Logwatch for h2361197.stratoserver.net (Linux)

Samstag, 16 März 2024


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sat Mar 16 04:42:03 2024
        Date Range Processed: yesterday
                              ( 2024-Mar-15 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 30:30 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 12 sites probed the server 
    162.216.150.191
    165.22.222.77
    178.79.163.211
    179.43.168.98
    185.100.87.136
    185.142.236.43
    198.199.110.40
    209.97.132.140
    63.251.106.21
    65.49.1.49
    66.240.205.34
    87.251.64.153
 
 Requests with error response codes
    400 Bad Request
       null: 21 Time(s)
       /: 7 Time(s)
       *: 3 Time(s)
       /aaa9: 2 Time(s)
       /aab9: 2 Time(s)
       /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 2 Time(s)
       /.env: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
...
\xED\x99\xA5\xD4\xBC\x87\xBE\x0CT\xA0[\xD ... 8E%\xE3\xA8\xF4: 1
Time(s)        LM: 1 Time(s)
       \x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x ... x00\x00\x00\x00: 1 Time(s)
       \x01\x00\x01\x1C\x03\x03\x8AR\x17\x13<\xF1 ... \xFB\xAE\xF9Qoq: 1 Time(s)
       \x09\x91\x81_*?\xC8\xEE\x9F2@o\xB7\x8F\x0C ... x00\x01\x02\x00: 1 Time(s)
       \x8A\x1CW,\xE4\xE2-\xB8s\x03?\x18\xDCnU\xE ... x00\x01\x02\x00: 1 Time(s)
       \xA3]n\x08\xDE\xE0\x01\x17\xDBat\xAF\xA8\x ... xA9\xC7\xFB\x7F: 1 Time(s)
       \xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x ... x09\xC0\x14\xC0: 1 Time(s)
       _\xA8\x95\xAA\xB0\xD8\xA5\xAB\xA6\xD3\x80\ ... x00\x01\x02\x00: 1 Time(s)
       c\x05\xA1: 1 Time(s)
    500 Internal Server Error
       /: 32 Time(s)
       /.env: 3 Time(s)
       /.git/config: 3 Time(s)
       /aaa9: 2 Time(s)
       /aab9: 2 Time(s)
       /cgi-bin/luci/;stok=/locale?form=country&o ... 20.%2Ftenda.sh): 2 Time(s)
       /favicon.ico: 2 Time(s)
       /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 2 Time(s)
       /ztp/cgi-bin/handler: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /HNAP1: 1 Time(s)
       /actuator/gateway/routes: 1 Time(s)
       /ajax: 1 Time(s)
       /evox/about: 1 Time(s)
       /geoserver/web/: 1 Time(s)
       /global-protect/login.esp: 1 Time(s)
       /index.html: 1 Time(s)
       /login: 1 Time(s)
       /nmaplowercheck1710496931: 1 Time(s)
       /owa/: 1 Time(s)
       /robots.txt: 1 Time(s)
       /sdk: 1 Time(s)
       /sitemap.xml: 1 Time(s)
       /webui/: 1 Time(s)
       /wlm/login: 1 Time(s)
    502 Bad Gateway
       /LXfQG2qcTpSj_0d9YLsf0g/pdf: 1 Time(s)
       /O2CAPBprSRO1hR9J52_r_w/pdf: 1 Time(s)
       /T_BKxBP1RJe2MgBIWZnSMA/pdf: 1 Time(s)
       /T_HrFtt1RNCO4fUwT9jzDQ/pdf: 1 Time(s)
       /Z7JgFtprRTu4mj0ux-SJ3w/pdf: 1 Time(s)
       /ak_wiki/pdf: 1 Time(s)
       /w1op49QpSGyk43xo0up_Aw/pdf: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (165.227.219.126): 216 Time(s)
       root (47.100.230.180): 90 Time(s)
       root (179.43.180.106): 34 Time(s)
       root (mail.rokor.kz): 12 Time(s)
