Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 8 Oktober 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Oct  8 04:42:05 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-07 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 79:80 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 8 sites probed the server 
    107.189.6.44
    161.35.230.183
    180.214.239.44
    186.4.171.93
    199.195.248.54
    199.195.253.71
    20.89.159.109
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       null: 8 Time(s)
       /config/getuser?index=0: 5 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
       /.env: 1 Time(s)
       /robots.txt: 1 Time(s)
       /socket.io/?noteId=siegen17_ak_wissenschaf ... HIRmfrGyaPhAABt: 1 Time(s)
       /socket.io/?noteId=siegen17_ak_wissenschaf ... UAc7GRgvaA7AABu: 1 Time(s)
       /socket.io/?noteId=siegen17_ak_wissenschaf ... fQrmw1trfMjAABs: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
    499 (undefined)
       /socket.io/?noteId=siegen17_ak_wissenschaf ... HIRmfrGyaPhAABt: 1 Time(s)
       /socket.io/?noteId=siegen17_ak_wissenschaf ... UAc7GRgvaA7AABu: 1 Time(s)
       /socket.io/?noteId=siegen17_ak_wissenschaf ... ayL8h7horB1AABv: 1 Time(s)
       /socket.io/?noteId=siegen17_ak_wissenschaf ... fQrmw1trfMjAABs: 1 Time(s)
    500 Internal Server Error
       /: 28 Time(s)
       /.env: 5 Time(s)
       /GponForm/diag_Form?style/: 4 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /robots.txt: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       //login_sid.lua: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /console/: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (167.172.69.31): 61 Time(s)
       root (180.33.245.35.bc.googleusercontent.com): 51 Time(s)
       unknown (2.236.48.32): 44 Time(s)
       root (191.31.104.17): 40 Time(s)
       root (124.137.205.59): 38 Time(s)
       root (49.232.110.250): 37 Time(s)
       root (201.11.70.28): 36 Time(s)
       root (49.232.148.48): 36 Time(s)
       root (122.51.27.41): 35 Time(s)
       root (203.195.220.117): 35 Time(s)
       root (49.232.105.118): 35 Time(s)
       root (81.68.215.204): 35 Time(s)
       root (81.68.81.31): 35 Time(s)
       root (117.232.127.51): 34 Time(s)
       root (121.4.141.7): 34 Time(s)
       root (159.75.23.229): 34 Time(s)
       root (49.232.31.218): 34 Time(s)
       root (85.185.161.202): 34 Time(s)
       root (111.230.195.170): 33 Time(s)
       root (118.89.70.169): 33 Time(s)
       root (129.211.49.17): 33 Time(s)
       root (49.233.183.141): 32 Time(s)
       root (107.182.27.2.16clouds.com): 31 Time(s)
       root (109.122.220.34): 31 Time(s)
       root (134.175.21.43): 31 Time(s)
       root (81.69.35.30): 31 Time(s)
       root (106.52.59.65): 30 Time(s)
       root (49.234.88.132): 30 Time(s)
       root (120.53.121.152): 29 Time(s)
       root (rub247.fo00.cn.interbusiness.it): 29 Time(s)
       unknown (94.191.60.181): 29 Time(s)
       root (106.53.209.243): 27 Time(s)
       root (129.211.36.161): 27 Time(s)
       root (14.5.12.34): 27 Time(s)
       root (181.143.81.52): 27 Time(s)
       root (45.40.199.207): 27 Time(s)
       root (120.52.93.191): 26 Time(s)
       root (114.255.252.30): 25 Time(s)
       unknown (167.172.69.31): 25 Time(s)
       root (177.144.185.31): 24 Time(s)
       root (122.51.77.182): 23 Time(s)
       root (118.24.38.117): 22 Time(s)
       unknown (180.33.245.35.bc.googleusercontent.com): 22 Time(s)
       unknown (45.40.199.207): 22 Time(s)
       root (190.145.12.233): 21 Time(s)
       root (201.72.190.98): 21 Time(s)
       root (203.172.76.4): 21 Time(s)
       root (250-72-182-201.provedornetlux.com.br): 21 Time(s)
       unknown (rub247.fo00.cn.interbusiness.it): 21 Time(s)
       root (mbl-109-61-121.dsl.net.pk): 20 Time(s)
