101.141.140): 23 Time(s)
       unknown (36.134.36.165): 23 Time(s)
       unknown (159.89.227.177): 22 Time(s)
       unknown (188.166.188.120): 21 Time(s)
       unknown (202.165.25.163): 21 Time(s)
       unknown (45.146.166.238): 21 Time(s)
       unknown (159.65.64.70): 20 Time(s)
       unknown (183.230.71.67): 20 Time(s)
       unknown (20.83.32.5): 20 Time(s)
       unknown (pon4621.cpe.hcn.gr): 20 Time(s)
       unknown (82.156.49.119): 19 Time(s)
       root (106.13.126.24): 18 Time(s)
       root (222.84.117.30): 18 Time(s)
       unknown (141.98.10.203): 18 Time(s)
       unknown (142.93.212.91): 18 Time(s)
       unknown (203186054210.static.ctinets.com): 18 Time(s)
       unknown (218.206.136.24): 18 Time(s)
       unknown (61-218-5-190.hinet-ip.hinet.net): 18 Time(s)
       unknown (82.156.107.31): 18 Time(s)
       unknown (rub247.fo00.cn.interbusiness.it): 18 Time(s)
       unknown (1.204.62.114): 17 Time(s)
       unknown (104.236.248.184): 17 Time(s)
       unknown (157.245.40.222): 17 Time(s)
       unknown (154.198.2.4): 15 Time(s)
       root (150.158.181.197): 14 Time(s)
       root (179.219.133.207): 13 Time(s)
       root (182.254.156.220): 12 Time(s)
       unknown (41.72.114.238): 11 Time(s)
       root (154.198.2.4): 10 Time(s)
       root (159.65.51.82): 10 Time(s)
       root (167.172.230.14): 10 Time(s)
       unknown (106.51.71.157): 10 Time(s)
       root (104.248.145.196): 9 Time(s)
       root (pon4621.cpe.hcn.gr): 9 Time(s)
       root (1.204.62.114): 8 Time(s)
       root (81.68.166.215): 8 Time(s)
       unknown (58.214.36.86): 8 Time(s)
       unknown (ec2-54-169-177-248.ap-southeast-1.compute.amazonaws.com): 8 Time(s)
       root (104.236.248.184): 7 Time(s)
       root (139.59.18.197): 7 Time(s)
       root (202.165.25.163): 7 Time(s)
       root (82.156.107.31): 7 Time(s)
       root (82.156.49.119): 7 Time(s)
       root (124.89.83.117): 6 Time(s)
       root (179.43.175.125): 6 Time(s)
       root (20.83.32.5): 6 Time(s)
       root (218.206.136.24): 6 Time(s)
       root (36.134.36.165): 6 Time(s)
       root (41.72.114.238): 6 Time(s)
       root (rub247.fo00.cn.interbusiness.it): 6 Time(s)
       unknown (141.98.10.179): 6 Time(s)
       unknown (45.135.232.165): 6 Time(s)
       root (159.65.64.70): 5 Time(s)
       root (178.150.0.236): 5 Time(s)
       root (45.146.166.238): 5 Time(s)
       root (142.93.212.91): 4 Time(s)
       root (157.245.40.222): 4 Time(s)
       root (159.89.227.177): 4 Time(s)
       root (175.171.30.50): 4 Time(s)
       root (183.230.71.67): 4 Time(s)
       root (185.65.134.175): 4 Time(s)
       root (43.252.230.128): 4 Time(s)
       root (188.166.188.120): 3 Time(s)
       root (203186054210.static.ctinets.com): 3 Time(s)
       unknown (107.189.1.161): 3 Time(s)
       unknown (116.105.216.180): 3 Time(s)
       unknown (141.98.10.29): 3 Time(s)
       unknown (205.185.125.109): 3 Time(s)
       mysql (202.165.25.163): 2 Time(s)
       postgres (104.236.248.184): 2 Time(s)
       root (61-218-5-190.hinet-ip.hinet.net): 2 Time(s)
       root (81.161.63.253): 2 Time(s)
       root (82.207.42.11): 2 Time(s)
       root (ec2-54-169-177-248.ap-southeast-1.compute.amazonaws.com): 2 Time(s)
       root (tor-exit1-readme.dfri.se): 2 Time(s)
