Logwatch for h2361197.stratoserver.net (Linux)

Dienstag, 18 Juni 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Tue Jun 18 04:42:08 2019
        Date Range Processed: yesterday
                              ( 2019-Jun-17 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [382:382]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    59.36.132.222 -> www.baidu.com:443: 1 Time(s)
    60.191.52.254 -> zapf.wiki:443: 1 Time(s)
 
 A total of 3 sites probed the server 
    61.219.11.153
    66.240.205.34
    77.247.110.141
 
 Requests with error response codes
    400 Bad Request
       null: 4 Time(s)
       mstshash=Administr: 3 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
       /: 1 Time(s)
       /robots.txt: 1 Time(s)
       /socket.io/?noteId=XdKJnzV3SqS8tRhprzFWYA& ... U11i9MJQT95ABhG: 1 Time(s)
       http://www.baidu.com/: 1 Time(s)
       www.baidu.com:443: 1 Time(s)
       zapf.wiki:443: 1 Time(s)
    404 Not Found
       /robots.txt: 31 Time(s)
       /berlin/apple-touch-icon.png: 6 Time(s)
       /wp-login.php: 2 Time(s)
       /reader/2016_sose_konstanz_lang.pdf: 1 Time(s)
       /reader/2017_SoSe_Berlin_vorlaeufig.pdf%7C: 1 Time(s)
       /resolutionen/sose14/reso_sose14_zusammenarbeitzapf-che.pdf: 1 Time(s)
       /stapf: 1 Time(s)
    499 (undefined)
       /css/style.css: 1 Time(s)
    500 Internal Server Error
       /: 18 Time(s)
       //libs/js/iframe.js: 1 Time(s)
       /html/.env: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (132.232.45.138): 46 Time(s)
       unknown (125.141.139.23): 43 Time(s)
       unknown (c-76-27-163-60.hsd1.va.comcast.net): 43 Time(s)
       unknown (118.24.108.205): 42 Time(s)
       unknown (183.101.8.161): 42 Time(s)
       unknown (40.115.98.94): 41 Time(s)
       unknown (110.185.106.47): 40 Time(s)
       unknown (193.112.78.133): 40 Time(s)
       unknown (128.199.177.224): 39 Time(s)
       unknown (118.26.165.68): 38 Time(s)
       unknown (254.ip-54-37-154.eu): 37 Time(s)
       unknown (128.ip-51-38-37.eu): 36 Time(s)
       unknown (157.230.223.236): 36 Time(s)
       unknown (123.207.145.66): 35 Time(s)
       unknown (188.20.52.25): 35 Time(s)
       unknown (188.213.165.189): 35 Time(s)
       unknown (80.211.173.206): 35 Time(s)
       unknown (104.248.254.222): 33 Time(s)
       unknown (134.209.70.255): 33 Time(s)
       unknown (138.ip-51-75-16.eu): 33 Time(s)
       unknown (139.59.190.69): 33 Time(s)
       unknown (186.209.74.108): 33 Time(s)
       unknown (93-40-0-76.ip36.fastwebnet.it): 33 Time(s)
       unknown (c-73-42-40-32.hsd1.fl.comcast.net): 33 Time(s)
       unknown (122.175.55.196): 31 Time(s)
       unknown (104.248.134.200): 29 Time(s)
       unknown (host81-137-199-19.in-addr.btopenworld.com): 29 Time(s)
       unknown (139.59.130.225): 26 Time(s)
       unknown (mail.iceengineering.net.au): 23 Time(s)
       unknown (191.34.162.186): 19 Time(s)
       unknown (dccegw01.tulio.com.br): 17 Time(s)
       unknown (ns3270404.ip-5-39-82.eu): 16 Time(s)
       root (186.209.74.108): 15 Time(s)
       unknown (36.110.78.62): 15 Time(s)
       root (104.248.134.200): 12 Time(s)
       root (93-40-0-76.ip36.fastwebnet.it): 11 Time(s)
       root (125.141.139.23): 10 Time(s)
       root (110.185.106.47): 9 Time(s)
       root (118.24.108.205): 9 Time(s)
       unknown (static.100.33.203.116.clients.your-server.de): 9 Time(s)
       root (139.59.190.69): 8 Time(s)
       unknown (122.144.198.18): 8 Time(s)
       unknown (131.0.247.83): 8 Time(s)
       root (128.199.177.224): 7 Time(s)
       root (138.ip-51-75-16.eu): 7 Time(s)
       root (193.112.78.133): 7 Time(s)
       root (mail.iceengineering.net.au): 7 Time(s)
       root (174.220.93.79.rev.sfr.net): 6 Time(s)
       root (188.20.52.25): 6 Time(s)
       root (218.92.0.174): 6 Time(s)
       root (c-73-42-40-32.hsd1.fl.comcast.net): 6 Time(s)
       unknown (129.204.200.85): 6 Time(s)
