Logwatch for h2361197.stratoserver.net (Linux)

Samstag, 8 Mai 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sat May  8 04:42:14 2021
        Date Range Processed: yesterday
                              ( 2021-May-07 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [213:212]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 7 sites probed the server 
    136.144.209.97
    172.104.242.173
    23.129.64.245
    45.95.169.136
    5.8.10.202
    64.227.3.111
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       null: 12 Time(s)
       mstshash=Administr: 3 Time(s)
       /: 2 Time(s)
       /bag2: 1 Time(s)
       /manager/html: 1 Time(s)
       /manager/text/list: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       2\xA5b\xAE1\xD4\x14\xEB\xDA\xB55\xDEwO3\xF ... x09\xC0\x14\xC0: 1 Time(s)
       X\xD4>\x12\x98\xC4<\xE0\x13\xCF\x00\xAC\xA ... 5Cs\x9C\xBD\xCB: 1 Time(s)
       \x81I\x14H\x8F\xB5/1\xA8\xA8\x07U\xC0Y\x7F ... _Nd\x1A\x00\x00: 1 Time(s)
       \x84\xB4,\x85\xAFn\xE3Y\xBBbhl\xFF(=':\xA9 ... B9\x90\x00(\xC0: 1 Time(s)
       \xA6\x9Chb\x17x\x84\xC8\xCB\xE2yk\xEB7h:=\ ... D9\x192\xEC\x00: 1 Time(s)
       a\xBE: 1 Time(s)
    404 Not Found
       /robots.txt: 38 Time(s)
       /wp-login.php: 3 Time(s)
       /.env: 2 Time(s)
       /ads.txt: 1 Time(s)
       /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 1 Time(s)
       /neuigkeiten/einladung-mgv-ss2011: 1 Time(s)
       /neuigkeiten/einladung-zapf-sose2011: 1 Time(s)
       /resolutionen/sose17/symptompflicht/PosPapier_: 1 Time(s)
       /resolutionen/wise15/Transparenz_in_der_: 1 Time(s)
       /sites/default/files/1981_SoSe_Mainz.pdf: 1 Time(s)
       /sites/default/files/1983_WiSe_Darmstadt.pdf: 1 Time(s)
       /sites/default/files/2005_SoSe_Erlangen.pdf: 1 Time(s)
       /sites/default/files/2008_SoSe_Konstanz.pdf: 1 Time(s)
       /sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s)
       /sites/default/files/2010_SoSe_Frankfurt.pdf: 1 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
       /verein/satzung/%7CSatzung: 1 Time(s)
       /zapf/geschaeftsordnung: 1 Time(s)
       /zapf/reader/2018_WiSe_Wuerzburg: 1 Time(s)
    500 Internal Server Error
       /: 92 Time(s)
       /robots.txt: 3 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /.env: 1 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /HNAP1/: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /console/: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (1.227.192.212): 100 Time(s)
       root (118.184.88.21): 100 Time(s)
       root (122.192.87.150): 100 Time(s)
       root (134.122.71.130): 100 Time(s)
       root (152.136.236.159): 100 Time(s)
       root (154.94.5.95): 100 Time(s)
       root (157.230.234.93): 100 Time(s)
       root (159.65.137.48): 100 Time(s)
       root (159.65.98.176): 100 Time(s)
       root (159.75.80.191): 100 Time(s)
       root (179.43.156.231): 100 Time(s)
       root (190.171.240.51): 100 Time(s)
       root (192.166.219.36): 100 Time(s)
       root (206.189.45.138): 100 Time(s)
       root (216.118.233.226): 100 Time(s)
       root (41.230.14.107): 100 Time(s)
       root (45.230.172.115): 100 Time(s)
       root (45.55.189.252): 100 Time(s)
       root (46.101.137.226): 100 Time(s)
       root (46.101.249.232): 100 Time(s)
       root (dndz.gov.ua): 100 Time(s)
       root (op227.fastshell.pl): 100 Time(s)
       root (202.168.194.66): 99 Time(s)
       root (ip-198-12-248-100.ip.secureserver.net): 99 Time(s)
       root (123.58.5.243): 97 Time(s)
       root (host23.190-227-159.telecom.net.ar): 96 Time(s)
       root (v2202102141063142863.hotsrv.de): 96 Time(s)
       root (175.24.8.247): 95 Time(s)
       root (181.166.181.38): 95 Time(s)
       root (103.85.168.186): 93 Time(s)
