Logwatch for h2361197.stratoserver.net (Linux)

Sonntag, 16 Juli 2023


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sun Jul 16 04:42:03 2023
        Date Range Processed: yesterday
                              ( 2023-Jul-15 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [208:211]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 11 sites probed the server 
    138.68.153.47
    138.68.188.114
    167.99.181.225
    174.138.61.44
    175.11.52.196
    185.165.190.17
    190.211.252.2
    193.32.162.189
    216.218.206.68
    36.225.97.247
    37.221.65.19
 
 Requests with error response codes
    400 Bad Request
       null: 16 Time(s)
       mstshash=Administr: 6 Time(s)
       /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 4 Time(s)
       *: 3 Time(s)
       /: 3 Time(s)
       /.env: 1 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s)
       /private/api/v1/service/premaster: 1 Time(s)
       A@BAE@FAI: 1 Time(s)
       \xAC\xC1\x86\x1C(y\x18\x0F\x00\x93/\xB5;\x ... xAF\xC2\x00\x00: 1 Time(s)
       qre\xE0\x1EQ\xE8z@\x93\x99\x1E\xCD\xFC\xF8 ... D\xC0$\xC0(\xC0: 1 Time(s)
    500 Internal Server Error
       /: 32 Time(s)
       /favicon.ico: 9 Time(s)
       /.env: 4 Time(s)
       /.git/config: 2 Time(s)
       /robots.txt: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /001565000000.cfg: 1 Time(s)
       /Public/home/js/check.js: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       /actuator/gateway/routes: 1 Time(s)
       /actuator/health: 1 Time(s)
       /geoserver: 1 Time(s)
       /geoserver/web/: 1 Time(s)
       /global-protect/login.esp: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /restore.php: 1 Time(s)
       /sitemap.xml: 1 Time(s)
       /static/admin/javascript/hetong.js: 1 Time(s)
       /t4: 1 Time(s)
       /version: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (146.19.253.37): 51 Time(s)
       root (146.19.253.37): 33 Time(s)
       unknown (62.122.184.71): 22 Time(s)
       root (218.92.0.33): 18 Time(s)
       root (218.92.0.52): 18 Time(s)
       unknown (62.122.184.70): 18 Time(s)
       unknown (112.78.146.243): 15 Time(s)
       unknown (203.151.175.138): 15 Time(s)
       unknown (37.32.28.114): 15 Time(s)
       root (134.122.31.105): 14 Time(s)
       root (134.122.31.30): 14 Time(s)
       unknown (141.98.11.11): 14 Time(s)
       unknown (43.134.162.181): 14 Time(s)
       unknown (43.134.231.58): 13 Time(s)
       root (124.220.108.23): 12 Time(s)
       root (218.92.0.26): 12 Time(s)
       root (218.92.0.43): 12 Time(s)
       unknown (128.199.194.1): 12 Time(s)
       unknown (154.209.4.95): 12 Time(s)
       unknown (197.199.224.52): 12 Time(s)
       unknown (20.25.65.86): 12 Time(s)
       unknown (43.131.253.42): 12 Time(s)
       unknown (43.155.141.175): 12 Time(s)
       unknown (45-167-104-201.giganet-rs.com.br): 12 Time(s)
       unknown (49.207.180.112): 12 Time(s)
       unknown (52.187.9.8): 12 Time(s)
       unknown (ip107.ip-54-38-50.eu): 12 Time(s)
       unknown (static-csq-cds-031066.business.bouyguestelecom.com): 12 Time(s)
       unknown (141.98.11.113): 11 Time(s)
       unknown (200.108.135.246): 11 Time(s)
       unknown (host0.companyconnects.online): 11 Time(s)
       unknown (104.131.164.24): 10 Time(s)
       unknown (116.236.187.5): 10 Time(s)
       unknown (176.113.115.210): 10 Time(s)
       unknown (188.166.58.179): 10 Time(s)
       unknown (43.153.103.80): 10 Time(s)
       unknown (43.153.45.125): 10 Time(s)
       unknown (170.0.235.253): 9 Time(s)
       unknown (176.113.115.211): 9 Time(s)
       root (102.129.37.140): 8 Time(s)
       root (141.98.11.11): 8 Time(s)
       root (43.159.49.103): 8 Time(s)
       unknown (128.199.80.214): 8 Time(s)
       unknown (139.59.31.236): 8 Time(s)
       unknown (164.92.193.23): 8 Time(s)
       root (139.59.7.115): 7 Time(s)
       root (185.231.181.59): 7 Time(s)
       root (62.122.184.70): 7 Time(s)
       root (ec2-13-51-200-56.eu-north-1.compute.amazonaws.com): 7 Time(s)
       unknown (102.129.37.140): 7 Time(s)
       unknown (189.57.151.124): 7 Time(s)
       unknown (20.203.77.141): 7 Time(s)
       root (104.248.92.191): 6 Time(s)
       root (106.38.105.12): 6 Time(s)
       root (141.98.11.113): 6 Time(s)
       root (194.165.153.26): 6 Time(s)
       root (218.145.31.213): 6 Time(s)
       root (218.92.0.28): 6 Time(s)
       root (218.92.0.40): 6 Time(s)
       root (218.92.0.47): 6 Time(s)
       root (218.92.0.51): 6 Time(s)
       root (218.92.0.55): 6 Time(s)
       root (218.92.0.59): 6 Time(s)
       root (ip247.ip-91-121-56.eu): 6 Time(s)
