Logwatch for h2361197.stratoserver.net (Linux)

Mittwoch, 26 Juni 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Wed Jun 26 04:42:08 2019
        Date Range Processed: yesterday
                              ( 2019-Jun-25 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [250:252]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 2 sites probed the server 
    196.244.191.146
    5.188.210.101
 
 Requests with error response codes
    400 Bad Request
       mstshash=Administr: 4 Time(s)
       /: 3 Time(s)
       /Login.htm: 2 Time(s)
       /css/font-awesome.min.css: 2 Time(s)
       /css/font-merriweather.css: 2 Time(s)
       /css/highlight/default.css: 2 Time(s)
       /css/style.css: 2 Time(s)
       /socket.io/?noteId=DIzhC6WlQjOaN7HGcnVJlw& ... 4BglOnLjEO6ABte: 2 Time(s)
       null: 2 Time(s)
       /monitor/op5/nacoma/command_test.php?cmd_str=cd: 1 Time(s)
       /socket.io/?noteId=bp9hE2swRPGQzl3QTwIibg& ... GUtOR6bOHr1ABtf: 1 Time(s)
       http://5.188.210.101/echo.php: 1 Time(s)
    404 Not Found
       /robots.txt: 32 Time(s)
       /berlin/apple-touch-icon.png: 6 Time(s)
       /wp-login.php: 5 Time(s)
       /sites/all/modules/civicrm/packages/OpenFl ... pload_image.php: 2 Time(s)
       /sites/all/modules/tinymce/tinymce/jscript ... s/fm/index.html: 2 Time(s)
       /sites/all/modules/tinytinymce/tinymce/jsc ... s/fm/index.html: 2 Time(s)
       /adminer.php: 1 Time(s)
       /phpminiadmin.php: 1 Time(s)
       /reader/1989-wi-berlin.pdf: 1 Time(s)
       /reader/1994-wi-reader_hb94.pdf: 1 Time(s)
       /reader/1998-so-reader_ro98.pdf: 1 Time(s)
       /reader/2016_sose_konstanz_lang.pdf: 1 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
       /sql.php: 1 Time(s)
       /zapf/berichte/zapf-wise-2011: 1 Time(s)
       /zapf/geschaeftsordnung: 1 Time(s)
       /zapf/wiki: 1 Time(s)
    499 (undefined)
       /socket.io/?noteId=DIzhC6WlQjOaN7HGcnVJlw& ... 4BglOnLjEO6ABte: 1 Time(s)
    500 Internal Server Error
       /: 33 Time(s)
       /downloader/index.php: 3 Time(s)
       /errors/503.php: 3 Time(s)
       /index.php/admin/: 3 Time(s)
       /HNAP1/: 2 Time(s)
       /bremen/2014/indexeb91.html?p=207: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (202.155.234.28): 29 Time(s)
       unknown (201.249.89.102): 27 Time(s)
       unknown (173-23-225-40.client.mchsi.com): 24 Time(s)
       unknown (74.63.226.142): 20 Time(s)
       unknown (bl15-254-163.dsl.telepac.pt): 17 Time(s)
       unknown (105.226.67.182): 14 Time(s)
       unknown (134.209.157.62): 14 Time(s)
       unknown (145.187.29.93.rev.sfr.net): 14 Time(s)
       unknown (148.216.17.35): 14 Time(s)
       unknown (p54a83b13.dip0.t-ipconnect.de): 14 Time(s)
       unknown (132.232.45.138): 13 Time(s)
       unknown (146.185.148.7): 13 Time(s)
       unknown (44.red-88-12-27.staticip.rima-tde.net): 13 Time(s)
       unknown (103.15.106.120): 12 Time(s)
       unknown (106.12.194.207): 12 Time(s)
       unknown (114.112.81.180): 12 Time(s)
       unknown (128.199.123.170): 12 Time(s)
       unknown (132.232.1.47): 12 Time(s)
       unknown (132.232.1.62): 12 Time(s)
