Logwatch for h2361197.stratoserver.net (Linux)

Mittwoch, 12 Mai 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Wed May 12 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-May-11 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [509:501]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    20.52.34.137 -> isl-eu.dazn.com:443: 1 Time(s)
 
 A total of 3 sites probed the server 
    114.205.149.202
    46.249.32.208
    64.227.3.111
 
 Requests with error response codes
    400 Bad Request
       null: 3 Time(s)
       mstshash=Administr: 2 Time(s)
       /: 1 Time(s)
       /0bef: 1 Time(s)
       /ZOQc: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       isl-eu.dazn.com:443: 1 Time(s)
    404 Not Found
       /robots.txt: 43 Time(s)
       /wp-login.php: 6 Time(s)
       /.git/HEAD: 1 Time(s)
       /download/zapfev_satzung.pdf: 1 Time(s)
       /home/verein: 1 Time(s)
       /home/zapf: 1 Time(s)
       /neuigkeiten/einladung-mgv-ss2011: 1 Time(s)
       /protokolle/Protokoll_MV_2020_11_12_Muenchen.pdf: 1 Time(s)
       /resolutionen/wise15/WissZeitVG/Stellungnahme_WiSe15_: 1 Time(s)
       /resolutionen/wise17/pruefungsunfaehigkeit ... scheinigung.pdf: 1 Time(s)
       /sites/default/files/1982_WiSe_Stuttgart.pdf: 1 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
       /stapf: 1 Time(s)
    499 (undefined)
       /build/af7ae505a9eed503f8b8e6982036873e.woff2: 1 Time(s)
       /fonts/SourceCodePro-Regular.woff: 1 Time(s)
       /fonts/SourceSansPro-Semibold.woff: 1 Time(s)
    500 Internal Server Error
       /: 84 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s)
       /.env: 3 Time(s)
       /dns-query?dns=KhUBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE: 3 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 2 Time(s)
       /Autodiscover/Autodiscover.xml: 2 Time(s)
       /api/jsonws/invoke: 2 Time(s)
       /console/: 2 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s)
       /mifs/.;/services/LogService: 2 Time(s)
       /robots.txt: 2 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s)
       /.git/config: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /o1o/a8.php: 1 Time(s)
       /owa/: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (23.95.197.215): 53 Time(s)
       unknown (193.112.108.11): 43 Time(s)
       unknown (195.29.51.136): 41 Time(s)
       unknown (206.189.234.114): 40 Time(s)
       unknown (106.13.171.106): 39 Time(s)
       unknown (118.24.104.55): 38 Time(s)
       unknown (138.68.99.110): 38 Time(s)
       unknown (81.70.95.232): 35 Time(s)
       unknown (1.119.166.234): 33 Time(s)
       unknown (v118-27-113-79.4z7m.static.cnode.io): 33 Time(s)
       unknown (186.137.197.124): 32 Time(s)
       unknown (198.55.103.116): 32 Time(s)
       unknown (81.68.72.231): 32 Time(s)
       root (23.95.197.215): 31 Time(s)
       unknown (115.159.151.24): 31 Time(s)
       unknown (159.89.200.236): 31 Time(s)
       unknown (189.60.255.11): 31 Time(s)
       unknown (81.70.10.77): 31 Time(s)
       root (104.131.161.146): 30 Time(s)
       root (195.29.51.136): 29 Time(s)
       unknown (111.68.98.152): 29 Time(s)
       unknown (129.204.236.106): 29 Time(s)
       unknown (139.59.8.10): 29 Time(s)
       unknown (101.32.40.233): 28 Time(s)
       unknown (106.75.122.38): 28 Time(s)
       unknown (111.229.78.120): 28 Time(s)
       unknown (150.136.67.158): 28 Time(s)
       unknown (118.69.183.237): 27 Time(s)
       unknown (120.92.133.80): 27 Time(s)
       unknown (138.197.222.211): 27 Time(s)
       root (106.12.10.54): 26 Time(s)
