Logwatch for h2361197.stratoserver.net (Linux)

Dienstag, 15 August 2023

 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Tue Aug 15 04:42:03 2023
        Date Range Processed: yesterday
                              ( 2023-Aug-14 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 

 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [162:163]

 ---------------------- fail2ban-messages End ------------------------- 

 --------------------- httpd Begin ------------------------ 

 Connection attempts using mod_proxy:
    45.128.232.183 -> google.com:443: 1 Time(s)
    45.134.26.33 -> ipinfo.io:443: 1 Time(s)

 A total of 14 sites probed the server 
    135.148.13.183
    143.198.38.101
    167.71.102.181
    174.138.61.44
    192.241.237.33
    198.199.115.116
    198.235.24.40
    212.71.246.65
    45.88.90.113
    45.95.169.184
    46.101.12.231
    5.188.210.227
    64.227.97.195
    65.49.20.66

 Requests with error response codes
    400 Bad Request
       null: 20 Time(s)
       /: 7 Time(s)
       /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 6 Time(s)
       *: 4 Time(s)
       /aaa9: 3 Time(s)
       /aab8: 3 Time(s)
       mstshash=Administr: 3 Time(s)
       /private/api/v1/service/premaster: 2 Time(s)
       /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... lOuMGZrug_dAAAA: 2 Time(s)
       /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 1 Time(s)
       /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... 1O5UJy9FWjNAAAD: 1 Time(s)
       /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... Zdz_HDJ9fKsAAAF: 1 Time(s)
       /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... a4ACxS8CWYiAAAE: 1 Time(s)
       /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... ualu1n6VJ75AAAB: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       12.2.1: 1 Time(s)
       7: 1 Time(s)
       A@BAE@FAI: 1 Time(s)
       AQ\xB7n\xFF\x05\x0B\x96\xA7: 1 Time(s)
       \x04\xC5\x90\xD6\x17w\xAD\xC3h\xF3g\x15\xC1\x00\x00: 1 Time(s)
       \xF25\xA2G\xAD\xBE0\xF5\xEBH\xAEa\xE9A\xB7: 1 Time(s)
       google.com:443: 1 Time(s)
       http://5.188.210.227/echo.php: 1 Time(s)
       ipinfo.io:443: 1 Time(s)
    404 Not Found
       //cdnjs.cloudflare.com/ajax/libs/es5-shim/ ... es5-shim.min.js: 1 Time(s)
       //cdnjs.cloudflare.com/ajax/libs/html5shiv ... tml5shiv.min.js: 1 Time(s)
       //cdnjs.cloudflare.com/ajax/libs/respond.j ... /respond.min.js: 1 Time(s)
       //protokolle.zapf.in/build/6.cover-pack.fe ... 36298be630a4.js: 1 Time(s)
       //protokolle.zapf.in/build/8.common.fef3ca2736298be630a4.js: 1 Time(s)
       //protokolle.zapf.in/build/constant.js: 1 Time(s)
    499 (undefined)
       /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... 1O5UJy9FWjNAAAD: 1 Time(s)
       /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... EHSLQqPJJ_gAAAC: 1 Time(s)
       /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... Nzx-PreUXOQAAAG: 1 Time(s)
       /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... Zdz_HDJ9fKsAAAF: 1 Time(s)
       /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... a4ACxS8CWYiAAAE: 1 Time(s)
       /socket.io/?noteId=SoSe2020_WissKomm_Skizz ... ualu1n6VJ75AAAB: 1 Time(s)
    500 Internal Server Error
       /: 27 Time(s)
       /favicon.ico: 3 Time(s)
       /.env: 2 Time(s)
       /.git/config: 2 Time(s)
       /ab2g: 2 Time(s)
       /ab2h: 2 Time(s)
       /dqgqoeCXckuwPtxov: 2 Time(s)
       /owa/auth/x.js: 2 Time(s)
       /restore.php: 2 Time(s)
       /t4: 2 Time(s)
       /FD873AC4-CF86-4FED-84EC-4BD59C6F17A7: 1 Time(s)
       /_profiler/phpinfo: 1 Time(s)
       /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
    502 Bad Gateway
       /Itw6nw4MR_mX23AHjlKS6Q/pdf: 1 Time(s)
       /berlin17_ak_pratikum_2_0_bu/pdf: 1 Time(s)
       /sose17_bama1/pdf: 1 Time(s)

