Logwatch for h2361197.stratoserver.net (Linux)

Montag, 19 Juni 2023

 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Mon Jun 19 04:42:03 2023
        Date Range Processed: yesterday
                              ( 2023-Jun-18 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 

 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [253:252]

 ---------------------- fail2ban-messages End ------------------------- 

 --------------------- httpd Begin ------------------------ 

 A total of 10 sites probed the server 
    139.59.128.44
    165.22.229.64
    173.212.243.253
    179.43.177.244
    185.100.87.136
    193.35.18.52
    198.235.24.221
    198.98.57.169
    66.175.213.4
    66.240.205.34

 Requests with error response codes
    400 Bad Request
       null: 18 Time(s)
       *: 4 Time(s)
       /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${I ... }zyxel.selfrep;: 4 Time(s)
       mstshash=Domain: 3 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 2 Time(s)
       /: 1 Time(s)
       /.env: 1 Time(s)
       /private/api/v1/service/premaster: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       \x19\x19\xC5\x0E\xD0\x5C\xE1\xF6\xB6E\x86h\x13\x14Ps2>: 1 Time(s)
       \xB4\x09z: 1 Time(s)
       \xCDG\xBCd\xE2\x98@\xA7\xFDbx\xF3@(T\xCA\x ... x00\x01\x02\x00: 1 Time(s)
       \xE2\xCA\xCD\x85_\x1D\xC6.\xF2\xAE+\xE2K[\ ... x09\xC0\x13\xC0: 1 Time(s)
    500 Internal Server Error
       /: 23 Time(s)
       /.env: 5 Time(s)
       /favicon.ico: 3 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /RDWeb: 1 Time(s)
       /Remote: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       /actuator/health: 1 Time(s)
       /autodiscover/autodiscover.json?@zdi/Powershell: 1 Time(s)
       /console/: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /geoserver/web/: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth.owa: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /t4: 1 Time(s)
       /wsman: 1 Time(s)
    502 Bad Gateway
       /cNLvvGbtQGm2tQV4potgIQ/pdf: 1 Time(s)

