Logwatch for h2361197.stratoserver.net (Linux)

Sonntag, 5 Dezember 2021

 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sun Dec  5 04:42:05 2021
        Date Range Processed: yesterday
                              ( 2021-Dec-04 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 

 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 85:83 ]

 ---------------------- fail2ban-messages End ------------------------- 

 --------------------- httpd Begin ------------------------ 

 Connection attempts using mod_proxy:
    89.248.165.52 -> 85.206.160.115:80: 1 Time(s)
    89.248.165.52 -> hotmail-com.olc.protection.outlook.com:25: 1 Time(s)

 A total of 11 sites probed the server 
    139.162.145.250
    163.179.167.61
    185.142.236.43
    185.162.235.164
    222.186.19.235
    5.135.42.95
    50.116.27.237
    58.253.51.178
    64.227.109.160
    76.72.172.163
    89.248.165.52

 Requests with error response codes
    400 Bad Request
       null: 14 Time(s)
       /socket.io/?noteId=FrcS3CFURGOhH8IZnOVeEw& ... kviede7uT_dAAEj: 4 Time(s)
       mstshash=Domain: 4 Time(s)
       http://fuwu.sogou.com/404/index.html: 2 Time(s)
       /: 1 Time(s)
       /.git/config: 1 Time(s)
       /ab2g: 1 Time(s)
       /ab2h: 1 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 1 Time(s)
       7: 1 Time(s)
       85.206.160.115:80: 1 Time(s)
       hotmail-com.olc.protection.outlook.com:25: 1 Time(s)
    500 Internal Server Error
       /: 27 Time(s)
       /.env: 4 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /robots.txt: 2 Time(s)
       /.git/config: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /Telerik.Web.UI.WebResource.axd?type=rau: 1 Time(s)
       /actuator/health: 1 Time(s)
       /cgi-bin/config.exp: 1 Time(s)
       /console/: 1 Time(s)
       /currentsetting.htm: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /remote/login: 1 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)

