Logwatch for h2361197.stratoserver.net (Linux)

Dienstag, 19 März 2024


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Tue Mar 19 04:42:03 2024
        Date Range Processed: yesterday
                              ( 2024-Mar-18 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 33:33 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    179.43.180.106 -> 49.13.151.148:5555: 1 Time(s)
 
 A total of 11 sites probed the server 
    138.197.28.126
    138.68.208.46
    139.59.58.140
    152.42.212.135
    198.199.92.134
    198.235.24.114
    198.235.24.238
    45.128.232.191
    66.240.205.34
    74.82.47.3
    87.251.64.153
 
 Requests with error response codes
    400 Bad Request
       null: 15 Time(s)
       mstshash=Administr: 7 Time(s)
       *: 6 Time(s)
       /: 5 Time(s)
       /.env: 1 Time(s)
       /favicon.ico: 1 Time(s)
       49.13.151.148:5555: 1 Time(s)
       \x07\xF5\xCA\x9B\xBA?+\x7F\x80\xFB: 1 Time(s)
       \x18\xAE\x92<F\xBFS\xF3\xAE\x09\xFF\xE8\xD ... x09\xC0\x14\xC0: 1 Time(s)
       \xE40Y\xFEJ%x\x88\x0B\xED\x02\xA49\x84=\xE ... x09\xC0\x14\xC0: 1 Time(s)
       \xFEr\xB7\xB8\xD6\xE7\xA0\x896a/\x00\x00\x ... x09\xC0\x14\xC0: 1 Time(s)
       ]\xDF\x0F\xBC//\xFA}\x9Bb\xDC\xA1.\xBD&]\xDFD;: 1 Time(s)
    500 Internal Server Error
       /: 57 Time(s)
       /.env: 6 Time(s)
       /.git/config: 6 Time(s)
       /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 2 Time(s)
       /favicon.ico: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /FD873AC4-CF86-4FED-84EC-4BD59C6F17A7: 1 Time(s)
       /actuator/gateway/routes: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api.json: 1 Time(s)
       /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s)
       /docker-compose.yml: 1 Time(s)
       /geoserver/web/: 1 Time(s)
       /info.php: 1 Time(s)
       /robots.txt: 1 Time(s)
       /sendgrid.env: 1 Time(s)
       /version: 1 Time(s)
       /webui/: 1 Time(s)
    502 Bad Gateway
       /0UvGs4_tS96nBJR8_3s22w/pdf: 1 Time(s)
       /1sUrbDPnRPO14t0k66Jlig/pdf: 1 Time(s)
       /6lQV19a7TVerl8yEJ2vCLQ/pdf: 1 Time(s)
       /7MJ3fYYeSt6NNHrCr2upag/pdf: 1 Time(s)
       /7jwd27jqSqyTeQN-crCNpQ/pdf: 1 Time(s)
       /9igFCEdFSomw4HrDmKD5JQ/pdf: 1 Time(s)
       /FCDj6VIwTKm8h8i9d5B8FQ/pdf: 1 Time(s)
       /HJQnJPlrQZiMJi9HvD0qWA/pdf: 1 Time(s)
       /HQRuyRIvSWi2CzWlobKfMA/pdf: 1 Time(s)
       /IMaThXcFRzyCNIcz9TkidQ/pdf: 1 Time(s)
       /R4z4mBDLSPWY6fV0d3vqjg/pdf: 1 Time(s)
       /WBpjrPU6QDmYns7aYwCn8A/pdf: 1 Time(s)
       /e9MRve_5Ss-WIGygIFrjDw/pdf: 1 Time(s)
       /klausurtagung_garching%3E/pdf: 1 Time(s)
       /rHu6N32pQtmByz067anNsw/pdf: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (103.36.84.194): 84 Time(s)
       root (162.240.146.93): 79 Time(s)
       root (179.43.180.106): 25 Time(s)
       root (mail.rokor.kz): 18 Time(s)
       unknown (194.169.175.36): 10 Time(s)
       unknown (139.59.16.110): 9 Time(s)
       unknown (202.165.16.209): 8 Time(s)
       unknown (85.209.11.254): 8 Time(s)
       root (164.92.95.215): 6 Time(s)
       root (218.149.19.39): 6 Time(s)
