Logwatch for h2361197.stratoserver.net (Linux)

Sonntag, 7 März 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sun Mar  7 04:42:03 2021
        Date Range Processed: yesterday
                              ( 2021-Mar-06 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [113:113]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    149.129.50.37 -> zapf.wiki:443: 1 Time(s)
 
 A total of 4 sites probed the server 
    149.129.50.37
    185.142.236.34
    45.144.225.70
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       null: 10 Time(s)
       /: 3 Time(s)
       /config/getuser?index=0: 2 Time(s)
       /bag2: 1 Time(s)
       /resolutionen/wise18/Reso_Novelle_BerlHG/Geplante: 1 Time(s)
       HTTP/1.0: 1 Time(s)
       mstshash=Test: 1 Time(s)
       zapf.wiki:443: 1 Time(s)
    404 Not Found
       /robots.txt: 61 Time(s)
       /wp-login.php: 7 Time(s)
       /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 4 Time(s)
       /protokolle/Protokoll_MV_2019_01_11_Freiburg.pdf: 4 Time(s)
       /protokolle/Protokoll_MV_2020_11_12_Muenchen.pdf: 3 Time(s)
       /_ignition/execute-solution: 2 Time(s)
       /blog/wp-login.php: 2 Time(s)
       /home/verein: 2 Time(s)
       /home/zapf: 2 Time(s)
       /reader/1989-wi-berlin.pdf: 2 Time(s)
       /reader/1993-so-reader_do93.pdf: 2 Time(s)
       /reader/1994-wi-reader_hb94.pdf: 2 Time(s)
       /reader/1995-so-reader_ha95.pdf: 2 Time(s)
       /wordpress/wp-login.php: 2 Time(s)
       /wp/wp-login.php: 2 Time(s)
       /.env: 1 Time(s)
       /download/zapfev_satzung.pdf: 1 Time(s)
       /empire/: 1 Time(s)
       /empirebak/: 1 Time(s)
       /eupload/: 1 Time(s)
       /neuigkeiten/einladung-zapf-sose2011: 1 Time(s)
       /reader/1993-wi-reader_st93.pdf: 1 Time(s)
       /reader/1995-wi-reader_bn95.pdf: 1 Time(s)
       /reader/1998-so-reader_ro98.pdf: 1 Time(s)
       /stapf: 1 Time(s)
       /verein%7C: 1 Time(s)
    500 Internal Server Error
       /: 45 Time(s)
       /robots.txt: 11 Time(s)
       /sitemap.txt: 10 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s)
       /.env: 3 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 2 Time(s)
       /Autodiscover/Autodiscover.xml: 2 Time(s)
       /_ignition/execute-solution: 2 Time(s)
       /api/jsonws/invoke: 2 Time(s)
       /console/: 2 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s)
       /mifs/.;/services/LogService: 2 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       //login_sid.lua: 1 Time(s)
       /actuator/health: 1 Time(s)
       /admin//config.php: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /sitemap.xml: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (49.235.38.46): 134 Time(s)
       root (89.40.53.35): 119 Time(s)
       root (49.233.186.66): 77 Time(s)
       root (125.88.169.233): 67 Time(s)
       root (159.203.85.196): 66 Time(s)
       root (70.150.230.35.bc.googleusercontent.com): 66 Time(s)
       root (117.25.154.164): 62 Time(s)
       root (183.6.107.248): 62 Time(s)
       root (49.234.18.158): 62 Time(s)
       root (115.231.179.94): 61 Time(s)
       root (152.136.220.127): 61 Time(s)
       root (42.194.142.143): 61 Time(s)
       root (49.235.181.51): 61 Time(s)
       root (210.14.69.76): 59 Time(s)
       root (120.53.238.156): 58 Time(s)
       root (167.71.46.139): 58 Time(s)
       root (114.117.0.46): 57 Time(s)
       root (146.56.195.192): 55 Time(s)
       root (129.211.49.44): 54 Time(s)
       root (113.200.156.180): 53 Time(s)
       root (212.64.78.28): 51 Time(s)
