Logwatch for h2361197.stratoserver.net (Linux)

Donnerstag, 14 Oktober 2021

 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Thu Oct 14 04:42:05 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-13 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 

 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 74:75 ]

 ---------------------- fail2ban-messages End ------------------------- 

 --------------------- httpd Begin ------------------------ 

 Connection attempts using mod_proxy:
    45.148.10.241 -> zapf.wiki:443: 1 Time(s)

 A total of 8 sites probed the server 
    103.153.76.212
    185.142.236.40
    185.191.32.158
    209.141.56.41
    45.61.184.27
    45.61.184.37
    61.219.11.151
    89.248.165.210

 Requests with error response codes
    400 Bad Request
       null: 15 Time(s)
       /: 4 Time(s)
       mstshash=Administr: 3 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
       7: 2 Time(s)
       /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s)
       zapf.wiki:443: 1 Time(s)
    500 Internal Server Error
       /: 38 Time(s)
       /.env: 5 Time(s)
       /HNAP1/: 2 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /GponForm/diag_Form?style/: 1 Time(s)
       /ReportServer: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /console/: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /login: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s)
       /robots.txt: 1 Time(s)
       /sitemap.xml: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)

 ---------------------- httpd End ------------------------- 

 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (rustiq.eu): 98 Time(s)
       root (hsi-kbw-109-193-249-107.hsi7.kabel-badenwuerttemberg.de): 40 Time(s)
       root (58.87.72.225): 39 Time(s)
       root (17.67.199.35.bc.googleusercontent.com): 38 Time(s)
       root (81.131.32.91): 38 Time(s)
       root (117.232.127.51): 37 Time(s)
       root (192.144.232.129): 37 Time(s)
       root (106.53.91.250): 36 Time(s)
       root (66.96.236.91): 36 Time(s)
       root (1.116.158.251): 35 Time(s)
       root (109.206.245.93): 35 Time(s)
       root (123.142.3.137): 35 Time(s)
       root (124.152.118.194): 35 Time(s)
       root (183.92.214.38): 35 Time(s)
       root (58.87.73.46): 35 Time(s)
       root (1.116.140.147): 34 Time(s)
       root (1.14.43.165): 34 Time(s)
       root (121.4.170.196): 34 Time(s)
       root (r201-217-143-51.ir-static.anteldata.net.uy): 33 Time(s)
       root (1.116.22.225): 32 Time(s)
       root (123.59.120.107): 32 Time(s)
       root (154.8.213.126): 32 Time(s)
       root (179.43.151.202): 31 Time(s)
       root (182.252.131.58): 30 Time(s)
       root (36.111.35.10): 29 Time(s)
       root (modemcable206.84-37-24.static.videotron.ca): 29 Time(s)
       root (106.75.86.16): 28 Time(s)
       unknown (112.216.93.141): 25 Time(s)
       root (121.5.243.95): 24 Time(s)
       root (106.13.140.138): 22 Time(s)
       root (106.52.193.249): 22 Time(s)
       root (46.101.138.138): 21 Time(s)
       unknown (modemcable206.84-37-24.static.videotron.ca): 21 Time(s)
       root (134.0.203.141): 20 Time(s)
       root (150.158.173.223): 20 Time(s)
       root (165.94.216.87.dynamic.jazztel.es): 19 Time(s)
       unknown (179.43.151.202): 19 Time(s)
       unknown (36.111.35.10): 19 Time(s)
       root (157.122.149.18): 18 Time(s)
       unknown (121.5.243.95): 18 Time(s)
       unknown (182.252.131.58): 18 Time(s)
       root (125.91.15.199): 17 Time(s)
       unknown (106.13.140.138): 17 Time(s)
       unknown (1.116.22.225): 16 Time(s)
       unknown (1.14.43.165): 16 Time(s)
       unknown (121.4.170.196): 16 Time(s)
       root (v150-95-151-4.a090.g.tyo1.static.cnode.io): 15 Time(s)
       unknown (1.116.140.147): 15 Time(s)
       unknown (109.206.245.93): 15 Time(s)
       unknown (123.142.3.137): 15 Time(s)
