04:42
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Mon May 10 04:42:04 2021
Date Range Processed: yesterday
( 2021-May-09 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [380:376]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 14 sites probed the server
139.162.145.250
144.217.190.196
167.99.169.205
167.99.32.246
178.175.60.11
180.214.236.35
207.237.46.43
45.32.231.157
45.33.41.11
46.249.32.208
59.94.180.6
64.227.3.111
80.255.7.10
94.102.49.193
Requests with error response codes
400 Bad Request
null: 18 Time(s)
mstshash=Administr: 4 Time(s)
*G_\x9F\xC8\x16\x80\x04jt\x90\xD9\xAB(\x8D ... x13\x97\xB4\xE9: 3 Time(s)
/: 2 Time(s)
/config/getuser?index=0: 1 Time(s)
;\xA6\xDFY\x17XmA4u\x81(\x8BQ\xCFi\xB1\x1A ... x09\xC0\x14\xC0: 1 Time(s)
HTTP/1.0: 1 Time(s)
403 Forbidden
/resolutionen/wise17/Zwangsexmatrikulation/: 1 Time(s)
404 Not Found
/robots.txt: 55 Time(s)
/.env: 5 Time(s)
/wp-login.php: 5 Time(s)
//2019/wp-includes/wlwmanifest.xml: 2 Time(s)
//2020/wp-includes/wlwmanifest.xml: 2 Time(s)
//blog/wp-includes/wlwmanifest.xml: 2 Time(s)
//cms/wp-includes/wlwmanifest.xml: 2 Time(s)
//news/wp-includes/wlwmanifest.xml: 2 Time(s)
//shop/wp-includes/wlwmanifest.xml: 2 Time(s)
//site/wp-includes/wlwmanifest.xml: 2 Time(s)
//sito/wp-includes/wlwmanifest.xml: 2 Time(s)
//test/wp-includes/wlwmanifest.xml: 2 Time(s)
//web/wp-includes/wlwmanifest.xml: 2 Time(s)
//website/wp-includes/wlwmanifest.xml: 2 Time(s)
//wordpress/wp-includes/wlwmanifest.xml: 2 Time(s)
//wp-includes/wlwmanifest.xml: 2 Time(s)
//wp/wp-includes/wlwmanifest.xml: 2 Time(s)
//wp1/wp-includes/wlwmanifest.xml: 2 Time(s)
//wp2/wp-includes/wlwmanifest.xml: 2 Time(s)
//xmlrpc.php?rsd: 2 Time(s)
/neuigkeiten/einladung-mgv-ss2011: 2 Time(s)
/xmlrpc.php: 2 Time(s)
/berlin/apple-touch-icon.png: 1 Time(s)
/berlin/orientierung/apple-touch-icon.png: 1 Time(s)
/berlin/zapf/apple-touch-icon.png: 1 Time(s)
/protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 1 Time(s)
/resolutionen/wise15/Transparenz_in_der_Dr ... sparenz_in_der_: 1 Time(s)
/sites/default/files/1980_WiSe_Aachen.pdf: 1 Time(s)
/sites/default/files/2010_WiSe_Berlin.pdf: 1 Time(s)
/sites/default/files/2011_05_Stellungnahme_ZEITlast.pdf: 1 Time(s)
/sites/default/files/2011_SoSe_Dresden.pdf: 1 Time(s)
/sites/default/files/2012_WiSe_Karlsruhe.pdf: 1 Time(s)
/verein%7C: 1 Time(s)
/verein%7CZaPF: 1 Time(s)
/verein/satzung/%7CSatzung: 1 Time(s)
/zapf/reader/%7CTagungsreader: 1 Time(s)
/zapf/resolutionen/%7D%7Bwww.zapfev.de/zapf/resolutionen%7D: 1 Time(s)
405 Method Not Allowed
/: 5 Time(s)
499 (undefined)
/apple-touch-icon.png: 3 Time(s)
/favicon.png: 2 Time(s)
/build/260ef443edb4dfd026d82e2b21a4c75c.woff: 1 Time(s)
/fonts/SourceCodePro-Medium.woff: 1 Time(s)
/fonts/SourceSansPro-Regular.woff: 1 Time(s)
500 Internal Server Error
/: 35 Time(s)
/.env: 3 Time(s)
/robots.txt: 3 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
/.git/config: 1 Time(s)
/.vscode/sftp.json: 1 Time(s)
/?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/_ignition/execute-solution: 1 Time(s)
/actuator/health: 1 Time(s)
/api/jsonws/invoke: 1 Time(s)
/app/.env: 1 Time(s)
/console/: 1 Time(s)
/core/.env: 1 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
/index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
/mifs/.;/services/LogService: 1 Time(s)
/owa/: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/public/.env: 1 Time(s)
/wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (129.204.66.236): 100 Time(s)