 ---------------------- httpd End ------------------------- 

 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (193.233.21.79): 168 Time(s)
       root (218.92.0.21): 54 Time(s)
       root (218.92.0.53): 54 Time(s)
       root (218.92.0.52): 48 Time(s)
       root (218.92.0.45): 42 Time(s)
       root (193.233.21.79): 39 Time(s)
       root (218.92.0.26): 36 Time(s)
       root (218.92.0.28): 36 Time(s)
       root (218.92.0.33): 36 Time(s)
       root (218.92.0.40): 36 Time(s)
       root (218.92.0.43): 36 Time(s)
       root (218.92.0.55): 36 Time(s)
       root (102.68.141.170): 35 Time(s)
       root (218.92.0.37): 30 Time(s)
       root (218.92.0.47): 18 Time(s)
       root (185.224.128.121): 17 Time(s)
       unknown (103.30.64.193): 17 Time(s)
       unknown (83.97.73.83): 14 Time(s)
       root (103.30.64.193): 12 Time(s)
       root (218.92.0.51): 12 Time(s)
       root (183.146.30.163): 11 Time(s)
       root (128.199.105.162): 10 Time(s)
       unknown (107.170.20.247): 10 Time(s)
       unknown (171.111.192.1): 10 Time(s)
       root (118.219.54.135): 9 Time(s)
       root (171.111.192.1): 9 Time(s)
       root (202.21.104.23): 9 Time(s)
       unknown (131.100.64.162): 9 Time(s)
       unknown (144.34.177.244.16clouds.com): 9 Time(s)
       unknown (175.203.23.6): 9 Time(s)
       unknown (186.233.204.9): 9 Time(s)
       unknown (58.230.203.182): 9 Time(s)
       unknown (8.222.252.165): 9 Time(s)
       unknown (vps-7d7dcd34.vps.ovh.net): 9 Time(s)
       root (20.250.47.223): 8 Time(s)
       root (36.95.227.3): 8 Time(s)
       root (vps2411951.fastwebserver.de): 8 Time(s)
       unknown (102.220.204.29): 8 Time(s)
       unknown (157.230.237.83): 8 Time(s)
       unknown (161.35.50.200): 8 Time(s)
       unknown (185.227.154.97): 8 Time(s)
       unknown (196.223.163.124): 8 Time(s)
       unknown (206.81.26.58): 8 Time(s)
       unknown (206.81.27.79): 8 Time(s)
       unknown (43.129.216.151): 8 Time(s)
       unknown (43.155.143.22): 8 Time(s)
       root (107.172.201.220): 7 Time(s)
       root (158.140.185.59): 7 Time(s)
       root (179.15.244.70): 7 Time(s)
       root (191.101.70.218): 7 Time(s)
       root (206.81.26.58): 7 Time(s)
       root (210.14.6.60): 7 Time(s)
       root (43.154.102.160): 7 Time(s)
       root (43.156.68.36): 7 Time(s)
       root (45.162.216.76): 7 Time(s)
       root (46.101.5.100): 7 Time(s)
       root (58.230.203.182): 7 Time(s)
       unknown (104.244.79.116): 7 Time(s)
       unknown (104.248.146.84): 7 Time(s)
       unknown (118.219.54.135): 7 Time(s)
       unknown (141.98.11.110): 7 Time(s)
       unknown (144.22.236.165): 7 Time(s)
       unknown (157.230.91.241): 7 Time(s)
       unknown (167.172.190.215): 7 Time(s)
       unknown (191.101.70.218): 7 Time(s)
       unknown (23.94.218.57): 7 Time(s)
       unknown (43.128.80.133): 7 Time(s)
       unknown (43.156.68.36): 7 Time(s)
       unknown (61-222-211-114.hinet-ip.hinet.net): 7 Time(s)
       unknown (78.56.199.35.bc.googleusercontent.com): 7 Time(s)
       root (101.42.25.236): 6 Time(s)
       root (104.248.146.84): 6 Time(s)
       root (141.98.11.158): 6 Time(s)
       root (144.22.236.165): 6 Time(s)
       root (144.34.177.244.16clouds.com): 6 Time(s)
       root (161.35.59.224): 6 Time(s)
       root (167.172.246.83): 6 Time(s)
       root (175.203.23.6): 6 Time(s)
       root (209.97.186.44): 6 Time(s)
       root (218.92.0.59): 6 Time(s)
       root (8.222.252.165): 6 Time(s)
       root (82.207.8.194): 6 Time(s)
       root (host-24.129.52.190.copaco.com.py): 6 Time(s)
       root (mail.eurostone.com.vn): 6 Time(s)