       unknown (202.165.16.209): 12 Time(s)
       root (pat-89-23-181-191.pool.powernet.com.ru): 7 Time(s)
       unknown (194.169.175.36): 7 Time(s)
       unknown (85.209.11.254): 7 Time(s)
       root (123203108104.ctinets.com): 6 Time(s)
       root (121.152.45.237): 5 Time(s)
       root (96.88.139.138): 5 Time(s)
       root (85.209.11.254): 4 Time(s)
       unknown (185.191.127.212): 4 Time(s)
       unknown (194.169.175.35): 4 Time(s)
       unknown (161.35.52.191): 3 Time(s)
       unknown (19010730117.ip71.static.mediacommerce.com.co): 3 Time(s)
       unknown (45.71.24.198): 3 Time(s)
       unknown (85.209.11.27): 3 Time(s)
       unknown (1.52.230.54): 2 Time(s)
       unknown (103.157.115.26): 2 Time(s)
       unknown (152.230.106.235): 2 Time(s)
       unknown (179.131.11.68): 2 Time(s)
       unknown (185.196.8.151): 2 Time(s)
       unknown (190.107.71.200): 2 Time(s)
       unknown (192.12.113.119): 2 Time(s)
       unknown (204.216.170.215): 2 Time(s)
       unknown (31.184.198.71): 2 Time(s)
       unknown (36.137.22.65): 2 Time(s)
       unknown (79.117.24.4): 2 Time(s)
       unknown (91.74.96.181): 2 Time(s)
       unknown (fp6fd8c294.ap.nuro.jp): 2 Time(s)
       nobody (19010730117.ip71.static.mediacommerce.com.co): 1 Time(s)
       nobody (202.165.16.209): 1 Time(s)
       nobody (213-65-246-133-no2661.tbcn.telia.com): 1 Time(s)
       nobody (59-120-179-121.hinet-ip.hinet.net): 1 Time(s)
       nobody (81.68.166.244): 1 Time(s)
       nobody (i19-les03-ix2-5-48-120-230.sfr.lns.abo.bbox.fr): 1 Time(s)
       root (112.196.59.146): 1 Time(s)
       root (158.51.96.38): 1 Time(s)
       root (179.209.237.119): 1 Time(s)
       root (194.169.175.35): 1 Time(s)
       root (194.169.175.36): 1 Time(s)
       root (200.229.209.202): 1 Time(s)
       root (200.91.234.36): 1 Time(s)
       root (202.165.16.209): 1 Time(s)
       root (31.184.198.71): 1 Time(s)
       root (fp73a31e6e.stmb122.ap.nuro.jp): 1 Time(s)
       unknown (102.38.3.181): 1 Time(s)
       unknown (103.127.53.114): 1 Time(s)
       unknown (103.127.53.122): 1 Time(s)
       unknown (103.194.249.82): 1 Time(s)
       unknown (103.58.64.19): 1 Time(s)
       unknown (110.7.40.114): 1 Time(s)
       unknown (111.92.62.19): 1 Time(s)
       unknown (114-32-191-1.hinet-ip.hinet.net): 1 Time(s)
       unknown (115.90.226.11): 1 Time(s)
       unknown (117.187.89.145): 1 Time(s)
       unknown (117.220.162.66): 1 Time(s)
       unknown (122-117-15-25.hinet-ip.hinet.net): 1 Time(s)
       unknown (122.53.57.33): 1 Time(s)
       unknown (123.201.57.243): 1 Time(s)
       unknown (124.106.213.54): 1 Time(s)
       unknown (124.89.116.178): 1 Time(s)
       unknown (134.249.147.136): 1 Time(s)
       unknown (136.255.158.118): 1 Time(s)
       unknown (139.135.136.34): 1 Time(s)
       unknown (146.56.151.124): 1 Time(s)
       unknown (159-118-82-58.cpe.sparklight.net): 1 Time(s)
       unknown (159.89.18.106): 1 Time(s)
       unknown (167-179-148-169.a7b394.syd.nbn.aussiebb.net): 1 Time(s)