       root (106.75.122.38): 26 Time(s)
       root (138.68.99.110): 26 Time(s)
       unknown (104.131.161.146): 26 Time(s)
       unknown (106.12.10.54): 26 Time(s)
       unknown (163.172.157.193): 26 Time(s)
       unknown (223.220.251.232): 26 Time(s)
       root (150.136.67.158): 25 Time(s)
       unknown (182.254.130.92): 25 Time(s)
       root (1.119.166.234): 24 Time(s)
       root (106.13.171.106): 24 Time(s)
       root (118.24.104.55): 24 Time(s)
       root (42-200-109-74.static.imsbiz.com): 24 Time(s)
       root (81.68.72.231): 24 Time(s)
       root (139.59.8.10): 23 Time(s)
       unknown (139.59.70.34): 23 Time(s)
       unknown (42-200-109-74.static.imsbiz.com): 23 Time(s)
       unknown (91.183.81.82): 23 Time(s)
       root (111.68.98.152): 22 Time(s)
       root (159.89.200.236): 22 Time(s)
       unknown (175.24.123.109): 22 Time(s)
       root (170.106.110.16): 21 Time(s)
       root (81.70.10.77): 21 Time(s)
       unknown (014136094005.ctinets.com): 21 Time(s)
       unknown (106.13.97.37): 20 Time(s)
       root (111.229.78.120): 19 Time(s)
       root (118.69.183.237): 19 Time(s)
       root (182.254.130.92): 19 Time(s)
       root (186.137.197.124): 19 Time(s)
       root (193.112.108.11): 19 Time(s)
       root (198.55.103.116): 19 Time(s)
       root (212.83.144.11): 19 Time(s)
       root (81.70.95.232): 19 Time(s)
       root (v118-27-113-79.4z7m.static.cnode.io): 19 Time(s)
       unknown (215.ip-51-75-124.eu): 19 Time(s)
       unknown (net-2-36-67-194.cust.vodafonedsl.it): 19 Time(s)
       root (163.172.157.193): 18 Time(s)
       root (189.60.255.11): 18 Time(s)
       root (206.189.234.114): 18 Time(s)
       unknown (172.81.211.207): 18 Time(s)
       unknown (212.83.144.11): 18 Time(s)
       root (91.183.81.82): 17 Time(s)
       unknown (170.106.110.16): 17 Time(s)
       unknown (58.58.71.218): 17 Time(s)
       root (101.32.40.233): 16 Time(s)
       root (115.159.151.24): 16 Time(s)
       root (120.92.133.80): 16 Time(s)
       root (129.204.236.106): 16 Time(s)
       root (58.58.71.218): 14 Time(s)
       unknown (150.138.178.18): 14 Time(s)
       unknown (45.146.165.151): 14 Time(s)
       root (014136094005.ctinets.com): 13 Time(s)
       unknown (116.12.51.206): 13 Time(s)
       unknown (170.106.50.166): 13 Time(s)
       unknown (vmi527626.contaboserver.net): 13 Time(s)
       root (118.25.88.204): 12 Time(s)
       root (138.197.222.211): 12 Time(s)
       unknown (185.36.81.184): 12 Time(s)
       root (200.137.220.110): 11 Time(s)
       unknown (118.25.88.204): 11 Time(s)
       unknown (dslb-002-201-192-110.002.201.pools.vodafone-ip.de): 11 Time(s)
       root (172.81.211.207): 10 Time(s)
       root (116.12.51.206): 9 Time(s)
       root (170.106.82.81): 9 Time(s)
       root (net-2-36-67-194.cust.vodafonedsl.it): 9 Time(s)
       root (net-2-45-185-2.cust.vodafonedsl.it): 9 Time(s)
       unknown (170.106.82.81): 9 Time(s)
       root (170.106.50.166): 8 Time(s)
       unknown (106.54.65.139): 8 Time(s)
       unknown (118.25.179.168): 8 Time(s)
       unknown (129.204.117.208): 8 Time(s)
       unknown (140.143.210.92): 8 Time(s)
       unknown (185.36.81.58): 8 Time(s)
       root (139.59.70.34): 7 Time(s)
       root (150.138.178.18): 7 Time(s)
       root (223.220.251.232): 7 Time(s)
       root (vmi527626.contaboserver.net): 7 Time(s)
       unknown (138.197.130.138): 7 Time(s)
       unknown (157.245.13.253): 7 Time(s)
       unknown (net-2-45-185-2.cust.vodafonedsl.it): 7 Time(s)
       root (138.197.130.138): 6 Time(s)
       root (153.35.93.67): 6 Time(s)