       unknown (134.175.111.215): 12 Time(s)
       unknown (139.59.68.135): 12 Time(s)
       unknown (148.70.76.34): 12 Time(s)
       unknown (154.118.141.90): 12 Time(s)
       unknown (157.230.230.181): 12 Time(s)
       unknown (175.212.197.73): 12 Time(s)
       unknown (178.22.122.234): 12 Time(s)
       unknown (189.7.121.28): 12 Time(s)
       unknown (190.221.50.90): 12 Time(s)
       unknown (194.170.156.9): 12 Time(s)
       unknown (206.189.142.10): 12 Time(s)
       unknown (222.ip-51-255-173.eu): 12 Time(s)
       unknown (33.ip-51-75-251.eu): 12 Time(s)
       unknown (45.71.244.2): 12 Time(s)
       unknown (51.158.101.121): 12 Time(s)
       unknown (68.183.22.86): 12 Time(s)
       unknown (82.166.93.77): 12 Time(s)
       unknown (94-224-235-166.access.telenet.be): 12 Time(s)
       unknown (c-68-41-220-194.hsd1.mi.comcast.net): 12 Time(s)
       unknown (ec2-13-126-141-8.ap-south-1.compute.amazonaws.com): 12 Time(s)
       unknown (ip151.ip-66-70-130.net): 12 Time(s)
       unknown (neuronia.psybnc.org): 12 Time(s)
       unknown (ns3003663.ip-37-187-19.eu): 12 Time(s)
       unknown (oc-129-150-172-40.compute.oraclecloud.com): 12 Time(s)
       unknown (106.13.44.83): 11 Time(s)
       unknown (187.216.127.147): 11 Time(s)
       unknown (195.145.112.253): 11 Time(s)
       unknown (202.51.110.214): 11 Time(s)
       unknown (40.ip-176-31-172.eu): 11 Time(s)
       unknown (40.red-2-136-114.staticip.rima-tde.net): 11 Time(s)
       unknown (45.55.185.240): 11 Time(s)
       unknown (77.81.188.37): 11 Time(s)
       unknown (catv-86-101-56-141.catv.broadband.hu): 11 Time(s)
       unknown (ns3133492.ip-51-75-243.eu): 11 Time(s)
       unknown (188.166.251.87): 10 Time(s)
       unknown (165.227.212.99): 9 Time(s)
       unknown (168.194.140.130): 9 Time(s)
       unknown (190.9.130.159): 9 Time(s)
       unknown (221.148.45.168): 9 Time(s)
       unknown (36.37.124.51): 9 Time(s)
       unknown (oc-140-86-12-31.compute.oraclecloud.com): 9 Time(s)
       unknown (118.25.96.30): 8 Time(s)
       unknown (168.194.163.66): 8 Time(s)
       unknown (206.189.232.29): 8 Time(s)
       unknown (cpe-74-141-211-210.kya.res.rr.com): 8 Time(s)
       unknown (14.18.100.90): 7 Time(s)
       root (218.92.0.135): 6 Time(s)
       root (222.188.20.6): 6 Time(s)
       root (61.147.62.79): 6 Time(s)
       unknown (118.69.128.22): 6 Time(s)
       unknown (178.128.107.164): 6 Time(s)
       unknown (42.116.19.254): 6 Time(s)
       unknown (45.5.164.90): 6 Time(s)
       unknown (c-67-181-23-144.hsd1.ca.comcast.net): 6 Time(s)
       unknown (123.20.225.230): 5 Time(s)
       root (202.51.110.214): 3 Time(s)
       unknown (113.108.140.114): 3 Time(s)
       unknown (139.199.113.2): 3 Time(s)
       unknown (185.117.74.70): 3 Time(s)
       unknown (221.122.73.130): 3 Time(s)
       root (128.199.123.170): 2 Time(s)
       root (154.118.141.90): 2 Time(s)
       root (173-23-225-40.client.mchsi.com): 2 Time(s)
       root (187.216.127.147): 2 Time(s)
       root (ns3003663.ip-37-187-19.eu): 2 Time(s)
       unknown (222.175.125.66): 2 Time(s)
