Logwatch for h2361197.stratoserver.net (Linux)

Mittwoch, 13 Oktober 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Wed Oct 13 04:42:05 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-12 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [112:113]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 13 sites probed the server 
    115.51.121.192
    161.35.236.158
    161.35.238.241
    162.62.117.51
    185.183.98.162
    188.166.57.57
    198.98.56.220
    199.195.251.213
    209.141.56.41
    34.86.35.26
    45.141.84.35
    61.219.11.151
    91.134.146.186
 
 Requests with error response codes
    400 Bad Request
       null: 14 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s)
       /: 2 Time(s)
       /config/getuser?index=0: 2 Time(s)
       /.env: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       mstshash=Administr: 1 Time(s)
    404 Not Found
       /berlin/team/apple-touch-icon.png: 1 Time(s)
    500 Internal Server Error
       /: 59 Time(s)
       /.env: 13 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 2 Time(s)
       /Autodiscover/Autodiscover.xml: 2 Time(s)
       /_ignition/execute-solution: 2 Time(s)
       /api/jsonws/invoke: 2 Time(s)
       /console/: 2 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s)
       /mifs/.;/services/LogService: 2 Time(s)
       /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 2 Time(s)
       /robots.txt: 2 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s)
       /GponForm/diag_Form?style/: 1 Time(s)
       /actuator/health: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (223.197.175.91): 53 Time(s)
       root (167.99.164.118): 45 Time(s)
       root (181.48.60.50): 42 Time(s)
       root (122.51.64.115): 40 Time(s)
       root (49.234.214.215): 39 Time(s)
       root (1.116.178.163): 38 Time(s)
       root (109.195.10.65): 38 Time(s)
       root (210.21.226.2): 38 Time(s)
       root (223.220.251.232): 38 Time(s)
       root (103.127.77.78): 37 Time(s)
       root (2.236.48.32): 37 Time(s)
       root (121.4.180.217): 35 Time(s)
       root (87.251.122.178): 35 Time(s)
       root (181.49.154.26): 34 Time(s)
       root (188.166.22.79): 34 Time(s)
       root (52.178.155.67): 34 Time(s)
       root (81.70.161.94): 34 Time(s)
       root (82.157.186.236): 34 Time(s)
       root (p57bdf833.dip0.t-ipconnect.de): 34 Time(s)
       root (106.54.149.118): 33 Time(s)
       root (14.141.174.123): 33 Time(s)
       root (159.65.32.126): 33 Time(s)
       root (45.80.64.230): 33 Time(s)
       root (69.49.228.198): 33 Time(s)
       root (119.29.171.213): 32 Time(s)
       root (42.192.79.87): 32 Time(s)
       root (82.156.229.10): 32 Time(s)
       root (111.161.116.24): 31 Time(s)
       root (117.158.4.243): 31 Time(s)
       root (121.4.189.2): 31 Time(s)
       root (167.172.101.208): 31 Time(s)
       root (217.147.174.182): 31 Time(s)
       root (49.235.122.197): 31 Time(s)
       root (49.248.77.234): 31 Time(s)
       unknown (106.55.37.132): 31 Time(s)
       root (121.5.162.8): 30 Time(s)
       root (153.101.29.178): 30 Time(s)
       root (47.254.215.122): 30 Time(s)
       root (106.53.121.171): 29 Time(s)
       root (51.15.229.198): 28 Time(s)
       root (82.157.125.42): 27 Time(s)
       root (200.195.169.59): 26 Time(s)
       root (117.50.12.89): 25 Time(s)
       root (201-26-23-107.dsl.telesp.net.br): 23 Time(s)
       root (v160-251-13-98.7xu2.static.cnode.io): 23 Time(s)