       root (rentguarantee.org): 6 Time(s)
       unknown (102.23.132.36): 6 Time(s)
       unknown (185.125.46.27): 6 Time(s)
       unknown (200.137.220.110): 6 Time(s)
       root (106.54.79.45): 5 Time(s)
       root (157.245.13.253): 5 Time(s)
       root (175.24.123.109): 5 Time(s)
       unknown (103.124.95.136): 5 Time(s)
       unknown (106.54.79.45): 5 Time(s)
       unknown (153.35.93.67): 5 Time(s)
       root (117.111.1.52): 4 Time(s)
       root (118.25.179.168): 4 Time(s)
       root (140.143.210.92): 4 Time(s)
       unknown (175.24.63.117): 4 Time(s)
       unknown (200-101-209-240.user3p.brasiltelecom.net.br): 4 Time(s)
       unknown (vmi159178.contaboserver.net): 4 Time(s)
       root (102.23.132.36): 3 Time(s)
       root (129.204.117.208): 3 Time(s)
       root (200-101-209-240.user3p.brasiltelecom.net.br): 3 Time(s)
       unknown (213.108.200.11): 3 Time(s)
       unknown (58.33.160.139): 3 Time(s)
       root (106.54.65.139): 2 Time(s)
       root (120.195.30.152): 2 Time(s)
       root (175.24.63.117): 2 Time(s)
       root (213.108.200.11): 2 Time(s)
       root (45.153.160.136): 2 Time(s)
       root (58.33.160.139): 2 Time(s)
       root (vmi159178.contaboserver.net): 2 Time(s)
       unknown (104.236.93.241): 2 Time(s)
       unknown (185.36.81.182): 2 Time(s)
       unknown (185.36.81.52): 2 Time(s)
       unknown (200-148-123-177.dsl.telesp.net.br): 2 Time(s)
       unknown (82-64-6-18.subs.proxad.net): 2 Time(s)
       backup (106.75.122.38): 1 Time(s)
       backup (42-200-109-74.static.imsbiz.com): 1 Time(s)
       backup (81.68.72.231): 1 Time(s)
       bin (170.106.82.81): 1 Time(s)
       games (1.119.166.234): 1 Time(s)
       mysql (1.119.166.234): 1 Time(s)
       mysql (111.229.78.120): 1 Time(s)
       mysql (195.29.51.136): 1 Time(s)
       mysql (vmi527626.contaboserver.net): 1 Time(s)
       nobody (104.236.93.241): 1 Time(s)
       nobody (172.81.211.207): 1 Time(s)
       nobody (182.254.130.92): 1 Time(s)
       openproject (106.13.171.106): 1 Time(s)
       postgres (101.32.40.233): 1 Time(s)
       postgres (116.12.51.206): 1 Time(s)
       postgres (120.92.133.80): 1 Time(s)
       postgres (170.106.110.16): 1 Time(s)
       postgres (81.70.95.232): 1 Time(s)
       proxy (198.55.103.116): 1 Time(s)
       proxy (212.83.144.11): 1 Time(s)
       root (104.236.93.241): 1 Time(s)
       root (106.13.97.37): 1 Time(s)
       root (116.54.57.4): 1 Time(s)
       root (138.68.255.120): 1 Time(s)
       root (154.83.16.181): 1 Time(s)
       root (172.81.216.129): 1 Time(s)
       root (185.191.124.153): 1 Time(s)
       root (23.129.64.234): 1 Time(s)
       root (49.233.189.161): 1 Time(s)
       root (82-65-239-16.subs.proxad.net): 1 Time(s)
       root (tor-exit-relay-4.anonymizing-proxy.digitalcourage.de): 1 Time(s)
       temp (118.24.104.55): 1 Time(s)
       unknown (111.161.74.118): 1 Time(s)
       unknown (117.111.1.52): 1 Time(s)
       unknown (119.45.193.82): 1 Time(s)
       unknown (120.195.30.152): 1 Time(s)
       unknown (128.199.17.218): 1 Time(s)
       unknown (154.83.16.181): 1 Time(s)
       unknown (157.230.7.236): 1 Time(s)
       unknown (161.35.59.177): 1 Time(s)
       unknown (36.112.157.33): 1 Time(s)
       unknown (49.234.50.235): 1 Time(s)
       unknown (69.194.8.237.16clouds.com): 1 Time(s)
       unknown (82-65-239-16.subs.proxad.net): 1 Time(s)
       unknown (tor-exit.greektor.net): 1 Time(s)
       www-data (118.24.104.55): 1 Time(s)
       www-data (189.60.255.11): 1 Time(s)
       www-data (198.55.103.116): 1 Time(s)
    Invalid Users:
