Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 15 März 2024


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Mar 15 04:42:03 2024
        Date Range Processed: yesterday
                              ( 2024-Mar-14 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 17:17 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    91.92.244.152 -> zapf.wiki:443: 1 Time(s)
 
 A total of 16 sites probed the server 
    118.193.36.149
    157.230.15.222
    161.35.230.3
    161.35.236.158
    162.243.148.7
    167.71.133.68
    18.132.35.135
    18.133.156.145
    185.142.236.34
    192.241.227.47
    205.210.31.170
    205.210.31.64
    3.10.207.181
    45.95.147.236
    65.49.1.10
    78.153.140.179
 
 Requests with error response codes
    400 Bad Request
       null: 22 Time(s)
       *: 7 Time(s)
       /: 5 Time(s)
       mstshash=Administr: 3 Time(s)
       /.env: 2 Time(s)
       -6\xE6o\x043\xBE\xBD\x91\x0B\x91X\xA6Z\xD7 ... D\xC0$\xC0(\xC0: 1 Time(s)
       /../../mnt/mtd/Config/Account1: 1 Time(s)
       /../../mnt/mtd/Config/Account2: 1 Time(s)
       /cgi-bin/authLogin.cgi: 1 Time(s)
       /manager/html: 1 Time(s)
       /manager/text/list: 1 Time(s)
       /query?q=SHOW+DIAGNOSTICS: 1 Time(s)
       /solr/admin/cores?action=STATUS&wt=json: 1 Time(s)
       /solr/admin/info/system: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       /v2/_catalog: 1 Time(s)
       12.1.2: 1 Time(s)
       \x9B\x93\xE6\x81\x0E\xB9\xDF\x1Ca\x9B\xE8Z ... AB\xEC[\xAB\xEE: 1 Time(s)
       \xBF\x08\x5C\xFF: 1 Time(s)
       http://httpbin.org/ip: 1 Time(s)
       mB\xCD\xF5\x00\x00\x1A\xC0/\xC0+\xC0\x11\x ... x09\xC0\x14\xC0: 1 Time(s)
       zapf.wiki:443: 1 Time(s)
    500 Internal Server Error
       /: 35 Time(s)
       /favicon.ico: 10 Time(s)
       /.env: 8 Time(s)
       /+CSCOE+/logon.html: 6 Time(s)
       /cgi-bin/login.cgi: 6 Time(s)
       /doc/index.html: 6 Time(s)
       /index.html: 6 Time(s)
       /login.jsp: 6 Time(s)
       /logon.htm: 6 Time(s)
       /manage/account/login: 6 Time(s)
       /admin/index.html: 5 Time(s)
       /.git/config: 2 Time(s)
       /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 2 Time(s)
       /robots.txt: 2 Time(s)
       /sitemap.xml: 2 Time(s)
       /webui/: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /HNAP1: 1 Time(s)
       /HNAP1/: 1 Time(s)
       /Public/home/js/check.js: 1 Time(s)
       /ReportServer: 1 Time(s)
       /actuator/gateway/routes: 1 Time(s)
       /api/v2/cmdb/system/admin/admin: 1 Time(s)
       /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /evox/about: 1 Time(s)
       /geoserver/web/: 1 Time(s)
       /index.php?lang=../../../../../../../../tmp/index1: 1 Time(s)
       /index.php?lang=../../../../../../../../us ... /tmp/index1.php: 1 Time(s)
       /index.php?s=/index/\x5Cthink\x5Capp/invok ... vars[1][]=Hello: 1 Time(s)
       /index.php?s=index/index/index/think_lang/ ... y.sh%20%7C%20sh: 1 Time(s)
       /login: 1 Time(s)
       /nmaplowercheck1710443974: 1 Time(s)
       /public/index.php?s=/index/\x5Cthink\x5Cap ... vars[1][]=Hello: 1 Time(s)