       unknown (58.87.73.46): 15 Time(s)
       root (101.228.82.55): 14 Time(s)
       root (103.219.204.75): 14 Time(s)
       root (81.71.87.156): 14 Time(s)
       unknown (1.116.158.251): 14 Time(s)
       unknown (101.228.82.55): 14 Time(s)
       unknown (124.152.118.194): 14 Time(s)
       unknown (183.92.214.38): 14 Time(s)
       unknown (66.96.236.91): 14 Time(s)
       unknown (r201-217-143-51.ir-static.anteldata.net.uy): 14 Time(s)
       unknown (117.232.127.51): 13 Time(s)
       unknown (192.144.232.129): 13 Time(s)
       root (114.67.68.191): 12 Time(s)
       unknown (123.59.120.107): 12 Time(s)
       unknown (17.67.199.35.bc.googleusercontent.com): 12 Time(s)
       unknown (81.131.32.91): 12 Time(s)
       unknown (165.94.216.87.dynamic.jazztel.es): 11 Time(s)
       unknown (58.87.72.225): 11 Time(s)
       root (106.54.112.173): 10 Time(s)
       unknown (134.0.203.141): 10 Time(s)
       unknown (46.101.138.138): 10 Time(s)
       unknown (hsi-kbw-109-193-249-107.hsi7.kabel-badenwuerttemberg.de): 10 Time(s)
       unknown (v150-95-151-4.a090.g.tyo1.static.cnode.io): 10 Time(s)
       root (49.234.99.246): 9 Time(s)
       unknown (106.75.86.16): 9 Time(s)
       unknown (154.8.213.126): 9 Time(s)
       unknown (81.71.87.156): 9 Time(s)
       unknown (106.52.193.249): 8 Time(s)
       unknown (106.53.91.250): 8 Time(s)
       unknown (176.111.173.237): 8 Time(s)
       root (117.50.12.89): 7 Time(s)
       root (157.245.161.35): 7 Time(s)
       unknown (117.50.12.89): 7 Time(s)
       unknown (125.91.15.199): 7 Time(s)
       unknown (176.111.173.238): 7 Time(s)
       unknown (58.ip-91-134-134.eu): 7 Time(s)
       unknown (103.219.204.75): 6 Time(s)
       unknown (141.98.10.82): 6 Time(s)
       unknown (49.234.99.246): 6 Time(s)
       unknown (51.15.197.4): 6 Time(s)
       unknown (114.67.68.191): 5 Time(s)
       unknown (150.158.173.223): 5 Time(s)
       unknown (157.122.149.18): 5 Time(s)
       root (203.106.40.110): 4 Time(s)
       root (58.ip-91-134-134.eu): 4 Time(s)
       unknown (106.54.112.173): 4 Time(s)
       unknown (205.185.121.149): 4 Time(s)
       unknown (209.141.53.99): 4 Time(s)
       unknown (134.236.247.145): 3 Time(s)
       unknown (136.144.41.253): 3 Time(s)
       unknown (157.245.161.35): 3 Time(s)
       root (112.74.30.95): 2 Time(s)
       root (193.169.254.138): 2 Time(s)
       root (211.144.221.226): 2 Time(s)
       root (51.15.197.4): 2 Time(s)
       unknown (112.74.30.95): 2 Time(s)
       unknown (141.98.10.121): 2 Time(s)
       unknown (141.98.10.81): 2 Time(s)
       unknown (189.180.75.231): 2 Time(s)
       unknown (199.19.224.76): 2 Time(s)
       unknown (2-238-147-10.ip244.fastwebnet.it): 2 Time(s)
       unknown (203.106.40.110): 2 Time(s)
       unknown (211.144.221.226): 2 Time(s)
       unknown (60.221.50.216): 2 Time(s)
       unknown (92-33-191-163.customers.ownit.se): 2 Time(s)
       unknown (lfbn-lyo-1-1513-83.w86-207.abo.wanadoo.fr): 2 Time(s)
       daemon (176.111.173.237): 1 Time(s)
       mysql (121.5.243.95): 1 Time(s)
       postgres (101.228.82.55): 1 Time(s)
       root (101.78.144.54): 1 Time(s)
       root (134.236.247.145): 1 Time(s)
       root (41.137.137.92): 1 Time(s)
       root (81.68.212.201): 1 Time(s)
       temp (r201-217-143-51.ir-static.anteldata.net.uy): 1 Time(s)
       unknown (058177171112.ctinets.com): 1 Time(s)
       unknown (177.53.70.228): 1 Time(s)
       unknown (185.100.87.129): 1 Time(s)
       unknown (185.191.124.143): 1 Time(s)
       unknown (185.31.175.215): 1 Time(s)
       unknown (45.153.160.131): 1 Time(s)
       unknown (5.199.143.202): 1 Time(s)
       unknown (91.250.242.12): 1 Time(s)
       unknown (tor-exit4-readme.dfri.se): 1 Time(s)
       www-data (114.67.68.191): 1 Time(s)
    Invalid Users:
       Unknown Account: 623 Time(s)

