Logwatch for h2361197.stratoserver.net (Linux)

Donnerstag, 17 Februar 2022


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Thu Feb 17 04:42:04 2022
        Date Range Processed: yesterday
                              ( 2022-Feb-16 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [148:142]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    171.34.179.248 -> zapf.wiki:443: 1 Time(s)
    222.186.19.207 -> ip.ws.126.net:443: 1 Time(s)
    222.186.19.207 -> zapf.wiki:443: 2 Time(s)
 
 A total of 4 sites probed the server 
    222.186.19.207
    222.186.19.235
    61.219.11.151
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       mstshash=Administr: 4 Time(s)
       mstshash=Domain: 4 Time(s)
       null: 4 Time(s)
       zapf.wiki:443: 3 Time(s)
       *: 2 Time(s)
       http://fuwu.sogou.com/404/index.html: 2 Time(s)
       /.env: 1 Time(s)
       /HmYN: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       ip.ws.126.net:443: 1 Time(s)
    500 Internal Server Error
       /: 24 Time(s)
       /.env: 6 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /favicon.ico: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /HNAP1: 1 Time(s)
       /ReportServer: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /admin/: 1 Time(s)
       /evox/about: 1 Time(s)
       /login: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /robots.txt: 1 Time(s)
       /sdk: 1 Time(s)
       /text4041644998869: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (43.153.10.120): 12 Time(s)
       unknown (111.67.203.107): 11 Time(s)
       unknown (42.192.47.188): 11 Time(s)
       unknown (82.156.90.123): 11 Time(s)
       unknown (1.117.190.106): 9 Time(s)
       unknown (103.73.34.99): 9 Time(s)
       unknown (104.131.74.150): 9 Time(s)
       unknown (104.168.122.127): 9 Time(s)
       unknown (116.39.207.4): 9 Time(s)
       unknown (128.199.184.157): 9 Time(s)
       unknown (157.245.227.165): 9 Time(s)
       unknown (167.172.158.195): 9 Time(s)
       unknown (172.247.15.96): 9 Time(s)
       unknown (198.199.94.78): 9 Time(s)
       unknown (85.112.200.21): 9 Time(s)
       root (43.153.10.120): 8 Time(s)
       unknown (106.51.85.93): 8 Time(s)
       unknown (106.55.37.132): 8 Time(s)
       unknown (112.216.178.153): 8 Time(s)
       unknown (118.24.123.34): 8 Time(s)
       unknown (118.25.182.250): 8 Time(s)
       unknown (182.61.56.213): 8 Time(s)
       unknown (183.91.11.36): 8 Time(s)
       unknown (206.189.126.211): 8 Time(s)
       unknown (211-23-160-89.hinet-ip.hinet.net): 8 Time(s)
       unknown (43.153.9.181): 8 Time(s)
       unknown (49.232.210.62): 8 Time(s)
       unknown (91.205.128.170): 8 Time(s)
       root (157.230.24.150): 7 Time(s)
       root (167.71.58.234): 7 Time(s)
       unknown (139.155.69.204): 7 Time(s)
       unknown (167.71.243.218): 7 Time(s)
       unknown (43.153.9.28): 7 Time(s)
       unknown (43.154.115.80): 7 Time(s)
       unknown (mail.baroline.com): 7 Time(s)
       root (104.168.122.127): 6 Time(s)
       root (106.75.230.69): 6 Time(s)
       root (112.245.59.63): 6 Time(s)
       root (182.61.5.251): 6 Time(s)
       root (185.100.86.74): 6 Time(s)
       root (2.232.250.91): 6 Time(s)
       root (223.196.87.34.bc.googleusercontent.com): 6 Time(s)
       root (45.153.160.140): 6 Time(s)
       root (vmi506693.contaboserver.net): 6 Time(s)
       unknown (106.52.21.249): 6 Time(s)
       unknown (106.75.230.69): 6 Time(s)
       unknown (112.245.59.63): 6 Time(s)
       unknown (134.17.94.229): 6 Time(s)
       unknown (157.230.24.150): 6 Time(s)
       unknown (175.170.149.29): 6 Time(s)
       unknown (2.232.250.91): 6 Time(s)
       unknown (223.196.87.34.bc.googleusercontent.com): 6 Time(s)