       Unknown Account: 1507 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        8   Miscellaneous warnings  
 
   25.433K  Bytes accepted                              26,043
   25.433K  Bytes sent via SMTP                         26,043
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        7   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        7   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      463   Connections             
      174   Connections lost (inbound) 
      463   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        4   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.119.166.234: 26 times
    2.36.67.194 (net-2-36-67-194.cust.vodafonedsl.it): 9 times
    2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 9 times
    14.136.94.5 (014136094005.ctinets.com): 13 times
    23.95.197.215 (23-95-197-215-host.colocrossing.com): 31 times
    23.129.64.234: 1 time
    42.200.109.74 (42-200-109-74.static.imsbiz.com): 25 times
    45.153.160.136: 2 times
    49.233.189.161: 1 time
    58.33.160.139 (139.160.33.58.broad.xw.sh.dynamic.163data.com.cn): 2 times
    58.58.71.218: 14 times
    81.68.72.231: 25 times
    81.70.10.77: 21 times
    81.70.95.232: 20 times
    82.65.239.16 (82-65-239-16.subs.proxad.net): 1 time
    91.183.81.82 (82.81-183-91.adsl-static.isp.belgacom.be): 17 times
    93.104.214.189 (vmi159178.contaboserver.net): 2 times
    101.32.40.233: 17 times
    102.23.132.36: 3 times
    104.131.161.146: 30 times
    104.236.93.241: 2 times
    106.12.10.54: 26 times
    106.13.97.37: 1 time
    106.13.171.106: 25 times
    106.54.65.139: 2 times
    106.54.79.45: 5 times
    106.75.122.38: 27 times
    111.68.98.152 (111.68.98.152.pern.pk): 22 times
    111.229.78.120: 20 times
    115.159.151.24: 16 times
    116.12.51.206: 10 times
    116.54.57.4: 1 time
    117.111.1.52: 4 times
    118.24.104.55: 26 times
    118.25.88.204: 12 times
    118.25.179.168: 4 times
    118.27.113.79 (v118-27-113-79.4z7m.static.cnode.io): 19 times
    118.69.183.237: 19 times
    120.92.133.80: 17 times
    120.195.30.152: 2 times
    129.204.117.208: 3 times
    129.204.236.106: 16 times
    138.68.99.110: 26 times
    138.68.255.120: 1 time
    138.197.130.138 (shitcointopia-grana.com.py-clima.grana.com.py): 6 times
    138.197.222.211: 12 times
    139.59.8.10: 23 times
    139.59.70.34: 7 times
    140.143.210.92: 4 times
    150.136.67.158: 25 times
    150.138.178.18: 7 times
    153.35.93.67: 6 times
    154.83.16.181: 1 time
    157.245.13.253: 5 times
    159.89.200.236: 22 times
    163.172.157.193 (193-157-172-163.instances.scw.cloud): 18 times
    170.106.50.166: 8 times
    170.106.82.81: 10 times
    170.106.110.16: 22 times
    172.81.211.207: 11 times
    172.81.216.129: 1 time
    175.24.63.117: 2 times
    175.24.123.109: 5 times
    182.254.130.92: 20 times
    185.191.124.153: 1 time
    185.220.102.250 (tor-exit-relay-4.anonymizing-proxy.digitalcourage.de): 1 time
    186.137.197.124 (124-197-137-186.fibertel.com.ar): 19 times
    189.60.255.11 (bd3cff0b.virtua.com.br): 19 times
    193.112.108.11: 19 times
    195.29.51.136: 30 times
    198.55.103.116 (198.55.103.116.static.quadranet.com): 21 times
    200.101.209.240 (200-101-209-240.user3p.brasiltelecom.net.br): 3 times
    200.137.220.110: 11 times
    206.189.234.114: 18 times
    209.97.132.66 (rentguarantee.org): 6 times
    209.145.53.126 (vmi527626.contaboserver.net): 8 times
    212.83.144.11 (212-83-144-11.rev.poneytelecom.eu): 20 times
    213.108.200.11 (213-108-200-11.vms-online.ru): 2 times
    223.220.251.232: 7 times
 
