Logwatch for h2361197.stratoserver.net (Linux)

Samstag, 9 Oktober 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sat Oct  9 04:42:05 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-08 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 79:78 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 10 sites probed the server 
    120.85.172.72
    142.93.219.241
    162.62.117.51
    185.142.236.36
    198.98.56.220
    209.141.56.41
    34.86.35.25
    68.183.178.53
    71.6.167.142
    91.132.58.50
 
 Requests with error response codes
    400 Bad Request
       null: 11 Time(s)
       mstshash=Administr: 5 Time(s)
       /: 4 Time(s)
       /config/getuser?index=0: 2 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s)
       /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... WScbbRNnUseAABw: 1 Time(s)
       /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... iQrXskvq0-0AABy: 1 Time(s)
       /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... kN-zJc7JqYNAABx: 1 Time(s)
       jz\x03\xC7\x80\xEA\xB9K\x1B\x1B\xEE\xC2\xD ... x09\xC0\x14\xC0: 1 Time(s)
    499 (undefined)
       /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... WScbbRNnUseAABw: 1 Time(s)
       /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... iQrXskvq0-0AABy: 1 Time(s)
       /socket.io/?noteId=uAPQnP-nRVmrMa1L4sp2jQ& ... kN-zJc7JqYNAABx: 1 Time(s)
    500 Internal Server Error
       /: 68 Time(s)
       /.env: 6 Time(s)
       /GponForm/diag_Form?style/: 2 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /favicon.ico: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /.well-known/security.txt: 1 Time(s)
       ///remote/fgt_lang?lang=/../../../..//////////dev/: 1 Time(s)
       //login_sid.lua: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /cms/wp-login.php: 1 Time(s)
       /console/: 1 Time(s)
       /en/wp-login.php: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /news/wp-login.php: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /robots.txt: 1 Time(s)
       /robots.txt/: 1 Time(s)
       /site/wp-login.php: 1 Time(s)
       /test/wp-login.php: 1 Time(s)
       /web/wp-login.php: 1 Time(s)
       /wordpress/wp-login.php: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
       /wp-login.php: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (115.248.153.89): 46 Time(s)
       root (121.18.88.186): 39 Time(s)
       root (81.68.123.185): 37 Time(s)
       root (188.166.22.79): 36 Time(s)
       root (45.128.75.150): 36 Time(s)
       root (119.29.10.203): 35 Time(s)
       root (125.124.5.221): 35 Time(s)
       root (203.162.54.243): 35 Time(s)
       root (61.82.54.57): 35 Time(s)
       root (1.15.25.243): 34 Time(s)
       root (122.51.220.15): 34 Time(s)
       root (45.43.57.225): 34 Time(s)
       root (121.4.131.79): 32 Time(s)
       root (159.75.91.89): 32 Time(s)
       root (42.192.54.145): 32 Time(s)
       root (52.184.91.79): 32 Time(s)
       root (81.68.157.155): 32 Time(s)
       root (103.168.150.5): 31 Time(s)
       root (42.192.84.124): 30 Time(s)
       root (217.74.44.204): 29 Time(s)
       root (49.232.148.48): 29 Time(s)
       root (52.183.128.237): 28 Time(s)
       root (101.231.146.34): 26 Time(s)
       root (146.56.235.195): 26 Time(s)
       root (119.45.37.230): 25 Time(s)
       root (211.169.228.35.bc.googleusercontent.com): 25 Time(s)