root (88.218.227.219): 100 Time(s)
root (129.211.66.15): 95 Time(s)
root (51.15.120.32): 91 Time(s)
root (142.93.109.2): 90 Time(s)
root (159.89.164.104): 89 Time(s)
root (124.156.228.107): 66 Time(s)
root (112.199.112.42): 57 Time(s)
root (91.231.213.51): 57 Time(s)
root (49.232.215.196): 55 Time(s)
root (122.51.64.150): 54 Time(s)
root (94.180.57.15): 54 Time(s)
unknown (mbl-99-60-219.dsl.net.pk): 54 Time(s)
unknown (vps-44e877d2.vps.ovh.net): 54 Time(s)
root (222.249.234.100): 53 Time(s)
root (61-218-5-190.hinet-ip.hinet.net): 52 Time(s)
root (154.160.74.91): 50 Time(s)
root (1.15.183.115): 46 Time(s)
root (103.147.5.89): 45 Time(s)
root (mbl-99-60-219.dsl.net.pk): 45 Time(s)
unknown (103.231.46.66): 39 Time(s)
unknown (128.199.158.182): 39 Time(s)
root (129.226.170.141): 38 Time(s)
root (142.93.118.252): 37 Time(s)
root (218.29.188.139): 37 Time(s)
unknown (120.237.118.139): 36 Time(s)
root (189.254.242.60): 35 Time(s)
unknown (182.156.76.221): 35 Time(s)
unknown (139.199.223.208): 33 Time(s)
unknown (81.68.108.77): 33 Time(s)
unknown (124.156.155.147): 32 Time(s)
root (121.4.147.213): 31 Time(s)
unknown (120.221.149.166): 31 Time(s)
unknown (121.4.120.24): 29 Time(s)
unknown (1.15.50.160): 28 Time(s)
unknown (222.107.12.219): 28 Time(s)
unknown (117.50.63.120): 27 Time(s)
unknown (180.215.218.32): 27 Time(s)
root (120.237.118.139): 26 Time(s)
unknown (198.199.69.221): 26 Time(s)
unknown (115.159.25.60): 25 Time(s)
unknown (45.230.172.115): 25 Time(s)
unknown (ool-44c79f93.dyn.optonline.net): 25 Time(s)
root (81.68.108.77): 24 Time(s)
root (139.199.223.208): 23 Time(s)
unknown (93-43-240-145.ip94.fastwebnet.it): 23 Time(s)
root (115.159.25.60): 22 Time(s)
root (180.215.218.32): 22 Time(s)
root (186.195.108.66): 22 Time(s)
root (198.199.69.221): 22 Time(s)
root (119.45.53.25): 21 Time(s)
root (222.107.12.219): 21 Time(s)
unknown (167.71.226.130): 21 Time(s)
unknown (183.98.211.10): 21 Time(s)
unknown (195-154-114-115.rev.poneytelecom.eu): 21 Time(s)
unknown (59.165.161.178): 21 Time(s)
root (183.98.211.10): 20 Time(s)
unknown (8.209.221.61): 19 Time(s)
root (106.75.71.82): 18 Time(s)
root (120.221.149.166): 18 Time(s)
root (1.15.50.160): 17 Time(s)
root (103.231.46.66): 17 Time(s)
root (128.199.158.182): 17 Time(s)
root (8.209.221.61): 17 Time(s)
unknown (119.28.239.30): 17 Time(s)
unknown (140.143.241.48): 17 Time(s)
root (182.156.76.221): 16 Time(s)
root (59.165.161.178): 16 Time(s)
root (117.50.63.120): 15 Time(s)
root (119.28.239.30): 15 Time(s)
unknown (106.75.71.82): 15 Time(s)
unknown (68.183.110.49): 15 Time(s)
root (124.156.155.147): 14 Time(s)
root (167.71.226.130): 13 Time(s)
root (195-154-114-115.rev.poneytelecom.eu): 13 Time(s)
root (93-43-240-145.ip94.fastwebnet.it): 13 Time(s)
root (121.4.120.24): 12 Time(s)
unknown (45.146.165.151): 12 Time(s)
root (68.183.110.49): 10 Time(s)
root (140.143.241.48): 9 Time(s)
root (45.230.172.115): 9 Time(s)
root (ool-44c79f93.dyn.optonline.net): 8 Time(s)
unknown (vmi218378.contaboserver.net): 7 Time(s)
root (159.75.91.118): 6 Time(s)
root (222.168.30.19): 6 Time(s)
root (43.226.155.16): 6 Time(s)
root (aim-177-254.tm.net.my): 6 Time(s)
unknown (185.36.81.184): 6 Time(s)
unknown (185.36.81.52): 6 Time(s)
unknown (81.68.234.113): 6 Time(s)
root (211.36.141.121): 4 Time(s)
root (60.171.137.229): 4 Time(s)
unknown (185.36.81.58): 4 Time(s)
unknown (194.61.25.28): 3 Time(s)
unknown (45.135.232.165): 3 Time(s)
unknown (45.146.165.72): 3 Time(s)
