Logwatch for h2361197.stratoserver.net (Linux)

Montag, 1 November 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Mon Nov  1 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-31 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 75:73 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 10 sites probed the server 
    103.74.220.25
    121.46.25.189
    13.78.214.82
    162.62.178.119
    178.239.21.101
    20.113.34.214
    209.141.51.171
    209.141.54.186
    45.61.184.37
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       null: 12 Time(s)
       /ab2g: 6 Time(s)
       /ab2h: 6 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s)
       /config/getuser?index=0: 2 Time(s)
       /manager/text/list: 1 Time(s)
       /socket.io/?noteId=MApt-oVrSQm6vCe9f-WUsQ& ... QZGNILZ34AHAACn: 1 Time(s)
       /socket.io/?noteId=MApt-oVrSQm6vCe9f-WUsQ& ... W1NaLMiweM0AACm: 1 Time(s)
       /socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... YDEViqVLDqlAACh: 1 Time(s)
       /socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... fmX3zjbYJkVAACi: 1 Time(s)
       /socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... udS4tyeKfDhAACj: 1 Time(s)
       \x09\xE9\x1B\x91\xF9\xE6\x22\xE6\x98\x87\x ... x09\xC0\x13\xC0: 1 Time(s)
       \x8A\xCD\xA1\xCF{\xDE\x0B\xC2T\xE7\x8A\x99 ... x09\xC0\x13\xC0: 1 Time(s)
       \x9A\xDD\xC4\xAF\xA9\xC8ne]\x0E/}V\xA9[n: 1 Time(s)
       \xBF\x02\x00\x88\x13\x00\x00\x87\x00\x00\x ... 0\x00/\x9E\x16E: 1 Time(s)
    404 Not Found
       /konstanz/2016/tagung/app/maps/uni.png: 1 Time(s)
       /konstanz/2016/tagung/impressum.html: 1 Time(s)
       /konstanz/2016/tagung/index.html: 1 Time(s)
       /konstanz/2016/tagung/unterstuetzer/Sponsoren.html: 1 Time(s)
       /konstanz/2016/unterstuetzer/impressum.html: 1 Time(s)
       /konstanz/2016/unterstuetzer/index.html: 1 Time(s)
       /konstanz/2016/unterstuetzer/tagung/programm.html: 1 Time(s)
       /konstanz/2016/unterstuetzer/willkommen/wasistdiezapf.html: 1 Time(s)
       /konstanz/2016/unterstuetzer/willkommen/wersindwir.html: 1 Time(s)
       /konstanz/2016/unterstuetzer/willkommen/willkommen.html: 1 Time(s)
       /konstanz/2016/willkommen/impressum.html: 1 Time(s)
       /konstanz/2016/willkommen/index.html: 1 Time(s)
       /konstanz/2016/willkommen/tagung/programm.html: 1 Time(s)
       /konstanz/2016/willkommen/unterstuetzer/Sponsoren.html: 1 Time(s)
    499 (undefined)
       /socket.io/?noteId=MApt-oVrSQm6vCe9f-WUsQ& ... QZGNILZ34AHAACn: 1 Time(s)
       /socket.io/?noteId=MApt-oVrSQm6vCe9f-WUsQ& ... W1NaLMiweM0AACm: 1 Time(s)
       /socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... TB6Rw3KkDi1AACk: 1 Time(s)
       /socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... YDEViqVLDqlAACh: 1 Time(s)
       /socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... fmX3zjbYJkVAACi: 1 Time(s)
       /socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... udS4tyeKfDhAACj: 1 Time(s)
    500 Internal Server Error
       /: 24 Time(s)
       /.env: 4 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /console/: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /static/js/index.cc66e94a.js: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (170.106.115.41): 129 Time(s)
       root (125.88.253.37): 40 Time(s)
       root (124.205.232.162): 39 Time(s)
       root (61.160.251.98): 39 Time(s)
       root (49.235.93.192): 38 Time(s)
       root (180.76.53.208): 36 Time(s)
       root (183.214.193.196): 36 Time(s)
       root (42.192.41.216): 36 Time(s)
       root (91.150.172.162): 36 Time(s)
       root (ip4d1492d4.dynamic.kabel-deutschland.de): 35 Time(s)
       root (106.55.168.128): 34 Time(s)