 Illegal users from:
    undef: 1242 times
    1.119.166.234: 33 times
    2.36.67.194 (net-2-36-67-194.cust.vodafonedsl.it): 19 times
    2.45.185.2 (net-2-45-185-2.cust.vodafonedsl.it): 7 times
    2.201.192.110 (dslb-002-201-192-110.002.201.pools.vodafone-ip.de): 12 times
    14.136.94.5 (014136094005.ctinets.com): 21 times
    23.95.197.215 (23-95-197-215-host.colocrossing.com): 53 times
    36.112.157.33: 1 time
    42.200.109.74 (42-200-109-74.static.imsbiz.com): 23 times
    45.146.165.151: 14 times
    49.234.50.235: 1 time
    51.75.124.215 (215.ip-51-75-124.eu): 19 times
    58.33.160.139 (139.160.33.58.broad.xw.sh.dynamic.163data.com.cn): 3 times
    58.58.71.218: 17 times
    65.49.20.66 (scan-17.shadowserver.org): 1 time
    69.194.8.237 (69.194.8.237.16clouds.com): 1 time
    81.68.72.231: 32 times
    81.70.10.77: 31 times
    81.70.95.232: 35 times
    82.64.6.18 (82-64-6-18.subs.proxad.net): 2 times
    82.65.239.16 (82-65-239-16.subs.proxad.net): 1 time
    91.183.81.82 (82.81-183-91.adsl-static.isp.belgacom.be): 23 times
    93.104.214.189 (vmi159178.contaboserver.net): 4 times
    101.32.40.233: 28 times
    102.23.132.36: 6 times
    103.124.95.136: 5 times
    104.131.161.146: 26 times
    104.236.93.241: 2 times
    106.12.10.54: 26 times
    106.13.97.37: 20 times
    106.13.171.106: 39 times
    106.54.65.139: 8 times
    106.54.79.45: 5 times
    106.75.122.38: 28 times
    111.68.98.152 (111.68.98.152.pern.pk): 29 times
    111.161.74.118 (dns118.online.tj.cn): 1 time
    111.229.78.120: 28 times
    115.159.151.24: 31 times
    116.12.51.206: 13 times
    117.111.1.52: 1 time
    118.24.104.55: 38 times
    118.25.88.204: 11 times
    118.25.179.168: 8 times
    118.27.113.79 (v118-27-113-79.4z7m.static.cnode.io): 33 times
    118.69.183.237: 27 times
    119.45.193.82: 1 time
    120.92.133.80: 27 times
    120.195.30.152: 1 time
    128.199.17.218: 1 time
    129.204.117.208: 8 times
    129.204.236.106: 29 times
    138.68.99.110: 38 times
    138.197.130.138 (shitcointopia-grana.com.py-clima.grana.com.py): 7 times
    138.197.222.211: 27 times
    139.59.8.10: 29 times
    139.59.70.34: 23 times
    140.143.210.92: 8 times
    150.136.67.158: 28 times
    150.138.178.18: 14 times
    153.35.93.67: 5 times
    154.83.16.181: 1 time
    157.230.7.236: 1 time
    157.245.13.253: 7 times
    159.89.200.236: 31 times
    161.35.59.177: 1 time
    163.172.157.193 (193-157-172-163.instances.scw.cloud): 26 times
    170.106.50.166: 13 times
    170.106.82.81: 9 times
    170.106.110.16: 17 times
    172.81.211.207: 18 times
    175.24.63.117: 4 times
    175.24.123.109: 22 times
    182.254.130.92: 25 times
    185.36.81.52 (sterharvest.com): 2 times
    185.36.81.58: 8 times
    185.36.81.182: 2 times
    185.36.81.184: 12 times
    185.125.46.27: 6 times
    186.137.197.124 (124-197-137-186.fibertel.com.ar): 32 times
    189.60.255.11 (bd3cff0b.virtua.com.br): 31 times
    193.112.108.11: 43 times
    195.29.51.136: 41 times
    198.55.103.116 (198.55.103.116.static.quadranet.com): 32 times
    200.101.209.240 (200-101-209-240.user3p.brasiltelecom.net.br): 4 times
    200.137.220.110: 6 times
    200.148.123.177 (200-148-123-177.dsl.telesp.net.br): 2 times
    205.185.117.149 (tor-exit.greektor.net): 1 time
    206.189.234.114: 40 times
    209.145.53.126 (vmi527626.contaboserver.net): 13 times
    212.83.144.11 (212-83-144-11.rev.poneytelecom.eu): 18 times
    213.108.200.11 (213-108-200-11.vms-online.ru): 3 times
    223.220.251.232: 26 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016