       unknown (159.65.104.178): 6 Time(s)
       unknown (201.139.89.87): 6 Time(s)
       unknown (218.104.199.131): 6 Time(s)
       root (104.248.254.222): 5 Time(s)
       root (139.59.130.225): 5 Time(s)
       root (183.101.8.161): 5 Time(s)
       root (188.213.165.189): 5 Time(s)
       root (40.115.98.94): 5 Time(s)
       root (122.175.55.196): 4 Time(s)
       root (134.209.70.255): 4 Time(s)
       root (157.230.223.236): 4 Time(s)
       mysql (134.209.70.255): 3 Time(s)
       root (118.26.165.68): 3 Time(s)
       root (128.ip-51-38-37.eu): 3 Time(s)
       root (191.34.162.186): 3 Time(s)
       root (80.211.173.206): 3 Time(s)
       unknown (118.25.10.61): 3 Time(s)
       backup (104.248.254.222): 2 Time(s)
       mysql (123.207.145.66): 2 Time(s)
       root (123.207.145.66): 2 Time(s)
       root (131.0.247.83): 2 Time(s)
       root (132.232.45.138): 2 Time(s)
       root (ns3270404.ip-5-39-82.eu): 2 Time(s)
       unknown (124.51.212.45): 2 Time(s)
       backup (123.207.145.66): 1 Time(s)
       backup (188.20.52.25): 1 Time(s)
       backup (188.213.165.189): 1 Time(s)
       backup (254.ip-54-37-154.eu): 1 Time(s)
       backup (host81-137-199-19.in-addr.btopenworld.com): 1 Time(s)
       bin (188.20.52.25): 1 Time(s)
       bin (host81-137-199-19.in-addr.btopenworld.com): 1 Time(s)
       daemon (c-76-27-163-60.hsd1.va.comcast.net): 1 Time(s)
       daemon (host81-137-199-19.in-addr.btopenworld.com): 1 Time(s)
       games (118.24.108.205): 1 Time(s)
       games (157.230.223.236): 1 Time(s)
       games (80.211.173.206): 1 Time(s)
       games (93-40-0-76.ip36.fastwebnet.it): 1 Time(s)
       jan (c-73-42-40-32.hsd1.fl.comcast.net): 1 Time(s)
       list (138.ip-51-75-16.eu): 1 Time(s)
       lp (123.207.145.66): 1 Time(s)
       lp (186.209.74.108): 1 Time(s)
       lp (93-40-0-76.ip36.fastwebnet.it): 1 Time(s)
       mail (118.25.10.61): 1 Time(s)
       mail (132.232.45.138): 1 Time(s)
       mail (188.213.165.189): 1 Time(s)
       mail (c-76-27-163-60.hsd1.va.comcast.net): 1 Time(s)
       man (118.26.165.68): 1 Time(s)
       mysql (122.175.55.196): 1 Time(s)
       mysql (188.20.52.25): 1 Time(s)
       mysql (188.213.165.189): 1 Time(s)
       mysql (c-76-27-163-60.hsd1.va.comcast.net): 1 Time(s)
       news (104.248.254.222): 1 Time(s)
       news (123.207.145.66): 1 Time(s)
       news (254.ip-54-37-154.eu): 1 Time(s)
       news (host81-137-199-19.in-addr.btopenworld.com): 1 Time(s)
       nobody (183.101.8.161): 1 Time(s)
       postgres (125.141.139.23): 1 Time(s)
       postgres (36.110.78.62): 1 Time(s)
       proxy (131.0.247.83): 1 Time(s)
       proxy (ns3270404.ip-5-39-82.eu): 1 Time(s)
       root (129.204.200.85): 1 Time(s)
       root (185.244.25.235): 1 Time(s)
       root (218.104.199.131): 1 Time(s)
       root (218.92.0.170): 1 Time(s)
       root (218.92.0.173): 1 Time(s)
       root (218.92.0.178): 1 Time(s)
       root (254.ip-54-37-154.eu): 1 Time(s)
       root (c-76-27-163-60.hsd1.va.comcast.net): 1 Time(s)
       root (host81-137-199-19.in-addr.btopenworld.com): 1 Time(s)
       sshd (188.213.165.189): 1 Time(s)
       sync (188.213.165.189): 1 Time(s)
       unknown (103.87.248.250): 1 Time(s)
       unknown (106.13.120.176): 1 Time(s)
       unknown (115.231.101.60): 1 Time(s)
       unknown (117.239.123.125): 1 Time(s)
       unknown (14.176.156.22): 1 Time(s)
       unknown (200.241.126.77): 1 Time(s)
       unknown (36.22.187.34): 1 Time(s)
       unknown (77.242.16.138): 1 Time(s)
       unknown (lstlambert-657-1-142-226.w217-128.abo.wanadoo.fr): 1 Time(s)
       unknown (net-93-144-35-78.cust.vodafonedsl.it): 1 Time(s)
       unknown (smtp.deltaimoveis.com.br): 1 Time(s)
       unknown (tswc2b087.netvigator.com): 1 Time(s)
       uucp (134.209.70.255): 1 Time(s)
       www-data (128.ip-51-38-37.eu): 1 Time(s)
       www-data (80.211.173.206): 1 Time(s)
    Invalid Users:
       Unknown Account: 1165 Time(s)
 