       root (115.159.144.229): 34 Time(s)
       root (139.59.85.250): 34 Time(s)
       root (49.233.23.193): 34 Time(s)
       root (117.247.176.211): 33 Time(s)
       root (129.204.249.36): 33 Time(s)
       root (81.68.135.238): 33 Time(s)
       root (1.117.184.86): 32 Time(s)
       root (203.199.243.12): 31 Time(s)
       root (112.122.54.162): 30 Time(s)
       root (157.245.124.160): 30 Time(s)
       root (121.4.241.12): 29 Time(s)
       root (210.101.91.155): 29 Time(s)
       root (42.193.183.39): 29 Time(s)
       root (121.4.121.147): 27 Time(s)
       root (81.70.163.76): 27 Time(s)
       root (82.156.105.147): 26 Time(s)
       root (119.45.104.122): 25 Time(s)
       root (206.81.12.173): 24 Time(s)
       root (219.232.48.190): 24 Time(s)
       root (122.155.0.205): 22 Time(s)
       root (60.255.230.126): 21 Time(s)
       unknown (106.55.168.128): 20 Time(s)
       unknown (210.101.91.155): 20 Time(s)
       root (110.80.17.26): 19 Time(s)
       root (64.225.55.64): 19 Time(s)
       unknown (203.199.243.12): 19 Time(s)
       root (198.23.153.142): 18 Time(s)
       root (210.92.1.109.rev.sfr.net): 18 Time(s)
       root (www.animatic.com): 18 Time(s)
       unknown (1.117.184.86): 18 Time(s)
       unknown (112.122.54.162): 18 Time(s)
       root (106.53.156.113): 17 Time(s)
       root (41.76.175.185): 17 Time(s)
       unknown (129.204.249.36): 17 Time(s)
       unknown (42.193.183.39): 17 Time(s)
       unknown (115.159.144.229): 16 Time(s)
       unknown (139.59.85.250): 16 Time(s)
       unknown (49.233.23.193): 16 Time(s)
       root (203.113.167.3): 15 Time(s)
       unknown (206.81.12.173): 15 Time(s)
       unknown (ip4d1492d4.dynamic.kabel-deutschland.de): 15 Time(s)
       unknown (128.199.120.28): 14 Time(s)
       unknown (42.192.41.216): 14 Time(s)
       unknown (91.150.172.162): 14 Time(s)
       root (81.69.160.121): 13 Time(s)
       unknown (121.4.35.38): 13 Time(s)
       unknown (180.76.53.208): 13 Time(s)
       root (128.199.90.55): 12 Time(s)
       root (180.184.64.255): 12 Time(s)
       root (58.57.15.29): 12 Time(s)
       unknown (81.70.163.76): 12 Time(s)
       unknown (121.4.121.147): 11 Time(s)
       unknown (121.4.241.12): 11 Time(s)
       unknown (124.205.232.162): 11 Time(s)
       unknown (183.214.193.196): 11 Time(s)
       unknown (41.76.175.185): 11 Time(s)
       unknown (49.235.93.192): 11 Time(s)
       unknown (60.255.230.126): 11 Time(s)
       root (110.188.68.110): 10 Time(s)
       unknown (117.247.176.211): 10 Time(s)
       unknown (122.155.0.205): 10 Time(s)
       unknown (141.98.10.63): 10 Time(s)
       unknown (210.92.1.109.rev.sfr.net): 10 Time(s)
       unknown (61.160.251.98): 10 Time(s)
       unknown (81.68.135.238): 10 Time(s)
       unknown (82.156.105.147): 10 Time(s)
       unknown (219.232.48.190): 9 Time(s)
       unknown (81.69.160.121): 9 Time(s)
       root (103.133.94.18): 8 Time(s)
       unknown (125.88.253.37): 8 Time(s)
       unknown (141.98.10.109): 8 Time(s)
       unknown (157.245.124.160): 8 Time(s)
       unknown (58.57.15.29): 7 Time(s)
       root (106.75.84.96): 6 Time(s)
       root (121.4.35.38): 6 Time(s)
       root (205.185.126.71): 6 Time(s)
       unknown (119.45.104.122): 6 Time(s)
       unknown (203.113.167.3): 6 Time(s)
       unknown (205.185.126.71): 6 Time(s)
       unknown (www.animatic.com): 6 Time(s)
       root (139.59.144.149): 5 Time(s)
       root (45.61.185.168): 5 Time(s)
       unknown (110.188.68.110): 5 Time(s)
       unknown (110.80.17.26): 5 Time(s)
       unknown (128.199.90.55): 5 Time(s)
       unknown (45.61.185.168): 5 Time(s)
       unknown (64.225.55.64): 5 Time(s)
       root (128.199.120.28): 4 Time(s)