       root (106.52.181.236): 48 Time(s)
       root (115.159.114.146): 47 Time(s)
       root (61.155.2.142): 44 Time(s)
       root (117.50.35.29): 43 Time(s)
       root (1.180.211.139): 41 Time(s)
       root (121.127.241.25): 41 Time(s)
       root (88.200.224.211): 41 Time(s)
       root (49.247.208.185): 40 Time(s)
       root (116.196.69.144): 38 Time(s)
       root (42.192.82.17): 38 Time(s)
       root (218.92.0.145): 36 Time(s)
       root (221.181.185.141): 36 Time(s)
       root (180.76.124.53): 33 Time(s)
       root (221.181.185.140): 30 Time(s)
       root (mgt2.pnu.ac.th): 30 Time(s)
       root (129.211.124.204): 29 Time(s)
       root (119.73.179.114): 28 Time(s)
       root (212.64.14.185): 28 Time(s)
       root (221.181.185.237): 26 Time(s)
       root (201-217-195-226-host.ifx.net.co): 25 Time(s)
       root (59.107.150.203.sta.inet.co.th): 21 Time(s)
       root (188.92.243.82): 20 Time(s)
       root (fixed-187-188-107-115.totalplay.net): 19 Time(s)
       root (45.55.181.123): 18 Time(s)
       root (118.24.116.21): 17 Time(s)
       root (88-119-128-132.static.zebra.lt): 17 Time(s)
       root (221.181.185.143): 16 Time(s)
       root (182.254.213.17): 13 Time(s)
       unknown (118.24.116.21): 13 Time(s)
       root (157.230.219.139): 12 Time(s)
       root (218.92.0.133): 12 Time(s)
       root (81.69.242.16): 12 Time(s)
       root (139.217.119.86): 11 Time(s)
       root (161.35.101.70): 11 Time(s)
       root (business-188-142-226-84.business.broadband.hu): 11 Time(s)
       unknown (61.155.2.142): 11 Time(s)
       unknown (mgt2.pnu.ac.th): 9 Time(s)
       root (106.58.185.232): 7 Time(s)
       root (119.5.157.124): 7 Time(s)
       root (218.92.0.138): 6 Time(s)
       root (218.92.0.171): 6 Time(s)
       root (218.92.0.247): 6 Time(s)
       root (106.53.219.247): 4 Time(s)
       root (140.143.61.200): 4 Time(s)
       root (203-66-14-161.hinet-ip.hinet.net): 4 Time(s)
       root (106.55.150.24): 3 Time(s)
       unknown (165.232.143.174): 3 Time(s)
       unknown (195.54.160.250): 3 Time(s)
       unknown (45.93.201.193): 3 Time(s)
       root (118.25.226.152): 2 Time(s)
       unknown (59.2.207.18): 2 Time(s)
       root (101.32.192.175): 1 Time(s)
       root (106.52.55.146): 1 Time(s)
       root (106.75.24.157): 1 Time(s)
       root (119.28.27.176): 1 Time(s)
       root (121.229.16.138): 1 Time(s)
       root (123.207.74.24): 1 Time(s)
       root (139.198.122.76): 1 Time(s)
       root (140.143.251.84): 1 Time(s)
       root (143.110.148.255): 1 Time(s)
       root (152.136.98.165): 1 Time(s)
       root (159.65.150.151): 1 Time(s)
       root (175.24.117.78): 1 Time(s)
       root (178.32.192.85): 1 Time(s)
       root (180.167.240.222): 1 Time(s)
       root (180.250.97.19): 1 Time(s)
       root (182.ip-51-178-31.eu): 1 Time(s)
       root (227.ip-92-222-93.eu): 1 Time(s)
       root (49.233.166.113): 1 Time(s)
       root (49.51.182.144): 1 Time(s)
       root (66.221.45.207): 1 Time(s)
    Invalid Users:
       Unknown Account: 44 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       10   Miscellaneous warnings  
 
   16.507K  Bytes accepted                              16,903
   16.507K  Bytes sent via SMTP                         16,903
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       79   Connections             
       13   Connections lost (inbound) 
       79   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        2   SMTP dialog errors      
        7   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 11 Time(s)
 