unknown (host-186-101-233-58.netlife.ec): 3 Time(s)
root (45.146.165.151): 2 Time(s)
root (81.68.234.113): 2 Time(s)
root (inseit.kylos.net.pl): 2 Time(s)
root (vmi218378.contaboserver.net): 2 Time(s)
unknown (116.43.251.53): 2 Time(s)
unknown (82-65-205-42.subs.proxad.net): 2 Time(s)
unknown (95.128.43.164): 2 Time(s)
www-data (198.199.69.221): 2 Time(s)
backup (120.221.149.166): 1 Time(s)
bin (93-43-240-145.ip94.fastwebnet.it): 1 Time(s)
daemon (222.107.12.219): 1 Time(s)
gnats (117.50.63.120): 1 Time(s)
lp (140.143.241.48): 1 Time(s)
man (120.237.118.139): 1 Time(s)
man (mbl-99-60-219.dsl.net.pk): 1 Time(s)
mysql (103.231.46.66): 1 Time(s)
mysql (45.146.165.151): 1 Time(s)
postfix (103.231.46.66): 1 Time(s)
postgres (121.4.120.24): 1 Time(s)
postgres (183.98.211.10): 1 Time(s)
postgres (81.68.108.77): 1 Time(s)
root (104.41.44.30): 1 Time(s)
root (148.70.31.188): 1 Time(s)
root (159.75.99.48): 1 Time(s)
root (165.22.86.155): 1 Time(s)
root (171.244.139.236): 1 Time(s)
root (183.196.214.95): 1 Time(s)
root (52.148.65.61): 1 Time(s)
root (vps-6e293bef.vps.ovh.net): 1 Time(s)
sshd (183.98.211.10): 1 Time(s)
sshd (81.68.108.77): 1 Time(s)
unknown (142.93.161.54): 1 Time(s)
unknown (180.76.227.209): 1 Time(s)
unknown (185.191.124.152): 1 Time(s)
unknown (185.220.102.242): 1 Time(s)
unknown (198.98.54.56): 1 Time(s)
unknown (211.36.141.121): 1 Time(s)
unknown (212.64.68.71): 1 Time(s)
unknown (23.129.64.231): 1 Time(s)
unknown (45.153.160.139): 1 Time(s)
unknown (60.171.137.229): 1 Time(s)
unknown (this-is-a-tor-exit-node-hviv115.hviv.nl): 1 Time(s)
unknown (this-is-a-tor-exit-node-hviv126.hviv.nl): 1 Time(s)
unknown (tor-exit-5014.nortor.no): 1 Time(s)
unknown (tor-exit5-readme.dfri.se): 1 Time(s)
www-data (167.71.226.130): 1 Time(s)
www-data (182.156.76.221): 1 Time(s)
www-data (mbl-99-60-219.dsl.net.pk): 1 Time(s)
Invalid Users:
Unknown Account: 889 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
6 Miscellaneous warnings
16.893K Bytes accepted 17,298
16.893K Bytes sent via SMTP 17,298
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
3 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
3 Total 4xx Rejects 100.00%
======== ==================================================
513 Connections
146 Connections lost (inbound)
513 Disconnections
1 Removed from queue
1 Sent via SMTP
4 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End
-------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 3 Time(s)
Failed logins from:
1.15.50.160: 17 times
1.15.183.115: 46 times
8.209.221.61: 17 times
43.226.155.16: 6 times
45.146.165.151: 3 times
45.230.172.115: 9 times
49.232.215.196: 55 times
51.15.120.32 (32-120-15-51.instances.scw.cloud): 91 times
52.148.65.61: 1 time
59.165.161.178 (59.165.161.178.man-static.vsnl.net.in): 16 times
60.171.137.229: 4 times
61.218.5.190 (61-218-5-190.HINET-IP.hinet.net): 52 times
68.183.110.49: 10 times
68.199.159.147 (ool-44c79f93.dyn.optonline.net): 8 times
81.68.108.77: 26 times
81.68.234.113: 2 times
88.218.227.219: 100 times
91.231.213.51 (91-231-213-51.obit.ru): 57 times
93.43.240.145 (93-43-240-145.ip94.fastwebnet.it): 14 times
94.180.57.15 (94x180x57x15.dynamic.rostov.ertelecom.ru): 54 times
103.147.5.89: 45 times
103.231.46.66: 19 times
104.41.44.30: 1 time
106.75.71.82: 18 times
112.199.112.42 (42.112.199.112.clbrz.inet.static.eastern-tele.com): 57 times
115.159.25.60: 22 times
117.50.63.120: 16 times
119.28.239.30: 15 times
119.45.53.25: 21 times