       root (147.139.30.243): 22 Time(s)
       unknown (121.5.162.8): 22 Time(s)
       unknown (51.15.229.198): 22 Time(s)
       root (120.92.134.94): 21 Time(s)
       root (61.28.116.83): 20 Time(s)
       unknown (223.197.175.91): 20 Time(s)
       root (054441a4.skybroadband.com): 19 Time(s)
       root (106.55.37.132): 19 Time(s)
       root (91.209.59.71): 19 Time(s)
       unknown (121.4.189.2): 19 Time(s)
       unknown (217.147.174.182): 19 Time(s)
       unknown (49.248.77.234): 19 Time(s)
       root (150.158.173.223): 18 Time(s)
       root (218.25.140.72): 18 Time(s)
       root (49.232.67.184): 18 Time(s)
       root (62.234.134.181): 18 Time(s)
       unknown (42.192.79.87): 18 Time(s)
       unknown (82.156.229.10): 18 Time(s)
       unknown (82.157.125.42): 18 Time(s)
       root (49.234.99.246): 17 Time(s)
       unknown (106.53.121.171): 17 Time(s)
       unknown (112.216.93.141): 17 Time(s)
       unknown (14.141.174.123): 17 Time(s)
       unknown (159.65.32.126): 17 Time(s)
       unknown (45.80.64.230): 17 Time(s)
       unknown (52.178.155.67): 16 Time(s)
       unknown (81.70.161.94): 16 Time(s)
       unknown (82.157.186.236): 16 Time(s)
       unknown (p57bdf833.dip0.t-ipconnect.de): 16 Time(s)
       root (157.245.101.31): 15 Time(s)
       root (212.64.90.41): 15 Time(s)
       unknown (106.54.149.118): 15 Time(s)
       unknown (117.158.4.243): 15 Time(s)
       unknown (119.29.171.213): 15 Time(s)
       unknown (121.4.180.217): 15 Time(s)
       unknown (181.49.154.26): 15 Time(s)
       unknown (200.195.169.59): 15 Time(s)
       unknown (223.220.251.232): 15 Time(s)
       unknown (49.235.122.197): 15 Time(s)
       root (1.202.77.126): 13 Time(s)
       root (211.144.221.226): 13 Time(s)
       root (49.234.41.154): 13 Time(s)
       unknown (117.50.12.89): 13 Time(s)
       unknown (153.101.29.178): 13 Time(s)
       unknown (2.236.48.32): 13 Time(s)
       unknown (62.234.134.181): 13 Time(s)
       unknown (69.49.228.198): 13 Time(s)
       unknown (87.251.122.178): 13 Time(s)
       root (1.15.142.88): 12 Time(s)
       root (209.141.54.35): 12 Time(s)
       unknown (1.116.178.163): 12 Time(s)
       unknown (109.195.10.65): 12 Time(s)
       unknown (157.245.101.31): 12 Time(s)
       unknown (210.21.226.2): 12 Time(s)
       root (187.74.245.219): 11 Time(s)
       unknown (103.127.77.78): 11 Time(s)
       unknown (111.161.116.24): 11 Time(s)
       unknown (188.166.22.79): 11 Time(s)
       unknown (v160-251-13-98.7xu2.static.cnode.io): 11 Time(s)
       root (218.94.136.90): 10 Time(s)
       unknown (122.51.64.115): 10 Time(s)
       unknown (147.139.30.243): 10 Time(s)
       unknown (167.172.101.208): 10 Time(s)
       unknown (212.64.90.41): 10 Time(s)
       unknown (054441a4.skybroadband.com): 9 Time(s)
       unknown (49.234.214.215): 9 Time(s)
       root (112.216.93.141): 8 Time(s)
       unknown (181.48.60.50): 8 Time(s)
       unknown (199.19.224.76): 8 Time(s)
       unknown (218.25.140.72): 8 Time(s)
       unknown (91.209.59.71): 8 Time(s)
       unknown (150.158.173.223): 7 Time(s)
       unknown (176.111.173.237): 7 Time(s)
       unknown (187.74.245.219): 7 Time(s)
       unknown (201-26-23-107.dsl.telesp.net.br): 7 Time(s)
       unknown (218.94.136.90): 7 Time(s)
       unknown (47.254.215.122): 7 Time(s)
       unknown (49.232.139.137): 7 Time(s)
       unknown (61.28.116.83): 7 Time(s)