       unknown (1.234.44.166): 6 Time(s)
       unknown (104.28.207.59): 6 Time(s)
       unknown (107.189.4.181): 6 Time(s)
       unknown (134.122.31.105): 6 Time(s)
       unknown (134.122.31.30): 6 Time(s)
       unknown (139.59.7.115): 6 Time(s)
       unknown (51.250.73.235): 6 Time(s)
       unknown (mail2.aztgrp.net): 6 Time(s)
       root (111.47.13.103): 5 Time(s)
       root (116.236.187.5): 5 Time(s)
       root (176.113.115.210): 5 Time(s)
       unknown (177.19.162.241): 5 Time(s)
       unknown (185.231.181.59): 5 Time(s)
       unknown (77.148.69.34.bc.googleusercontent.com): 5 Time(s)
       unknown (8.213.197.220): 5 Time(s)
       root (117.202.18.2): 4 Time(s)
       root (176.113.115.211): 4 Time(s)
       root (20.203.77.141): 4 Time(s)
       unknown (102.14.93.34.bc.googleusercontent.com): 4 Time(s)
       unknown (104.248.92.191): 4 Time(s)
       unknown (141.148.135.200): 4 Time(s)
       unknown (211.245.106.55): 4 Time(s)
       unknown (43.153.21.104): 4 Time(s)
       unknown (43.159.49.103): 4 Time(s)
       root (128.199.80.214): 3 Time(s)
       root (200.108.135.246): 3 Time(s)
       root (211.245.106.55): 3 Time(s)
       root (51.250.73.235): 3 Time(s)
       root (62.122.184.71): 3 Time(s)
       unknown (1.69.81.34.bc.googleusercontent.com): 3 Time(s)
       unknown (104.243.17.81): 3 Time(s)
       unknown (104.248.31.56): 3 Time(s)
       unknown (110.35.173.103): 3 Time(s)
       unknown (119.18.48.48): 3 Time(s)
       unknown (124.220.108.23): 3 Time(s)
       unknown (125.212.248.86): 3 Time(s)
       unknown (143.198.193.104): 3 Time(s)
       unknown (143.198.234.238): 3 Time(s)
       unknown (146.190.121.89): 3 Time(s)
       unknown (165.22.186.45): 3 Time(s)
       unknown (170-187-252-125.ip.linodeusercontent.com): 3 Time(s)
       unknown (178.62.69.141): 3 Time(s)
       unknown (185.83.74.97.host.secureserver.net): 3 Time(s)
       unknown (220.87.209.99): 3 Time(s)
       unknown (220.88.1.208): 3 Time(s)
       unknown (41.223.6.198): 3 Time(s)
       unknown (43.134.237.29): 3 Time(s)
       unknown (43.153.104.18): 3 Time(s)
       unknown (43.153.219.123): 3 Time(s)
       unknown (43.155.168.169): 3 Time(s)
       unknown (43.156.237.124): 3 Time(s)
       unknown (43.226.26.250): 3 Time(s)
       unknown (75.234.153.160.host.secureserver.net): 3 Time(s)
       unknown (80.red-79-153-37.dynamicip.rima-tde.net): 3 Time(s)
       unknown (90.204.93.34.bc.googleusercontent.com): 3 Time(s)
       unknown (fixed-187-190-252-175.totalplay.net): 3 Time(s)
       unknown (seraphtech.ru): 3 Time(s)
       postgres (62.122.184.70): 2 Time(s)
       root (139.59.31.236): 2 Time(s)
       root (164.92.193.23): 2 Time(s)
       root (170.0.235.253): 2 Time(s)
       root (43.153.21.104): 2 Time(s)
       root (45-167-104-201.giganet-rs.com.br): 2 Time(s)
       root (8.213.197.220): 2 Time(s)
       unknown (104.28.239.58): 2 Time(s)
       unknown (109.136.174.203): 2 Time(s)
       unknown (117.202.18.2): 2 Time(s)
       unknown (144.24.90.149): 2 Time(s)
       unknown (95.179.120.200): 2 Time(s)
       backup (8.213.197.220): 1 Time(s)
       daemon (141.98.11.11): 1 Time(s)
       mysql (139.59.31.236): 1 Time(s)
       nobody (62.122.184.70): 1 Time(s)
       postgres (102.129.37.140): 1 Time(s)
       postgres (107.189.4.181): 1 Time(s)
       postgres (128.199.194.1): 1 Time(s)
       postgres (128.199.80.214): 1 Time(s)
       postgres (141.148.135.200): 1 Time(s)
       postgres (146.19.253.37): 1 Time(s)
       postgres (185.231.181.59): 1 Time(s)
       postgres (20.203.77.141): 1 Time(s)
       postgres (211.245.106.55): 1 Time(s)
       postgres (43.155.141.175): 1 Time(s)
       postgres (51.250.73.235): 1 Time(s)
       root (111.231.171.24): 1 Time(s)
       root (176.51.100.48): 1 Time(s)
       root (209.216.166.6): 1 Time(s)
       root (corp-190-12-57-130.mch.puntonet.ec): 1 Time(s)
       sync (176.113.115.211): 1 Time(s)
       temp (176.113.115.211): 1 Time(s)
       unknown (111.231.171.24): 1 Time(s)
       unknown (112.168.27.14): 1 Time(s)
       unknown (113.164.99.71): 1 Time(s)
       unknown (14.226.240.248): 1 Time(s)
       unknown (14.253.145.238): 1 Time(s)
       unknown (14.49.119.88): 1 Time(s)
       unknown (211.109.181.11): 1 Time(s)
       unknown (49.174.79.34): 1 Time(s)
       unknown (65.20.152.13): 1 Time(s)
       unknown (82.166.28.126): 1 Time(s)
       unknown (84.201.128.52): 1 Time(s)
       www-data (141.98.11.113): 1 Time(s)
    Invalid Users:
       Unknown Account: 668 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

