Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 26 Februar 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Feb 26 04:42:09 2021
        Date Range Processed: yesterday
                              ( 2021-Feb-25 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [117:117]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 5 sites probed the server 
    103.145.13.118
    115.50.228.155
    138.197.141.156
    185.153.197.179
    61.219.11.153
 
 Requests with error response codes
    400 Bad Request
       null: 12 Time(s)
       /: 4 Time(s)
       /0bef: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
    403 Forbidden
       /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s)
    404 Not Found
       /robots.txt: 25 Time(s)
       /wp-login.php: 3 Time(s)
       /protokolle/Protokoll_MV_12.11.2016.pdf: 2 Time(s)
       /protokolle/Protokoll_MV_2020_11_12_Muenchen.pdf: 2 Time(s)
       /berlin/apple-touch-icon.png: 1 Time(s)
       /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s)
       /reader/tu-dresden.de/tu-dresden/gesundhei ... e_final-TUD.pdf: 1 Time(s)
       /reader/tu-dresden.de/tu-dresden/gesundhei ... istungen_DE.pdf: 1 Time(s)
       /reader/www.bundesrat.de/SharedDocs/drucks ... 0/216-19(B).pdf: 1 Time(s)
       /sites/default/files/2006_SoSe_Dresden.pdf: 1 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
    500 Internal Server Error
       /: 36 Time(s)
       /sitemap.txt: 5 Time(s)
       /robots.txt: 4 Time(s)
       /atom.xml: 3 Time(s)
       /sitemap_index.xml: 3 Time(s)
       /.env: 2 Time(s)
       /_ignition/execute-solution: 2 Time(s)
       /sitemap.xml: 2 Time(s)
       /sitemap.xml.gz: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /admin//config.php: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /console/: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (61.177.172.104): 121 Time(s)
       root (218.92.0.133): 71 Time(s)
       root (180.76.111.55): 68 Time(s)
       root (152.136.184.12): 67 Time(s)
       root (rs000279.fastrootserver.de): 67 Time(s)
       root (36.67.197.52): 66 Time(s)
       root (52.147.154.104.bc.googleusercontent.com): 66 Time(s)
       root (3.ip-51-91-76.eu): 64 Time(s)
       root (157.230.3.204): 62 Time(s)
       root (81.70.193.181): 61 Time(s)
       root (251.223.80.34.bc.googleusercontent.com): 60 Time(s)
       root (124.156.139.91): 59 Time(s)
       root (144.126.197.136): 59 Time(s)
       root (218.92.0.184): 59 Time(s)
       root (88.ip-144-217-15.net): 59 Time(s)
       root (81.30.162.28): 58 Time(s)
       root (129.226.55.85): 57 Time(s)
       root (178.128.223.85): 56 Time(s)
       root (ool-44c04a05.dyn.optonline.net): 56 Time(s)
       root (128.199.213.194): 55 Time(s)
       root (174.138.20.105): 55 Time(s)
       root (182.254.151.2): 55 Time(s)
       root (167.172.133.221): 54 Time(s)
       root (180.166.114.14): 54 Time(s)
       root (42.193.181.249): 54 Time(s)
       root (195.214.223.84): 53 Time(s)
       root (114.67.90.104): 52 Time(s)
       root (157.230.33.158): 52 Time(s)
       root (34.176.226.35.bc.googleusercontent.com): 52 Time(s)
       root (118.89.245.92): 51 Time(s)
       root (vps-58038cba.vps.ovh.net): 51 Time(s)
       root (106.12.46.26): 50 Time(s)
       root (115.85.53.91): 50 Time(s)