       root (123.59.120.107): 6 Time(s)
       unknown (141.98.10.82): 6 Time(s)
       unknown (146.185.79.101): 6 Time(s)
       unknown (185.90.136.69): 6 Time(s)
       unknown (209.141.55.232): 6 Time(s)
       unknown (49.232.67.184): 6 Time(s)
       unknown (49.234.99.246): 6 Time(s)
       root (185.6.91.219): 5 Time(s)
       root (49.232.139.137): 5 Time(s)
       unknown (1.15.142.88): 5 Time(s)
       root (121.5.243.95): 4 Time(s)
       root (mail.salsaventura.nl): 4 Time(s)
       unknown (120.92.134.94): 4 Time(s)
       unknown (185.6.91.219): 4 Time(s)
       unknown (205.185.121.149): 4 Time(s)
       unknown (209.141.53.99): 4 Time(s)
       unknown (49.234.41.154): 4 Time(s)
       unknown (51.15.197.4): 4 Time(s)
       root (144.135.85.184): 3 Time(s)
       root (45.135.232.159): 3 Time(s)
       unknown (1.202.77.126): 3 Time(s)
       unknown (136.144.41.253): 3 Time(s)
       unknown (141.98.10.60): 3 Time(s)
       unknown (209.141.54.35): 3 Time(s)
       unknown (211.144.221.226): 3 Time(s)
       unknown (45.135.232.159): 3 Time(s)
       root (058177171112.ctinets.com): 2 Time(s)
       root (180.167.18.22): 2 Time(s)
       unknown (058177171112.ctinets.com): 2 Time(s)
       unknown (1.224.249.138): 2 Time(s)
       unknown (121.5.243.95): 2 Time(s)
       unknown (141.98.10.121): 2 Time(s)
       unknown (141.98.10.81): 2 Time(s)
       unknown (144.135.85.184): 2 Time(s)
       unknown (46.10.180.39): 2 Time(s)
       unknown (81.25.152.154): 2 Time(s)
       unknown (82.66.59.170): 2 Time(s)
       unknown (host-80-116-71-220.pool80116.interbusiness.it): 2 Time(s)
       bin (69.49.228.198): 1 Time(s)
       mysql (103.127.77.78): 1 Time(s)
       mysql (121.5.162.8): 1 Time(s)
       news (47.254.215.122): 1 Time(s)
       postgres (119.29.171.213): 1 Time(s)
       postgres (69.49.228.198): 1 Time(s)
       root (152.136.18.77): 1 Time(s)
       root (176.111.173.218): 1 Time(s)
       root (193.169.254.234): 1 Time(s)
       root (41.137.137.92): 1 Time(s)
       root (51.15.197.4): 1 Time(s)
       root (66.96.236.91): 1 Time(s)
       temp (181.49.154.26): 1 Time(s)
       unknown (116.52.1.214): 1 Time(s)
       unknown (117.50.119.208): 1 Time(s)
       unknown (123.59.120.107): 1 Time(s)
       unknown (176.111.173.218): 1 Time(s)
       unknown (185.31.175.235): 1 Time(s)
       unknown (188.126.89.94): 1 Time(s)
       unknown (193.169.254.234): 1 Time(s)
       unknown (209.141.59.180): 1 Time(s)
       unknown (66.96.236.91): 1 Time(s)
       unknown (ip-72-167-47-69.ip.secureserver.net): 1 Time(s)
       unknown (mail.salsaventura.nl): 1 Time(s)
       unknown (tor-exit1-readme.dfri.se): 1 Time(s)
       uucp (103.127.77.78): 1 Time(s)
    Invalid Users:
       Unknown Account: 906 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        2   Miscellaneous warnings  
 
   17.254K  Bytes accepted                              17,668
   17.254K  Bytes sent via SMTP                         17,668
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        5   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        5   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      137   Connections             
       66   Connections lost (inbound) 
      137   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.15.142.88: 12 times
    1.116.178.163: 38 times
    1.202.77.126 (126.77.202.1.static.bjtelecom.net): 13 times