       root (199.195.254.63): 4 Time(s)
       unknown (180.184.64.255): 4 Time(s)
       unknown (198.23.153.142): 4 Time(s)
       unknown (45.80.184.107): 4 Time(s)
       postgres (128.199.120.28): 3 Time(s)
       root (221.0.94.20): 3 Time(s)
       unknown (106.53.156.113): 3 Time(s)
       unknown (116.105.196.104): 3 Time(s)
       unknown (141.98.10.60): 3 Time(s)
       unknown (209.141.55.232): 3 Time(s)
       unknown (45.135.232.159): 3 Time(s)
       unknown (45.155.204.39): 3 Time(s)
       root (40.68.120.102): 2 Time(s)
       root (45.80.184.107): 2 Time(s)
       unknown (103.133.94.18): 2 Time(s)
       unknown (141.98.10.121): 2 Time(s)
       unknown (167.88.161.219): 2 Time(s)
       unknown (171.238.155.87): 2 Time(s)
       unknown (188.126.222.53): 2 Time(s)
       unknown (197.230.181.188): 2 Time(s)
       unknown (199.195.254.63): 2 Time(s)
       unknown (221.0.94.20): 2 Time(s)
       unknown (40.68.120.102): 2 Time(s)
       unknown (70.44.38.158.res-cmts.bus.ptd.net): 2 Time(s)
       unknown (cpef0f2496bd8c3-cmf0f2496bd8c0.cpe.net.cable.rogers.com): 2 Time(s)
       mysql (183.214.193.196): 1 Time(s)
       mysql (210.101.91.155): 1 Time(s)
       mysql (42.193.183.39): 1 Time(s)
       news (121.4.35.38): 1 Time(s)
       root (171.238.155.87): 1 Time(s)
       root (36.133.163.35): 1 Time(s)
       root (oc-129-150-111-238.compute.oraclecloud.com): 1 Time(s)
       unknown (102.165.46.21): 1 Time(s)
       unknown (106.75.84.96): 1 Time(s)
       unknown (107.189.13.254): 1 Time(s)
       unknown (139.59.144.149): 1 Time(s)
       unknown (185.247.225.79): 1 Time(s)
       unknown (186.179.100.115): 1 Time(s)
       unknown (188.126.89.157): 1 Time(s)
       unknown (206.189.144.184): 1 Time(s)
       unknown (5.183.209.217): 1 Time(s)
       unknown (tor-exit-relay-7.anonymizing-proxy.digitalcourage.de): 1 Time(s)
       uucp (183.214.193.196): 1 Time(s)
    Invalid Users:
       Unknown Account: 594 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        3   Miscellaneous warnings  
 
   13.290K  Bytes accepted                              13,609
   13.290K  Bytes sent via SMTP                         13,609
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        5   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        5   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      481   Connections             
       76   Connections lost (inbound) 
      481   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.117.184.86: 32 times
    36.133.163.35: 1 time
    40.68.120.102: 2 times
    41.76.175.185: 17 times
    42.192.41.216: 36 times
    42.193.183.39: 30 times
    45.61.185.168: 5 times
    45.80.184.107: 2 times
    49.233.23.193: 34 times
    49.235.93.192: 38 times
    58.57.15.29: 12 times
    60.255.230.126: 21 times
    61.160.251.98: 39 times
    64.225.55.64: 19 times
    77.20.146.212 (ip4d1492d4.dynamic.kabel-deutschland.de): 35 times
    81.68.135.238: 33 times
    81.69.160.121: 13 times
    81.70.163.76: 27 times
    82.156.105.147: 26 times
    91.150.172.162 (91.150.172.162.skyware.pl): 36 times
    103.133.94.18: 8 times
    106.53.156.113: 17 times
    106.55.168.128: 34 times
    106.75.84.96: 6 times
    109.1.92.210 (210.92.1.109.rev.sfr.net): 18 times
    110.80.17.26: 19 times
    110.188.68.110: 10 times
    112.122.54.162: 30 times
    115.159.144.229: 34 times
    117.247.176.211: 33 times
    119.45.104.122: 25 times
    121.4.35.38: 7 times
    121.4.121.147: 27 times
    121.4.241.12: 29 times
    122.155.0.205 (www.phatan.go.th): 22 times
    124.205.232.162: 39 times
    125.88.253.37: 40 times
    128.199.90.55: 12 times
    128.199.120.28 (171909.cloudwaysapps.com): 7 times