120.221.149.166: 19 times
120.237.118.139: 27 times
121.4.120.24: 13 times
121.4.147.213: 31 times
122.51.64.150: 54 times
124.156.155.147: 14 times
124.156.228.107: 66 times
128.199.158.182: 17 times
129.204.66.236: 100 times
129.211.66.15: 95 times
129.226.170.141: 38 times
139.199.223.208: 23 times
140.143.241.48: 10 times
142.93.109.2: 90 times
142.93.118.252: 37 times
146.59.35.43 (vps-6e293bef.vps.ovh.net): 1 time
148.70.31.188: 1 time
154.160.74.91: 50 times
159.75.91.118: 7 times
159.75.99.48: 1 time
159.89.164.104: 89 times
165.22.86.155: 1 time
167.71.226.130: 14 times
171.244.139.236: 1 time
180.215.218.32: 22 times
182.156.76.221 (static-221.76.156.182-tataidc.co.in): 17 times
183.98.211.10: 22 times
183.196.214.95: 1 time
186.195.108.66 (186-195-108-66.gigabytetelecom.com.br): 22 times
189.254.242.60 (correo.capitaldezacatecas.gob.mx): 35 times
195.154.114.115 (195-154-114-115.rev.poneytelecom.eu): 13 times
195.162.24.82 (inseit.kylos.net.pl): 2 times
198.199.69.221: 24 times
203.99.60.219 (mbl-99-60-219.dsl.net.pk): 47 times
210.187.177.254 (aim-177-254.tm.net.my): 6 times
211.36.141.121: 4 times
213.136.68.179 (vmi218378.contaboserver.net): 2 times
218.29.188.139 (hn.kd.ny.adsl): 37 times
222.107.12.219: 22 times
222.168.30.19: 6 times
222.249.234.100: 53 times
Illegal users from:
undef: 691 times
1.15.50.160: 28 times
5.196.27.163 (vps-44e877d2.vps.ovh.net): 54 times
8.209.221.61: 19 times
23.129.64.231: 1 time
45.135.232.165: 3 times
45.146.165.72: 3 times
45.146.165.151: 12 times
45.153.160.139: 1 time
45.230.172.115: 25 times
59.165.161.178 (59.165.161.178.man-static.vsnl.net.in): 21 times
60.171.137.229: 1 time
65.49.20.68 (scan-19.shadowserver.org): 1 time
68.183.110.49: 15 times
68.199.159.147 (ool-44c79f93.dyn.optonline.net): 25 times
81.68.108.77: 33 times
81.68.234.113: 6 times
82.65.205.42 (82-65-205-42.subs.proxad.net): 2 times
93.43.240.145 (93-43-240-145.ip94.fastwebnet.it): 23 times
95.128.43.164 (exit-1.fr.tor.aquaray.com): 2 times
103.231.46.66: 39 times
106.75.71.82: 15 times
115.159.25.60: 25 times
116.43.251.53: 2 times
117.50.63.120: 27 times
119.28.239.30: 17 times
120.221.149.166: 31 times
120.237.118.139: 36 times
121.4.120.24: 29 times
124.156.155.147: 32 times
128.199.158.182: 39 times
139.199.223.208: 33 times
140.143.241.48: 17 times
142.93.161.54: 1 time
167.71.226.130: 21 times
171.25.193.25 (tor-exit5-readme.dfri.se): 1 time
180.76.227.209: 1 time
180.215.218.32: 27 times
182.156.76.221 (static-221.76.156.182-tataidc.co.in): 35 times
183.98.211.10: 21 times
185.36.81.52 (sterharvest.com): 6 times
185.36.81.58: 4 times
185.36.81.184: 6 times
185.191.124.152: 1 time
185.220.102.242 (185-220-102-242.torservers.net): 1 time
186.101.233.58 (host-186-101-233-58.netlife.ec): 3 times
192.42.116.15 (this-is-a-tor-exit-node-hviv115.hviv.nl): 1 time
192.42.116.26 (this-is-a-tor-exit-node-hviv126.hviv.nl): 1 time
194.61.25.28: 3 times
195.154.114.115 (195-154-114-115.rev.poneytelecom.eu): 21 times
198.98.54.56: 1 time
198.199.69.221: 26 times
203.99.60.219 (mbl-99-60-219.dsl.net.pk): 54 times
211.36.141.121: 1 time
212.64.68.71: 1 time
213.136.68.179 (vmi218378.contaboserver.net): 7 times
217.170.205.14 (tor-exit-5014.nortor.no): 1 time
222.107.12.219: 28 times
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop47755p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
1625
days inactive
1625
days old
0 comments
1 participants
participants (1)
-
root@zapf.in