       unknown (43.135.158.33): 6 Time(s)
       unknown (vmi506693.contaboserver.net): 6 Time(s)
       root (106.52.21.249): 5 Time(s)
       root (139.155.69.204): 5 Time(s)
       root (146.185.137.240): 5 Time(s)
       root (167.71.243.218): 5 Time(s)
       unknown (1.217.139.30): 5 Time(s)
       unknown (146.185.137.240): 5 Time(s)
       unknown (159.65.128.16): 5 Time(s)
       unknown (167.71.58.234): 5 Time(s)
       unknown (182.61.5.251): 5 Time(s)
       unknown (68.183.34.242): 5 Time(s)
       root (106.51.85.93): 4 Time(s)
       root (106.55.37.132): 4 Time(s)
       root (118.195.139.245): 4 Time(s)
       root (159.223.40.243): 4 Time(s)
       root (159.65.128.16): 4 Time(s)
       root (182.61.56.213): 4 Time(s)
       root (206.189.126.211): 4 Time(s)
       root (43.154.115.80): 4 Time(s)
       root (49.232.210.62): 4 Time(s)
       root (mail.baroline.com): 4 Time(s)
       unknown (118.195.139.245): 4 Time(s)
       root (1.117.190.106): 3 Time(s)
       root (111.67.203.107): 3 Time(s)
       root (112.216.178.153): 3 Time(s)
       root (116.39.207.4): 3 Time(s)
       root (157.245.227.165): 3 Time(s)
       root (167.99.66.2): 3 Time(s)
       root (183.91.11.36): 3 Time(s)
       root (211-23-160-89.hinet-ip.hinet.net): 3 Time(s)
       root (36.110.85.91): 3 Time(s)
       root (43.153.9.181): 3 Time(s)
       root (43.154.59.217): 3 Time(s)
       root (91.205.128.170): 3 Time(s)
       unknown (114.108.150.156): 3 Time(s)
       unknown (121.5.243.95): 3 Time(s)
       unknown (180.76.105.165): 3 Time(s)
       unknown (191.55.11.226): 3 Time(s)
       unknown (43.154.145.11): 3 Time(s)
       unknown (58.17.200.197): 3 Time(s)
       unknown (60.196.69.234): 3 Time(s)
       root (106.75.72.203): 2 Time(s)
       root (118.24.123.34): 2 Time(s)
       root (128.199.200.103): 2 Time(s)
       root (134.17.94.229): 2 Time(s)
       root (139.59.27.92): 2 Time(s)
       root (198.199.94.78): 2 Time(s)
       root (202.28.221.106): 2 Time(s)
       root (42.192.47.188): 2 Time(s)
       root (43.135.158.33): 2 Time(s)
       root (43.153.9.28): 2 Time(s)
       root (68.183.34.242): 2 Time(s)
       root (82.156.90.123): 2 Time(s)
       root (85.112.200.21): 2 Time(s)
       root (96.78.175.37): 2 Time(s)
       unknown (106.75.72.203): 2 Time(s)
       unknown (128.199.200.103): 2 Time(s)
       unknown (139.59.27.92): 2 Time(s)
       unknown (185.21.26.190): 2 Time(s)
       unknown (202.28.221.106): 2 Time(s)
       unknown (24.148.24.59): 2 Time(s)
       unknown (43.154.59.217): 2 Time(s)
       unknown (68-74-205-213.lightspeed.hstntx.sbcglobal.net): 2 Time(s)
       unknown (96.78.175.37): 2 Time(s)
       unknown (a109-49-159-48.cpe.netcabo.pt): 2 Time(s)
       unknown (c-67-182-243-95.hsd1.ut.comcast.net): 2 Time(s)
       bin (175.170.149.29): 1 Time(s)
       postfix (43.153.9.28): 1 Time(s)
       postgres (223.196.87.34.bc.googleusercontent.com): 1 Time(s)
       postgres (36.110.85.91): 1 Time(s)
       postgres (43.154.115.80): 1 Time(s)
       root (1.117.86.142): 1 Time(s)
       root (1.217.139.30): 1 Time(s)
       root (104.131.74.150): 1 Time(s)
       root (114.108.150.156): 1 Time(s)
       root (114.7.162.198): 1 Time(s)
       root (118.25.182.250): 1 Time(s)
       root (120.237.118.139): 1 Time(s)
       root (128.199.184.157): 1 Time(s)
       root (167.172.158.195): 1 Time(s)
       root (172.247.15.96): 1 Time(s)
       root (175.170.149.29): 1 Time(s)
       root (180.76.105.165): 1 Time(s)
       root (180.76.139.251): 1 Time(s)
       root (198.23.148.137): 1 Time(s)
       root (209.141.60.19): 1 Time(s)
       root (23.154.177.19): 1 Time(s)
       root (5.2.75.253): 1 Time(s)
       root (59.92.69.22): 1 Time(s)