       root (92-108-18-13.cable.dynamic.v4.ziggo.nl): 6 Time(s)
       root (c-185-45-239-65.customer.ggaweb.ch): 6 Time(s)
       unknown (194.169.175.35): 6 Time(s)
       root (85.209.11.27): 5 Time(s)
       unknown (121.158.203.212): 5 Time(s)
       unknown (159.203.10.201): 5 Time(s)
       unknown (19010730117.ip71.static.mediacommerce.com.co): 5 Time(s)
       unknown (185.224.128.34): 4 Time(s)
       unknown (85.209.11.27): 4 Time(s)
       root (85.209.11.254): 3 Time(s)
       unknown (167.99.117.16): 3 Time(s)
       unknown (220.74.78.244): 3 Time(s)
       root (19010730117.ip71.static.mediacommerce.com.co): 2 Time(s)
       unknown (103.157.114.186): 2 Time(s)
       unknown (103.157.114.66): 2 Time(s)
       unknown (200.26.233.245): 2 Time(s)
       unknown (65.20.166.97): 2 Time(s)
       unknown (dslb-092-075-135-104.092.075.pools.vodafone-ip.de): 2 Time(s)
       unknown (mail.pi.net.ua): 2 Time(s)
       nobody (114-32-191-1.hinet-ip.hinet.net): 1 Time(s)
       nobody (115.187.61.70): 1 Time(s)
       nobody (222.217.65.21): 1 Time(s)
       nobody (lfbn-idf2-1-1001-109.w86-238.abo.wanadoo.fr): 1 Time(s)
       root (122-117-15-25.hinet-ip.hinet.net): 1 Time(s)
       root (14.98.28.43): 1 Time(s)
       root (159.203.10.201): 1 Time(s)
       root (194.169.175.35): 1 Time(s)
       root (194.169.175.36): 1 Time(s)
       root (200.11.109.32): 1 Time(s)
       root (218.248.17.227): 1 Time(s)
       root (36.137.22.65): 1 Time(s)
       root (47.185.32.189): 1 Time(s)
       root (65.20.144.159): 1 Time(s)
       root (65.20.152.71): 1 Time(s)
       root (65.20.192.5): 1 Time(s)
       root (65.20.192.58): 1 Time(s)
       root (c-67-177-243-114.hsd1.co.comcast.net): 1 Time(s)
       root (c151-177-209-203.bredband.tele2.se): 1 Time(s)
       root (c188-149-255-119.bredband.tele2.se): 1 Time(s)
       sshd (85.209.11.27): 1 Time(s)
       unknown (1.9.249.234): 1 Time(s)
       unknown (102.16.85.8): 1 Time(s)
       unknown (103.157.114.106): 1 Time(s)
       unknown (103.157.114.74): 1 Time(s)
       unknown (103.157.88.15): 1 Time(s)
       unknown (103.91.103.51): 1 Time(s)
       unknown (111-70-36-174.emome-ip.hinet.net): 1 Time(s)
       unknown (112.196.59.146): 1 Time(s)
       unknown (113.183.67.127): 1 Time(s)
       unknown (114-32-191-1.hinet-ip.hinet.net): 1 Time(s)
       unknown (119.93.87.71): 1 Time(s)
       unknown (119247187113.ctinets.com): 1 Time(s)
       unknown (122.14.197.22): 1 Time(s)
       unknown (124.104.151.235): 1 Time(s)
       unknown (124.65.142.62): 1 Time(s)
       unknown (125.209.118.235): 1 Time(s)
       unknown (139.59.16.168): 1 Time(s)
       unknown (164.92.95.215): 1 Time(s)
       unknown (167-179-148-169.a7b394.syd.nbn.aussiebb.net): 1 Time(s)
       unknown (172.210.34.226): 1 Time(s)
       unknown (179.84.173.90): 1 Time(s)
       unknown (183.196.174.235): 1 Time(s)
       unknown (185.39.167.72.host.secureserver.net): 1 Time(s)
       unknown (188-169-66-154.dsl.utg.ge): 1 Time(s)
       unknown (191.241.235.54): 1 Time(s)