       unknown (120.53.121.152): 20 Time(s)
       unknown (250-72-182-201.provedornetlux.com.br): 20 Time(s)
       root (1.14.72.164): 19 Time(s)
       root (42.192.234.117): 19 Time(s)
       unknown (81.69.35.30): 19 Time(s)
       root (167.99.243.48): 18 Time(s)
       root (170.84.184.22): 18 Time(s)
       unknown (106.52.59.65): 18 Time(s)
       unknown (129.211.49.17): 18 Time(s)
       unknown (66.98.113.244.16clouds.com): 18 Time(s)
       root (94.191.60.181): 17 Time(s)
       unknown (111.230.195.170): 17 Time(s)
       unknown (134.175.21.43): 17 Time(s)
       root (81.70.178.224): 16 Time(s)
       unknown (107.182.27.2.16clouds.com): 16 Time(s)
       unknown (117.232.127.51): 16 Time(s)
       unknown (118.89.70.169): 16 Time(s)
       unknown (49.232.31.218): 16 Time(s)
       unknown (49.234.88.132): 16 Time(s)
       root (1.117.143.185): 15 Time(s)
       root (103.102.153.143): 15 Time(s)
       root (49.234.201.237): 15 Time(s)
       root (66.98.113.244.16clouds.com): 15 Time(s)
       unknown (122.51.27.41): 15 Time(s)
       unknown (129.211.36.161): 15 Time(s)
       unknown (159.75.23.229): 15 Time(s)
       unknown (81.68.81.31): 15 Time(s)
       unknown (106.53.209.243): 14 Time(s)
       unknown (109.122.220.34): 14 Time(s)
       unknown (121.4.141.7): 14 Time(s)
       unknown (122.51.77.182): 14 Time(s)
       unknown (201.11.70.28): 14 Time(s)
       unknown (49.233.183.141): 14 Time(s)
       unknown (85.185.161.202): 14 Time(s)
       unknown (203.195.220.117): 13 Time(s)
       unknown (49.232.105.118): 13 Time(s)
       unknown (49.232.110.250): 13 Time(s)
       unknown (81.68.215.204): 13 Time(s)
       root (132.232.105.237): 12 Time(s)
       root (177.144.187.98): 12 Time(s)
       unknown (124.137.205.59): 12 Time(s)
       root (179.43.175.26): 11 Time(s)
       root (58.57.15.29): 11 Time(s)
       unknown (132.232.105.237): 11 Time(s)
       unknown (177.144.185.31): 11 Time(s)
       unknown (49.232.148.48): 11 Time(s)
       root (200.49.37.68): 10 Time(s)
       root (vmi687767.contaboserver.net): 10 Time(s)
       unknown (1.117.143.185): 10 Time(s)
       unknown (1.14.72.164): 10 Time(s)
       unknown (170.84.184.22): 10 Time(s)
       unknown (191.31.104.17): 10 Time(s)
       unknown (49.234.201.237): 10 Time(s)
       unknown (118.24.38.117): 9 Time(s)
       unknown (81.70.178.224): 9 Time(s)
       unknown (114.255.252.30): 8 Time(s)
       unknown (181.143.81.52): 8 Time(s)
       unknown (190.145.12.233): 8 Time(s)
       unknown (42.192.234.117): 8 Time(s)
       unknown (mbl-109-61-121.dsl.net.pk): 8 Time(s)
       unknown (14.5.12.34): 7 Time(s)
       unknown (201.72.190.98): 7 Time(s)
       unknown (58.57.15.29): 7 Time(s)
       root (139.59.92.135): 6 Time(s)
       root (srv240-vps-st.jino.ru): 6 Time(s)
       unknown (103.102.153.143): 6 Time(s)
       unknown (176.111.173.237): 6 Time(s)
       unknown (203.172.76.4): 6 Time(s)
       unknown (120.52.93.191): 5 Time(s)
       root (181.49.2.43): 4 Time(s)
       root (221.0.94.20): 4 Time(s)
       unknown (176.111.173.238): 4 Time(s)
       unknown (179.43.175.26): 4 Time(s)
       unknown (200.49.37.68): 4 Time(s)
       unknown (vmi687767.contaboserver.net): 4 Time(s)
       root (119.29.10.203): 3 Time(s)
       unknown (139.59.92.135): 3 Time(s)
       unknown (141.98.10.60): 3 Time(s)
       unknown (199.195.251.49): 3 Time(s)
       unknown (51.15.197.4): 3 Time(s)
       unknown (141.98.10.121): 2 Time(s)
       unknown (141.98.10.81): 2 Time(s)
       unknown (141.98.10.82): 2 Time(s)
       unknown (177.144.187.98): 2 Time(s)
       unknown (188.126.89.154): 2 Time(s)
       unknown (205.185.121.149): 2 Time(s)
       unknown (45.135.232.159): 2 Time(s)
       unknown (45.93.201.148): 2 Time(s)
       unknown (81.25.152.154): 2 Time(s)
