Logwatch for h2361197.stratoserver.net (Linux)

Samstag, 27 November 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sat Nov 27 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Nov-26 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 35:32 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 4 sites probed the server 
    191.96.168.242
    205.185.124.100
    5.135.42.95
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       null: 5 Time(s)
       mstshash=Domain: 4 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
       /Xc5l: 1 Time(s)
    500 Internal Server Error
       /: 22 Time(s)
       /robots.txt: 4 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /_profiler/phpinfo: 1 Time(s)
       /actuator/health: 1 Time(s)
       /console/: 1 Time(s)
       /debug/default/view?panel=config: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /manager/html: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
    502 Bad Gateway
       /1M3B801aTLa4jlAz2WbSrw/pdf: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (leased-line-93-191-101-219.telecom.by): 37 Time(s)
       root (fixed-186-96-159-6.totalplay.net): 34 Time(s)
       root (94.200.55.38): 33 Time(s)
       root (36.133.83.147): 31 Time(s)
       root (162.248.52.82): 29 Time(s)
       root (45.40.199.207): 28 Time(s)
       unknown (200.195.169.59): 23 Time(s)
       unknown (162.248.52.82): 20 Time(s)
       unknown (36.133.83.147): 18 Time(s)
       unknown (94.200.55.38): 17 Time(s)
       unknown (fixed-186-96-159-6.totalplay.net): 16 Time(s)
       root (106.53.156.113): 15 Time(s)
       root (122.51.53.176): 15 Time(s)
       root (v160-251-13-98.7xu2.static.cnode.io): 15 Time(s)
       unknown (141.98.10.82): 15 Time(s)
       root (173-161-87-170-illinois.hfc.comcastbusiness.net): 14 Time(s)
       root (123.122.163.248): 13 Time(s)
       unknown (45.40.199.207): 13 Time(s)
       unknown (leased-line-93-191-101-219.telecom.by): 13 Time(s)
       unknown (server.fri.mom.mybluehost.me): 13 Time(s)
       root (110.80.17.26): 12 Time(s)
       unknown (223.99.170.130): 12 Time(s)
       unknown (173-161-87-170-illinois.hfc.comcastbusiness.net): 9 Time(s)
       root (123.122.162.150): 8 Time(s)
       root (123.122.163.100): 8 Time(s)
       unknown (164.92.242.51): 8 Time(s)
       unknown (176.111.173.238): 8 Time(s)
       root (server.fri.mom.mybluehost.me): 7 Time(s)
       unknown (141.98.10.60): 7 Time(s)
       unknown (176.111.173.237): 7 Time(s)
       root (223.99.170.130): 6 Time(s)
       root (123.122.160.70): 5 Time(s)
       root (200.195.169.59): 5 Time(s)
       unknown (110.80.17.26): 5 Time(s)
       unknown (122.51.53.176): 5 Time(s)
       unknown (123.122.163.100): 5 Time(s)
       unknown (123.122.163.248): 5 Time(s)
       unknown (176.111.173.218): 5 Time(s)
       root (121.4.154.134): 4 Time(s)
       root (188.59.102.133): 4 Time(s)
       root (94.232.46.202): 4 Time(s)
       unknown (123.122.162.150): 4 Time(s)
       unknown (179.43.187.37): 4 Time(s)
       unknown (23.183.82.180): 4 Time(s)
       unknown (v160-251-13-98.7xu2.static.cnode.io): 4 Time(s)
       unknown (106.53.156.113): 3 Time(s)
       unknown (121.4.154.134): 3 Time(s)
       unknown (141.98.10.179): 3 Time(s)
       unknown (165.22.195.82): 3 Time(s)
       unknown (167.172.43.16): 3 Time(s)
       unknown (23.183.82.135): 3 Time(s)
       unknown (slot0.epaperitaliait.com): 3 Time(s)
       root (117.119.100.210): 2 Time(s)
       root (176.111.173.238): 2 Time(s)
       unknown (112.86.253.30): 2 Time(s)
       unknown (117.119.100.210): 2 Time(s)
       unknown (123.122.160.70): 2 Time(s)
       unknown (131.100.65.224): 2 Time(s)
       unknown (141.98.10.63): 2 Time(s)
       unknown (209.141.53.74): 2 Time(s)
       unknown (212.192.241.124): 2 Time(s)
       unknown (212.192.241.37): 2 Time(s)
       unknown (23.183.81.54): 2 Time(s)
       unknown (83.11.16.49.ipv4.supernova.orange.pl): 2 Time(s)
       unknown (c-73-137-211-9.hsd1.ga.comcast.net): 2 Time(s)
       root (165.22.195.82): 1 Time(s)
       root (209.141.62.233): 1 Time(s)
       root (45.88.137.100): 1 Time(s)
       unknown (177.53.68.200): 1 Time(s)
       unknown (188.59.102.133): 1 Time(s)
       unknown (195.133.18.210): 1 Time(s)
       unknown (209.141.33.121): 1 Time(s)
       unknown (209.141.47.245): 1 Time(s)
       unknown (209.141.52.25): 1 Time(s)
       unknown (23.183.81.249): 1 Time(s)
       unknown (36.91.61.178): 1 Time(s)
       uucp (176.111.173.218): 1 Time(s)
    Invalid Users:
       Unknown Account: 291 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  
 