 systemd-user:
    Unknown Entries:
       session opened for user root by (uid=0): 1 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        8   Miscellaneous warnings  
 
   12.519K  Bytes accepted                              12,819
   12.519K  Bytes sent via SMTP                         12,819
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        7   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        7   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       51   Connections             
       29   Connections lost (inbound) 
       51   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        3   SMTP dialog errors      
       11   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    invalid : 2 Time(s)
    root : 2 Time(s)
 
 Failed logins from:
    5.39.82.197 (ns3270404.ip-5-39-82.eu): 3 times
    36.110.78.62 (62.78.110.36.static.bjtelecom.net): 1 time
    40.115.98.94: 5 times
    51.38.37.128 (128.ip-51-38-37.eu): 4 times
    51.75.16.138 (138.ip-51-75-16.eu): 8 times
    54.37.154.254 (254.ip-54-37-154.eu): 3 times
    73.42.40.32 (c-73-42-40-32.hsd1.fl.comcast.net): 7 times
    76.27.163.60 (c-76-27-163-60.hsd1.va.comcast.net): 4 times
    79.93.220.174 (174.220.93.79.rev.sfr.net): 6 times
    80.211.173.206 (host206-173-211-80.serverdedicati.aruba.it): 5 times
    81.137.199.19 (host81-137-199-19.in-addr.btopenworld.com): 5 times
    93.40.0.76 (93-40-0-76.ip36.fastwebnet.it): 13 times
    104.248.134.200: 12 times
    104.248.254.222: 8 times
    110.185.106.47: 9 times
    118.24.108.205: 10 times
    118.25.10.61: 1 time
    118.26.165.68: 4 times
    122.175.55.196 (abts-ap-static-196.55.175.122.airtelbroadband.in): 5 times
    123.207.145.66: 7 times
    125.141.139.23: 11 times
    128.199.177.224: 7 times
    129.204.200.85: 1 time
    131.0.247.83 (131.0.247.83.core3.com.br): 3 times
    132.232.45.138: 3 times
    134.209.70.255: 8 times
    139.59.130.225: 5 times
    139.59.190.69 (221765.cloudwaysapps.com): 8 times
    144.140.214.68 (mail.iceengineering.net.au): 7 times
    157.230.223.236: 5 times
    183.101.8.161: 6 times
    185.244.25.235: 1 time
    186.209.74.108 (static.clig.com.br): 16 times
    188.20.52.25: 9 times
    188.213.165.189 (host189-165-213-188.serverdedicati.aruba.it): 10 times
    191.34.162.186 (191.34.162.186.dynamic.adsl.gvt.net.br): 3 times
    193.112.78.133: 7 times
    218.92.0.170: 3 times
    218.92.0.173: 4 times
    218.92.0.174: 6 times
    218.92.0.178: 3 times
    218.104.199.131: 1 time
 