       root (201.236.134.154): 90 Time(s)
       root (121.4.81.49): 85 Time(s)
       root (251.149.210.35.bc.googleusercontent.com): 81 Time(s)
       root (187.12.167.85): 80 Time(s)
       root (113.134.211.42): 77 Time(s)
       root (216.10.242.121): 76 Time(s)
       root (218.92.0.165): 74 Time(s)
       root (88.135.36.13): 73 Time(s)
       root (49.234.149.92): 72 Time(s)
       root (49.234.86.164): 72 Time(s)
       root (64.227.7.248): 71 Time(s)
       root (101.32.14.126): 70 Time(s)
       root (143.110.212.22): 70 Time(s)
       root (119.45.52.133): 69 Time(s)
       root (62.234.118.5): 69 Time(s)
       root (124.156.148.191): 66 Time(s)
       root (121.4.116.241): 65 Time(s)
       root (129.211.146.50): 65 Time(s)
       root (218.92.0.184): 65 Time(s)
       root (223.71.127.194): 65 Time(s)
       root (121.4.134.48): 64 Time(s)
       root (120.92.134.19): 61 Time(s)
       root (180.76.103.247): 61 Time(s)
       root (206.189.126.211): 61 Time(s)
       root (106.12.10.54): 60 Time(s)
       root (198.211.112.14): 59 Time(s)
       root (106.53.136.5): 58 Time(s)
       root (82-65-203-32.subs.proxad.net): 58 Time(s)
       root (49.232.221.244): 57 Time(s)
       root (ip-160-153-234-236.ip.secureserver.net): 57 Time(s)
       root (128.199.95.60): 56 Time(s)
       root (143.110.225.133): 54 Time(s)
       root (201.116.3.194): 54 Time(s)
       root (49.232.3.145): 54 Time(s)
       root (106.75.6.234): 53 Time(s)
       root (218.92.0.145): 53 Time(s)
       root (1.14.140.165): 52 Time(s)
       root (187.1.178.102): 52 Time(s)
       root (82.156.184.187): 51 Time(s)
       root (104.248.130.10): 50 Time(s)
       root (117.158.87.112): 50 Time(s)
       root (120.48.21.157): 50 Time(s)
       root (128.199.158.182): 50 Time(s)
       root (106.75.110.204): 49 Time(s)
       root (113.111.228.153): 47 Time(s)
       root (221.122.93.178): 46 Time(s)
       root (111.198.48.204): 43 Time(s)
       root (128.199.233.143): 42 Time(s)
       root (218.92.0.247): 42 Time(s)
       root (106.13.143.246): 41 Time(s)
       root (182.61.15.30): 41 Time(s)
       root (190.128.171.250): 36 Time(s)
       root (193.112.42.13): 36 Time(s)
       root (61.51.95.194): 36 Time(s)
       root (139.199.74.92): 35 Time(s)
       root (59.46.13.123): 31 Time(s)
       root (218.92.0.138): 30 Time(s)
       root (portal.ternet.or.tz): 30 Time(s)
       root (49.232.83.75): 29 Time(s)
       root (research.ternet.or.tz): 26 Time(s)
       root (osis.ternet.or.tz): 24 Time(s)
       root (175.6.35.207): 23 Time(s)
       root (222.107.12.219): 23 Time(s)
       root (212.33.205.125): 21 Time(s)
       root (events2.ternet.or.tz): 20 Time(s)
       root (179.43.176.18): 19 Time(s)
       root (193.112.203.134): 19 Time(s)
       unknown (222.107.12.219): 18 Time(s)
       root (121.5.211.53): 15 Time(s)
       root (168.138.211.212): 12 Time(s)
       unknown (185.36.81.52): 12 Time(s)
       root (107.182.22.118.16clouds.com): 11 Time(s)
       root (190.151.100.10): 10 Time(s)
       unknown (45.146.165.151): 10 Time(s)
       root (140.143.239.31): 6 Time(s)
       root (152.32.243.114): 6 Time(s)
       root (184.82.83.212): 6 Time(s)
       root (117.111.1.237): 4 Time(s)
       root (211.36.141.58): 4 Time(s)
       root (45.146.165.151): 3 Time(s)
       root (45.146.165.72): 3 Time(s)
       unknown (20.194.14.85): 3 Time(s)
       unknown (27.64.11.139): 3 Time(s)
       unknown (45.133.1.158): 3 Time(s)
       unknown (45.135.232.165): 3 Time(s)
       mysql (222.107.12.219): 2 Time(s)
       unknown (185.220.102.247): 2 Time(s)
       unknown (82-65-33-144.subs.proxad.net): 2 Time(s)
       unknown (dsl54023a3c.fixip.t-online.hu): 2 Time(s)
       root (1.116.78.23): 1 Time(s)