   12.907K  Bytes accepted                              13,217
   12.907K  Bytes sent via SMTP                         13,217
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      365   Connections             
       33   Connections lost (inbound) 
      365   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    36.133.83.147: 31 times
    45.40.199.207: 28 times
    45.88.137.100: 1 time
    93.191.101.219 (leased-line-93-191-101-219.telecom.by): 37 times
    94.200.55.38: 33 times
    94.232.46.202: 4 times
    106.53.156.113: 15 times
    110.80.17.26: 12 times
    117.119.100.210: 2 times
    121.4.154.134: 4 times
    122.51.53.176: 15 times
    123.122.160.70: 5 times
    123.122.162.150: 8 times
    123.122.163.100: 8 times
    123.122.163.248: 13 times
    160.251.13.98 (v160-251-13-98.7xu2.static.cnode.io): 15 times
    162.241.94.40 (server.fri.mom.mybluehost.me): 7 times
    162.248.52.82: 29 times
    165.22.195.82: 1 time
    173.161.87.170 (173-161-87-170-Illinois.hfc.comcastbusiness.net): 14 times
    176.111.173.218: 1 time
    176.111.173.238: 2 times
    186.96.159.6 (fixed-186-96-159-6.totalplay.net): 34 times
    188.59.102.133: 4 times
    200.195.169.59 (59.169.195.200.static.copel.net): 5 times
    209.141.62.233 (hhb8.cn): 1 time
    223.99.170.130: 6 times
 
 Illegal users from:
    2001:470:1:c84::19: 1 time
    undef: 165 times
    23.183.81.54: 2 times
    23.183.81.249: 1 time
    23.183.82.135: 3 times
    23.183.82.180: 4 times
    36.91.61.178: 1 time
    36.133.83.147: 18 times
    43.134.92.75: 1 time
    43.134.92.151: 1 time
    45.40.199.207: 13 times
    65.49.20.67 (scan-18.shadowserver.org): 1 time
    73.137.211.9 (c-73-137-211-9.hsd1.ga.comcast.net): 2 times
    83.11.16.49 (83.11.16.49.ipv4.supernova.orange.pl): 2 times
    93.191.101.219 (leased-line-93-191-101-219.telecom.by): 13 times
    94.200.55.38: 17 times
    106.53.156.113: 3 times
    110.80.17.26: 5 times
    112.86.253.30: 2 times
    117.119.100.210: 2 times
    121.4.154.134: 3 times
    122.51.53.176: 5 times
    123.122.160.70: 2 times
    123.122.162.150: 4 times
    123.122.163.100: 5 times
    123.122.163.248: 5 times
    131.100.65.224: 2 times
    141.98.10.60: 7 times
    141.98.10.63: 2 times
    141.98.10.82: 15 times
    141.98.10.179 (er.includeswitche.com): 3 times
    160.251.13.98 (v160-251-13-98.7xu2.static.cnode.io): 4 times
    162.241.94.40 (server.fri.mom.mybluehost.me): 13 times
    162.248.52.82: 20 times
    164.92.242.51: 8 times
    165.22.195.82: 3 times
    167.172.43.16: 3 times
    173.161.87.170 (173-161-87-170-Illinois.hfc.comcastbusiness.net): 9 times
    176.111.173.218: 5 times
    176.111.173.237: 7 times
    176.111.173.238: 8 times
    177.53.68.200: 1 time
    179.43.187.37: 4 times
    186.96.159.6 (fixed-186-96-159-6.totalplay.net): 16 times
    188.59.102.133: 1 time
    195.133.18.24 (slot0.epaperitaliait.com): 3 times
    195.133.18.210: 1 time
    200.195.169.59 (59.169.195.200.static.copel.net): 23 times
    209.141.33.121: 1 time
    209.141.47.245: 1 time
    209.141.52.25 (jsebean.com): 1 time
    209.141.53.74: 2 times
    212.192.241.37: 2 times
    212.192.241.124: 2 times
    223.99.170.130: 12 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016