 ---------------------- httpd End ------------------------- 

 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (46.101.138.138): 34 Time(s)
       root (134.17.94.181): 33 Time(s)
       root (152.136.181.121): 33 Time(s)
       root (222.72.101.250): 31 Time(s)
       root (139.186.155.99): 28 Time(s)
       root (bba176350.alshamil.net.ae): 28 Time(s)
       root (1.117.169.66): 27 Time(s)
       root (120.53.249.156): 26 Time(s)
       unknown (92.255.85.37): 26 Time(s)
       unknown (92.255.85.237): 25 Time(s)
       root (144.135.85.184): 22 Time(s)
       root (170.106.184.56): 22 Time(s)
       root (106.12.140.168): 21 Time(s)
       unknown (222.72.101.250): 21 Time(s)
       unknown (46.101.94.164): 21 Time(s)
       root (222.185.231.246): 19 Time(s)
       root (46.101.94.164): 19 Time(s)
       unknown (180.250.115.121): 19 Time(s)
       root (142.93.179.2): 17 Time(s)
       root (206.189.101.13): 17 Time(s)
       unknown (114.80.85.75): 17 Time(s)
       unknown (134.17.94.181): 17 Time(s)
       unknown (152.136.181.121): 17 Time(s)
       root (114.80.85.75): 15 Time(s)
       unknown (46.101.138.138): 15 Time(s)
       root (104.225.156.67.16clouds.com): 14 Time(s)
       unknown (v150-95-143-105.a088.g.tyo1.static.cnode.io): 14 Time(s)
       root (221.122.73.130): 13 Time(s)
       unknown (1.117.169.66): 13 Time(s)
       unknown (bba176350.alshamil.net.ae): 13 Time(s)
       root (111.161.74.118): 12 Time(s)
       root (176.122.149.209.16clouds.com): 12 Time(s)
       root (45.124.144.116): 12 Time(s)
       root (92.255.85.237): 12 Time(s)
       root (92.255.85.37): 12 Time(s)
       unknown (139.186.155.99): 12 Time(s)
       unknown (161.35.45.62): 12 Time(s)
       root (159.223.85.219): 11 Time(s)
       root (161.35.45.62): 11 Time(s)
       root (v150-95-143-105.a088.g.tyo1.static.cnode.io): 10 Time(s)
       unknown (120.53.249.156): 10 Time(s)
       unknown (221.122.73.130): 10 Time(s)
       root (180.250.115.121): 9 Time(s)
       unknown (111.161.74.118): 9 Time(s)
       unknown (141.98.10.82): 9 Time(s)
       unknown (144.135.85.184): 9 Time(s)
       unknown (206.189.101.13): 8 Time(s)
       root (209.141.42.136): 7 Time(s)
       root (220.178.31.90): 7 Time(s)
       unknown (104.225.156.67.16clouds.com): 7 Time(s)
       unknown (142.93.179.2): 7 Time(s)
       root (122.15.236.69): 6 Time(s)
       unknown (170.106.184.56): 6 Time(s)
       unknown (220.178.31.90): 6 Time(s)
       unknown (222.185.231.246): 6 Time(s)
       unknown (23.183.81.54): 6 Time(s)
       unknown (106.12.140.168): 5 Time(s)
       root (115.49.242.41): 4 Time(s)
       root (182.34.80.37): 4 Time(s)
       unknown (159.223.85.219): 4 Time(s)
       unknown (176.122.149.209.16clouds.com): 4 Time(s)
       unknown (209.141.34.220): 4 Time(s)
       unknown (45.124.144.116): 4 Time(s)
       root (212.192.241.95): 3 Time(s)
       unknown (141.98.10.60): 3 Time(s)
       unknown (45.155.204.39): 3 Time(s)
       unknown (91.223.67.146): 3 Time(s)
       unknown (slot0.epaperitaliait.com): 3 Time(s)
       root (141.98.10.246): 2 Time(s)
       unknown (141.98.10.246): 2 Time(s)
       unknown (186-79-14-91.baf.movistar.cl): 2 Time(s)
       unknown (194.85.248.40): 2 Time(s)
       unknown (209.141.33.121): 2 Time(s)
       unknown (212.192.241.124): 2 Time(s)
       unknown (212.192.241.37): 2 Time(s)
       unknown (23.183.81.249): 2 Time(s)
       unknown (23.183.82.180): 2 Time(s)
       unknown (91.196.54.59): 2 Time(s)
       backup (92.255.85.237): 1 Time(s)
       bin (92.255.85.37): 1 Time(s)
       mysql (92.255.85.37): 1 Time(s)
       mysql (v150-95-143-105.a088.g.tyo1.static.cnode.io): 1 Time(s)
       news (46.101.94.164): 1 Time(s)
       root (103.133.57.250): 1 Time(s)
       root (103.254.198.67): 1 Time(s)
       root (103.76.175.130): 1 Time(s)
       sshd (92.255.85.237): 1 Time(s)
       sshd (92.255.85.37): 1 Time(s)
       unknown (103.133.57.250): 1 Time(s)
       unknown (111.93.235.74): 1 Time(s)
       unknown (115.49.242.41): 1 Time(s)
       unknown (141.98.10.202): 1 Time(s)
       unknown (182.34.80.37): 1 Time(s)
       unknown (209.141.32.141): 1 Time(s)
       unknown (212.192.241.95): 1 Time(s)
       unknown (218.94.136.90): 1 Time(s)
       unknown (23.183.81.116): 1 Time(s)
       unknown (23.183.81.136): 1 Time(s)
       unknown (23.183.81.227): 1 Time(s)
       unknown (23.183.82.135): 1 Time(s)
       unknown (36.133.216.195): 1 Time(s)
       www-data (92.255.85.237): 1 Time(s)
    Invalid Users:
       Unknown Account: 399 Time(s)

 ---------------------- pam_unix End ------------------------- 

 --------------------- Postfix Begin ------------------------ 

        7   Miscellaneous warnings  

   10.822K  Bytes accepted                              11,082
   10.822K  Bytes sent via SMTP                         11,082
 ========   ==================================================

        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================

        5   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        5   Total 4xx Rejects                          100.00%
 ========   ==================================================

      179   Connections             
       14   Connections lost (inbound) 
      179   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           

        1   Hostname verification errors (FCRDNS) 

 ---------------------- Postfix End ------------------------- 

 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)