       root (1.116.88.65): 1 Time(s)
       root (103.133.57.250): 1 Time(s)
       root (106.15.197.185): 1 Time(s)
       root (116.110.68.228): 1 Time(s)
       root (120.48.12.77): 1 Time(s)
       root (120.48.8.53): 1 Time(s)
       root (120.92.208.158): 1 Time(s)
       root (121.171.166.26): 1 Time(s)
       root (126.245.64.34.bc.googleusercontent.com): 1 Time(s)
       root (128.199.249.246): 1 Time(s)
       root (157.92.13.105): 1 Time(s)
       root (185.125.46.27): 1 Time(s)
       root (190.131.196.18): 1 Time(s)
       root (193.112.169.9): 1 Time(s)
       root (20.194.14.85): 1 Time(s)
       root (222.179.205.14): 1 Time(s)
       root (42.193.9.88): 1 Time(s)
       root (42.193.99.56): 1 Time(s)
       root (49.235.221.66): 1 Time(s)
       root (58.130.120.224): 1 Time(s)
       root (58.210.241.5): 1 Time(s)
       root (61.155.2.142): 1 Time(s)
       root (83.167.57.49): 1 Time(s)
       unknown (116.110.68.228): 1 Time(s)
       unknown (116.98.170.225): 1 Time(s)
       unknown (117.111.1.237): 1 Time(s)
       unknown (185.220.101.1): 1 Time(s)
       unknown (211.36.141.58): 1 Time(s)
       unknown (23.129.64.232): 1 Time(s)
       unknown (45.153.160.135): 1 Time(s)
       unknown (66.230.230.230): 1 Time(s)
       unknown (karensilkwood.tor-exit.calyxinstitute.org): 1 Time(s)
       unknown (kiriakou.tor-exit.calyxinstitute.org): 1 Time(s)
       unknown (marcuse-1.nos-oignons.net): 1 Time(s)
       unknown (turing.tor-exit.calyxinstitute.org): 1 Time(s)
    Invalid Users:
       Unknown Account: 70 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       11   Miscellaneous warnings  
 
   17.318K  Bytes accepted                              17,734
   17.318K  Bytes sent via SMTP                         17,734
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        4   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        4   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      369   Connections             
       32   Connections lost (inbound) 
      369   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        9   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 46 Time(s)
 
 Failed logins from:
    1.14.140.165: 52 times
    1.116.78.23: 1 time
    1.116.88.65: 1 time
    1.227.192.212: 100 times
    20.194.14.85: 1 time
    34.64.245.126 (126.245.64.34.bc.googleusercontent.com): 1 time
    35.210.149.251 (251.149.210.35.bc.googleusercontent.com): 81 times
    41.93.32.132 (portal.ternet.or.tz): 100 times
    41.230.14.107: 100 times
    42.193.9.88: 1 time
    42.193.99.56: 1 time
    45.55.189.252 (fotomate.in): 100 times
    45.146.165.72: 3 times
    45.146.165.151: 3 times
    45.230.172.115: 100 times
    46.101.137.226: 100 times
    46.101.249.232: 100 times
    49.232.3.145: 54 times
    49.232.83.75: 29 times
    49.232.221.244: 57 times
    49.234.86.164: 72 times
    49.234.149.92: 72 times
    49.235.221.66: 1 time
    58.130.120.224: 1 time
    58.210.241.5: 1 time
    59.46.13.123: 31 times
    61.51.95.194: 36 times
    61.155.2.142: 1 time
    62.234.118.5: 69 times
    64.227.7.248: 71 times
    82.65.203.32 (82-65-203-32.subs.proxad.net): 58 times
    82.156.184.187: 51 times
    82.207.87.24 (dndz.gov.ua): 100 times
    83.167.57.49 (83.167.57.49.static.neotelecoms.com): 1 time
    88.135.36.13: 73 times
    101.32.14.126: 70 times
    103.85.168.186: 93 times
    103.133.57.250: 1 time
    104.248.130.10: 50 times
    106.12.10.54: 60 times
    106.13.143.246: 41 times
    106.15.197.185: 1 time
    106.53.136.5: 58 times
    106.75.6.234: 53 times
    106.75.110.204: 49 times
    107.182.22.118 (107.182.22.118.16clouds.com): 11 times
    111.198.48.204: 43 times
    113.111.228.153: 47 times
    113.134.211.42: 77 times