   22.375K  Bytes accepted                              22,912
   22.375K  Bytes sent via SMTP                         22,912
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       13   Connections             
       11   Connections lost (inbound) 
       13   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        3   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 17 Time(s)
 
 Failed logins from:
    8.213.197.220: 3 times
    13.51.200.56 (ec2-13-51-200-56.eu-north-1.compute.amazonaws.com): 7 times
    20.203.77.141: 5 times
    43.153.21.104: 2 times
    43.155.141.175: 1 time
    43.159.49.103: 8 times
    45.167.104.201 (45-167-104-201.giganet-rs.com.br): 2 times
    51.250.73.235: 4 times
    62.122.184.70: 10 times
    62.122.184.71: 3 times
    91.121.56.247 (ip247.ip-91-121-56.eu): 6 times
    102.129.37.140: 9 times
    104.248.92.191: 6 times
    106.38.105.12: 6 times
    107.189.4.181: 1 time
    111.47.13.103: 5 times
    111.231.171.24: 1 time
    116.236.187.5: 5 times
    117.202.18.2: 4 times
    124.220.108.23: 12 times
    128.199.80.214: 4 times
    128.199.194.1 (getsensync.com): 1 time
    134.122.31.30 (nkl-03.gov): 14 times
    134.122.31.105 (nkl-06.gov): 14 times
    139.59.7.115: 7 times
    139.59.31.236: 3 times
    141.98.11.11 (axon-stall.riddlecamera.net): 9 times
    141.98.11.113 (annoying.medyamol.com): 7 times
    141.148.135.200: 1 time
    146.19.253.37: 34 times
    164.92.193.23 (evfinds.host): 2 times
    170.0.235.253: 2 times
    176.51.100.48 (b-internet.176.51.100.48.nsk.rt.ru): 1 time
    176.113.115.210: 5 times
    176.113.115.211: 6 times
    185.231.181.59: 8 times
    190.12.57.130 (corp-190-12-57-130.mch.puntonet.ec): 1 time
    194.165.153.26: 6 times
    200.108.135.246: 3 times
    209.216.166.6 (pppod166-6.gorge.net): 1 time
    211.245.106.55: 4 times
    218.92.0.26: 12 times
    218.92.0.28: 6 times
    218.92.0.33: 18 times
    218.92.0.40: 6 times
    218.92.0.43: 12 times
    218.92.0.47: 6 times
    218.92.0.51: 6 times
    218.92.0.52: 18 times
    218.92.0.55: 6 times
    218.92.0.59: 6 times
    218.145.31.213: 6 times
 