    129.150.111.238 (oc-129-150-111-238.compute.oraclecloud.com): 1 time
    129.204.249.36: 33 times
    139.59.85.250: 34 times
    139.59.144.149: 5 times
    157.245.124.160: 30 times
    162.243.170.170 (www.animatic.com): 18 times
    170.106.115.41: 129 times
    171.238.155.87 (dynamic-ip-adsl.viettel.vn): 1 time
    180.76.53.208: 36 times
    180.184.64.255: 12 times
    183.214.193.196: 38 times
    198.23.153.142 (198-23-153-142-host.colocrossing.com): 18 times
    199.195.254.63: 4 times
    203.113.167.3: 15 times
    203.199.243.12 (illchn-static-203.199.243.12.vsnl.net.in): 31 times
    205.185.126.71 (beta.bigislandrp.org): 6 times
    206.81.12.173: 24 times
    210.101.91.155: 30 times
    219.232.48.190: 24 times
    221.0.94.20: 3 times
 
 Illegal users from:
    2001:470:1:332::9: 1 time
    undef: 411 times
    1.117.184.86: 18 times
    5.183.209.217: 1 time
    40.68.120.102: 2 times
    41.76.175.185: 11 times
    42.192.41.216: 14 times
    42.193.183.39: 17 times
    45.61.185.168: 5 times
    45.80.184.107: 4 times
    45.135.232.159: 3 times
    45.155.204.39: 3 times
    49.233.23.193: 16 times
    49.235.93.192: 11 times
    58.57.15.29: 7 times
    60.255.230.126: 11 times
    61.160.251.98: 10 times
    64.225.55.64: 5 times
    65.49.20.68 (scan-19.shadowserver.org): 1 time
    70.44.38.158 (70.44.38.158.res-cmts.bus.ptd.net): 2 times
    77.20.146.212 (ip4d1492d4.dynamic.kabel-deutschland.de): 15 times
    81.68.135.238: 10 times
    81.69.160.121: 9 times
    81.70.163.76: 12 times
    82.156.105.147: 10 times
    91.150.172.162 (91.150.172.162.skyware.pl): 14 times
    99.239.69.233 (cpef0f2496bd8c3-cmf0f2496bd8c0.cpe.net.cable.rogers.com): 2 times
    102.165.46.21 (102-165-46-21.as270353.com.br): 1 time
    103.133.94.18: 2 times
    106.53.156.113: 3 times
    106.55.168.128: 20 times
    106.75.84.96: 1 time
    106.75.173.75: 1 time
    107.189.13.254 (LuxembourgTor31.lu): 1 time
    109.1.92.210 (210.92.1.109.rev.sfr.net): 10 times
    110.80.17.26: 5 times
    110.188.68.110: 5 times
    112.122.54.162: 18 times
    115.159.144.229: 16 times
    116.105.196.104: 3 times
    117.247.176.211: 10 times
    119.45.104.122: 6 times
    121.4.35.38: 13 times
    121.4.121.147: 11 times
    121.4.241.12: 11 times
    122.155.0.205 (www.phatan.go.th): 10 times
    124.205.232.162: 11 times
    125.88.253.37: 8 times
    128.199.90.55: 5 times
    128.199.120.28 (171909.cloudwaysapps.com): 14 times
    129.204.249.36: 17 times
    139.59.85.250: 16 times
    139.59.144.149: 1 time
    141.98.10.60: 3 times
    141.98.10.63: 10 times
    141.98.10.109: 8 times
    141.98.10.121: 2 times
    157.245.124.160: 8 times
    162.243.170.170 (www.animatic.com): 6 times
    167.88.161.219 (smtp21.gftvrsr.xyz): 2 times
    171.238.155.87 (dynamic-ip-adsl.viettel.vn): 2 times
    180.76.53.208: 13 times
    180.184.64.255: 4 times
    183.214.193.196: 11 times
    185.220.102.253 (tor-exit-relay-7.anonymizing-proxy.digitalcourage.de): 1 time
    185.247.225.79: 1 time
    186.179.100.115 (azteca-comunicaciones.com): 1 time
    188.126.89.157: 1 time
    188.126.222.53 (cm-188.126.222.53.get.no): 2 times
    197.230.181.188: 2 times
    198.23.153.142 (198-23-153-142-host.colocrossing.com): 4 times
    199.195.254.63: 2 times
    203.113.167.3: 6 times
    203.199.243.12 (illchn-static-203.199.243.12.vsnl.net.in): 19 times
    205.185.126.71 (beta.bigislandrp.org): 6 times
    206.81.12.173: 15 times
    206.189.144.184: 1 time
    209.141.55.232: 3 times
    210.101.91.155: 20 times
    219.232.48.190: 9 times
    221.0.94.20: 2 times
 
 **Unmatched Entries**
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016