       /remote/login: 1 Time(s)
       /remote/login/remote/login: 1 Time(s)
       /sdk: 1 Time(s)
       /static/admin/javascript/hetong.js: 1 Time(s)
       /ztp/cgi-bin/handler: 1 Time(s)
    502 Bad Gateway
       /-UCiB4o_SaOfdBPLYtK8YA/pdf: 1 Time(s)
       /70ngShdKS3eQcEWPm_k3lw/pdf: 1 Time(s)
       /XiNWfzB6SouKz0g2FE5_Vg/pdf: 1 Time(s)
       /features/pdf: 1 Time(s)
       /musterrechtsverordung/pdf: 1 Time(s)
       /register/pdf: 1 Time(s)
       /reso_abschlussarbeiten/pdf: 1 Time(s)
       /slide-example/pdf: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (165.227.219.126): 148 Time(s)
       unknown (139.59.47.104): 53 Time(s)
       unknown (188.166.113.5): 53 Time(s)
       root (188.166.113.5): 46 Time(s)
       root (179.43.180.106): 27 Time(s)
       root (mail.rokor.kz): 18 Time(s)
       unknown (139.59.16.110): 12 Time(s)
       root (165.227.219.126): 9 Time(s)
       root (139.59.47.104): 7 Time(s)
       unknown (19010730117.ip71.static.mediacommerce.com.co): 7 Time(s)
       root (104-230-097-051.res.spectrum.com): 6 Time(s)
       root (122.224.37.86): 6 Time(s)
       root (202.79.38.59): 6 Time(s)
       root (211.43.80.245): 6 Time(s)
       unknown (202.165.16.209): 6 Time(s)
       root (221.159.100.63): 5 Time(s)
       root (218.75.45.86): 4 Time(s)
       root (14.33.29.66): 3 Time(s)
       unknown (159.65.202.125): 3 Time(s)
       root (202.165.16.209): 2 Time(s)
       unknown (19010730119.ip71.static.mediacommerce.com.co): 2 Time(s)
       unknown (191.5.98.231): 2 Time(s)
       unknown (s1.thehost.com.ua): 2 Time(s)
       nobody (103.38.13.52): 1 Time(s)
       nobody (110.39.183.46): 1 Time(s)
       nobody (19010730117.ip71.static.mediacommerce.com.co): 1 Time(s)
       nobody (202.165.16.209): 1 Time(s)
       nobody (65.20.131.99): 1 Time(s)
       nobody (82.67.30.217): 1 Time(s)
       nobody (85.215.78.130): 1 Time(s)
       nobody (n112119122248.netvigator.com): 1 Time(s)
       postgres (165.227.219.126): 1 Time(s)
       postgres (188.166.113.5): 1 Time(s)
       root (58.246.253.218): 1 Time(s)
       root (65.20.167.207): 1 Time(s)
       root (65.20.218.228): 1 Time(s)
       root (c-76-129-75-128.hsd1.ut.comcast.net): 1 Time(s)
       unknown (1.9.249.234): 1 Time(s)
       unknown (103.157.114.194): 1 Time(s)
       unknown (103.157.115.146): 1 Time(s)
       unknown (103.91.103.51): 1 Time(s)
       unknown (113.254.80.176): 1 Time(s)
       unknown (115.241.38.14): 1 Time(s)
       unknown (116.97.240.172): 1 Time(s)
       unknown (117.4.162.208): 1 Time(s)
       unknown (118.89.139.185): 1 Time(s)
       unknown (122.160.128.150): 1 Time(s)
       unknown (122.4.70.142): 1 Time(s)
       unknown (124.41.217.210): 1 Time(s)
       unknown (124244010182.ctinets.com): 1 Time(s)
       unknown (128.199.67.1): 1 Time(s)
       unknown (137.63.134.158): 1 Time(s)
       unknown (143.198.222.155): 1 Time(s)
       unknown (148.202.102.151): 1 Time(s)
       unknown (157.122.183.219): 1 Time(s)
       unknown (165.16.124.215): 1 Time(s)