 Illegal users from:
    undef: 883 times
    5.39.82.197 (ns3270404.ip-5-39-82.eu): 16 times
    14.176.156.22 (static.vnpt.vn): 1 time
    36.22.187.34: 1 time
    36.110.78.62 (62.78.110.36.static.bjtelecom.net): 15 times
    40.115.98.94: 41 times
    51.38.37.128 (128.ip-51-38-37.eu): 36 times
    51.75.16.138 (138.ip-51-75-16.eu): 33 times
    54.37.154.254 (254.ip-54-37-154.eu): 37 times
    73.42.40.32 (c-73-42-40-32.hsd1.fl.comcast.net): 33 times
    76.27.163.60 (c-76-27-163-60.hsd1.va.comcast.net): 43 times
    77.242.16.138 (ip-77-242-16-138.net.abissnet.al): 1 time
    80.211.173.206 (host206-173-211-80.serverdedicati.aruba.it): 35 times
    81.137.199.19 (host81-137-199-19.in-addr.btopenworld.com): 29 times
    93.40.0.76 (93-40-0-76.ip36.fastwebnet.it): 33 times
    93.144.35.78 (net-93-144-35-78.cust.vodafonedsl.it): 1 time
    103.87.248.250: 1 time
    104.248.134.200: 29 times
    104.248.254.222: 33 times
    106.13.120.176: 1 time
    110.185.106.47: 40 times
    115.231.101.60: 1 time
    116.203.33.100 (static.100.33.203.116.clients.your-server.de): 9 times
    117.239.123.125: 1 time
    118.24.108.205: 42 times
    118.25.10.61: 3 times
    118.26.165.68: 38 times
    122.144.198.18: 8 times
    122.175.55.196 (abts-ap-static-196.55.175.122.airtelbroadband.in): 31 times
    123.207.145.66: 35 times
    124.51.212.45: 2 times
    125.141.139.23: 43 times
    128.199.177.224: 39 times
    129.204.200.85: 6 times
    131.0.247.83 (131.0.247.83.core3.com.br): 8 times
    132.232.45.138: 46 times
    134.209.70.255: 33 times
    139.59.130.225: 26 times
    139.59.190.69 (221765.cloudwaysapps.com): 33 times
    144.140.214.68 (mail.iceengineering.net.au): 23 times
    157.230.223.236: 36 times
    159.65.104.178: 6 times
    177.69.8.86 (smtp.deltaimoveis.com.br): 1 time
    183.101.8.161: 42 times
    186.209.74.108 (static.clig.com.br): 33 times
    188.20.52.25: 35 times
    188.213.165.189 (host189-165-213-188.serverdedicati.aruba.it): 35 times
    191.34.162.186 (191.34.162.186.dynamic.adsl.gvt.net.br): 19 times
    193.112.78.133: 40 times
    200.140.194.109 (dccegw01.tulio.com.br): 17 times
    200.241.126.77 (200-241-126-78.argo.com.br): 1 time
    201.139.89.87: 6 times
    217.128.114.226 (lstlambert-657-1-142-226.w217-128.abo.wanadoo.fr): 1 time
    218.102.2.87 (tswc2b087.netvigator.com): 1 time
    218.104.199.131: 6 times
 
 Users logging in through sshd:
    root:
       176.94.82.115 (business-176-094-082-115.static.arcor-ip.net): 1 time
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  242G  159G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016