 ---------------------- pam_unix End ------------------------- 

 --------------------- Postfix Begin ------------------------ 

     1847   Miscellaneous warnings  

   20.454K  Bytes accepted                              20,945
   20.454K  Bytes sent via SMTP                         20,945
 ========   ==================================================

        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================

        4   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        4   Total 4xx Rejects                          100.00%
 ========   ==================================================

     2074   Connections             
     1967   Connections lost (inbound) 
     2074   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           

        3   Hostname verification errors (FCRDNS) 

 ---------------------- Postfix End ------------------------- 

 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)

 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Failed logins from:
    1.14.43.165: 34 times
    1.116.22.225: 32 times
    1.116.140.147: 34 times
    1.116.158.251: 35 times
    24.37.84.206 (modemcable206.84-37-24.static.videotron.ca): 29 times
    35.199.67.17 (17.67.199.35.bc.googleusercontent.com): 38 times
    36.111.35.10: 29 times
    41.137.137.92: 1 time
    46.101.129.22 (rustiq.eu): 98 times
    46.101.138.138: 21 times
    49.234.99.246: 9 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 2 times
    58.87.72.225: 39 times
    58.87.73.46: 35 times
    66.96.236.91 (host-66-96-236-91.myrepublic.co.id): 36 times
    81.68.212.201: 1 time
    81.71.87.156: 14 times
    81.131.32.91: 38 times
    87.216.94.165 (165.94.216.87.dynamic.jazztel.es): 19 times
    91.134.134.58 (58.ip-91-134-134.eu): 4 times
    101.78.144.54: 1 time
    101.228.82.55: 15 times
    103.219.204.75: 14 times
    106.13.140.138: 22 times
    106.52.193.249: 22 times
    106.53.91.250: 36 times
    106.54.112.173: 10 times
    106.75.86.16 (gotodelivery.live): 28 times
    109.193.249.107 (HSI-KBW-109-193-249-107.hsi7.kabel-badenwuerttemberg.de): 40 times
    109.206.245.93: 35 times
    112.74.30.95: 2 times
    114.67.68.191: 13 times
    117.50.12.89 (sqamtin.cn): 7 times
    117.232.127.51: 37 times
    121.4.170.196: 34 times
    121.5.243.95: 25 times
    123.59.120.107: 32 times
    123.142.3.137: 35 times
    124.152.118.194: 35 times
    125.91.15.199: 17 times
    134.0.203.141 (134.0.203.141.static-ip.omantel.net.om): 20 times
    134.236.247.145: 1 time
    150.95.151.4 (v150-95-151-4.a090.g.tyo1.static.cnode.io): 15 times
    150.158.173.223: 20 times
    154.8.213.126: 32 times
    157.122.149.18: 18 times
    157.245.161.35: 7 times
    176.111.173.237: 1 time
    179.43.151.202: 31 times
    182.252.131.58: 30 times
    183.92.214.38: 35 times
    192.144.232.129: 37 times
    193.169.254.138: 2 times
    201.217.143.51 (r201-217-143-51.ir-static.anteldata.net.uy): 34 times
    203.106.40.110: 4 times
    211.144.221.226 (221.226.dsnet): 2 times