       unknown (171.212.103.245): 1 Time(s)
       unknown (175.139.203.77): 1 Time(s)
       unknown (182.220.46.169): 1 Time(s)
       unknown (188-169-66-154.dsl.utg.ge): 1 Time(s)
       unknown (19010730116.ip71.static.mediacommerce.com.co): 1 Time(s)
       unknown (194.29.62.5): 1 Time(s)
       unknown (203.109.80.222): 1 Time(s)
       unknown (206.252.194.38): 1 Time(s)
       unknown (211.109.93.130): 1 Time(s)
       unknown (213.111.66.72): 1 Time(s)
       unknown (217-210-89-93-no2663.tbcn.telia.com): 1 Time(s)
       unknown (220-130-226-160.hinet-ip.hinet.net): 1 Time(s)
       unknown (221.4.197.154): 1 Time(s)
       unknown (27.21.168.184.host.secureserver.net): 1 Time(s)
       unknown (31-10-205-51.static.upc.ch): 1 Time(s)
       unknown (36.89.156.215): 1 Time(s)
       unknown (36.93.114.148): 1 Time(s)
       unknown (37.255.202.68): 1 Time(s)
       unknown (41.2.31.31.dyn.idknet.com): 1 Time(s)
       unknown (41.207.248.204): 1 Time(s)
       unknown (41.33.69.243): 1 Time(s)
       unknown (41.63.61.165): 1 Time(s)
       unknown (42-2-251-116.static.netvigator.com): 1 Time(s)
       unknown (42.112.235.77.dyn.idknet.com): 1 Time(s)
       unknown (49.248.46.2): 1 Time(s)
       unknown (49.249.202.89): 1 Time(s)
       unknown (58.246.253.218): 1 Time(s)
       unknown (59-125-252-50.hinet-ip.hinet.net): 1 Time(s)
       unknown (62.201.212.54): 1 Time(s)
       unknown (65.20.144.244): 1 Time(s)
       unknown (65.20.162.33): 1 Time(s)
       unknown (65.20.174.246): 1 Time(s)
       unknown (65.20.192.86): 1 Time(s)
       unknown (65.20.204.17): 1 Time(s)
       unknown (65.20.205.152): 1 Time(s)
       unknown (69-38.mc.ccapcable.com): 1 Time(s)
       unknown (80.210.26.105): 1 Time(s)
       unknown (82-65-140-218.subs.proxad.net): 1 Time(s)
       unknown (85.122.56.15): 1 Time(s)
       unknown (91-241-150-246-dyn.neotele.com.ru): 1 Time(s)
       unknown (91.92.124.199): 1 Time(s)
       unknown (92.52.146.18): 1 Time(s)
       unknown (94.142.51.44): 1 Time(s)
       unknown (c-68-35-16-210.hsd1.al.comcast.net): 1 Time(s)
       unknown (c-73-155-248-188.hsd1.tx.comcast.net): 1 Time(s)
       unknown (cm222-166-167-89.hkcable.com.hk): 1 Time(s)
       unknown (fp784a0093.tkyc623.ap.nuro.jp): 1 Time(s)
       unknown (fw01.softeco.it): 1 Time(s)
       unknown (host-176-36-13-121.b024.la.net.ua): 1 Time(s)
       unknown (ip50-158-35-220.lv.lv.cox.net): 1 Time(s)
       unknown (ool-1826d6c2.dyn.optonline.net): 1 Time(s)
    Invalid Users:
       Unknown Account: 366 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

   18.258K  Bytes accepted                              18,696
   18.258K  Bytes sent via SMTP                         18,696
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        5   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        5   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       55   Connections             
        8   Connections lost (inbound) 