       unknown (191.36.157.35): 1 Time(s)
       unknown (199.162.178.68.host.secureserver.net): 1 Time(s)
       unknown (203-69-238-26.hinet-ip.hinet.net): 1 Time(s)
       unknown (210.4.68.73): 1 Time(s)
       unknown (211.107.124.218): 1 Time(s)
       unknown (211.109.93.134): 1 Time(s)
       unknown (211.169.212.206): 1 Time(s)
       unknown (211.216.58.204): 1 Time(s)
       unknown (217-211-252-37-no2663.tbcn.telia.com): 1 Time(s)
       unknown (218.188.217.102): 1 Time(s)
       unknown (219-89-206-236.adsl.xtra.co.nz): 1 Time(s)
       unknown (222.128.28.202): 1 Time(s)
       unknown (222.74.217.106): 1 Time(s)
       unknown (25.red-95-124-251.staticip.rima-tde.net): 1 Time(s)
       unknown (36.137.22.65): 1 Time(s)
       unknown (4.224.63.83): 1 Time(s)
       unknown (4.232.161.33): 1 Time(s)
       unknown (41.207.248.204): 1 Time(s)
       unknown (45.71.24.198): 1 Time(s)
       unknown (61.185.50.166): 1 Time(s)
       unknown (62.183.82.70): 1 Time(s)
       unknown (62.201.223.132): 1 Time(s)
       unknown (65.20.129.205): 1 Time(s)
       unknown (65.20.132.251): 1 Time(s)
       unknown (65.20.150.90): 1 Time(s)
       unknown (65.20.161.130): 1 Time(s)
       unknown (65.20.172.104): 1 Time(s)
       unknown (65.20.175.32): 1 Time(s)
       unknown (65.20.178.174): 1 Time(s)
       unknown (65.20.184.25): 1 Time(s)
       unknown (65.20.204.17): 1 Time(s)
       unknown (65.20.204.228): 1 Time(s)
       unknown (65.76.237.121): 1 Time(s)
       unknown (77.47.94.16): 1 Time(s)
       unknown (80.191.71.68): 1 Time(s)
       unknown (82-65-140-218.subs.proxad.net): 1 Time(s)
       unknown (85.51.24.68): 1 Time(s)
       unknown (87.200.225.10): 1 Time(s)
       unknown (91.74.96.181): 1 Time(s)
       unknown (94.45.113.113): 1 Time(s)
       unknown (95.38.15.2): 1 Time(s)
       unknown (95.65.98.254): 1 Time(s)
       unknown (95.9.224.218): 1 Time(s)
       unknown (c-67-160-200-79.hsd1.ca.comcast.net): 1 Time(s)
       unknown (c-73-171-144-54.hsd1.fl.comcast.net): 1 Time(s)
       unknown (c80-217-108-111.bredband.tele2.se): 1 Time(s)
       unknown (cable-84-43-254-214.mnet.bg): 1 Time(s)
       unknown (ip68-111-93-31.oc.oc.cox.net): 1 Time(s)
       unknown (ip68-2-152-102.ph.ph.cox.net): 1 Time(s)
       unknown (n11211911093.netvigator.com): 1 Time(s)
       unknown (n1164828130.netvigator.com): 1 Time(s)
       unknown (node-1736.pool-182-53.dynamic.totinternet.net): 1 Time(s)
       unknown (red71-200.powerfast.net): 1 Time(s)
       unknown (s0106001aae04a6d0.vc.shawcable.net): 1 Time(s)
       unknown (s83-188-240-220.cust.comviq.se): 1 Time(s)
       unknown (softbank126049119110.bbtec.net): 1 Time(s)
       unknown (static-47-206-124-11.tamp.fl.frontiernet.net): 1 Time(s)
    Invalid Users:
       Unknown Account: 168 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

   18.271K  Bytes accepted                              18,710
   18.271K  Bytes sent via SMTP                         18,710
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       58   Connections             
