04:42
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Tue Oct 26 04:42:04 2021
Date Range Processed: yesterday
( 2021-Oct-25 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 64:64 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy:
143.198.136.88 -> leakix.net:443: 1 Time(s)
A total of 11 sites probed the server
118.239.12.213
143.198.136.88
160.116.22.18
167.71.102.181
167.71.102.95
180.214.239.44
198.98.56.220
206.189.122.10
209.141.51.171
43.131.0.252
5.188.210.227
Requests with error response codes
400 Bad Request
null: 20 Time(s)
/: 5 Time(s)
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s)
/config/getuser?index=0: 3 Time(s)
/socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... _BnVB1OzT76AACP: 2 Time(s)
/socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... pxvIscTHOJoAACQ: 2 Time(s)
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/ ... 2e%2e/etc/hosts: 1 Time(s)
/manager/html: 1 Time(s)
/socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... OZXC-WuRjs6AACR: 1 Time(s)
/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
/w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
\x5Cxbf\x5Cx02\x5Cx00\x5Cx88\x5Cx13\x5Cx00 ... \x5Cx9e\x5Cx16E: 1 Time(s)
\x85\xB0#\x89\x12\xBD\xDD\xC4\xD2a\xAB\xA1 ... x09\xC0\x13\xC0: 1 Time(s)
\x89FB\xE4t\x82\xD3>\xAFnt\xFA\x1C\x19z\x1 ... x09\xC0\x13\xC0: 1 Time(s)
\xE1\x9E\xB4\xE7\x8Eh\xA0\x8F\xC5\xB1(h\xC ... x09\xC0\x13\xC0: 1 Time(s)
http://5.188.210.227/echo.php: 1 Time(s)
leakix.net:443: 1 Time(s)
s\xA2\x03O~\xC9x\xBE#^Jd: 1 Time(s)
499 (undefined)
/socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... OZXC-WuRjs6AACR: 1 Time(s)
/socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... _BnVB1OzT76AACP: 1 Time(s)
/socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... h-N_sxqQi_PAACS: 1 Time(s)
/socket.io/?noteId=hP5Pw0I3R765ZaDNXBPs8w& ... pxvIscTHOJoAACQ: 1 Time(s)
500 Internal Server Error
/: 27 Time(s)
/.env: 2 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
/.well-known/security.txt: 1 Time(s)
///libs/js/iframe.js: 1 Time(s)
/?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/GponForm/diag_Form?style/: 1 Time(s)
/_ignition/execute-solution: 1 Time(s)
/actuator/health: 1 Time(s)
/api/jsonws/invoke: 1 Time(s)
/console/: 1 Time(s)
/index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
/mifs/.;/services/LogService: 1 Time(s)
/owa/auth.owa: 1 Time(s)
/owa/auth/logon.aspx: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/owa/auth/x.js: 1 Time(s)
/wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (170.106.115.41): 77 Time(s)
root (rentguarantee.org): 53 Time(s)
root (49.234.59.246): 40 Time(s)
root (1.15.25.243): 36 Time(s)
root (119.45.104.122): 36 Time(s)
root (92.55.42.79): 35 Time(s)
root (v160-251-8-225.fswu.static.cnode.io): 35 Time(s)
root (186.206.147.242): 34 Time(s)
root (business-90-187-21-137.pool2.vodafone-ip.de): 34 Time(s)
root (106.52.54.192): 33 Time(s)
root (112.216.93.141): 33 Time(s)
root (143.92.43.169): 33 Time(s)
root (222.134.143.4): 33 Time(s)
root (10.24.1.81.rev.sfr.net): 31 Time(s)
root (129.204.228.234): 31 Time(s)
root (82.156.81.59): 31 Time(s)
root (106.75.84.96): 30 Time(s)
root (217-133-58-148.static.clienti.tiscali.it): 30 Time(s)
root (42.193.144.254): 30 Time(s)
root (49.234.13.139): 29 Time(s)
root (118.25.1.48): 27 Time(s)
root (123-195-99-9.dynamic.kbronet.com.tw): 25 Time(s)
root (221.226.39.202): 25 Time(s)
root (111.206.4.222): 24 Time(s)
root (181.49.117.166): 24 Time(s)
unknown (82.156.81.59): 24 Time(s)
root (177.172.15.67): 23 Time(s)
root (v-182-163-90-49.ub-freebit.net): 23 Time(s)
root (106.55.251.223): 22 Time(s)
root (174.138.24.157): 22 Time(s)
root (61-218-40-145.hinet-ip.hinet.net): 22 Time(s)
root (81.70.197.95): 22 Time(s)
root (60.30.98.194): 19 Time(s)
unknown (129.204.228.234): 19 Time(s)
unknown (42.193.144.254): 19 Time(s)
unknown (49.234.13.139): 19 Time(s)
root (45.114.192.154): 18 Time(s)
unknown (106.75.84.96): 18 Time(s)
root (134.17.16.92): 17 Time(s)
root (213.6.130.133): 17 Time(s)
unknown (106.52.54.192): 17 Time(s)
unknown (112.216.93.141): 17 Time(s)
unknown (143.92.43.169): 17 Time(s)
root (113.215.181.54): 16 Time(s)
root (157.230.230.126): 16 Time(s)
root (60.255.230.126): 16 Time(s)
unknown (118.25.1.48): 16 Time(s)
unknown (186.206.147.242): 16 Time(s)
unknown (221.226.39.202): 16 Time(s)
unknown (222.134.143.4): 16 Time(s)