    2.236.48.32: 37 times
    5.68.65.164 (054441a4.skybroadband.com): 19 times
    14.141.174.123 (14.141.174.123.static-vsnl.net.in): 33 times
    41.137.137.92: 1 time
    42.192.79.87: 32 times
    45.80.64.230: 33 times
    45.135.232.159: 3 times
    47.254.215.122: 31 times
    49.232.67.184: 18 times
    49.232.139.137: 5 times
    49.234.41.154: 13 times
    49.234.99.246: 17 times
    49.234.214.215: 39 times
    49.235.122.197: 31 times
    49.248.77.234 (static-234.77.248.49-tataidc.co.in): 31 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 1 time
    51.15.229.198 (198-229-15-51.instances.scw.cloud): 28 times
    52.178.155.67: 34 times
    58.177.171.112 (058177171112.ctinets.com): 2 times
    61.28.116.83: 20 times
    62.234.134.181: 18 times
    66.96.236.91 (host-66-96-236-91.myrepublic.co.id): 1 time
    69.49.228.198 (69-49-228-198.unifiedlayer.com): 35 times
    81.70.161.94: 34 times
    82.156.229.10: 32 times
    82.157.125.42: 27 times
    82.157.186.236: 34 times
    87.189.248.51 (p57bdf833.dip0.t-ipconnect.de): 34 times
    87.251.122.178 (h087251122178.mkr.dsl.sakhalin.ru): 35 times
    91.209.59.71: 19 times
    103.127.77.78: 39 times
    106.53.121.171: 29 times
    106.54.149.118: 33 times
    106.55.37.132: 19 times
    109.195.10.65 (109x195x10x65.static-business.lipetsk.ertelecom.ru): 38 times
    111.161.116.24 (dns24.online.tj.cn): 31 times
    112.216.93.141: 8 times
    117.50.12.89 (sqamtin.cn): 25 times
    117.158.4.243: 31 times
    119.29.171.213: 33 times
    120.92.134.94: 21 times
    121.4.180.217: 35 times
    121.4.189.2: 31 times
    121.5.162.8: 31 times
    121.5.243.95: 4 times
    122.51.64.115: 40 times
    123.59.120.107: 6 times
    136.144.138.169 (mail.salsaventura.nl): 4 times
    144.135.85.184 (144-135-85-184.tpips.telstra.com): 3 times
    147.139.30.243: 22 times
    150.158.173.223: 18 times
    152.136.18.77: 1 time
    153.101.29.178: 30 times
    157.245.101.31: 15 times
    159.65.32.126: 33 times
    160.251.13.98 (v160-251-13-98.7xu2.static.cnode.io): 23 times
    167.99.164.118: 45 times
    167.172.101.208: 31 times
    176.111.173.218: 1 time
    180.167.18.22: 2 times
    181.48.60.50: 42 times
    181.49.154.26: 35 times
    185.6.91.219: 5 times
    187.74.245.219 (187-74-245-219.dsl.telesp.net.br): 11 times
    188.166.22.79: 34 times
    193.169.254.234: 1 time
    200.195.169.59 (59.169.195.200.static.copel.net): 26 times
    201.26.23.107 (201-26-23-107.dsl.telesp.net.br): 23 times
    209.141.54.35 (sp2.sonicinternet.net): 12 times
    210.21.226.2 (reverse.gdsz.cncnet.net): 38 times
    211.144.221.226 (221.226.dsnet): 13 times
    212.64.90.41: 15 times
    217.147.174.182: 31 times
    218.25.140.72: 18 times
    218.94.136.90: 10 times
    223.197.175.91 (223-197-175-91.static.imsbiz.com): 53 times
    223.220.251.232: 38 times
 
 Illegal users from:
    undef: 596 times
    1.15.142.88: 5 times
    1.116.178.163: 12 times
    1.202.77.126 (126.77.202.1.static.bjtelecom.net): 3 times
    1.224.249.138: 2 times
    2.236.48.32: 13 times
    5.68.65.164 (054441a4.skybroadband.com): 9 times
    14.141.174.123 (14.141.174.123.static-vsnl.net.in): 17 times
    42.192.79.87: 18 times
    45.80.64.230: 17 times
    45.135.232.159: 3 times
    46.10.180.39 (46-10-180-39.btc-net.bg): 2 times
    47.254.215.122: 7 times
    49.232.67.184: 6 times
    49.232.139.137: 7 times