       18   Connections lost (inbound) 
       58   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   SMTP dialog errors      
       14   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 3 Time(s)
 
 Failed logins from:
    14.98.28.43: 1 time
    36.137.22.65: 1 time
    47.185.32.189: 1 time
    65.20.144.159: 1 time
    65.20.152.71: 1 time
    65.20.192.5: 1 time
    65.20.192.58: 1 time
    67.177.243.114 (c-67-177-243-114.hsd1.co.comcast.net): 1 time
    85.209.11.27: 6 times
    85.209.11.254: 3 times
    86.238.232.109 (lfbn-idf2-1-1001-109.w86-238.abo.wanadoo.fr): 1 time
    92.108.18.13 (92-108-18-13.cable.dynamic.v4.ziggo.nl): 6 times
    103.36.84.194: 84 times
    114.32.191.1 (114-32-191-1.hinet-ip.hinet.net): 1 time
    115.187.61.70 (node-115-187-61-70.alliancebroadband.in): 1 time
    122.117.15.25 (122-117-15-25.hinet-ip.hinet.net): 1 time
    151.177.209.203 (c151-177-209-203.bredband.tele2.se): 1 time
    159.203.10.201: 1 time
    162.240.146.93 (7229191.fundamicro.net): 79 times
    164.92.95.215: 6 times
    178.88.167.38 (mail.rokor.kz): 18 times
    179.43.180.106 (hostedby.privatelayer.com): 25 times
    185.45.239.65 (c-185-45-239-65.customer.ggaweb.ch): 6 times
    188.149.255.119 (c188-149-255-119.bredband.tele2.se): 1 time
    190.107.30.117 (19010730117.ip71.static.mediacommerce.com.co): 2 times
    194.169.175.35: 1 time
    194.169.175.36: 1 time
    200.11.109.32: 1 time
    218.149.19.39: 6 times
    218.248.17.227: 1 time
    222.217.65.21: 1 time
 
 Illegal users from:
    2001:470:1:c84::23 (scan-13p.shadowserver.org): 1 time
    undef: 49 times
    1.9.249.234 (nexusnetwork.com.my): 1 time
    4.224.63.83: 1 time
    4.232.161.33: 1 time
    24.86.28.152 (S0106001aae04a6d0.vc.shawcable.net): 1 time
    36.137.22.65: 1 time
    41.207.248.204: 1 time
    45.71.24.198: 1 time
    47.206.124.11 (static-47-206-124-11.tamp.fl.frontiernet.net): 1 time
    61.185.50.166: 1 time
    62.183.82.70 (net-62-183-82-70.kbrnet.ru): 1 time
    62.201.223.132: 1 time
    64.62.197.185 (scan-42d.shadowserver.org): 1 time
    65.20.129.205: 1 time
    65.20.132.251: 1 time
    65.20.150.90: 1 time
    65.20.161.130: 1 time
    65.20.166.97: 2 times
    65.20.172.104: 1 time
    65.20.175.32: 1 time
    65.20.178.174: 1 time
    65.20.184.25: 1 time
    65.20.204.17: 1 time
    65.20.204.228: 1 time
    65.76.237.121: 1 time
    67.160.200.79 (c-67-160-200-79.hsd1.ca.comcast.net): 1 time
    68.2.152.102 (ip68-2-152-102.ph.ph.cox.net): 1 time
    68.111.93.31 (ip68-111-93-31.oc.oc.cox.net): 1 time
    68.178.162.199 (199.162.178.68.host.secureserver.net): 1 time
    72.167.39.185 (185.39.167.72.host.secureserver.net): 1 time
    73.171.144.54 (c-73-171-144-54.hsd1.fl.comcast.net): 1 time
    77.47.94.16 (77.47.94.16.dyn.pyur.net): 1 time
    78.102.14.10 (ip-78-102-14-10.net.vodafone.cz): 6 times
    80.191.71.68: 1 time
    80.217.108.111 (c80-217-108-111.bredband.tele2.se): 1 time
    82.65.140.218 (82-65-140-218.subs.proxad.net): 1 time
    83.188.240.220 (s83-188-240-220.cust.comviq.se): 1 time