       root (43.226.69.100): 48 Time(s)
       root (124.236.22.12): 46 Time(s)
       root (139.198.1.16): 46 Time(s)
       root (189.6.30.178): 45 Time(s)
       root (192.241.209.46): 45 Time(s)
       root (59.57.83.94): 45 Time(s)
       root (68.183.92.52): 44 Time(s)
       root (106.75.230.121): 43 Time(s)
       root (182.61.34.200): 43 Time(s)
       root (180.167.207.234): 42 Time(s)
       root (163.172.60.154): 41 Time(s)
       root (192.144.230.43): 41 Time(s)
       root (218.92.0.247): 41 Time(s)
       root (218.92.0.185): 36 Time(s)
       root (140.143.243.27): 34 Time(s)
       root (218.92.0.165): 30 Time(s)
       root (218.92.0.248): 29 Time(s)
       root (46.101.54.195): 29 Time(s)
       root (150.136.21.3): 28 Time(s)
       root (221.181.185.140): 28 Time(s)
       root (smtp2.visto-web.com.br): 28 Time(s)
       root (218.92.0.171): 25 Time(s)
       root (85.ip-151-80-146.eu): 24 Time(s)
       root (152.32.228.7): 23 Time(s)
       root (fat85.internetdsl.tpnet.pl): 23 Time(s)
       root (178.154.228.6): 22 Time(s)
       root (111.230.204.113): 19 Time(s)
       root (168.227.99.11): 18 Time(s)
       root (218.92.0.138): 18 Time(s)
       root (222.187.239.31): 18 Time(s)
       root (218.92.0.145): 16 Time(s)
       root (195.43.3.231): 15 Time(s)
       root (95.85.34.53): 15 Time(s)
       root (221.181.185.143): 14 Time(s)
       root (222.187.238.87): 14 Time(s)
       root (221.181.185.237): 12 Time(s)
       root (vmi527840.contaboserver.net): 12 Time(s)
       unknown (190.216.87.162): 12 Time(s)
       root (178.154.253.235): 11 Time(s)
       root (203.46.223.176): 6 Time(s)
       unknown (subs03-180-214-233-22.three.co.id): 6 Time(s)
       root (104.131.190.193): 4 Time(s)
       root (114.80.157.205): 4 Time(s)
       root (134.122.19.213): 4 Time(s)
       root (mx1.eitd.gov.kh): 4 Time(s)
       unknown (115.178.223.75): 4 Time(s)
       unknown (221.0.94.20): 4 Time(s)
       root (194.6.233.138): 3 Time(s)
       unknown (195.54.160.250): 3 Time(s)
       unknown (mail.bluesloth.hu): 3 Time(s)
       unknown (v118-27-4-225.o4kn.static.cnode.io): 3 Time(s)
       root (134.122.69.50): 2 Time(s)
       root (190.216.87.162): 2 Time(s)
       root (81.161.63.101): 2 Time(s)
       root (smtp.algonews.space): 2 Time(s)
       unknown (129.red-83-38-230.dynamicip.rima-tde.net): 2 Time(s)
       unknown (206.189.2.121): 2 Time(s)
       unknown (220.193.11.109.rev.sfr.net): 2 Time(s)
       unknown (37.57.89.52): 2 Time(s)
       unknown (45.93.201.193): 2 Time(s)
       unknown (ip-89-176-18-137.net.upcbroadband.cz): 2 Time(s)
       unknown (wiebe.tor-exit.calyxinstitute.org): 2 Time(s)
       root (101.33.118.38): 1 Time(s)
       root (106.13.115.229): 1 Time(s)
       root (117.173.67.119): 1 Time(s)
       root (119.28.68.78): 1 Time(s)
       root (121.4.47.140): 1 Time(s)
       root (123.58.5.36): 1 Time(s)
       root (123.6.5.104): 1 Time(s)
       root (128.199.167.161): 1 Time(s)
       root (134.122.126.36): 1 Time(s)
       root (138.68.81.162): 1 Time(s)
       root (153.ip-51-75-140.eu): 1 Time(s)
       root (161.35.26.90): 1 Time(s)
       root (182.254.161.98): 1 Time(s)
       root (182.61.40.227): 1 Time(s)
       root (182.61.43.196): 1 Time(s)