       sshd (45.146.166.238): 2 Time(s)
       unknown (047-050-246-114.biz.spectrum.com): 2 Time(s)
       unknown (116.105.194.166): 2 Time(s)
       unknown (176.111.173.156): 2 Time(s)
       unknown (185.65.134.175): 2 Time(s)
       unknown (193.169.254.113): 2 Time(s)
       unknown (199.195.248.154): 2 Time(s)
       unknown (211.227.156.145): 2 Time(s)
       unknown (ip-176-198-111-8.hsi05.unitymediagroup.de): 2 Time(s)
       backup (132.232.53.85): 1 Time(s)
       backup (157.245.40.222): 1 Time(s)
       backup (82.156.107.31): 1 Time(s)
       backup (pon4621.cpe.hcn.gr): 1 Time(s)
       deployment (203186054210.static.ctinets.com): 1 Time(s)
       mysql (142.93.212.91): 1 Time(s)
       mysql (154.198.2.4): 1 Time(s)
       mysql (157.245.40.222): 1 Time(s)
       postgres (183.230.71.67): 1 Time(s)
       postgres (43.252.230.128): 1 Time(s)
       root (1.116.100.254): 1 Time(s)
       root (1.116.67.182): 1 Time(s)
       root (1.116.96.207): 1 Time(s)
       root (103.113.104.43): 1 Time(s)
       root (104.236.201.108): 1 Time(s)
       root (106.51.71.157): 1 Time(s)
       root (106.52.115.36): 1 Time(s)
       root (107.189.1.161): 1 Time(s)
       root (114.207.244.47): 1 Time(s)
       root (116.105.194.166): 1 Time(s)
       root (117.50.42.37): 1 Time(s)
       root (120.48.5.102): 1 Time(s)
       root (125.114.203.64): 1 Time(s)
       root (14.143.3.30): 1 Time(s)
       root (150.158.153.78): 1 Time(s)
       root (159.203.242.122): 1 Time(s)
       root (185.191.124.153): 1 Time(s)
       root (185.220.101.207): 1 Time(s)
       root (185.220.102.244): 1 Time(s)
       root (191.232.214.216): 1 Time(s)
       root (192.42.116.16): 1 Time(s)
       root (193.169.254.113): 1 Time(s)
       root (198.144.121.93): 1 Time(s)
       root (198.98.50.112): 1 Time(s)
       root (20.43.184.53): 1 Time(s)
       root (45.153.160.137): 1 Time(s)
       root (45.153.160.140): 1 Time(s)
       root (45.153.160.2): 1 Time(s)
       root (49.234.96.29): 1 Time(s)
       root (58.87.72.225): 1 Time(s)
       root (75.100.64.34.bc.googleusercontent.com): 1 Time(s)
       root (tor-exit0-readme.dfri.se): 1 Time(s)
       root (trenecito.noconname.org): 1 Time(s)
       unknown (115.76.173.19): 1 Time(s)
       unknown (121.5.27.216): 1 Time(s)
       unknown (132.232.53.85): 1 Time(s)
       unknown (164.90.215.39): 1 Time(s)
       unknown (175.171.30.50): 1 Time(s)
       unknown (183.232.48.168): 1 Time(s)
       unknown (211.253.133.48): 1 Time(s)
       www-data (106.51.71.157): 1 Time(s)
       www-data (154.198.2.4): 1 Time(s)
       www-data (157.245.40.222): 1 Time(s)
    Invalid Users:
       Unknown Account: 531 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  
 
   21.861K  Bytes accepted                              22,386
   21.861K  Bytes sent via SMTP                         22,386
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        5   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        5   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      895   Connections             
      776   Connections lost (inbound) 
      895   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
       49   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.15.54.166: 23 times