       55   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   SMTP dialog errors      
        1   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 18 Time(s)
 
 Failed logins from:
    5.48.120.230 (i19-les03-ix2-5-48-120-230.sfr.lns.abo.bbox.fr): 1 time
    31.184.198.71: 1 time
    47.100.230.180: 90 times
    59.120.179.121 (59-120-179-121.hinet-ip.hinet.net): 1 time
    81.68.166.244: 1 time
    85.209.11.254: 4 times
    89.23.181.191 (pat-89-23-181-191.pool.powernet.com.ru): 7 times
    96.88.139.138 (96-88-139-138-static.hfc.comcastbusiness.net): 6 times
    112.196.59.146: 1 time
    115.163.30.110 (fp73a31e6e.stmb122.ap.nuro.jp): 1 time
    121.152.45.237: 6 times
    123.203.108.104 (123203108104.ctinets.com): 6 times
    158.51.96.38 (unknown.ip-xfer.net): 1 time
    178.88.167.38 (mail.rokor.kz): 12 times
    179.43.180.106 (hostedby.privatelayer.com): 34 times
    179.209.237.119 (b3d1ed77.virtua.com.br): 1 time
    190.107.30.117 (19010730117.ip71.static.mediacommerce.com.co): 1 time
    194.169.175.35: 1 time
    194.169.175.36: 1 time
    200.91.234.36 (desenliste.ifxcorp.com): 1 time
    200.229.209.202 (200-229-209-202.r2webnet.com.br): 1 time
    202.165.16.209: 2 times
    213.65.246.133 (213-65-246-133-no2661.tbcn.telia.com): 1 time
 
 Illegal users from:
    2001:470:1:c84::17 (scan-07o.shadowserver.org): 1 time
    undef: 140 times
    1.52.230.54: 2 times
    24.38.214.194 (ool-1826d6c2.dyn.optonline.net): 1 time
    31.10.205.51 (31-10-205-51.static.upc.ch): 1 time
    31.31.2.41 (41.2.31.31.dyn.idknet.com): 1 time
    31.184.198.71: 3 times
    36.89.156.215: 1 time
    36.93.114.148: 1 time
    36.137.22.65: 2 times
    37.255.202.68: 1 time
    41.33.69.243 (host-41.33.69.243.tedata.net): 1 time
    41.63.61.165: 1 time
    41.207.248.204: 1 time
    42.2.251.116 (42-2-251-116.static.netvigator.com): 1 time
    45.71.24.198: 3 times
    47.76.43.229: 1 time
    49.248.46.2 (static-2.46.248.49-tataidc.co.in): 1 time
    49.249.202.89 (static-89.202.249.49-tataidc.co.in): 1 time
    50.158.35.220 (ip50-158-35-220.lv.lv.cox.net): 1 time
    58.246.253.218: 1 time
    59.125.252.50 (59-125-252-50.hinet-ip.hinet.net): 1 time
    62.201.212.54: 1 time
    64.62.197.114 (scan-47h.shadowserver.org): 1 time
    65.20.144.244: 1 time
    65.20.162.33: 1 time
    65.20.174.246: 1 time
    65.20.192.86: 1 time
    65.20.204.17: 1 time
    65.20.205.152: 1 time
    68.35.16.210 (c-68-35-16-210.hsd1.al.comcast.net): 1 time
    73.155.248.188 (c-73-155-248-188.hsd1.tx.comcast.net): 1 time
    77.235.112.42 (42.112.235.77.dyn.idknet.com): 1 time
    79.117.24.4 (79-117-24-4.digimobil.es): 2 times
    80.210.26.105: 1 time
    82.65.140.218 (82-65-140-218.subs.proxad.net): 1 time
    85.122.56.15: 1 time
    85.209.11.27: 3 times
    85.209.11.254: 7 times
    91.74.96.181: 2 times
    91.92.124.199: 1 time
    91.241.150.246 (91-241-150-246-dyn.neotele.com.ru): 1 time
    92.52.146.18: 1 time
    93.62.202.194 (fw01.softeco.it): 1 time