 ---------------------- httpd End ------------------------- 

 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (185.161.248.149): 129 Time(s)
       unknown (159.223.164.146): 37 Time(s)
       root (185.161.248.149): 31 Time(s)
       unknown (178.128.171.48): 29 Time(s)
       root (103.48.116.7): 24 Time(s)
       unknown (143.110.182.210): 19 Time(s)
       root (141.98.11.90): 18 Time(s)
       unknown (200.89.174.178): 18 Time(s)
       unknown (141.98.11.90): 16 Time(s)
       root (159.223.164.146): 15 Time(s)
       unknown (141.98.11.11): 15 Time(s)
       unknown (43.159.59.118): 15 Time(s)
       root (143.110.182.210): 13 Time(s)
       unknown (128.199.80.214): 13 Time(s)
       unknown (14.238.7.210): 13 Time(s)
       unknown (118.194.231.180): 12 Time(s)
       unknown (154.198.211.170): 12 Time(s)
       root (141.98.11.11): 11 Time(s)
       unknown (194.146.50.54): 11 Time(s)
       unknown (87.248.226.146): 11 Time(s)
       unknown (103.170.246.85): 9 Time(s)
       unknown (157.245.101.119): 9 Time(s)
       unknown (45.164.130.2): 9 Time(s)
       unknown (45.95.146.100): 9 Time(s)
       unknown (59.12.160.91): 9 Time(s)
       root (152.70.217.117): 8 Time(s)
       root (194.146.50.54): 8 Time(s)
       root (200.89.174.178): 8 Time(s)
       root (49.51.242.95): 8 Time(s)
       unknown (143.198.222.239): 8 Time(s)
       unknown (156.0.130.229): 8 Time(s)
       unknown (159.203.113.193): 8 Time(s)
       unknown (159.65.84.193): 8 Time(s)
       unknown (161.132.183.24): 8 Time(s)
       unknown (177.94.48.214): 8 Time(s)
       unknown (196.43.196.73): 8 Time(s)
       unknown (211-75-183-12.hinet-ip.hinet.net): 8 Time(s)
       unknown (31.41.244.62): 8 Time(s)
       unknown (43.153.85.172): 8 Time(s)
       unknown (59.103.181.149): 8 Time(s)
       unknown (ec2-65-2-10-245.ap-south-1.compute.amazonaws.com): 8 Time(s)
       unknown (vps-44d2d681.vps.ovh.net): 8 Time(s)
       root (43.134.234.200): 7 Time(s)
       unknown (129.226.199.34): 7 Time(s)
       unknown (138.197.102.26): 7 Time(s)
       unknown (181.49.10.146): 7 Time(s)
       unknown (43.153.178.30): 7 Time(s)
       unknown (43.153.225.154): 7 Time(s)
       unknown (43.155.163.250): 7 Time(s)
       unknown (43.156.4.142): 7 Time(s)
       unknown (82.207.8.206): 7 Time(s)
       root (156.0.130.229): 6 Time(s)
       root (161.132.219.115): 6 Time(s)
       root (181.49.10.146): 6 Time(s)
       root (197.5.145.68): 6 Time(s)
       root (206.217.131.233): 6 Time(s)
       root (226.183.64.34.bc.googleusercontent.com): 6 Time(s)
       root (23.94.235.19): 6 Time(s)
       root (31.41.244.62): 6 Time(s)
       root (43.155.163.250): 6 Time(s)
       root (5.42.80.104): 6 Time(s)
       unknown (103.86.49.28): 6 Time(s)
       unknown (161.132.219.115): 6 Time(s)
       unknown (170.106.73.154): 6 Time(s)
       unknown (185.17.113.238): 6 Time(s)
       unknown (197.5.145.68): 6 Time(s)
       unknown (226.183.64.34.bc.googleusercontent.com): 6 Time(s)
       unknown (23.94.235.19): 6 Time(s)
       unknown (31.41.244.61): 6 Time(s)
       unknown (43.153.25.166): 6 Time(s)