       unknown (61.39.60.178.static.reverse-mundo-r.com): 2 Time(s)
       unknown (lfbn-1-13813-234.w90-3.abo.wanadoo.fr): 2 Time(s)
       backup (146.185.148.7): 1 Time(s)
       backup (187.216.127.147): 1 Time(s)
       backup (201.90.79.194): 1 Time(s)
       bin (195.145.112.253): 1 Time(s)
       games (222.ip-51-255-173.eu): 1 Time(s)
       jan (oc-140-86-12-31.compute.oraclecloud.com): 1 Time(s)
       lp (ns3133492.ip-51-75-243.eu): 1 Time(s)
       mysql (132.232.1.47): 1 Time(s)
       mysql (ip151.ip-66-70-130.net): 1 Time(s)
       postgres (103.15.106.120): 1 Time(s)
       postgres (165.227.212.99): 1 Time(s)
       postgres (168.194.163.66): 1 Time(s)
       postgres (190.9.130.159): 1 Time(s)
       postgres (ns207822.ip-94-23-215.eu): 1 Time(s)
       root (105.226.67.182): 1 Time(s)
       root (106.13.44.83): 1 Time(s)
       root (112.85.42.172): 1 Time(s)
       root (113.108.140.114): 1 Time(s)
       root (118.25.96.30): 1 Time(s)
       root (132.232.1.62): 1 Time(s)
       root (139.59.68.135): 1 Time(s)
       root (14.18.100.90): 1 Time(s)
       root (145.187.29.93.rev.sfr.net): 1 Time(s)
       root (148.216.17.35): 1 Time(s)
       root (157.230.230.181): 1 Time(s)
       root (168.194.140.130): 1 Time(s)
       root (188.166.251.87): 1 Time(s)
       root (201.249.89.102): 1 Time(s)
       root (202.155.234.28): 1 Time(s)
       root (218.92.0.155): 1 Time(s)
       root (218.92.0.178): 1 Time(s)
       root (40.ip-176-31-172.eu): 1 Time(s)
       root (45.71.244.2): 1 Time(s)
       root (74.208.27.191): 1 Time(s)
       root (74.63.226.142): 1 Time(s)
       root (catv-86-101-56-141.catv.broadband.hu): 1 Time(s)
       root (cpe-74-141-211-210.kya.res.rr.com): 1 Time(s)
       root (neuronia.psybnc.org): 1 Time(s)
       sync (106.13.44.83): 1 Time(s)
       temp (139.59.68.135): 1 Time(s)
       unknown (103.17.55.200): 1 Time(s)
       unknown (103.23.100.87): 1 Time(s)
       unknown (115.254.63.51): 1 Time(s)
       unknown (118-163-193-82.hinet-ip.hinet.net): 1 Time(s)
       unknown (131.221.80.150): 1 Time(s)
       unknown (156.213.31.219): 1 Time(s)
       unknown (193.32.163.182): 1 Time(s)
       unknown (211.38.244.205): 1 Time(s)
       unknown (219.142.28.206): 1 Time(s)
       unknown (87.255.205.22): 1 Time(s)
       unknown (host81-130-161-44.in-addr.btopenworld.com): 1 Time(s)
       unknown (lputeaux-657-1-142-172.w193-248.abo.wanadoo.fr): 1 Time(s)
       unknown (ns356732.ip-91-121-142.eu): 1 Time(s)
       www-data (188.166.251.87): 1 Time(s)
    Invalid Users:
       Unknown Account: 865 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       16   Miscellaneous warnings  
 
   13.789K  Bytes accepted                              14,120
   13.789K  Bytes sent via SMTP                         14,120
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        4   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        4   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      169   Connections             
      134   Connections lost (inbound) 