    94.142.51.44 (ip94-142-51-44.zaindata.jo): 1 time
    102.38.3.181: 1 time
    103.58.64.19: 1 time
    103.127.53.114: 1 time
    103.127.53.122: 1 time
    103.157.115.26 (26.115.157.103.Ai-bkti-hts.iforte.net.id): 2 times
    103.194.249.82: 1 time
    110.7.40.114: 1 time
    111.92.62.19 (19.62.92.111.asianet.co.in): 1 time
    111.216.194.148 (fp6fd8c294.ap.nuro.jp): 2 times
    114.32.191.1 (114-32-191-1.hinet-ip.hinet.net): 1 time
    115.90.226.11: 5 times
    117.187.89.145: 1 time
    117.220.162.66: 1 time
    120.74.0.147 (fp784a0093.tkyc623.ap.nuro.jp): 1 time
    122.53.57.33 (122.53.57.33.static.pldt.net): 1 time
    122.117.15.25 (122-117-15-25.hinet-ip.hinet.net): 1 time
    123.201.57.243 (243-57-201-123.static.youbroadband.in): 1 time
    124.89.116.178: 1 time
    124.106.213.54: 1 time
    134.249.147.136 (134-249-147-136.broadband.kyivstar.net): 1 time
    136.255.158.118: 1 time
    139.135.136.34: 1 time
    146.56.151.124: 1 time
    152.230.106.235 (static.152.230.106.235.gtdinternet.com): 2 times
    159.89.18.106: 1 time
    159.118.82.58 (159-118-82-58.cpe.sparklight.net): 1 time
    161.35.52.191: 3 times
    165.227.219.126: 216 times
    167.179.148.169 (167-179-148-169.a7b394.syd.nbn.aussiebb.net): 1 time
    171.212.103.245: 1 time
    175.24.152.224: 1 time
    175.139.203.77 (rehon.com): 1 time
    176.36.13.121 (host-176-36-13-121.b024.la.net.ua): 1 time
    179.131.11.68: 2 times
    182.220.46.169: 1 time
    184.168.21.27 (27.21.168.184.host.secureserver.net): 1 time
    185.191.127.212: 4 times
    185.196.8.151: 2 times
    188.169.66.154 (188-169-66-154.dsl.utg.ge): 1 time
    190.107.30.116 (19010730116.ip71.static.mediacommerce.com.co): 1 time
    190.107.30.117 (19010730117.ip71.static.mediacommerce.com.co): 3 times
    190.107.71.200: 2 times
    192.12.113.119: 2 times
    194.29.62.5 (unassigned-2-5.unitel.net.ua): 1 time
    194.169.175.35: 4 times
    194.169.175.36: 9 times
    202.165.16.209: 12 times
    203.109.80.222 (222-80-109-203.static.youbroadband.in): 1 time
    204.216.170.215: 2 times
    206.252.194.38: 1 time
    211.109.93.130: 1 time
    213.111.66.72 (unused-213.111.66.72.bilink.ua): 1 time
    216.113.69.38 (69-38.mc.ccapcable.com): 1 time
    217.210.89.93 (217-210-89-93-no2663.tbcn.telia.com): 1 time
    220.130.226.160 (220-130-226-160.hinet-ip.hinet.net): 1 time
    221.4.197.154: 1 time
    222.166.167.89 (cm222-166-167-89.hkcable.com.hk): 1 time
 
 **Unmatched Entries**
 Disconnecting: Protocol error: expected packet type 21, got 20 [preauth] : 3 time(s)
 Disconnecting: Change of username or service not allowed: (root,ssh-connection) ->
(admin,ssh-connection) [preauth] : 1 time(s)
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(ubnt,ssh-connection) [preauth] : 1 time(s)
 Disconnecting: Change of username or service not allowed: (0,ssh-connection) ->
(root,ssh-connection) [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop19598p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016