    49.234.41.154: 4 times
    49.234.99.246: 6 times
    49.234.214.215: 9 times
    49.235.122.197: 15 times
    49.248.77.234 (static-234.77.248.49-tataidc.co.in): 19 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 4 times
    51.15.229.198 (198-229-15-51.instances.scw.cloud): 22 times
    52.178.155.67: 16 times
    58.177.171.112 (058177171112.ctinets.com): 2 times
    61.28.116.83: 7 times
    62.234.134.181: 13 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    66.96.236.91 (host-66-96-236-91.myrepublic.co.id): 1 time
    69.49.228.198 (69-49-228-198.unifiedlayer.com): 13 times
    72.167.47.69 (ip-72-167-47-69.ip.secureserver.net): 1 time
    80.116.71.220 (host-80-116-71-220.pool80116.interbusiness.it): 2 times
    81.25.152.154 (81-25-152-154.junet.se): 2 times
    81.70.161.94: 16 times
    82.66.59.170 (mar92-2_migr-82-66-59-170.fbx.proxad.net): 2 times
    82.156.229.10: 18 times
    82.157.125.42: 18 times
    82.157.186.236: 16 times
    87.189.248.51 (p57bdf833.dip0.t-ipconnect.de): 16 times
    87.251.122.178 (h087251122178.mkr.dsl.sakhalin.ru): 13 times
    91.209.59.71: 8 times
    103.127.77.78: 11 times
    106.53.121.171: 17 times
    106.54.149.118: 15 times
    106.55.37.132: 31 times
    109.195.10.65 (109x195x10x65.static-business.lipetsk.ertelecom.ru): 12 times
    111.161.116.24 (dns24.online.tj.cn): 11 times
    112.216.93.141: 17 times
    116.52.1.214: 1 time
    117.50.12.89 (sqamtin.cn): 13 times
    117.50.119.208: 1 time
    117.158.4.243: 15 times
    119.29.171.213: 15 times
    120.92.134.94: 4 times
    121.4.180.217: 15 times
    121.4.189.2: 19 times
    121.5.162.8: 22 times
    121.5.243.95: 2 times
    122.51.64.115: 10 times
    123.59.120.107: 1 time
    136.144.41.253: 3 times
    136.144.138.169 (mail.salsaventura.nl): 1 time
    141.98.10.60: 3 times
    141.98.10.81: 2 times
    141.98.10.82: 6 times
    141.98.10.121: 2 times
    144.135.85.184 (144-135-85-184.tpips.telstra.com): 2 times
    146.185.79.101: 6 times
    147.139.30.243: 10 times
    150.158.173.223: 7 times
    153.101.29.178: 13 times
    157.245.101.31: 12 times
    159.65.32.126: 17 times
    160.251.13.98 (v160-251-13-98.7xu2.static.cnode.io): 11 times
    167.172.101.208: 10 times
    171.25.193.77 (tor-exit1-readme.dfri.se): 1 time
    176.111.173.218: 1 time
    176.111.173.237: 7 times
    181.48.60.50: 8 times
    181.49.154.26: 15 times
    185.6.91.219: 4 times
    185.31.175.235: 1 time
    185.90.136.69 (ksort-fi41-sort.betmam.com): 6 times
    187.74.245.219 (187-74-245-219.dsl.telesp.net.br): 7 times
    188.126.89.94: 1 time
    188.166.22.79: 11 times
    193.169.254.234: 1 time
    199.19.224.76 (kon.is.hentai): 8 times
    200.195.169.59 (59.169.195.200.static.copel.net): 15 times
    201.26.23.107 (201-26-23-107.dsl.telesp.net.br): 7 times
    205.185.121.149: 4 times
    209.141.53.99 (abbrinym.com): 4 times
    209.141.54.35 (sp2.sonicinternet.net): 3 times
    209.141.55.232: 6 times
    209.141.59.180 (freedomisnotfree): 1 time
    210.21.226.2 (reverse.gdsz.cncnet.net): 12 times
    211.144.221.226 (221.226.dsnet): 3 times
    212.64.90.41: 10 times
    217.147.174.182: 19 times
    218.25.140.72: 8 times
    218.94.136.90: 7 times
    223.197.175.91 (223-197-175-91.static.imsbiz.com): 20 times
    223.220.251.232: 15 times
 
 **Unmatched Entries**
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016