       unknown (52.183.128.237): 22 Time(s)
       root (119.84.128.24): 21 Time(s)
       root (132.255.253.49): 21 Time(s)
       root (49.234.42.234): 21 Time(s)
       root (189.222.220.139.dsl.dyn.telnor.net): 20 Time(s)
       unknown (217.74.44.204): 20 Time(s)
       root (1.117.143.185): 18 Time(s)
       root (111.206.4.222): 18 Time(s)
       root (182.135.64.12): 18 Time(s)
       unknown (42.192.54.145): 18 Time(s)
       unknown (52.184.91.79): 18 Time(s)
       root (182.254.220.148): 17 Time(s)
       unknown (h2821125.stratoserver.net): 17 Time(s)
       root (128.199.90.55): 16 Time(s)
       unknown (121.4.131.79): 16 Time(s)
       root (h2821125.stratoserver.net): 15 Time(s)
       unknown (159.75.91.89): 15 Time(s)
       unknown (45.43.57.225): 15 Time(s)
       unknown (49.232.148.48): 15 Time(s)
       unknown (61.82.54.57): 15 Time(s)
       unknown (81.68.157.155): 15 Time(s)
       unknown (82.166.147.151): 15 Time(s)
       root (82.166.147.151): 14 Time(s)
       unknown (1.15.25.243): 14 Time(s)
       unknown (122.51.220.15): 14 Time(s)
       unknown (125.124.5.221): 14 Time(s)
       unknown (146.56.235.195): 14 Time(s)
       unknown (188.166.22.79): 14 Time(s)
       unknown (211.169.228.35.bc.googleusercontent.com): 14 Time(s)
       unknown (42.192.84.124): 14 Time(s)
       unknown (45.128.75.150): 14 Time(s)
       root (221.0.94.20): 13 Time(s)
       root (66.98.113.244.16clouds.com): 13 Time(s)
       unknown (159.203.111.100): 13 Time(s)
       unknown (49.234.42.234): 13 Time(s)
       unknown (81.68.123.185): 13 Time(s)
       unknown (103.168.150.5): 12 Time(s)
       unknown (115.248.153.89): 12 Time(s)
       unknown (119.29.10.203): 11 Time(s)
       unknown (121.18.88.186): 11 Time(s)
       unknown (119.45.37.230): 9 Time(s)
       unknown (119.84.128.24): 9 Time(s)
       unknown (203.162.54.243): 9 Time(s)
       root (89.17.63.85): 8 Time(s)
       unknown (101.231.146.34): 8 Time(s)
       unknown (141.98.10.82): 8 Time(s)
       unknown (182.135.64.12): 8 Time(s)
       unknown (182.254.220.148): 8 Time(s)
       unknown (189.222.220.139.dsl.dyn.telnor.net): 8 Time(s)
       unknown (89.17.63.85): 8 Time(s)
       unknown (1.117.143.185): 7 Time(s)
       unknown (111.206.4.222): 7 Time(s)
       unknown (128.199.90.55): 7 Time(s)
       unknown (167.172.69.31): 7 Time(s)
       unknown (176.111.173.218): 7 Time(s)
       unknown (51.15.197.4): 7 Time(s)
       root (113.106.162.114): 6 Time(s)
       root (117.248.249.70): 6 Time(s)
       root (159.203.111.100): 6 Time(s)
       root (167.172.69.31): 6 Time(s)
       root (52.131.246.255): 6 Time(s)
       unknown (132.255.253.49): 6 Time(s)
       unknown (221.0.94.20): 6 Time(s)
       unknown (2.236.48.32): 5 Time(s)
       unknown (116.117.157.69): 4 Time(s)
       unknown (141.98.10.81): 4 Time(s)
       unknown (212.193.30.101): 4 Time(s)
       unknown (212.193.30.64): 4 Time(s)
       unknown (66.98.113.244.16clouds.com): 4 Time(s)
       unknown (106.12.202.192): 3 Time(s)
       unknown (141.98.10.60): 3 Time(s)
       unknown (176.111.173.238): 3 Time(s)
       unknown (199.195.251.49): 3 Time(s)
       unknown (52.131.246.255): 3 Time(s)
       root (45.155.204.39): 2 Time(s)
       root (49.233.183.141): 2 Time(s)
       root (51.15.197.4): 2 Time(s)
       unknown (176.111.173.237): 2 Time(s)
       unknown (181.93.216.186): 2 Time(s)