       unknown (158.140.185.59): 6 Time(s)
       unknown (167.172.246.83): 6 Time(s)
       unknown (179.15.244.70): 6 Time(s)
       unknown (194.26.135.176): 6 Time(s)
       unknown (209.97.186.44): 6 Time(s)
       unknown (210.14.6.60): 6 Time(s)
       unknown (43.154.102.160): 6 Time(s)
       unknown (45.162.216.76): 6 Time(s)
       unknown (46.101.5.100): 6 Time(s)
       unknown (82.207.8.194): 6 Time(s)
       unknown (host-24.129.52.190.copaco.com.py): 6 Time(s)
       unknown (mail.eurostone.com.vn): 6 Time(s)
       root (104.244.79.116): 5 Time(s)
       root (107.170.20.247): 5 Time(s)
       root (131.100.64.162): 5 Time(s)
       root (167.172.190.215): 5 Time(s)
       root (186.233.204.9): 5 Time(s)
       root (61-222-211-114.hinet-ip.hinet.net): 5 Time(s)
       unknown (107.172.201.220): 5 Time(s)
       unknown (180.167.153.230): 5 Time(s)
       unknown (20.250.47.223): 5 Time(s)
       unknown (202.21.104.23): 5 Time(s)
       unknown (36.95.227.3): 5 Time(s)
       unknown (45.95.146.115): 5 Time(s)
       unknown (8.219.236.34): 5 Time(s)
       unknown (89.190.156.135): 5 Time(s)
       root (141.98.11.110): 4 Time(s)
       root (157.230.91.241): 4 Time(s)
       root (159.223.18.214): 4 Time(s)
       root (180.167.153.230): 4 Time(s)
       root (196.223.163.124): 4 Time(s)
       root (206.81.27.79): 4 Time(s)
       root (23.94.218.57): 4 Time(s)
       root (43.128.80.133): 4 Time(s)
       root (8.219.248.7): 4 Time(s)
       root (8.222.173.71): 4 Time(s)
       unknown (128.199.105.162): 4 Time(s)
       unknown (159.223.18.214): 4 Time(s)
       unknown (161.35.59.224): 4 Time(s)
       unknown (176.113.115.211): 4 Time(s)
       unknown (180.251.144.96): 4 Time(s)
       root (102.220.204.29): 3 Time(s)
       root (161.35.50.200): 3 Time(s)
       root (176.113.115.211): 3 Time(s)
       root (180.210.47.56): 3 Time(s)
       root (180.251.144.96): 3 Time(s)
       root (185.227.154.97): 3 Time(s)
       root (43.129.216.151): 3 Time(s)
       root (43.155.143.22): 3 Time(s)
       root (78.56.199.35.bc.googleusercontent.com): 3 Time(s)
       sshd (193.233.21.79): 3 Time(s)
       unknown (141.98.11.158): 3 Time(s)
       unknown (176.113.115.210): 3 Time(s)
       unknown (27.151.1.54): 3 Time(s)
       unknown (vps2411951.fastwebserver.de): 3 Time(s)
       root (110.82.250.43): 2 Time(s)
       root (157.230.237.83): 2 Time(s)
       root (176.113.115.210): 2 Time(s)
       root (59.4.9.69): 2 Time(s)
       root (8.219.236.34): 2 Time(s)
       root (8.219.252.14): 2 Time(s)
       root (vps-7d7dcd34.vps.ovh.net): 2 Time(s)
       unknown (110.82.250.43): 2 Time(s)
       unknown (176.111.173.193): 2 Time(s)
       unknown (31.184.198.71): 2 Time(s)
       unknown (8.219.252.14): 2 Time(s)
       postfix (193.233.21.79): 1 Time(s)
       postgres (171.111.192.1): 1 Time(s)
       postgres (220.118.225.128): 1 Time(s)
       root (119.203.230.19): 1 Time(s)
       root (190.220.7.66): 1 Time(s)
       root (27.151.1.54): 1 Time(s)
       root (31.184.198.71): 1 Time(s)
       temp (193.233.21.79): 1 Time(s)
       unknown (118.46.216.122): 1 Time(s)
       unknown (119.192.8.27): 1 Time(s)
       unknown (121.177.70.228): 1 Time(s)
       unknown (172-6-4-26.lightspeed.irvnca.sbcglobal.net): 1 Time(s)
       unknown (175.211.139.213): 1 Time(s)
       unknown (185.11.61.234): 1 Time(s)
       unknown (185.224.128.121): 1 Time(s)
       unknown (8.219.248.7): 1 Time(s)
       unknown (8.222.173.71): 1 Time(s)
       uucp (193.233.21.79): 1 Time(s)
       www-data (193.233.21.79): 1 Time(s)
    Invalid Users:
       Unknown Account: 682 Time(s)