    1.15.225.10: 49 times
    1.116.67.182: 1 time
    1.116.96.207: 1 time
    1.116.100.254: 1 time
    1.204.62.114: 8 times
    14.143.3.30 (14.143.3.30.static-Bangalore.vsnl.net.in): 1 time
    20.43.184.53: 1 time
    20.83.32.5: 6 times
    34.64.100.75 (75.100.64.34.bc.googleusercontent.com): 1 time
    36.46.135.38: 37 times
    36.134.36.165: 6 times
    37.98.196.42 (pon4621.cpe.hcn.gr): 10 times
    41.72.114.238: 6 times
    42.192.54.145: 50 times
    43.252.230.128: 5 times
    45.146.166.238: 7 times
    45.153.160.2: 1 time
    45.153.160.137: 1 time
    45.153.160.140: 1 time
    45.240.88.20: 50 times
    46.101.0.38: 41 times
    46.101.141.140: 23 times
    49.233.117.138: 60 times
    49.234.96.29: 1 time
    49.234.214.156: 26 times
    49.235.99.81: 46 times
    54.169.177.248 (ec2-54-169-177-248.ap-southeast-1.compute.amazonaws.com): 2 times
    58.87.72.225: 1 time
    58.214.36.86: 34 times
    61.218.5.190 (61-218-5-190.HINET-IP.hinet.net): 2 times
    68.183.31.114: 40 times
    68.183.97.244: 40 times
    80.158.27.31 (ecs-80-158-27-31.reverse.open-telekom-cloud.com): 70 times
    81.68.166.215: 8 times
    81.68.243.3: 39 times
    81.161.63.253: 2 times
    82.156.49.119: 7 times
    82.156.107.31: 8 times
    82.207.42.11 (mail.td-azmol.com): 2 times
    94.153.212.78 (94-153-212-78.ip.kyivstar.net): 70 times
    97.105.212.218: 50 times
    101.66.172.72: 67 times
    101.71.51.192: 40 times
    103.113.104.43 (axntech-dynamic-43.104.113.103.axntechnologies.in): 1 time
    104.131.181.4: 50 times
    104.236.201.108: 1 time
    104.236.228.230: 30 times
    104.236.248.184: 9 times
    104.248.145.196: 9 times
    106.13.126.24: 18 times
    106.51.71.157 (broadband.actcorp.in): 2 times
    106.52.115.36: 1 time
    106.53.249.17: 47 times
    107.189.1.161: 1 time
    110.43.196.228: 49 times
    114.207.244.47 (doyac.com): 1 time
    116.105.194.166: 1 time
    117.50.42.37: 1 time
    119.65.3.170: 70 times
    120.48.5.102: 1 time
    122.176.79.222 (abts-north-static-222.79.176.122.airtelbroadband.in): 40 times
    123.58.5.243: 24 times
    124.89.83.117: 6 times
    125.114.203.64: 1 time
    129.211.124.204: 65 times
    132.232.53.85: 1 time
    139.59.18.197: 7 times
    139.59.176.197: 36 times
    139.215.217.180 (180.217.215.139.adsl-pool.jlccptt.net.cn): 70 times
    142.93.212.91: 5 times
    150.158.153.78: 1 time
    150.158.181.197: 14 times
    152.136.114.118: 37 times
    154.198.2.4: 12 times
    157.230.3.50: 25 times
    157.245.5.202 (srv006.davidsouza.co): 40 times
    157.245.13.253: 30 times
    157.245.40.222: 7 times
    159.65.51.82: 10 times
    159.65.64.70: 5 times
    159.65.137.48: 50 times
    159.89.227.177: 4 times
    159.203.242.122: 1 time
    161.35.9.18: 26 times
    163.172.213.212 (trenecito.noconname.org): 1 time
    164.90.210.8: 35 times
    164.163.24.13: 56 times
    165.227.169.7: 32 times
    167.172.230.14 (bizdebthelpers.netssl): 10 times
    170.106.113.76: 46 times
    170.244.44.51: 26 times
    171.25.193.20 (tor-exit0-readme.dfri.se): 1 time
    171.25.193.77 (tor-exit1-readme.dfri.se): 2 times
    175.140.138.193 (mail.mdpt.gov.my): 70 times
    175.171.30.50: 4 times