      169   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   SMTP dialog errors      
       14   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 3 Time(s)
 
 Failed logins from:
    14.18.100.90: 1 time
    37.187.19.222 (ns3003663.ip-37-187-19.eu): 2 times
    37.187.178.245 (neuronia.psybnc.org): 1 time
    45.71.244.2: 1 time
    51.75.243.22 (ns3133492.ip-51-75-243.eu): 1 time
    51.255.173.222 (222.ip-51-255-173.eu): 1 time
    61.147.62.79: 6 times
    66.70.130.151 (ip151.ip-66-70-130.net): 1 time
    74.63.226.142 (142-226-63-74.static.reverse.lstn.net): 1 time
    74.141.211.210 (cpe-74-141-211-210.kya.res.rr.com): 1 time
    74.208.27.191: 1 time
    86.101.56.141 (catv-86-101-56-141.catv.broadband.hu): 1 time
    93.29.187.145 (145.187.29.93.rev.sfr.net): 1 time
    94.23.215.158 (ns207822.ip-94-23-215.eu): 1 time
    103.15.106.120: 1 time
    105.226.67.182 (67-226-105-182.north.dsl.telkomsa.net): 1 time
    106.13.44.83: 2 times
    112.85.42.172: 3 times
    113.108.140.114: 1 time
    118.25.96.30: 1 time
    128.199.123.170: 2 times
    132.232.1.47: 1 time
    132.232.1.62: 1 time
    139.59.68.135: 2 times
    140.86.12.31 (oc-140-86-12-31.compute.oraclecloud.com): 1 time
    146.185.148.7: 1 time
    148.216.17.35: 1 time
    154.118.141.90: 2 times
    157.230.230.181: 1 time
    165.227.212.99: 1 time
    168.194.140.130: 1 time
    168.194.163.66 (66.163.194.168.rfc6598.dynamic.copelfibra.com.br): 1 time
    173.23.225.40 (173-23-225-40.client.mchsi.com): 2 times
    176.31.172.40 (40.ip-176-31-172.eu): 1 time
    187.216.127.147 (customer-187-216-127-147.uninet-ide.com.mx): 3 times
    188.166.251.87: 2 times
    190.9.130.159: 1 time
    195.145.112.253 (mail.softfair.de): 1 time
    201.90.79.194: 1 time
    201.249.89.102 (201.249.89-102.estatic.cantv.net): 1 time
    202.51.110.214 (private.ip.address): 3 times
    202.155.234.28: 1 time
    218.92.0.135: 6 times
    218.92.0.155: 3 times
    218.92.0.178: 2 times
    222.188.20.6: 6 times
 
 Illegal users from:
    undef: 648 times
    2.136.114.40 (40.red-2-136-114.staticip.rima-tde.net): 11 times
    13.126.141.8 (ec2-13-126-141-8.ap-south-1.compute.amazonaws.com): 12 times
    14.18.100.90: 7 times
    36.37.124.51: 9 times
    37.187.19.222 (ns3003663.ip-37-187-19.eu): 12 times
    37.187.178.245 (neuronia.psybnc.org): 12 times
    42.116.19.254: 6 times
    45.5.164.90: 6 times
    45.55.185.240 (ecoservice.dev): 11 times
    45.71.244.2: 12 times
    51.75.243.22 (ns3133492.ip-51-75-243.eu): 11 times
    51.75.251.33 (33.ip-51-75-251.eu): 12 times
    51.158.101.121 (121-101-158-51.rev.cloud.scaleway.com): 12 times
    51.255.173.222 (222.ip-51-255-173.eu): 12 times
    66.70.130.151 (ip151.ip-66-70-130.net): 12 times
    67.181.23.144 (c-67-181-23-144.hsd1.ca.comcast.net): 6 times
    68.41.220.194 (c-68-41-220-194.hsd1.mi.comcast.net): 12 times
    68.183.22.86: 12 times
    74.63.226.142 (142-226-63-74.static.reverse.lstn.net): 20 times
    74.141.211.210 (cpe-74-141-211-210.kya.res.rr.com): 8 times
    77.81.188.37: 11 times
    81.130.161.44 (host81-130-161-44.in-addr.btopenworld.com): 1 time