    84.43.254.214 (cable-84-43-254-214.mnet.bg): 1 time
    85.51.24.68 (68.pool85-51-24.static.orange.es): 1 time
    85.209.11.27: 5 times
    85.209.11.254: 10 times
    87.200.225.10: 1 time
    91.74.96.181: 1 time
    92.75.135.104 (dslb-092-075-135-104.092.075.pools.vodafone-ip.de): 2 times
    94.45.113.113: 1 time
    95.9.224.218 (95.9.224.218.static.ttnet.com.tr): 1 time
    95.38.15.2: 1 time
    95.65.98.254 (95-65-98-254.starnet.md): 1 time
    95.124.251.25 (25.red-95-124-251.staticip.rima-tde.net): 1 time
    102.16.85.8 (tgn.16.85.8.tgn.mg): 1 time
    103.91.103.51: 1 time
    103.157.88.15: 1 time
    103.157.114.66 (66.114.157.103.Ai-bkti-hts.iforte.net.id): 2 times
    103.157.114.74 (74.114.157.103.Ai-bkti-hts.iforte.net.id): 1 time
    103.157.114.106 (106.114.157.103.Ai-bkti-hts.iforte.net.id): 1 time
    103.157.114.186 (186.114.157.103.Ai-bkti-hts.iforte.net.id): 2 times
    110.42.200.114: 1 time
    111.70.36.174 (111-70-36-174.emome-ip.hinet.net): 1 time
    112.119.11.93 (n11211911093.netvigator.com): 1 time
    112.196.59.146: 1 time
    113.106.88.146: 5 times
    113.183.67.127 (static.vnpt.vn): 1 time
    114.32.191.1 (114-32-191-1.hinet-ip.hinet.net): 1 time
    116.48.28.130 (n1164828130.netvigator.com): 1 time
    119.93.87.71 (119.93.87.71.static.pldt.net): 1 time
    119.247.187.113 (119247187113.ctinets.com): 1 time
    121.158.203.212: 5 times
    122.14.197.22: 1 time
    124.65.142.62: 1 time
    124.104.151.235 (124.104.151.235.pldt.net): 1 time
    125.209.118.235 (webmail.macter.com): 1 time
    126.49.119.110 (softbank126049119110.bbtec.net): 1 time
    139.59.16.110: 9 times
    139.59.16.168: 1 time
    159.203.10.201: 5 times
    164.92.95.215: 1 time
    167.99.117.16: 3 times
    167.179.148.169 (167-179-148-169.a7b394.syd.nbn.aussiebb.net): 1 time
    172.210.34.226: 1 time
    179.84.173.90 (179-84-173-90.user.vivozap.com.br): 1 time
    182.53.218.34 (node-1736.pool-182-53.dynamic.totinternet.net): 1 time
    183.196.174.235: 1 time
    185.224.128.34: 4 times
    188.169.66.154 (188-169-66-154.dsl.utg.ge): 1 time
    190.107.30.117 (19010730117.ip71.static.mediacommerce.com.co): 5 times
    190.107.71.200 (red71-200.powerfast.net): 1 time
    191.36.157.35 (vipturbo.com.br): 1 time
    191.241.235.54: 1 time
    193.110.89.2 (mail.pi.net.ua): 2 times
    194.169.175.35: 6 times
    194.169.175.36: 10 times
    200.26.233.245: 2 times
    202.165.16.209: 8 times
    203.69.238.26 (203-69-238-26.hinet-ip.hinet.net): 1 time
    210.4.68.73 (210.4.68-73.bdcom.com): 1 time
    211.107.124.218: 5 times
    211.109.93.134: 1 time
    211.169.212.206: 1 time
    211.216.58.204: 1 time
    217.211.252.37 (217-211-252-37-no2663.tbcn.telia.com): 1 time
    218.188.217.102 (static-bbs-102-217-188-218-on-nets.com): 1 time
    219.89.206.236 (219-89-206-236.adsl.xtra.co.nz): 1 time
    220.74.78.244: 3 times
    222.74.217.106: 1 time
    222.128.28.202: 1 time
 
 **Unmatched Entries**
 Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop19598p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016