       unknown (167.99.68.29): 1 Time(s)
       unknown (176.224.153.176): 1 Time(s)
       unknown (179.131.11.68): 1 Time(s)
       unknown (179.209.237.119): 1 Time(s)
       unknown (180.183.245.232): 1 Time(s)
       unknown (182.254.216.230): 1 Time(s)
       unknown (185.196.8.151): 1 Time(s)
       unknown (185.199.98.51): 1 Time(s)
       unknown (186.239.27.86): 1 Time(s)
       unknown (187.9.20.246): 1 Time(s)
       unknown (188-169-66-154.dsl.utg.ge): 1 Time(s)
       unknown (189.56.252.115): 1 Time(s)
       unknown (190.107.71.200): 1 Time(s)
       unknown (190.61.89.115): 1 Time(s)
       unknown (19010730120.ip71.static.mediacommerce.com.co): 1 Time(s)
       unknown (191.36.152.41): 1 Time(s)
       unknown (202.88.237.198): 1 Time(s)
       unknown (206.252.194.42): 1 Time(s)
       unknown (212.64.216.45): 1 Time(s)
       unknown (213.59.165.130): 1 Time(s)
       unknown (218.75.45.86): 1 Time(s)
       unknown (223.16.59.209): 1 Time(s)
       unknown (36.137.22.65): 1 Time(s)
       unknown (36.93.91.188): 1 Time(s)
       unknown (42.112.235.77.dyn.idknet.com): 1 Time(s)
       unknown (45.71.24.198): 1 Time(s)
       unknown (52.152.104.58): 1 Time(s)
       unknown (59-125-210-231.hinet-ip.hinet.net): 1 Time(s)
       unknown (6.ip-92-222-171.eu): 1 Time(s)
       unknown (62.116.243.192): 1 Time(s)
       unknown (65.20.135.187): 1 Time(s)
       unknown (65.20.144.159): 1 Time(s)
       unknown (65.20.150.51): 1 Time(s)
       unknown (65.20.157.206): 1 Time(s)
       unknown (65.20.162.198): 1 Time(s)
       unknown (65.20.166.132): 1 Time(s)
       unknown (65.20.170.129): 1 Time(s)
       unknown (65.20.189.109): 1 Time(s)
       unknown (65.20.194.204): 1 Time(s)
       unknown (65.20.204.76): 1 Time(s)
       unknown (65.20.205.172): 1 Time(s)
       unknown (65.20.215.208): 1 Time(s)
       unknown (65.20.216.248): 1 Time(s)
       unknown (65.20.223.117): 1 Time(s)
       unknown (65.20.235.177): 1 Time(s)
       unknown (65.20.237.130): 1 Time(s)
       unknown (65.20.249.167): 1 Time(s)
       unknown (78.188.93.56): 1 Time(s)
       unknown (80.210.19.85): 1 Time(s)
       unknown (81-232-159-138-no2663.tbcn.telia.com): 1 Time(s)
       unknown (81.16.121.86): 1 Time(s)
       unknown (81.70.48.225): 1 Time(s)
       unknown (82-64-102-158.subs.proxad.net): 1 Time(s)
       unknown (88.248.250.143): 1 Time(s)
       unknown (91.75.113.51): 1 Time(s)
       unknown (91.92.124.199): 1 Time(s)
       unknown (94.45.113.113): 1 Time(s)
       unknown (94.74.181.100): 1 Time(s)
       unknown (95.38.15.2): 1 Time(s)
       unknown (agencijaiiz1-155.bih.net.ba): 1 Time(s)
       unknown (c-24-61-48-36.hsd1.ct.comcast.net): 1 Time(s)
       unknown (c-67-183-162-103.hsd1.wa.comcast.net): 1 Time(s)
       unknown (c-73-180-208-11.hsd1.md.comcast.net): 1 Time(s)
       unknown (host-188-15-20-68.business.telecomitalia.it): 1 Time(s)
       unknown (lfbn-idf2-1-1001-109.w86-238.abo.wanadoo.fr): 1 Time(s)
       unknown (ool-2f163093.static.optonline.net): 1 Time(s)