       unknown (smtp15.walkertexas.de): 2 Time(s)
       backup (94.191.60.181): 1 Time(s)
       mysql (45.135.232.159): 1 Time(s)
       news (94.191.60.181): 1 Time(s)
       postgres (167.172.69.31): 1 Time(s)
       root (112.33.16.34): 1 Time(s)
       root (120.239.57.74): 1 Time(s)
       root (2.236.48.32): 1 Time(s)
       root (42.192.84.124): 1 Time(s)
       root (51.15.197.4): 1 Time(s)
       root (58.222.107.253): 1 Time(s)
       sys (49.232.148.48): 1 Time(s)
       unknown (111.10.24.147): 1 Time(s)
       unknown (116.52.1.214): 1 Time(s)
       unknown (119.29.10.203): 1 Time(s)
       unknown (124.202.180.190): 1 Time(s)
       unknown (181.49.2.43): 1 Time(s)
       unknown (185.220.102.243): 1 Time(s)
       unknown (185.247.225.61): 1 Time(s)
       unknown (190.107.170.22): 1 Time(s)
       unknown (192.42.116.16): 1 Time(s)
       unknown (221.0.94.20): 1 Time(s)
       unknown (36.80.48.9): 1 Time(s)
       unknown (45.153.160.133): 1 Time(s)
       unknown (45.153.160.135): 1 Time(s)
       unknown (45.153.160.2): 1 Time(s)
       unknown (5.2.73.66): 1 Time(s)
       unknown (85.202.80.35): 1 Time(s)
       www-data (107.182.27.2.16clouds.com): 1 Time(s)
       www-data (45.93.201.148): 1 Time(s)
    Invalid Users:
       Unknown Account: 861 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

       12   Miscellaneous warnings  
 
   23.861K  Bytes accepted                              24,434
   23.861K  Bytes sent via SMTP                         24,434
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        1   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        1   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       94   Connections             
       74   Connections lost (inbound) 
       94   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.14.72.164: 19 times
    1.117.143.185: 15 times
    2.236.48.32: 1 time
    14.5.12.34: 27 times
    35.245.33.180 (180.33.245.35.bc.googleusercontent.com): 51 times
    42.192.84.124: 1 time
    42.192.234.117: 19 times
    45.40.199.207: 27 times
    45.93.201.148: 1 time
    45.135.232.159: 1 time
    49.232.31.218: 34 times
    49.232.105.118: 35 times
    49.232.110.250: 37 times
    49.232.148.48: 37 times
    49.233.183.141: 32 times
    49.234.88.132: 30 times
    49.234.201.237: 15 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 1 time
    58.57.15.29: 11 times
    58.222.107.253: 1 time
    66.98.113.244 (66.98.113.244.16clouds.com): 15 times
    81.68.81.31: 35 times
    81.68.215.204: 35 times
    81.69.35.30: 31 times
    81.70.178.224: 16 times
    81.177.136.204 (srv240-vps-st.jino.ru): 6 times
    85.185.161.202: 34 times
    94.191.60.181: 19 times
    103.102.153.143 (goldenfast.net): 15 times
    106.52.59.65: 30 times
    106.53.209.243: 27 times
    107.182.27.2 (107.182.27.2.16clouds.com): 32 times
    109.122.220.34: 31 times
    111.230.195.170: 33 times
    112.33.16.34: 1 time
    114.255.252.30: 25 times
    117.232.127.51: 34 times
    118.24.38.117: 22 times
    118.89.70.169: 33 times
    119.29.10.203: 3 times
    120.52.93.191: 26 times
    120.53.121.152: 29 times
    120.239.57.74: 1 time
    121.4.141.7: 34 times
    122.51.27.41: 35 times
    122.51.77.182: 23 times
    124.109.61.121 (mbl-109-61-121.dsl.net.pk): 20 times
    124.137.205.59: 38 times
    129.211.36.161: 27 times
    129.211.49.17: 33 times
    132.232.105.237: 12 times
    134.175.21.43: 31 times
    139.59.92.135 (printasia.in): 6 times
    159.75.23.229: 34 times
    167.99.243.48: 18 times
    167.172.69.31: 62 times
    170.84.184.22: 18 times
    177.144.185.31 (177-144-185-31.user.vivozap.com.br): 24 times
    177.144.187.98 (177-144-187-98.user.vivozap.com.br): 12 times
    179.43.175.26: 11 times
    181.49.2.43: 4 times