 Failed logins from:
    1.180.211.139: 41 times
    35.230.150.70 (70.150.230.35.bc.googleusercontent.com): 66 times
    42.192.82.17: 38 times
    42.194.142.143: 61 times
    45.55.181.123: 18 times
    49.51.182.144: 1 time
    49.233.166.113: 1 time
    49.233.186.66: 77 times
    49.234.18.158: 62 times
    49.235.38.46: 134 times
    49.235.181.51: 61 times
    49.247.208.185: 40 times
    51.178.31.182 (182.ip-51-178-31.eu): 1 time
    61.155.2.142: 44 times
    66.221.45.207: 1 time
    81.69.242.16: 12 times
    88.119.128.132 (88-119-128-132.static.zebra.lt): 17 times
    88.200.224.211: 41 times
    89.40.53.35: 119 times
    92.222.93.227 (227.ip-92-222-93.eu): 1 time
    101.32.192.175: 1 time
    106.52.55.146: 1 time
    106.52.181.236: 48 times
    106.53.219.247: 4 times
    106.55.150.24: 3 times
    106.58.185.232: 7 times
    106.75.24.157: 1 time
    113.200.156.180: 53 times
    114.117.0.46: 57 times
    115.159.114.146: 47 times
    115.231.179.94: 61 times
    116.196.69.144: 38 times
    117.25.154.164: 62 times
    117.50.35.29: 43 times
    118.24.116.21: 17 times
    118.25.226.152: 2 times
    119.5.157.124: 7 times
    119.28.27.176: 1 time
    119.73.179.114: 28 times
    120.53.238.156: 58 times
    121.127.241.25: 41 times
    121.229.16.138: 1 time
    123.207.74.24: 1 time
    125.88.169.233: 67 times
    129.211.49.44: 54 times
    129.211.124.204: 29 times
    139.198.122.76: 1 time
    139.217.119.86: 11 times
    140.143.61.200: 4 times
    140.143.251.84: 1 time
    143.110.148.255: 1 time
    146.56.195.192: 55 times
    152.136.98.165: 1 time
    152.136.220.127: 61 times
    157.230.219.139: 12 times
    159.65.150.151: 1 time
    159.203.85.196: 66 times
    161.35.101.70: 11 times
    167.71.46.139: 58 times
    175.24.117.78: 1 time
    178.32.192.85: 1 time
    180.76.124.53: 33 times
    180.167.240.222: 1 time
    180.250.97.19: 1 time
    182.254.213.17: 13 times
    183.6.107.248: 62 times
    187.188.107.115 (fixed-187-188-107-115.totalplay.net): 19 times
    188.92.243.82: 20 times
    188.142.226.84 (business-188-142-226-84.business.broadband.hu): 11 times
    201.217.195.226 (201-217-195-226-host.ifx.net.co): 25 times
    202.29.70.46 (mgt2.pnu.ac.th): 30 times
    203.66.14.161 (203-66-14-161.HINET-IP.hinet.net): 4 times
    203.150.107.59 (59.107.150.203.sta.inet.co.th): 21 times
    210.14.69.76: 59 times
    212.64.14.185: 28 times
    212.64.78.28: 51 times
    218.92.0.133: 12 times
    218.92.0.138: 6 times
    218.92.0.145: 36 times
    218.92.0.171: 6 times
    218.92.0.247: 6 times
    221.181.185.140: 36 times
    221.181.185.141: 36 times
    221.181.185.143: 18 times
    221.181.185.237: 30 times
 
 Illegal users from:
    undef: 35 times
    45.93.201.193: 3 times
    59.2.207.18: 2 times
    61.155.2.142: 11 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    118.24.116.21: 13 times
    139.162.122.110 (scan-8.security.ipip.net): 1 time
    165.232.143.174: 3 times
    195.54.160.250: 3 times
    202.29.70.46 (mgt2.pnu.ac.th): 9 times
 
 **Unmatched Entries**
 fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 54 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop47755p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016