       unknown (ua-84-217-215-241.bbcust.telenor.se): 1 Time(s)
       unknown (web12.servicehoster.ch): 1 Time(s)
    Invalid Users:
       Unknown Account: 375 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        4   Miscellaneous warnings  
 
   18.304K  Bytes accepted                              18,743
   18.304K  Bytes sent via SMTP                         18,743
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       80   Connections             
       15   Connections lost (inbound) 
       80   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   SMTP dialog errors      
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 4 Time(s)
 
 Failed logins from:
    14.33.29.66: 4 times
    58.246.253.218: 1 time
    65.20.131.99: 1 time
    65.20.167.207: 1 time
    65.20.218.228: 1 time
    76.129.75.128 (c-76-129-75-128.hsd1.ut.comcast.net): 1 time
    82.67.30.217 (ril69-1_migr-82-67-30-217.fbx.proxad.net): 1 time
    85.215.78.130 (ionos.opole.icu): 1 time
    103.38.13.52 (static-13.38.103.extranet.co.in): 1 time
    104.230.97.51 (104-230-097-051.res.spectrum.com): 6 times
    110.39.183.46 (WGPON-39183-46.wateen.net): 1 time
    112.119.122.248 (n112119122248.netvigator.com): 1 time
    122.224.37.86: 6 times
    139.59.47.104: 7 times
    165.227.219.126: 10 times
    178.88.167.38 (mail.rokor.kz): 18 times
    179.43.180.106 (hostedby.privatelayer.com): 27 times
    188.166.113.5: 47 times
    190.107.30.117 (19010730117.ip71.static.mediacommerce.com.co): 1 time
    202.79.38.59 (bck-chdc-01.wlink.com.np): 6 times
    202.165.16.209: 3 times
    211.43.80.245: 6 times
    218.75.45.86: 4 times
    221.159.100.63: 6 times
 
 Illegal users from:
    2001:470:1:c84::13 (scan-03n.shadowserver.org): 1 time
    undef: 150 times
    1.9.249.234 (nexusnetwork.com.my): 1 time
    24.61.48.36 (c-24-61-48-36.hsd1.ct.comcast.net): 1 time
    36.93.91.188: 1 time
    36.137.22.65: 1 time
    45.71.24.198: 1 time
    47.22.48.147 (ool-2f163093.static.optonline.net): 1 time
    52.152.104.58: 1 time
    59.125.210.231 (59-125-210-231.hinet-ip.hinet.net): 1 time
    62.116.243.192 (192.fttbcentrum2.gavlenet.com): 1 time
    64.62.197.220 (scan-43i.shadowserver.org): 1 time
    65.20.135.187: 1 time
    65.20.144.159: 1 time
    65.20.150.51: 1 time
    65.20.157.206: 1 time
    65.20.162.198: 1 time
    65.20.166.132: 1 time
    65.20.170.129: 1 time
    65.20.189.109: 1 time
    65.20.194.204: 1 time
    65.20.204.76: 1 time
    65.20.205.172: 1 time
    65.20.215.208: 1 time
    65.20.216.248: 1 time
    65.20.223.117: 1 time
    65.20.235.177: 1 time
    65.20.237.130: 1 time
    65.20.249.167: 1 time
    67.183.162.103 (c-67-183-162-103.hsd1.wa.comcast.net): 1 time
    73.180.208.11 (c-73-180-208-11.hsd1.md.comcast.net): 1 time
    77.235.112.42 (42.112.235.77.dyn.idknet.com): 1 time
    78.188.93.56 (78.188.93.56.static.ttnet.com.tr): 1 time
    80.65.90.155 (agencijaiiz1-155.bih.net.ba): 1 time
    80.210.19.85: 1 time
    81.16.121.86: 1 time
    81.70.48.225: 1 time
    81.232.159.138 (81-232-159-138-no2663.tbcn.telia.com): 1 time