       unknown (49.51.52.23): 6 Time(s)
       unknown (5.42.80.104): 6 Time(s)
       unknown (cloud.boneita.com): 6 Time(s)
       root (118.194.231.180): 5 Time(s)
       root (128.199.80.214): 5 Time(s)
       root (129.226.199.34): 5 Time(s)
       root (154.198.211.170): 5 Time(s)
       root (159.203.113.193): 5 Time(s)
       root (161.132.183.24): 5 Time(s)
       root (31.41.244.61): 5 Time(s)
       root (43.153.225.154): 5 Time(s)
       unknown (152.70.217.117): 5 Time(s)
       unknown (178.62.97.236): 5 Time(s)
       unknown (43.134.234.200): 5 Time(s)
       unknown (49.51.242.95): 5 Time(s)
       root (103.86.49.28): 4 Time(s)
       root (170.106.73.154): 4 Time(s)
       root (43.153.178.30): 4 Time(s)
       root (43.156.4.142): 4 Time(s)
       root (49.51.52.23): 4 Time(s)
       root (5.42.82.136): 4 Time(s)
       root (59.103.181.149): 4 Time(s)
       root (cloud.boneita.com): 4 Time(s)
       unknown (206.217.131.233): 4 Time(s)
       unknown (5.42.82.136): 4 Time(s)
       root (103.170.246.85): 3 Time(s)
       root (138.197.102.26): 3 Time(s)
       root (143.198.222.239): 3 Time(s)
       root (177.94.48.214): 3 Time(s)
       root (185.17.113.238): 3 Time(s)
       root (196.43.196.73): 3 Time(s)
       root (211-75-183-12.hinet-ip.hinet.net): 3 Time(s)
       root (43.159.59.118): 3 Time(s)
       root (45.164.130.2): 3 Time(s)
       root (82.207.8.206): 3 Time(s)
       root (87.248.226.146): 3 Time(s)
       root (ec2-65-2-10-245.ap-south-1.compute.amazonaws.com): 3 Time(s)
       unknown (103.48.116.7): 3 Time(s)
       root (14.238.7.210): 2 Time(s)
       root (159.65.84.193): 2 Time(s)
       root (178.62.97.236): 2 Time(s)
       root (43.153.25.166): 2 Time(s)
       root (43.153.85.172): 2 Time(s)
       root (ks3303146.kimsufi.com): 2 Time(s)
       root (vps-44d2d681.vps.ovh.net): 2 Time(s)
       unknown (81.17.22.114): 2 Time(s)
       backup (141.98.11.90): 1 Time(s)
       bin (103.48.116.7): 1 Time(s)
       mysql (161.132.183.24): 1 Time(s)
       mysql (185.161.248.149): 1 Time(s)
       mysql (185.17.113.238): 1 Time(s)
       mysql (23.94.235.19): 1 Time(s)
       mysql (43.153.25.166): 1 Time(s)
       postgres (143.110.182.210): 1 Time(s)
       postgres (154.198.211.170): 1 Time(s)
       postgres (159.223.164.146): 1 Time(s)
       postgres (211-75-183-12.hinet-ip.hinet.net): 1 Time(s)
       postgres (43.153.178.30): 1 Time(s)
       root (193.69.228.236): 1 Time(s)
       root (45.95.146.100): 1 Time(s)
       root (59.12.160.91): 1 Time(s)
       root (ua-85-228-158-212.bbcust.telenor.se): 1 Time(s)
       sshd (185.161.248.149): 1 Time(s)
       temp (185.161.248.149): 1 Time(s)
       unknown (121.129.93.181): 1 Time(s)
       unknown (14.53.134.163): 1 Time(s)
       unknown (65.20.174.248): 1 Time(s)
       unknown (78-71-29-183-no261.tbcn.telia.com): 1 Time(s)
       unknown (vmi1343886.contaboserver.net): 1 Time(s)
       www-data (154.198.211.170): 1 Time(s)
       www-data (185.161.248.149): 1 Time(s)
       www-data (31.41.244.61): 1 Time(s)
       www-data (5.42.82.136): 1 Time(s)
    Invalid Users:
       Unknown Account: 677 Time(s)