 ---------------------- pam_unix End ------------------------- 

 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  

   24.433K  Bytes accepted                              25,019
   24.433K  Bytes sent via SMTP                         25,019
 ========   ==================================================

        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================

        6   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        6   Total 4xx Rejects                          100.00%
 ========   ==================================================

       26   Connections             
       17   Connections lost (inbound) 
       26   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           

        1   SMTP dialog errors      
        1   Hostname verification errors (FCRDNS) 

 ---------------------- Postfix End ------------------------- 

 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)

 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Disconnecting after too many authentication failures for user:
    invalid : 1 Time(s)
    root : 81 Time(s)

 Failed logins from:
    5.199.136.136 (vps2411951.fastwebserver.de): 8 times
    8.219.236.34: 2 times
    8.219.248.7: 4 times
    8.219.252.14: 2 times
    8.222.173.71: 4 times
    8.222.252.165: 6 times
    20.250.47.223: 8 times
    23.94.218.57 (23-94-218-57-host.colocrossing.com): 4 times
    27.151.1.54: 1 time
    31.184.198.71: 1 time
    35.199.56.78 (78.56.199.35.bc.googleusercontent.com): 3 times
    36.95.227.3: 8 times
    43.128.80.133: 4 times
    43.129.216.151: 3 times
    43.154.102.160: 7 times
    43.155.143.22: 3 times
    43.156.68.36: 7 times
    45.162.216.76: 7 times
    46.101.5.100: 7 times
    58.230.203.182: 7 times
    59.4.9.69: 2 times
    61.222.211.114 (61-222-211-114.hinet-ip.hinet.net): 5 times
    82.207.8.194 (194-8-207-82.pool.ukrtel.net): 6 times
    101.42.25.236: 6 times
    102.68.141.170: 35 times
    102.220.204.29: 3 times
    103.30.64.193 (ws193-64.30.103.rcil.gov.in): 12 times
    104.244.79.116: 5 times
    104.248.146.84: 6 times
    107.170.20.247: 5 times
    107.172.201.220 (107-172-201-220-host.colocrossing.com): 7 times
    110.82.250.43 (43.250.82.110.broad.np.fj.dynamic.163data.com.cn): 2 times
    118.219.54.135: 9 times
    119.203.230.19: 1 time
    125.253.121.173 (mail.eurostone.com.vn): 6 times
    128.199.105.162: 10 times
    131.100.64.162: 5 times
    141.98.11.110 (srv-141-98-11-110.serveroffer.net): 4 times
    141.98.11.158: 6 times
    144.22.236.165: 6 times
    144.34.177.244 (144.34.177.244.16clouds.com): 6 times
    146.59.228.111 (vps-7d7dcd34.vps.ovh.net): 2 times
    157.230.91.241: 4 times
    157.230.237.83: 2 times
    158.140.185.59 (host-158.140.185-59.myrepublic.co.id): 7 times
    159.223.18.214: 4 times
    161.35.50.200: 3 times
    161.35.59.224: 6 times
    167.172.190.215: 5 times
    167.172.246.83: 6 times
    171.111.192.1: 10 times
    175.203.23.6: 6 times
    176.113.115.210: 2 times
    176.113.115.211: 3 times
    179.15.244.70 (Dinamic-Tigo-179-15-244-70.tigo.com.co): 7 times
    180.167.153.230: 4 times
    180.210.47.56: 3 times
    180.251.144.96: 3 times
    183.146.30.163: 11 times
    185.224.128.121: 17 times
    185.227.154.97: 3 times
    186.233.204.9 (clt-home-9-204.233.186.paranaweb.com.br): 5 times
    190.52.129.24 (host-24.129.52.190.copaco.com.py): 6 times
    190.220.7.66 (host66.190-220-7.telmex.net.ar): 1 time
    191.101.70.218: 7 times
    193.233.21.79: 46 times
    196.223.163.124 (client124.myisp.co.ke): 4 times
    202.21.104.23: 9 times
    206.81.26.58: 7 times
    206.81.27.79: 4 times
    209.97.186.44: 6 times
    210.14.6.60: 7 times
    218.92.0.21: 54 times
    218.92.0.26: 36 times
    218.92.0.28: 36 times
    218.92.0.33: 36 times
    218.92.0.37: 30 times
    218.92.0.40: 36 times
    218.92.0.43: 36 times
    218.92.0.45: 42 times
    218.92.0.47: 18 times
    218.92.0.51: 12 times
    218.92.0.52: 48 times
    218.92.0.53: 54 times
    218.92.0.55: 36 times
    218.92.0.59: 6 times
    220.118.225.128: 1 time