    82.64.102.158 (82-64-102-158.subs.proxad.net): 1 time
    84.217.215.241 (ua-84-217-215-241.bbcust.telenor.se): 1 time
    86.238.232.109 (lfbn-idf2-1-1001-109.w86-238.abo.wanadoo.fr): 1 time
    88.248.250.143 (88.248.250.143.static.ttnet.com.tr): 1 time
    91.75.113.51: 1 time
    91.92.124.199: 1 time
    91.234.33.250 (s1.thehost.com.ua): 2 times
    92.222.171.6 (6.ip-92-222-171.eu): 1 time
    94.45.113.113: 1 time
    94.74.181.100: 1 time
    95.38.15.2: 1 time
    103.91.103.51: 1 time
    103.157.114.194 (194.114.157.103.Ai-bkti-hts.iforte.net.id): 1 time
    103.157.115.146 (146.115.157.103.Ai-bkti-hts.iforte.net.id): 1 time
    113.254.80.176 (176-80-254-113-on-nets.com): 1 time
    115.241.38.14: 1 time
    116.97.240.172 (dynamic-adsl.viettel.vn): 1 time
    117.4.162.208 (localhost): 1 time
    118.89.139.185: 1 time
    122.4.70.142 (142.70.4.122.broad.qd.sd.dynamic.163data.com.cn): 1 time
    122.160.128.150 (abts-north-static-150.128.160.122.airtelbroadband.in): 1 time
    124.41.217.210 (210.217.41.124.dynamic.wlink.com.np): 1 time
    124.244.10.182 (124244010182.ctinets.com): 1 time
    128.199.67.1: 1 time
    137.63.134.158: 1 time
    139.59.16.110: 12 times
    139.59.47.104: 53 times
    143.198.222.155: 1 time
    148.202.102.151 (151-102.cuaad.udg.mx): 1 time
    157.122.183.219: 1 time
    159.65.202.125: 3 times
    165.16.124.215: 1 time
    165.227.219.126: 148 times
    167.99.68.29: 1 time
    176.224.153.176: 1 time
    179.131.11.68: 1 time
    179.209.237.119 (b3d1ed77.virtua.com.br): 1 time
    180.183.245.232 (mx-ll-180.183.245-232.dynamic.3bb.in.th): 1 time
    182.254.216.230: 1 time
    185.196.8.151: 1 time
    185.199.98.51: 1 time
    186.239.27.86: 1 time
    187.9.20.246 (187-9-20-246.customer.tdatabrasil.net.br): 1 time
    188.15.20.68 (host-188-15-20-68.business.telecomitalia.it): 1 time
    188.166.113.5: 53 times
    188.169.66.154 (188-169-66-154.dsl.utg.ge): 1 time
    189.56.252.115: 1 time
    190.61.89.115 (115.89.61.190.ufinet.com.gt): 1 time
    190.107.30.117 (19010730117.ip71.static.mediacommerce.com.co): 7 times
    190.107.30.119 (19010730119.ip71.static.mediacommerce.com.co): 2 times
    190.107.30.120 (19010730120.ip71.static.mediacommerce.com.co): 1 time
    190.107.71.200: 1 time
    191.5.98.231 (191-5-98-231.static.redeglobaltelecom.net.br): 2 times
    191.36.152.41 (vipturbo.com.br): 1 time
    194.191.24.22 (web12.servicehoster.ch): 1 time
    202.88.237.198 (198.237.88.202.asianet.co.in): 1 time
    202.165.16.209: 6 times
    206.252.194.42: 1 time
    212.64.216.45 (212.64.216.45.static.comnetnetwork.com): 1 time
    213.59.165.130 (ip165_130.sevtelecom.ru): 1 time
    218.75.45.86: 1 time
    223.16.59.209 (209-59-16-223-on-nets.com): 1 time
 
 **Unmatched Entries**
 Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 3 time(s)
 Disconnecting: Change of username or service not allowed: (root,ssh-connection) ->
(test,ssh-connection) [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop19598p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016