       unknown (183.104.206.223): 2 Time(s)
       unknown (205.185.121.149): 2 Time(s)
       unknown (209.141.53.99): 2 Time(s)
       unknown (31.202.97.15): 2 Time(s)
       unknown (47-186-103-61.dlls.tx.frontiernet.net): 2 Time(s)
       unknown (81.17.18.61): 2 Time(s)
       unknown (h2544445.stratoserver.net): 2 Time(s)
       bin (167.172.69.31): 1 Time(s)
       postgres (217.74.44.204): 1 Time(s)
       root (103.133.57.250): 1 Time(s)
       root (106.12.202.192): 1 Time(s)
       root (106.58.169.162): 1 Time(s)
       root (116.117.157.69): 1 Time(s)
       root (117.22.230.94): 1 Time(s)
       root (119.29.168.177): 1 Time(s)
       root (151.69.90.144): 1 Time(s)
       root (176.111.173.218): 1 Time(s)
       root (222.178.122.85): 1 Time(s)
       root (45.135.232.159): 1 Time(s)
       root (49.232.214.23): 1 Time(s)
       sshd (45.135.232.159): 1 Time(s)
       temp (45.43.57.225): 1 Time(s)
       unknown (106.12.155.22): 1 Time(s)
       unknown (185.129.61.3): 1 Time(s)
       unknown (185.247.225.55): 1 Time(s)
       unknown (186.42.173.67): 1 Time(s)
       unknown (188.126.89.149): 1 Time(s)
       unknown (212.193.30.32): 1 Time(s)
       unknown (45.135.232.159): 1 Time(s)
       unknown (45.155.204.39): 1 Time(s)
       unknown (49.232.214.23): 1 Time(s)
       uucp (176.111.173.238): 1 Time(s)
    Invalid Users:
       Unknown Account: 594 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        3   Miscellaneous warnings  
 
   18.556K  Bytes accepted                              19,001
   18.556K  Bytes sent via SMTP                         19,001
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        4   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        4   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       53   Connections             
       25   Connections lost (inbound) 
       53   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   Illegal address syntax in SMTP command 
        1   SMTP dialog errors      
       13   Hostname verification errors (FCRDNS) 
        1   SMTP protocol violations 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 1 Time(s)
 
 Failed logins from:
    1.15.25.243: 34 times
    1.117.143.185: 18 times
    35.228.169.211 (211.169.228.35.bc.googleusercontent.com): 25 times
    42.192.54.145: 32 times
    42.192.84.124: 30 times
    45.43.57.225: 35 times
    45.128.75.150: 36 times
    45.135.232.159: 2 times
    45.155.204.39: 2 times
    49.232.148.48: 29 times
    49.232.214.23: 1 time
    49.233.183.141: 2 times
    49.234.42.234: 21 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 2 times
    52.131.246.255: 6 times
    52.183.128.237: 28 times
    52.184.91.79: 32 times
    61.82.54.57: 35 times
    66.98.113.244 (66.98.113.244.16clouds.com): 13 times
    81.68.123.185: 37 times
    81.68.157.155: 32 times
    81.169.200.132 (h2821125.stratoserver.net): 15 times
    82.166.147.151 (82-166-147-151.barak-online.net): 14 times
    89.17.63.85: 8 times
    101.231.146.34: 26 times
    103.133.57.250: 1 time
    103.168.150.5: 31 times
    106.12.202.192: 1 time
    106.58.169.162: 1 time
    111.206.4.222: 18 times
    113.106.162.114: 6 times
    115.248.153.89: 46 times
    116.117.157.69: 1 time
    117.22.230.94: 1 time
    117.248.249.70: 6 times
    119.29.10.203: 35 times
    119.29.168.177: 1 time
    119.45.37.230: 25 times