 Illegal users from:
    2001:470:1:c84::19: 1 time
    undef: 295 times
    5.199.136.136 (vps2411951.fastwebserver.de): 3 times
    8.219.236.34: 5 times
    8.219.248.7: 1 time
    8.219.252.14: 2 times
    8.222.173.71: 1 time
    8.222.252.165: 9 times
    20.250.47.223: 5 times
    23.94.218.57 (23-94-218-57-host.colocrossing.com): 7 times
    27.151.1.54: 3 times
    27.151.14.253: 6 times
    31.184.198.71: 3 times
    35.199.56.78 (78.56.199.35.bc.googleusercontent.com): 7 times
    36.95.227.3: 5 times
    43.128.80.133: 7 times
    43.129.216.151: 8 times
    43.154.102.160: 6 times
    43.155.143.22: 8 times
    43.156.68.36: 7 times
    45.95.146.115 (landingpageoffer.cc): 5 times
    45.162.216.76: 6 times
    46.101.5.100: 6 times
    58.230.203.182: 9 times
    61.222.211.114 (61-222-211-114.hinet-ip.hinet.net): 7 times
    64.62.197.140 (scan-48d.shadowserver.org): 1 time
    82.207.8.194 (194-8-207-82.pool.ukrtel.net): 6 times
    83.97.73.83: 70 times
    89.190.156.135 (hosted-by.alsycon.net): 5 times
    102.220.204.29: 8 times
    103.30.64.193 (ws193-64.30.103.rcil.gov.in): 17 times
    104.244.79.116: 7 times
    104.248.146.84: 7 times
    107.170.20.247: 10 times
    107.172.201.220 (107-172-201-220-host.colocrossing.com): 5 times
    110.82.250.43 (43.250.82.110.broad.np.fj.dynamic.163data.com.cn): 2 times
    118.46.216.122: 5 times
    118.219.54.135: 7 times
    119.192.8.27: 1 time
    121.177.70.228: 5 times
    125.253.121.173 (mail.eurostone.com.vn): 6 times
    128.199.105.162: 4 times
    131.100.64.162: 9 times
    141.98.11.110 (srv-141-98-11-110.serveroffer.net): 7 times
    141.98.11.158: 3 times
    144.22.236.165: 7 times
    144.34.177.244 (144.34.177.244.16clouds.com): 9 times
    146.59.228.111 (vps-7d7dcd34.vps.ovh.net): 9 times
    157.230.91.241: 7 times
    157.230.237.83: 8 times
    158.140.185.59 (host-158.140.185-59.myrepublic.co.id): 6 times
    159.223.18.214: 4 times
    161.35.50.200: 8 times
    161.35.59.224: 4 times
    167.172.190.215: 7 times
    167.172.246.83: 6 times
    171.111.192.1: 10 times
    172.6.4.26 (172-6-4-26.lightspeed.irvnca.sbcglobal.net): 1 time
    175.203.23.6: 9 times
    175.211.139.213: 5 times
    176.111.173.193: 10 times
    176.113.115.210: 3 times
    176.113.115.211: 4 times
    179.15.244.70 (Dinamic-Tigo-179-15-244-70.tigo.com.co): 6 times
    180.167.153.230: 5 times
    180.251.144.96: 4 times
    185.11.61.234: 1 time
    185.224.128.121: 1 time
    185.227.154.97: 8 times
    186.233.204.9 (clt-home-9-204.233.186.paranaweb.com.br): 9 times
    190.52.129.24 (host-24.129.52.190.copaco.com.py): 6 times
    191.101.70.218: 7 times
    193.233.21.79: 168 times
    194.26.135.176: 6 times
    196.223.163.124 (client124.myisp.co.ke): 8 times
    202.21.104.23: 5 times
    206.81.26.58: 8 times
    206.81.27.79: 8 times
    209.97.186.44: 6 times
    210.14.6.60: 6 times

 **Unmatched Entries**
 Disconnecting: Corrupted padlen 0 on input. [preauth] : 1 time(s)
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(ubnt,ssh-connection) [preauth] : 1 time(s)
 Disconnecting: Change of username or service not allowed: (root,ssh-connection) ->
(admin,ssh-connection) [preauth] : 1 time(s)
 Disconnecting: Change of username or service not allowed: (0,ssh-connection) ->
(root,ssh-connection) [preauth] : 1 time(s)

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop13985p1  394G  243G  132G  65% /
 none               4.0G     0  4.0G   0% /dev

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End ######################### 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016