       root (60.196.69.234): 1 Time(s)
       root (79.104.0.82): 1 Time(s)
       root (h-37-123-163-58.a785.priv.bahnhof.se): 1 Time(s)
       root (kiriakou.tor-exit.calyxinstitute.org): 1 Time(s)
       root (tor-exit.dicedonions.xyz): 1 Time(s)
       temp (106.52.21.249): 1 Time(s)
       temp (139.155.69.204): 1 Time(s)
       unknown (103.144.82.250): 1 Time(s)
       unknown (141.98.11.27): 1 Time(s)
       unknown (159.223.40.243): 1 Time(s)
       unknown (167.99.66.2): 1 Time(s)
       unknown (175.24.30.100): 1 Time(s)
       unknown (180.76.139.251): 1 Time(s)
       unknown (183.82.115.221): 1 Time(s)
       unknown (190.128.118.185): 1 Time(s)
       unknown (202.137.130.75): 1 Time(s)
       unknown (36.110.85.91): 1 Time(s)
       unknown (43.132.135.222): 1 Time(s)
       unknown (79.104.0.82): 1 Time(s)
       unknown (90.160.140.35): 1 Time(s)
       unknown (92.255.85.135): 1 Time(s)
       unknown (marcuse-1.nos-oignons.net): 1 Time(s)
       unknown (tor-jy.effi.org): 1 Time(s)
       www-data (43.153.10.120): 1 Time(s)
    Invalid Users:
       Unknown Account: 428 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       13   Miscellaneous warnings  
 
    7.221K  Bytes accepted                               7,394
    7.221K  Bytes sent via SMTP                          7,394
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        4   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        4   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       94   Connections             
       60   Connections lost (inbound) 
       94   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
       53   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 2 Time(s)
 
 Failed logins from:
    1.117.86.142: 1 time
    1.117.190.106: 3 times
    1.217.139.30: 1 time
    2.232.250.91: 6 times
    5.2.75.253 (tor-exit-rainer.cfgdhb.de): 4 times
    23.154.177.19: 4 times
    34.87.196.223 (223.196.87.34.bc.googleusercontent.com): 7 times
    36.110.85.91 (91.85.110.36.static.bjtelecom.net): 4 times
    37.123.163.58 (h-37-123-163-58.A785.priv.bahnhof.se): 3 times
    42.192.47.188: 2 times
    43.135.158.33: 2 times
    43.153.9.28: 3 times
    43.153.9.181: 3 times
    43.153.10.120: 9 times
    43.154.59.217: 3 times
    43.154.115.80: 5 times
    45.153.160.140: 6 times
    49.232.210.62: 4 times
    59.92.69.22: 1 time
    60.196.69.234: 1 time
    68.183.34.242: 2 times
    79.104.0.82: 1 time
    82.156.90.123: 2 times
    85.112.200.21: 2 times
    91.205.128.170: 3 times
    94.139.166.33 (mail.baroline.com): 4 times
    96.78.175.37 (96-78-175-37-static.hfc.comcastbusiness.net): 2 times
    104.131.74.150: 1 time
    104.168.122.127 (104-168-122-127-host.colocrossing.com): 6 times
    106.51.85.93 (106.51.85.93.actcorp.in): 4 times
    106.52.21.249: 6 times
    106.55.37.132: 4 times
    106.75.72.203 (opensellerbulknews.life): 2 times
    106.75.230.69: 6 times
    111.67.203.107: 3 times
    112.216.178.153: 3 times
    112.245.59.63: 6 times
    114.7.162.198 (114-7-162-198.resources.indosat.com): 1 time
    114.108.150.156: 1 time
    116.39.207.4: 3 times
    118.24.123.34: 2 times
    118.25.182.250: 1 time
    118.195.139.245: 4 times
    120.237.118.139: 1 time
    128.199.184.157: 1 time
    128.199.200.103: 2 times
    134.17.94.229 (229-94-17-134-cloud.mts.by): 2 times
    139.59.27.92: 2 times
    139.155.69.204: 6 times
    146.185.137.240: 5 times
    157.230.24.150: 7 times
    157.245.227.165: 3 times
    159.65.128.16: 4 times
    159.223.40.243: 4 times
    161.97.106.67 (vmi506693.contaboserver.net): 6 times
    162.247.74.200 (kiriakou.tor-exit.calyxinstitute.org): 4 times
    167.71.58.234: 7 times
    167.71.243.218: 5 times