    119.84.128.24: 21 times
    121.4.131.79: 32 times
    121.18.88.186: 39 times
    122.51.220.15: 34 times
    125.124.5.221: 35 times
    128.199.90.55: 16 times
    132.255.253.49 (49.253.255.132.private.lvttelecom.com.br): 21 times
    146.56.235.195: 26 times
    151.69.90.144: 1 time
    159.75.91.89: 32 times
    159.203.111.100: 6 times
    167.172.69.31: 7 times
    176.111.173.218: 1 time
    176.111.173.238: 1 time
    182.135.64.12: 18 times
    182.254.220.148: 17 times
    188.166.22.79: 36 times
    189.222.220.139 (189.222.220.139.dsl.dyn.telnor.net): 20 times
    203.162.54.243 (static.vnpt.vn): 35 times
    217.74.44.204 (217.74.44.204): 30 times
    221.0.94.20: 13 times
    222.178.122.85: 1 time
 
 Illegal users from:
    undef: 394 times
    1.15.25.243: 14 times
    1.117.143.185: 7 times
    2.236.48.32: 5 times
    31.202.97.15 (31-202-97-15-kh.maxnet.ua): 2 times
    35.228.169.211 (211.169.228.35.bc.googleusercontent.com): 14 times
    42.192.54.145: 18 times
    42.192.84.124: 14 times
    45.43.57.225: 15 times
    45.128.75.150: 14 times
    45.135.232.159: 1 time
    45.155.204.39: 1 time
    47.186.103.61 (47-186-103-61.dlls.tx.frontiernet.net): 2 times
    49.232.148.48: 15 times
    49.232.214.23: 1 time
    49.234.42.234: 13 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 7 times
    52.131.246.255: 3 times
    52.183.128.237: 22 times
    52.184.91.79: 18 times
    61.82.54.57: 15 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    66.98.113.244 (66.98.113.244.16clouds.com): 4 times
    81.17.18.61 (block1-che.interlayer.co.uk): 2 times
    81.68.123.185: 13 times
    81.68.157.155: 15 times
    81.169.200.132 (h2821125.stratoserver.net): 17 times
    81.169.229.115 (h2544445.stratoserver.net): 2 times
    82.166.147.151 (82-166-147-151.barak-online.net): 15 times
    89.17.63.85: 8 times
    101.231.146.34: 8 times
    103.168.150.5: 12 times
    106.12.155.22: 1 time
    106.12.202.192: 3 times
    111.206.4.222: 7 times
    115.248.153.89: 12 times
    116.117.157.69: 4 times
    119.29.10.203: 11 times
    119.45.37.230: 9 times
    119.84.128.24: 9 times
    121.4.131.79: 16 times
    121.18.88.186: 11 times
    122.51.220.15: 14 times
    125.124.5.221: 14 times
    128.199.90.55: 7 times
    132.255.253.49 (49.253.255.132.private.lvttelecom.com.br): 6 times
    141.98.10.60: 3 times
    141.98.10.81: 4 times
    141.98.10.82: 8 times
    146.56.235.195: 14 times
    159.75.91.89: 15 times
    159.203.111.100: 13 times
    167.172.69.31: 7 times
    176.111.173.218: 7 times
    176.111.173.237: 2 times
    176.111.173.238: 3 times
    181.93.216.186 (host186.181-93-216.telecom.net.ar): 2 times
    182.135.64.12: 8 times
    182.254.220.148: 8 times
    183.104.206.223: 2 times
    185.129.61.3: 1 time
    185.247.225.55: 1 time
    186.42.173.67 (67.173.42.186.static.anycast.cnt-grms.ec): 1 time
    188.126.89.149: 1 time
    188.166.22.79: 14 times
    189.222.220.139 (189.222.220.139.dsl.dyn.telnor.net): 8 times
    199.195.251.49: 3 times
    203.162.54.243 (static.vnpt.vn): 9 times
    205.185.121.149: 2 times
    209.141.53.99 (abbrinym.com): 2 times
    212.193.30.32: 1 time
    212.193.30.64: 4 times
    212.193.30.101 (slot0.iglogi-camo.com): 4 times
    217.74.44.204 (217.74.44.204): 20 times
    221.0.94.20: 6 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016