       root (189.150.232.37): 1 Time(s)
       root (189.54.45.74): 1 Time(s)
       root (190.104.254.198): 1 Time(s)
       root (195.239.243.84): 1 Time(s)
       root (203.195.150.131): 1 Time(s)
       root (218.150.216.229): 1 Time(s)
       root (221.122.119.50): 1 Time(s)
       root (234.164.213.35.bc.googleusercontent.com): 1 Time(s)
       root (46.ip-51-91-159.eu): 1 Time(s)
       root (64.202.187.246): 1 Time(s)
       root (81.70.204.31): 1 Time(s)
       root (host-186-4-136-153.netlife.ec): 1 Time(s)
       root (msk-ns.noc.dozortel.ru): 1 Time(s)
       root (static-200-105-212-35.acelerate.net): 1 Time(s)
       root (v118-27-4-225.o4kn.static.cnode.io): 1 Time(s)
       root (vps-5f6227ee.vps.ovh.net): 1 Time(s)
       sshd (45.93.201.193): 1 Time(s)
       sync (213.197.157.206): 1 Time(s)
       unknown (190.152.4.202): 1 Time(s)
    Invalid Users:
       Unknown Account: 50 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       42   Miscellaneous warnings  
 
   18.724K  Bytes accepted                              19,173
   18.724K  Bytes sent via SMTP                         19,173
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
     1240   Connections             
     1184   Connections lost (inbound) 
     1240   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   Timeouts (inbound)      
        1   SMTP dialog errors      
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 74 Time(s)
 
 Failed logins from:
    34.80.223.251 (251.223.80.34.bc.googleusercontent.com): 60 times
    35.213.164.234 (234.164.213.35.bc.googleusercontent.com): 1 time
    35.226.176.34 (34.176.226.35.bc.googleusercontent.com): 52 times
    36.67.197.52: 66 times
    42.193.181.249: 54 times
    43.226.69.100: 48 times
    45.93.201.193: 1 time
    46.101.54.195: 29 times
    51.68.172.217 (vps-5f6227ee.vps.ovh.net): 1 time
    51.75.140.153 (153.ip-51-75-140.eu): 1 time
    51.83.132.153 (vps-58038cba.vps.ovh.net): 51 times
    51.91.76.3 (3.ip-51-91-76.eu): 64 times
    51.91.159.46 (46.ip-51-91-159.eu): 1 time
    59.57.83.94: 45 times
    61.177.172.104: 121 times
    64.202.187.246 (ip-64-202-187-246.secureserver.net): 1 time
    68.183.92.52 (shadow.fail): 44 times
    68.192.74.5 (ool-44c04a05.dyn.optonline.net): 56 times
    81.30.162.28 (dial-up05.vsau.org): 58 times
    81.70.193.181: 61 times
    81.70.204.31: 1 time
    81.161.63.101: 2 times
    83.13.19.85 (fat85.internetdsl.tpnet.pl): 23 times
    89.163.209.26 (rs000279.fastrootserver.de): 67 times
    91.102.200.88 (msk-ns.noc.dozortel.ru): 1 time
    95.85.34.53: 15 times
    101.33.118.38: 1 time
    103.134.177.163 (mx1.eitd.gov.kh): 4 times
    104.131.190.193 (docman.gozmart.ch-prob): 4 times
    104.154.147.52 (52.147.154.104.bc.googleusercontent.com): 66 times
    106.12.46.26: 50 times
    106.13.115.229: 1 time
    106.75.230.121: 43 times
    111.230.204.113: 19 times
    114.67.90.104: 52 times
    114.80.157.205: 4 times
    115.85.53.91 (91.53.85.115.dsl.service.static.eastern-tele.com): 50 times
    117.173.67.119: 1 time
    118.27.4.225 (v118-27-4-225.o4kn.static.cnode.io): 1 time
    118.89.245.92: 51 times
    119.28.68.78: 1 time
    121.4.47.140: 1 time
    123.6.5.104 (hn.kd.ny.adsl): 1 time
    123.58.5.36: 1 time
    124.156.139.91: 59 times