 ---------------------- pam_unix End ------------------------- 

 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  

   23.755K  Bytes accepted                              24,325
 ========   ==================================================

        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================

        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================

       21   Connections             
        8   Connections lost (inbound) 
       21   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           

        2   SMTP dialog errors      
        2   Hostname verification errors (FCRDNS) 

 ---------------------- Postfix End ------------------------- 

 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)

 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Failed logins from:
    5.42.80.104: 6 times
    5.42.82.136: 5 times
    5.135.159.50 (ks3303146.kimsufi.com): 2 times
    14.238.7.210: 2 times
    23.94.235.19 (23-94-235-19-host.colocrossing.com): 7 times
    31.41.244.61: 6 times
    31.41.244.62: 6 times
    34.64.183.226 (226.183.64.34.bc.googleusercontent.com): 6 times
    43.134.234.200: 7 times
    43.153.25.166: 3 times
    43.153.85.172: 2 times
    43.153.178.30: 5 times
    43.153.225.154: 5 times
    43.155.163.250: 6 times
    43.156.4.142: 4 times
    43.159.59.118: 3 times
    45.95.146.100 (hosted-by.alsycon.net): 1 time
    45.164.130.2 (clt-home-45-164-130-2.fastconnect.net.br): 3 times
    49.51.52.23: 4 times
    49.51.242.95: 8 times
    59.12.160.91: 1 time
    59.103.181.149: 4 times
    65.2.10.245 (ec2-65-2-10-245.ap-south-1.compute.amazonaws.com): 3 times
    82.207.8.206 (206-8-207-82.pool.ukrtel.net): 3 times
    85.228.158.212 (ua-85-228-158-212.bbcust.telenor.se): 1 time
    87.248.226.146 (87.248.226.146.pool.sknt.ru): 3 times
    103.48.116.7: 25 times
    103.86.49.28 (103-86-49-28.static.bangmod-idc.com): 4 times
    103.170.246.85: 3 times
    118.194.231.180: 5 times
    128.199.80.214: 5 times
    129.226.199.34: 5 times
    138.197.102.26: 3 times
    141.98.11.11 (axon-stall.riddlecamera.net): 11 times
    141.98.11.90 (lighten.medyamol.com): 19 times
    143.110.182.210: 14 times
    143.198.222.239: 3 times
    152.70.217.117: 8 times
    154.198.211.170: 7 times
    156.0.130.229: 6 times
    159.65.84.193: 2 times
    159.203.113.193: 5 times
    159.223.164.146: 16 times
    161.132.183.24: 6 times
    161.132.219.115: 6 times
    162.243.61.162 (cloud.boneita.com): 4 times
    164.132.51.188 (vps-44d2d681.vps.ovh.net): 2 times
    170.106.73.154: 4 times
    177.94.48.214 (177-94-48-214.dsl.telesp.net.br): 3 times
    178.62.97.236: 2 times
    181.49.10.146: 6 times
    185.17.113.238 (reverse.comnetnetwork.com): 4 times
    185.161.248.149: 35 times
    193.69.228.236: 1 time
    194.146.50.54 (host-194.146.50.54.meric.net.tr): 8 times
    196.43.196.73: 3 times
    197.5.145.68: 6 times
    200.89.174.178 (178-174-89-200.fibertel.com.ar): 8 times
    206.217.131.233 (206-217-131-233-host.colocrossing.com): 6 times
    211.75.183.12 (211-75-183-12.hinet-ip.hinet.net): 4 times