    167.99.66.2: 3 times
    167.172.158.195: 1 time
    172.247.15.96: 1 time
    175.170.149.29: 2 times
    180.76.105.165: 1 time
    180.76.139.251: 1 time
    182.61.5.251: 6 times
    182.61.56.213: 4 times
    183.91.11.36 (static.cmcti.vn): 3 times
    185.100.86.74: 6 times
    198.23.148.137 (198-23-148-137-host.colocrossing.com): 1 time
    198.199.94.78: 2 times
    202.28.221.106: 2 times
    206.189.126.211: 4 times
    209.141.51.30 (tor-exit.dicedonions.xyz): 3 times
    209.141.60.19 (tor-exit-0.069420.xyz): 5 times
    211.23.160.89 (211-23-160-89.hinet-ip.hinet.net): 3 times
 
 Illegal users from:
    2001:470:1:c84::12: 1 time
    undef: 337 times
    1.117.190.106: 9 times
    1.217.139.30: 5 times
    2.232.250.91: 6 times
    24.148.24.59 (24-148-24-59.s2361.c3-0.stn-cbr1.chi-stn.il.cable.rcncustomer.com): 2
times
    34.87.196.223 (223.196.87.34.bc.googleusercontent.com): 6 times
    36.110.85.91 (91.85.110.36.static.bjtelecom.net): 1 time
    42.192.47.188: 11 times
    43.132.135.222: 1 time
    43.135.158.33: 6 times
    43.153.9.28: 7 times
    43.153.9.181: 8 times
    43.153.10.120: 12 times
    43.154.59.217: 2 times
    43.154.115.80: 7 times
    43.154.145.11: 3 times
    49.232.210.62: 8 times
    58.17.200.197: 3 times
    60.196.69.234: 3 times
    64.62.197.122: 1 time
    67.182.243.95 (c-67-182-243-95.hsd1.ut.comcast.net): 2 times
    68.74.205.213 (68-74-205-213.lightspeed.hstntx.sbcglobal.net): 2 times
    68.183.34.242: 5 times
    79.104.0.82: 1 time
    82.156.90.123: 11 times
    85.112.200.21: 9 times
    89.236.112.100 (tor-jy.effi.org): 1 time
    90.160.140.35: 1 time
    91.205.128.170: 8 times
    92.255.85.135: 1 time
    94.139.166.33 (mail.baroline.com): 7 times
    96.78.175.37 (96-78-175-37-static.hfc.comcastbusiness.net): 2 times
    103.73.34.99: 9 times
    103.144.82.250: 1 time
    104.131.74.150: 9 times
    104.168.122.127 (104-168-122-127-host.colocrossing.com): 9 times
    106.51.85.93 (106.51.85.93.actcorp.in): 8 times
    106.52.21.249: 6 times
    106.55.37.132: 8 times
    106.75.72.203 (opensellerbulknews.life): 2 times
    106.75.230.69: 6 times
    109.49.159.48 (a109-49-159-48.cpe.netcabo.pt): 2 times
    111.67.203.107: 11 times
    112.216.178.153: 8 times
    112.245.59.63: 6 times
    114.108.150.156: 3 times
    116.39.207.4: 9 times
    118.24.123.34: 8 times
    118.25.182.250: 8 times
    118.195.139.245: 4 times
    121.5.243.95: 3 times
    128.199.184.157: 9 times
    128.199.200.103: 2 times
    134.17.94.229 (229-94-17-134-cloud.mts.by): 6 times
    139.59.27.92: 2 times
    139.155.69.204: 7 times
    141.98.11.27 (srv-141-98-11-27.serveroffer.net): 1 time
    146.185.137.240: 5 times
    157.230.24.150: 6 times
    157.245.227.165: 9 times
    159.65.128.16: 5 times
    159.223.40.243: 1 time
    161.97.106.67 (vmi506693.contaboserver.net): 6 times
    167.71.58.234: 5 times
    167.71.243.218: 7 times
    167.99.66.2: 1 time
    167.172.158.195: 9 times
    172.247.15.96: 9 times
    175.24.30.100: 1 time
    175.170.149.29: 6 times
    178.20.55.16 (marcuse-1.nos-oignons.net): 1 time
    180.76.105.165: 3 times
    180.76.139.251: 1 time
    182.61.5.251: 5 times
    182.61.56.213: 8 times
    183.82.115.221 (183.82.115.221.actcorp.in): 1 time
    183.91.11.36 (static.cmcti.vn): 8 times
    185.21.26.190 (host26-190.dodonet.it): 2 times
    190.128.118.185 (pei-190-128-cxviii-clxxxv.une.net.co): 1 time
    191.55.11.226 (191-055-011-226.xd-dynamic.algartelecom.com.br): 3 times
    198.199.94.78: 9 times
    202.28.221.106: 2 times
    202.137.130.75: 1 time
    206.189.126.211: 8 times
    211.23.160.89 (211-23-160-89.hinet-ip.hinet.net): 8 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016