    124.236.22.12 (12.22.236.124.broad.sj.he.dynamic.163data.com.cn): 46 times
    128.199.167.161: 1 time
    128.199.213.194: 55 times
    129.226.55.85: 57 times
    134.122.19.213 (dev.pana.mirror): 4 times
    134.122.69.50: 2 times
    134.122.126.36: 1 time
    138.68.81.162: 1 time
    139.198.1.16: 46 times
    140.143.243.27: 34 times
    144.126.197.136: 59 times
    144.217.15.88 (88.ip-144-217-15.net): 59 times
    150.136.21.3: 28 times
    151.80.146.85 (85.ip-151-80-146.eu): 24 times
    152.32.228.7: 23 times
    152.136.184.12: 67 times
    157.230.3.204: 62 times
    157.230.33.158: 52 times
    161.35.26.90: 1 time
    163.172.60.154 (cutslimier.com): 41 times
    165.227.119.220 (smtp.algonews.space): 2 times
    167.86.90.235 (vmi527840.contaboserver.net): 12 times
    167.172.133.221: 54 times
    168.227.99.11 (168-227-99-11.ptr.westnet.com.ar): 18 times
    174.138.20.105: 55 times
    177.69.119.161 (smtp2.visto-web.com.br): 28 times
    178.128.223.85: 56 times
    178.154.228.6: 22 times
    178.154.253.235: 11 times
    180.76.111.55: 68 times
    180.166.114.14: 54 times
    180.167.207.234: 42 times
    182.61.34.200: 43 times
    182.61.40.227: 1 time
    182.61.43.196: 1 time
    182.254.151.2: 55 times
    182.254.161.98: 1 time
    186.4.136.153 (host-186-4-136-153.netlife.ec): 1 time
    189.6.30.178 (bd061eb2.virtua.com.br): 45 times
    189.54.45.74 (bd362d4a.virtua.com.br): 1 time
    189.150.232.37 (dsl-189-150-232-37-dyn.prod-infinitum.com.mx): 1 time
    190.104.254.198 (static.198.254.104.190.cps.com.ar): 1 time
    190.216.87.162: 2 times
    192.144.230.43: 41 times
    192.241.209.46: 45 times
    194.6.233.138: 3 times
    195.43.3.231 (msr-pc04.msr.sci.eg): 15 times
    195.214.223.84: 53 times
    195.239.243.84: 1 time
    200.105.212.35 (static-200-105-212-35.acelerate.net): 1 time
    203.46.223.176: 6 times
    203.195.150.131: 1 time
    213.197.157.206: 1 time
    218.92.0.133: 71 times
    218.92.0.138: 18 times
    218.92.0.145: 18 times
    218.92.0.165: 30 times
    218.92.0.171: 26 times
    218.92.0.184: 59 times
    218.92.0.185: 36 times
    218.92.0.247: 41 times
    218.92.0.248: 29 times
    218.150.216.229: 1 time
    221.122.119.50: 1 time
    221.181.185.140: 30 times
    221.181.185.143: 18 times
    221.181.185.237: 12 times
    222.187.238.87: 18 times
    222.187.239.31: 18 times
 
 Illegal users from:
    undef: 18 times
    37.57.89.52 (52.89.57.37.triolan.net): 2 times
    45.93.201.193: 2 times
    65.49.20.67 (scan-18.shadowserver.org): 1 time
    83.38.230.129 (129.red-83-38-230.dynamicip.rima-tde.net): 2 times
    89.176.18.137 (ip-89-176-18-137.net.upcbroadband.cz): 2 times
    109.11.193.220 (220.193.11.109.rev.sfr.net): 2 times
    115.178.223.75: 5 times
    118.27.4.225 (v118-27-4-225.o4kn.static.cnode.io): 3 times
    139.162.122.110 (scan-8.security.ipip.net): 1 time
    162.247.74.74 (wiebe.tor-exit.calyxinstitute.org): 2 times
    180.214.233.22 (subs03-180-214-233-22.three.co.id): 6 times
    190.152.4.202 (202.4.152.190.static.anycast.cnt-grms.ec): 1 time
    190.216.87.162: 14 times
    195.54.160.250: 3 times
    206.189.2.121: 2 times
    213.136.82.119 (mail.bluesloth.hu): 3 times
    221.0.94.20: 4 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016