    82.166.93.77 (82-166-93-77.barak-online.net): 12 times
    84.168.59.19 (p54A83B13.dip0.t-ipconnect.de): 14 times
    86.101.56.141 (catv-86-101-56-141.catv.broadband.hu): 11 times
    87.255.205.22: 1 time
    88.12.27.44 (44.red-88-12-27.staticip.rima-tde.net): 13 times
    90.3.202.234 (lfbn-1-13813-234.w90-3.abo.wanadoo.fr): 2 times
    91.121.142.225 (ns356732.ip-91-121-142.eu): 1 time
    93.29.187.145 (145.187.29.93.rev.sfr.net): 14 times
    94.224.235.166 (94-224-235-166.access.telenet.be): 12 times
    103.15.106.120: 12 times
    103.17.55.200: 1 time
    103.23.100.87 (87.subnet-103.23.100.host.unnes.ac.id): 1 time
    105.226.67.182 (67-226-105-182.north.dsl.telkomsa.net): 14 times
    106.12.194.207: 12 times
    106.13.44.83: 11 times
    113.108.140.114: 3 times
    114.112.81.180: 12 times
    115.254.63.51: 1 time
    118.25.96.30: 8 times
    118.69.128.22: 6 times
    118.163.193.82 (118-163-193-82.HINET-IP.hinet.net): 1 time
    123.20.225.230: 5 times
    128.199.123.170: 12 times
    129.150.172.40 (oc-129-150-172-40.compute.oraclecloud.com): 12 times
    131.221.80.150: 1 time
    132.232.1.47: 12 times
    132.232.1.62: 12 times
    132.232.45.138: 13 times
    134.175.111.215: 12 times
    134.209.157.62: 14 times
    139.59.68.135: 12 times
    139.199.113.2: 3 times
    140.86.12.31 (oc-140-86-12-31.compute.oraclecloud.com): 9 times
    146.185.148.7: 13 times
    148.70.76.34: 12 times
    148.216.17.35: 14 times
    154.118.141.90: 12 times
    156.213.31.219 (host-156.213.219.31-static.tedata.net): 1 time
    157.230.230.181: 12 times
    165.227.212.99: 9 times
    168.194.140.130: 9 times
    168.194.163.66 (66.163.194.168.rfc6598.dynamic.copelfibra.com.br): 8 times
    173.23.225.40 (173-23-225-40.client.mchsi.com): 24 times
    175.212.197.73: 12 times
    176.31.172.40 (40.ip-176-31-172.eu): 11 times
    178.22.122.234: 12 times
    178.60.39.61 (61.39.60.178.static.reverse-mundo-r.com): 2 times
    178.128.107.164: 6 times
    185.117.74.70 (dedi46883-4.hostsailor.com): 3 times
    187.216.127.147 (customer-187-216-127-147.uninet-ide.com.mx): 11 times
    188.80.254.163 (bl15-254-163.dsl.telepac.pt): 17 times
    188.166.251.87: 10 times
    189.7.121.28 (bd07791c.virtua.com.br): 12 times
    190.9.130.159: 9 times
    190.221.50.90 (host89.190-221-50.telmex.net.ar): 12 times
    193.32.163.182 (hosting-by.cloud-home.me): 1 time
    193.248.201.172 (lputeaux-657-1-142-172.w193-248.abo.wanadoo.fr): 1 time
    194.170.156.9: 12 times
    195.145.112.253 (mail.softfair.de): 11 times
    201.249.89.102 (201.249.89-102.estatic.cantv.net): 27 times
    202.51.110.214 (private.ip.address): 11 times
    202.155.234.28: 29 times
    206.189.142.10 (vinuth.tulasi): 12 times
    206.189.232.29: 8 times
    211.38.244.205: 1 time
    219.142.28.206 (206.28.142.219.broad.bj.bj.dynamic.163data.com.cn): 1 time
    221.122.73.130 (mx-lt49-130.meituan.com): 3 times
    221.148.45.168: 9 times
    222.175.125.66: 2 times
 
 **Unmatched Entries**
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016