 Illegal users from:
    undef: 408 times
    1.14.43.165: 16 times
    1.116.22.225: 16 times
    1.116.140.147: 15 times
    1.116.158.251: 14 times
    2.238.147.10 (2-238-147-10.ip244.fastwebnet.it): 2 times
    5.199.143.202 (ca235.calcit.dedicated.server-hosting.expert): 1 time
    24.37.84.206 (modemcable206.84-37-24.static.videotron.ca): 21 times
    35.199.67.17 (17.67.199.35.bc.googleusercontent.com): 12 times
    36.111.35.10: 19 times
    45.153.160.131: 1 time
    46.101.138.138: 10 times
    49.234.99.246: 6 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 6 times
    58.87.72.225: 11 times
    58.87.73.46: 15 times
    58.177.171.112 (058177171112.ctinets.com): 1 time
    60.221.50.216 (216.50.221.60.adsl-pool.sx.cn): 2 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    66.96.236.91 (host-66-96-236-91.myrepublic.co.id): 14 times
    81.71.87.156: 9 times
    81.131.32.91: 12 times
    86.207.78.83 (lfbn-lyo-1-1513-83.w86-207.abo.wanadoo.fr): 2 times
    87.216.94.165 (165.94.216.87.dynamic.jazztel.es): 11 times
    91.134.134.58 (58.ip-91-134-134.eu): 7 times
    91.250.242.12: 1 time
    92.33.191.163 (92-33-191-163.customers.ownit.se): 2 times
    101.228.82.55: 14 times
    103.219.204.75: 6 times
    106.13.140.138: 17 times
    106.52.193.249: 8 times
    106.53.91.250: 8 times
    106.54.112.173: 4 times
    106.75.86.16 (gotodelivery.live): 9 times
    109.193.249.107 (HSI-KBW-109-193-249-107.hsi7.kabel-badenwuerttemberg.de): 10 times
    109.206.245.93: 15 times
    112.74.30.95: 2 times
    112.216.93.141: 25 times
    114.67.68.191: 5 times
    117.50.12.89 (sqamtin.cn): 7 times
    117.232.127.51: 13 times
    121.4.170.196: 16 times
    121.5.243.95: 18 times
    123.59.120.107: 12 times
    123.142.3.137: 15 times
    124.152.118.194: 14 times
    125.91.15.199: 7 times
    134.0.203.141 (134.0.203.141.static-ip.omantel.net.om): 10 times
    134.236.247.145: 3 times
    136.144.41.253: 3 times
    141.98.10.81: 2 times
    141.98.10.82: 6 times
    141.98.10.121: 2 times
    150.95.151.4 (v150-95-151-4.a090.g.tyo1.static.cnode.io): 10 times
    150.158.173.223: 5 times
    154.8.213.126: 9 times
    157.122.149.18: 5 times
    157.245.161.35: 3 times
    171.25.193.78 (tor-exit4-readme.dfri.se): 1 time
    176.111.173.237: 8 times
    176.111.173.238: 7 times
    177.53.70.228: 1 time
    179.43.151.202: 19 times
    182.252.131.58: 18 times
    183.92.214.38: 14 times
    185.31.175.215: 1 time
    185.100.87.129: 1 time
    185.191.124.143: 1 time
    189.180.75.231 (dsl-189-180-75-231-dyn.prod-infinitum.com.mx): 2 times
    192.144.232.129: 13 times
    199.19.224.76 (kon.is.hentai): 2 times
    201.217.143.51 (r201-217-143-51.ir-static.anteldata.net.uy): 14 times
    203.106.40.110: 2 times
    205.185.121.149: 4 times
    209.141.53.99 (abbrinym.com): 4 times
    211.144.221.226 (221.226.dsnet): 2 times

 **Unmatched Entries**
 Protocol major versions differ for 45.61.184.27: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
vs. SSH-1.5-Server : 1 time(s)

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End ######################### 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016