    181.143.81.52 (static-181-143-81-52.une.net.co): 27 times
    190.145.12.233: 21 times
    191.31.104.17 (191.31.104.17.static.gvt.net.br): 40 times
    194.163.142.182 (vmi687767.contaboserver.net): 10 times
    194.184.245.247 (rub247.fo00.cn.interbusiness.it): 29 times
    200.49.37.68: 10 times
    201.11.70.28: 36 times
    201.72.190.98: 21 times
    201.182.72.250 (250-72-182-201.provedornetlux.com.br): 21 times
    203.172.76.4 (reverse-203-172-76-4.csloxinfo.net): 21 times
    203.195.220.117: 35 times
    221.0.94.20: 4 times
 
 Illegal users from:
    undef: 572 times
    1.14.72.164: 10 times
    1.117.143.185: 10 times
    2.236.48.32: 44 times
    5.2.73.66: 1 time
    14.5.12.34: 7 times
    35.245.33.180 (180.33.245.35.bc.googleusercontent.com): 22 times
    36.80.48.9: 1 time
    42.192.234.117: 8 times
    45.40.199.207: 22 times
    45.93.201.148: 2 times
    45.135.232.159: 2 times
    45.153.160.2: 1 time
    45.153.160.133: 1 time
    45.153.160.135: 1 time
    49.232.31.218: 16 times
    49.232.105.118: 13 times
    49.232.110.250: 13 times
    49.232.148.48: 11 times
    49.233.183.141: 14 times
    49.234.88.132: 16 times
    49.234.201.237: 10 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 3 times
    58.57.15.29: 7 times
    65.49.20.67 (scan-18.shadowserver.org): 1 time
    66.98.113.244 (66.98.113.244.16clouds.com): 18 times
    81.25.152.154 (81-25-152-154.junet.se): 2 times
    81.68.81.31: 15 times
    81.68.215.204: 13 times
    81.69.35.30: 19 times
    81.70.178.224: 9 times
    85.185.161.202: 14 times
    85.202.80.35: 1 time
    94.191.60.181: 29 times
    103.102.153.143 (goldenfast.net): 6 times
    106.52.59.65: 18 times
    106.53.209.243: 14 times
    107.182.27.2 (107.182.27.2.16clouds.com): 16 times
    109.122.220.34: 14 times
    111.10.24.147: 1 time
    111.230.195.170: 17 times
    114.255.252.30: 8 times
    116.52.1.214: 1 time
    117.232.127.51: 16 times
    118.24.38.117: 9 times
    118.89.70.169: 16 times
    119.29.10.203: 1 time
    120.52.93.191: 5 times
    120.53.121.152: 20 times
    121.4.141.7: 14 times
    122.51.27.41: 15 times
    122.51.77.182: 14 times
    124.109.61.121 (mbl-109-61-121.dsl.net.pk): 9 times
    124.137.205.59: 12 times
    124.202.180.190: 1 time
    129.211.36.161: 15 times
    129.211.49.17: 18 times
    132.232.105.237: 11 times
    134.175.21.43: 17 times
    139.59.92.135 (printasia.in): 3 times
    141.98.10.60: 3 times
    141.98.10.81: 2 times
    141.98.10.82: 2 times
    141.98.10.121: 2 times
    159.75.23.229: 15 times
    167.172.69.31: 25 times
    170.84.184.22: 10 times
    176.111.173.237: 6 times
    176.111.173.238: 4 times
    177.144.185.31 (177-144-185-31.user.vivozap.com.br): 11 times
    177.144.187.98 (177-144-187-98.user.vivozap.com.br): 2 times
    178.73.215.171 (178-73-215-171-static.glesys.net): 1 time
    179.43.175.26: 4 times
    181.49.2.43: 1 time
    181.143.81.52 (static-181-143-81-52.une.net.co): 8 times
    185.220.102.243 (185-220-102-243.torservers.net): 1 time
    185.247.225.61: 1 time
    188.126.89.154: 2 times
    190.107.170.22: 1 time
    190.145.12.233: 8 times
    191.31.104.17 (191.31.104.17.static.gvt.net.br): 10 times
    192.42.116.16 (tor-exit.hartvoorinternetvrijheid.nl): 1 time
    194.163.142.182 (vmi687767.contaboserver.net): 4 times
    194.184.245.247 (rub247.fo00.cn.interbusiness.it): 21 times
    199.195.251.49: 3 times
    200.49.37.68: 4 times
    201.11.70.28: 14 times
    201.72.190.98: 7 times
    201.182.72.250 (250-72-182-201.provedornetlux.com.br): 20 times
    203.172.76.4 (reverse-203-172-76-4.csloxinfo.net): 6 times
    203.195.220.117: 13 times
    205.185.118.82 (smtp15.walkertexas.de): 2 times
    205.185.121.149: 2 times
    221.0.94.20: 1 time
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016