    177.19.226.178 (177.19.226.178.static.gvt.net.br): 50 times
    178.62.182.246: 50 times
    178.150.0.236 (236.0.150.178.triolan.net): 5 times
    179.43.175.125: 6 times
    179.219.133.207 (b3db85cf.virtua.com.br): 13 times
    182.61.19.225: 70 times
    182.254.156.220: 12 times
    183.62.197.115: 24 times
    183.230.71.67: 5 times
    185.38.3.138 (pan0138.panoulu.net): 30 times
    185.65.134.175: 4 times
    185.191.124.153: 1 time
    185.220.101.207: 1 time
    185.220.102.244 (185-220-102-244.torservers.net): 1 time
    188.166.188.120 (aeondspt.dev): 3 times
    191.232.214.216: 1 time
    192.42.116.16 (tor-exit.hartvoorinternetvrijheid.nl): 1 time
    192.144.216.116: 32 times
    192.241.141.233: 30 times
    193.169.254.113: 1 time
    194.184.245.247 (rub247.fo00.cn.interbusiness.it): 6 times
    198.98.50.112 (tor.your-domain.tld): 1 time
    198.144.121.93: 1 time
    200.106.192.13: 40 times
    201.116.54.14 (static.customer-201-116-54-14.uninet-ide.com.mx): 25 times
    201.163.162.179 (static-201-163-162-179.alestra.net.mx): 50 times
    202.165.25.163: 9 times
    203.186.54.210 (203186054210.static.ctinets.com): 4 times
    210.212.237.67: 62 times
    218.206.136.24: 6 times
    222.84.117.30: 18 times
    222.139.245.70 (hn.kd.ny.adsl): 70 times
 
 Illegal users from:
    undef: 322 times
    1.204.62.114: 17 times
    20.83.32.5: 20 times
    36.134.36.165: 23 times
    37.98.196.42 (pon4621.cpe.hcn.gr): 20 times
    41.72.114.238: 12 times
    43.252.230.128: 24 times
    45.135.232.165: 6 times
    45.146.166.238: 21 times
    47.50.246.114 (047-050-246-114.biz.spectrum.com): 2 times
    54.169.177.248 (ec2-54-169-177-248.ap-southeast-1.compute.amazonaws.com): 8 times
    58.214.36.86: 8 times
    61.218.5.190 (61-218-5-190.HINET-IP.hinet.net): 18 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    82.156.49.119: 19 times
    82.156.107.31: 18 times
    104.236.248.184: 17 times
    106.51.71.157 (broadband.actcorp.in): 10 times
    107.189.1.161: 3 times
    115.76.173.19 (adsl.viettel.vn): 1 time
    116.105.194.166: 2 times
    116.105.216.180: 3 times
    121.5.27.216: 1 time
    132.232.53.85: 1 time
    141.98.10.29: 3 times
    141.98.10.179 (er.includeswitche.com): 6 times
    141.98.10.203: 18 times
    142.93.212.91: 18 times
    154.198.2.4: 15 times
    157.245.40.222: 17 times
    159.65.64.70: 20 times
    159.89.227.177: 22 times
    164.90.215.39: 1 time
    175.171.30.50: 1 time
    176.111.173.156: 2 times
    176.198.111.8 (ip-176-198-111-8.hsi05.unitymediagroup.de): 2 times
    178.150.0.236 (236.0.150.178.triolan.net): 24 times
    183.230.71.67: 20 times
    183.232.48.168: 1 time
    185.65.134.175: 2 times
    188.166.188.120 (aeondspt.dev): 21 times
    193.169.254.113: 2 times
    194.184.245.247 (rub247.fo00.cn.interbusiness.it): 18 times
    199.195.248.154: 2 times
    202.165.25.163: 21 times
    203.186.54.210 (203186054210.static.ctinets.com): 18 times
    205.185.125.109: 3 times
    211.227.156.145: 2 times
    211.253.133.48: 1 time
    218.206.136.24: 18 times
 
 **Unmatched Entries**
 fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 7 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop23974p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016