    116.110.68.228: 1 time
    117.111.1.237: 4 times
    117.158.87.112: 50 times
    118.184.88.21: 100 times
    119.45.52.133: 69 times
    120.48.8.53: 1 time
    120.48.12.77: 1 time
    120.48.21.157: 50 times
    120.92.134.19: 61 times
    120.92.208.158: 1 time
    121.4.81.49: 85 times
    121.4.116.241: 65 times
    121.4.134.48: 64 times
    121.5.211.53: 15 times
    121.171.166.26: 1 time
    122.192.87.150: 100 times
    123.58.5.243: 97 times
    124.156.148.191: 66 times
    128.199.95.60: 56 times
    128.199.158.182: 50 times
    128.199.233.143: 42 times
    128.199.249.246: 1 time
    129.211.146.50: 65 times
    134.122.71.130: 100 times
    139.199.74.92: 35 times
    140.143.239.31: 6 times
    143.110.212.22: 70 times
    143.110.225.133: 54 times
    152.32.243.114: 6 times
    152.136.236.159: 100 times
    154.94.5.95: 100 times
    157.92.13.105: 1 time
    157.230.234.93: 100 times
    159.65.98.176: 100 times
    159.65.137.48: 100 times
    159.75.80.191: 100 times
    160.153.234.236 (ip-160-153-234-236.ip.secureserver.net): 57 times
    163.172.90.44 (op227.fastshell.pl): 100 times
    168.138.211.212: 12 times
    175.6.35.207: 23 times
    175.24.8.247: 95 times
    179.43.156.231: 100 times
    179.43.176.18: 19 times
    180.76.103.247: 61 times
    181.166.181.38 (38-181-166-181.fibertel.com.ar): 95 times
    182.61.15.30: 41 times
    184.82.83.212 (184-82-83-0.24.public.tls1b-bcr01.myaisfibre.com): 6 times
    185.125.46.27: 1 time
    187.1.178.102 (187-1-178-102.centurytelecom.net.br): 52 times
    187.12.167.85: 80 times
    190.128.171.250 (static-250-171-128-190.telecel.com.py): 36 times
    190.131.196.18: 1 time
    190.151.100.10: 10 times
    190.171.240.51 (ip-adsl-190.171.240.51.cotas.com.bo): 100 times
    190.227.159.23 (host23.190-227-159.telecom.net.ar): 96 times
    192.166.219.36 (pm.zzdschool.com): 100 times
    193.112.42.13: 36 times
    193.112.169.9: 1 time
    193.112.203.134: 19 times
    198.12.248.100 (ip-198-12-248-100.ip.secureserver.net): 99 times
    198.211.112.14: 59 times
    201.116.3.194 (static.customer-201-116-3-194.uninet-ide.com.mx): 54 times
    201.236.134.154: 90 times
    202.61.240.203 (v2202102141063142863.hotsrv.de): 96 times
    202.168.194.66: 99 times
    206.189.45.138: 100 times
    206.189.126.211: 61 times
    211.36.141.58: 4 times
    212.33.205.125: 21 times
    216.10.242.121 (server.nyaadaur.com): 76 times
    216.118.233.226: 100 times
    218.92.0.138: 30 times
    218.92.0.145: 53 times
    218.92.0.165: 74 times
    218.92.0.184: 68 times
    218.92.0.247: 42 times
    221.122.93.178: 46 times
    222.107.12.219: 25 times
    222.179.205.14: 1 time
    223.71.127.194: 65 times
 
 Illegal users from:
    undef: 32 times
    20.194.14.85: 3 times
    23.129.64.232: 1 time
    27.64.11.139 (localhost): 3 times
    45.133.1.158: 3 times
    45.135.232.165: 3 times
    45.146.165.151: 10 times
    45.153.160.135: 1 time
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    66.230.230.230: 1 time
    82.65.33.144 (82-65-33-144.subs.proxad.net): 2 times
    84.2.58.60 (dsl54023A3C.fixip.t-online.hu): 2 times
    116.98.170.225 (dynamic-ip-adsl.viettel.vn): 1 time
    116.110.68.228: 1 time
    117.111.1.237: 1 time
    162.247.74.27 (turing.tor-exit.calyxinstitute.org): 1 time
    162.247.74.200 (kiriakou.tor-exit.calyxinstitute.org): 1 time
    178.20.55.16 (marcuse-1.nos-oignons.net): 1 time
    185.36.81.52 (sterharvest.com): 12 times
    185.220.101.1: 1 time
    185.220.102.247 (185-220-102-247.torservers.net): 2 times
    185.220.103.6 (karensilkwood.tor-exit.calyxinstitute.org): 1 time
    211.36.141.58: 1 time
    222.107.12.219: 18 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016