 Illegal users from:
    2001:470:1:332::8: 1 time
    undef: 393 times
    5.42.80.104: 6 times
    5.42.82.136: 4 times
    14.53.134.163: 5 times
    14.238.7.210: 13 times
    23.94.235.19 (23-94-235-19-host.colocrossing.com): 6 times
    31.41.244.61: 6 times
    31.41.244.62: 8 times
    34.64.183.226 (226.183.64.34.bc.googleusercontent.com): 6 times
    43.134.234.200: 5 times
    43.153.25.166: 6 times
    43.153.85.172: 8 times
    43.153.178.30: 7 times
    43.153.225.154: 7 times
    43.155.163.250: 7 times
    43.156.4.142: 7 times
    43.159.59.118: 15 times
    45.95.146.100 (hosted-by.alsycon.net): 9 times
    45.129.14.51 (sanchez.explorethebest.com): 2 times
    45.164.130.2 (clt-home-45-164-130-2.fastconnect.net.br): 9 times
    49.51.52.23: 6 times
    49.51.242.95: 5 times
    59.12.160.91: 9 times
    59.103.181.149: 8 times
    64.62.197.171 (scan-49e.shadowserver.org): 1 time
    65.2.10.245 (ec2-65-2-10-245.ap-south-1.compute.amazonaws.com): 8 times
    65.20.174.248: 1 time
    78.71.29.183 (78-71-29-183-no261.tbcn.telia.com): 1 time
    81.17.22.114 (hostedby.privatelayer.com): 10 times
    82.207.8.206 (206-8-207-82.pool.ukrtel.net): 7 times
    87.248.226.146 (87.248.226.146.pool.sknt.ru): 11 times
    103.48.116.7: 3 times
    103.86.49.28 (103-86-49-28.static.bangmod-idc.com): 6 times
    103.170.246.85: 9 times
    118.194.231.180: 12 times
    121.129.93.181: 1 time
    128.199.80.214: 13 times
    129.226.199.34: 7 times
    138.197.102.26: 7 times
    141.98.11.11 (axon-stall.riddlecamera.net): 15 times
    141.98.11.90 (lighten.medyamol.com): 16 times
    143.110.182.210: 19 times
    143.198.222.239: 8 times
    144.91.127.21 (vmi1343886.contaboserver.net): 1 time
    152.70.217.117: 5 times
    154.198.211.170: 12 times
    156.0.130.229: 8 times
    157.245.101.119: 9 times
    159.65.84.193: 8 times
    159.203.113.193: 8 times
    159.223.164.146: 37 times
    161.132.183.24: 8 times
    161.132.219.115: 6 times
    162.243.61.162 (cloud.boneita.com): 6 times
    164.132.51.188 (vps-44d2d681.vps.ovh.net): 8 times
    170.106.73.154: 6 times
    171.104.143.231: 16 times
    177.94.48.214 (177-94-48-214.dsl.telesp.net.br): 8 times
    178.62.97.236: 5 times
    178.128.171.48: 30 times
    181.49.10.146: 7 times
    185.17.113.238 (reverse.comnetnetwork.com): 6 times
    185.161.248.149: 129 times
    194.146.50.54 (host-194.146.50.54.meric.net.tr): 11 times
    196.43.196.73: 8 times
    197.5.145.68: 6 times
    200.89.174.178 (178-174-89-200.fibertel.com.ar): 18 times
    206.217.131.233 (206-217-131-233-host.colocrossing.com): 4 times
    211.75.183.12 (211-75-183-12.hinet-ip.hinet.net): 8 times

 **Unmatched Entries**
 Disconnecting: Corrupted padlen 0 on input. [preauth] : 1 time(s)

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47383p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End ######################### 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016