 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Failed logins from:
    1.117.169.66: 27 times
    45.124.144.116: 12 times
    46.101.94.164: 20 times
    46.101.138.138: 34 times
    92.255.85.37: 15 times
    92.255.85.237: 15 times
    103.76.175.130 (130.175.76.103.iconpln.net.id): 1 time
    103.133.57.250: 1 time
    103.254.198.67: 1 time
    104.225.156.67 (104.225.156.67.16clouds.com): 14 times
    106.12.140.168: 21 times
    111.161.74.118 (dns118.online.tj.cn): 12 times
    114.80.85.75: 15 times
    115.49.242.41 (hn.kd.ny.adsl): 4 times
    120.53.249.156: 26 times
    122.15.236.69: 6 times
    134.17.94.181 (181-94-17-134-cloud.mts.by): 33 times
    139.186.155.99: 28 times
    141.98.10.246 (while-alerte.flightcrown.com): 2 times
    142.93.179.2 (temperiesdev.qa.beneficios): 17 times
    144.135.85.184 (144-135-85-184.tpips.telstra.com): 22 times
    150.95.143.105 (v150-95-143-105.a088.g.tyo1.static.cnode.io): 11 times
    152.136.181.121: 33 times
    159.223.85.219: 11 times
    161.35.45.62: 11 times
    170.106.184.56: 22 times
    176.122.149.209 (176.122.149.209.16clouds.com): 12 times
    180.250.115.121: 9 times
    182.34.80.37: 4 times
    206.189.101.13: 17 times
    209.141.42.136 (dns10.hichina.com): 10 times
    212.192.241.95: 3 times
    217.165.35.74 (bba176350.alshamil.net.ae): 28 times
    220.178.31.90: 7 times
    221.122.73.130 (mx-lt49-130.meituan.com): 13 times
    222.72.101.250: 31 times
    222.185.231.246: 19 times

 Illegal users from:
    2001:470:1:c84::28: 1 time
    undef: 270 times
    1.117.169.66: 13 times
    23.183.81.54: 6 times
    23.183.81.116: 1 time
    23.183.81.136: 1 time
    23.183.81.227: 1 time
    23.183.81.249: 2 times
    23.183.82.135: 1 time
    23.183.82.180: 2 times
    36.133.216.195: 1 time
    45.124.144.116: 4 times
    45.155.204.39: 3 times
    46.101.94.164: 21 times
    46.101.138.138: 15 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    91.196.54.59 (pppoe.komitex.net): 2 times
    91.223.67.146: 3 times
    92.255.85.37: 28 times
    92.255.85.237: 25 times
    103.133.57.250: 1 time
    104.225.156.67 (104.225.156.67.16clouds.com): 7 times
    106.12.140.168: 5 times
    111.93.235.74 (static-74.235.93.111-tataidc.co.in): 1 time
    111.161.74.118 (dns118.online.tj.cn): 9 times
    114.80.85.75: 17 times
    115.49.242.41 (hn.kd.ny.adsl): 1 time
    120.53.249.156: 10 times
    134.17.94.181 (181-94-17-134-cloud.mts.by): 17 times
    139.186.155.99: 12 times
    141.98.10.60: 3 times
    141.98.10.82: 9 times
    141.98.10.202: 1 time
    141.98.10.246 (while-alerte.flightcrown.com): 2 times
    142.93.179.2 (temperiesdev.qa.beneficios): 7 times
    144.135.85.184 (144-135-85-184.tpips.telstra.com): 9 times
    150.95.143.105 (v150-95-143-105.a088.g.tyo1.static.cnode.io): 14 times
    152.136.181.121: 17 times
    159.223.85.219: 4 times
    161.35.45.62: 12 times
    170.106.184.56: 6 times
    176.122.149.209 (176.122.149.209.16clouds.com): 4 times
    180.250.115.121: 19 times
    182.34.80.37: 1 time
    186.79.14.91 (186-79-14-91.baf.movistar.cl): 2 times
    194.85.248.40: 2 times
    195.133.18.24 (slot0.epaperitaliait.com): 3 times
    206.189.101.13: 8 times
    209.141.32.141 (smtp9.dfsfasfasf.xyz): 1 time
    209.141.33.121: 2 times
    209.141.34.220 (meshlv02.oxds.org): 4 times
    212.192.241.37: 2 times
    212.192.241.95: 1 time
    212.192.241.124: 2 times
    217.165.35.74 (bba176350.alshamil.net.ae): 13 times
    218.94.136.90: 1 time
    220.178.31.90: 6 times
    221.122.73.130 (mx-lt49-130.meituan.com): 10 times
    222.72.101.250: 21 times
    222.185.231.246: 6 times

 **Unmatched Entries**
 Protocol major versions differ for 178.79.177.104: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s)

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End ######################### 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016