 Illegal users from:
    2001:470:1:c84::23: 1 time
    undef: 413 times
    1.234.44.166: 6 times
    5.188.51.52 (seraphtech.ru): 3 times
    8.213.197.220: 5 times
    14.49.119.88: 5 times
    14.226.240.248 (static.vnpt.vn): 1 time
    14.253.145.238 (static.vnpt.vn): 1 time
    20.25.65.86: 12 times
    20.203.77.141: 7 times
    34.69.148.77 (77.148.69.34.bc.googleusercontent.com): 5 times
    34.81.69.1 (1.69.81.34.bc.googleusercontent.com): 3 times
    34.93.14.102 (102.14.93.34.bc.googleusercontent.com): 4 times
    34.93.204.90 (90.204.93.34.bc.googleusercontent.com): 3 times
    37.32.28.114 (empresa15.lapidecristales.com): 15 times
    41.223.6.198: 3 times
    43.131.253.42: 12 times
    43.134.162.181: 14 times
    43.134.231.58: 13 times
    43.134.237.29: 3 times
    43.153.21.104: 4 times
    43.153.45.125: 10 times
    43.153.103.80: 10 times
    43.153.104.18: 3 times
    43.153.219.123: 3 times
    43.155.141.175: 12 times
    43.155.168.169: 3 times
    43.156.237.124: 3 times
    43.159.49.103: 4 times
    43.226.26.250: 3 times
    45.167.104.201 (45-167-104-201.giganet-rs.com.br): 12 times
    49.174.79.34: 5 times
    49.207.180.112 (49.207.180.112.actcorp.in): 12 times
    51.250.73.235: 6 times
    52.187.9.8: 12 times
    54.38.50.107 (ip107.ip-54-38-50.eu): 12 times
    62.122.184.70: 18 times
    62.122.184.71: 22 times
    64.62.197.82 (scan-46f.shadowserver.org): 1 time
    65.20.152.13: 1 time
    79.153.37.80 (80.red-79-153-37.dynamicip.rima-tde.net): 3 times
    82.66.111.45 (mail2.aztgrp.net): 6 times
    82.166.28.126 (82-166-28-126.barak-online.net): 1 time
    84.201.128.52: 1 time
    89.190.156.177 (host0.companyconnects.online): 11 times
    95.179.120.200 (X200.bbn2-120.lipetsk.ru): 2 times
    97.74.83.185 (185.83.74.97.host.secureserver.net): 3 times
    102.129.37.140: 7 times
    103.68.22.140: 1 time
    104.28.207.59: 6 times
    104.28.239.58: 2 times
    104.131.164.24: 10 times
    104.243.17.81 (ethical-box-1.localdomain): 3 times
    104.248.31.56 (live.petoasis.net-test1): 3 times
    104.248.92.191: 4 times
    107.189.4.181: 6 times
    109.136.174.203: 2 times
    110.35.173.103: 3 times
    111.47.13.103: 17 times
    111.231.171.24: 1 time
    112.78.146.243: 15 times
    112.168.27.14: 1 time
    113.164.99.71 (static.vnpt.vn): 1 time
    116.236.187.5: 10 times
    117.202.18.2: 2 times
    119.18.48.48: 3 times
    124.220.108.23: 3 times
    125.212.248.86: 3 times
    128.199.80.214: 8 times
    128.199.194.1 (getsensync.com): 12 times
    134.122.31.30 (nkl-03.gov): 6 times
    134.122.31.105 (nkl-06.gov): 6 times
    139.59.7.115: 6 times
    139.59.31.236: 8 times
    141.98.11.11 (axon-stall.riddlecamera.net): 14 times
    141.98.11.113 (annoying.medyamol.com): 11 times
    141.148.135.200: 4 times
    143.198.193.104: 3 times
    143.198.234.238: 3 times
    144.24.90.149: 2 times
    146.19.253.37: 51 times
    146.190.121.89: 3 times
    154.209.4.95: 12 times
    160.153.234.75 (75.234.153.160.host.secureserver.net): 3 times
    164.92.193.23 (evfinds.host): 8 times
    164.177.31.66 (static-csq-cds-031066.business.bouyguestelecom.com): 12 times
    165.22.186.45: 3 times
    170.0.235.253: 9 times
    170.187.252.125 (170-187-252-125.ip.linodeusercontent.com): 3 times
    176.113.115.210: 11 times
    176.113.115.211: 9 times
    177.19.162.241 (177.19.162.241.static.gvt.net.br): 5 times
    178.62.69.141: 3 times
    185.231.181.59: 5 times
    187.190.252.175 (fixed-187-190-252-175.totalplay.net): 3 times
    188.166.58.179: 10 times
    189.57.151.124 (189-57-151-124.customer.tdatabrasil.net.br): 7 times
    193.169.255.233: 4 times
    197.199.224.52 (host-197.199.224.52.etisalat.com.eg): 12 times
    200.108.135.246: 11 times
    203.151.175.138 (138.175.151.203.swpark.org): 15 times
    211.109.181.11: 2 times
    211.245.106.55: 4 times
    220.87.209.99: 3 times
    220.88.1.208: 3 times
 
 **Unmatched Entries**
 fatal: buffer_get_string: buffer error [preauth] : 1 time(s)
 error: buffer_get_string_ret: incomplete message [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47383p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016