unknown (business-90-187-21-137.pool2.vodafone-ip.de): 16 Time(s)
root (36.134.155.34): 15 Time(s)
unknown (92.55.42.79): 15 Time(s)
unknown (v160-251-8-225.fswu.static.cnode.io): 15 Time(s)
unknown (1.15.25.243): 14 Time(s)
unknown (181.49.117.166): 14 Time(s)
root (104.131.1.89): 13 Time(s)
unknown (10.24.1.81.rev.sfr.net): 13 Time(s)
unknown (119.45.104.122): 13 Time(s)
unknown (123-195-99-9.dynamic.kbronet.com.tw): 13 Time(s)
unknown (v-182-163-90-49.ub-freebit.net): 13 Time(s)
unknown (106.55.251.223): 12 Time(s)
unknown (213.6.130.133): 12 Time(s)
unknown (81.70.197.95): 12 Time(s)
unknown (111.206.4.222): 11 Time(s)
root (154.8.224.155): 10 Time(s)
unknown (60.255.230.126): 10 Time(s)
unknown (141.98.10.60): 9 Time(s)
unknown (49.234.59.246): 9 Time(s)
unknown (61-218-40-145.hinet-ip.hinet.net): 9 Time(s)
unknown (134.17.16.92): 8 Time(s)
unknown (104.131.1.89): 7 Time(s)
unknown (113.215.181.54): 7 Time(s)
unknown (174.138.24.157): 7 Time(s)
unknown (217-133-58-148.static.clienti.tiscali.it): 7 Time(s)
unknown (157.230.230.126): 6 Time(s)
unknown (177.172.15.67): 6 Time(s)
unknown (45.114.192.154): 6 Time(s)
unknown (45.155.204.39): 6 Time(s)
unknown (60.30.98.194): 6 Time(s)
root (140.207.100.82): 4 Time(s)
root (205.185.119.4): 4 Time(s)
unknown (141.98.10.121): 4 Time(s)
unknown (139.59.93.234): 3 Time(s)
unknown (154.8.224.155): 3 Time(s)
unknown (176.111.173.237): 3 Time(s)
unknown (212.193.30.101): 3 Time(s)
root (139.59.93.234): 2 Time(s)
unknown (141.98.10.81): 2 Time(s)
unknown (175.43.133.4): 2 Time(s)
unknown (185.170.144.50): 2 Time(s)
unknown (188.126.89.158): 2 Time(s)
unknown (199.195.251.49): 2 Time(s)
unknown (36.134.155.34): 2 Time(s)
unknown (45.135.232.159): 2 Time(s)
unknown (p57b235d3.dip0.t-ipconnect.de): 2 Time(s)
mysql (82.156.81.59): 1 Time(s)
root (103.133.57.250): 1 Time(s)
root (114-35-98-9.hinet-ip.hinet.net): 1 Time(s)
root (180.247.224.201): 1 Time(s)
root (61-219-108-223.hinet-ip.hinet.net): 1 Time(s)
root (icevilatinoamerica.org): 1 Time(s)
unknown (114-35-98-9.hinet-ip.hinet.net): 1 Time(s)
unknown (140.207.100.82): 1 Time(s)
unknown (150.158.164.53): 1 Time(s)
unknown (176.111.173.238): 1 Time(s)
unknown (205.185.119.4): 1 Time(s)
unknown (36.89.68.35): 1 Time(s)
unknown (icevilatinoamerica.org): 1 Time(s)
unknown (mario-louis-sylvester-lap.tor-exit.calyxinstitute.org): 1 Time(s)
unknown (tor-exit-relay-4.anonymizing-proxy.digitalcourage.de): 1 Time(s)
unknown (tor-project-exit2.dotsrc.org): 1 Time(s)
uucp (113.215.181.54): 1 Time(s)
Invalid Users:
Unknown Account: 532 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
16.317K Bytes accepted 16,709
16.317K Bytes sent via SMTP 16,709
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
1 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
1 Total 4xx Rejects 100.00%
======== ==================================================
324 Connections
270 Connections lost (inbound)
324 Disconnections
1 Removed from queue
1 Sent via SMTP
65 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End
-------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
1.15.25.243: 36 times
36.134.155.34: 15 times
42.193.144.254: 30 times
45.114.192.154 (154-192-114-45.intechonline.net): 18 times
49.234.13.139: 29 times
49.234.59.246: 40 times
60.30.98.194 (no-data): 19 times
60.255.230.126: 16 times
61.218.40.145 (61-218-40-145.hinet-ip.hinet.net): 22 times
61.219.108.223 (61-219-108-223.hinet-ip.hinet.net): 1 time
64.225.118.36 (icevilatinoamerica.org): 1 time
81.1.24.10 (10.24.1.81.rev.sfr.net): 31 times
81.70.197.95: 22 times
82.156.81.59: 32 times
90.187.21.137 (business-90-187-21-137.pool2.vodafone-ip.de): 34 times
92.55.42.79 (host92-55-42-079.etth.mark-itt.net): 35 times
103.133.57.250: 1 time
104.131.1.89: 13 times
106.52.54.192: 33 times
106.55.251.223: 22 times
106.75.84.96: 30 times
111.206.4.222: 24 times
112.216.93.141: 33 times
113.215.181.54: 17 times
114.35.98.9 (114-35-98-9.hinet-ip.hinet.net): 1 time
118.25.1.48: 27 times
119.45.104.122: 36 times
123.195.99.9 (123-195-99-9.dynamic.kbronet.com.tw): 25 times
129.204.228.234: 31 times
134.17.16.92 (92-16-17-134-cloud.mts.by): 17 times
139.59.93.234 (st2symphony.com): 2 times
140.207.100.82: 4 times
143.92.43.169: 33 times
154.8.224.155: 10 times
157.230.230.126: 16 times
160.251.8.225 (v160-251-8-225.fswu.static.cnode.io): 35 times
170.106.115.41: 77 times
174.138.24.157: 22 times
177.172.15.67 (177-172-15-67.user.vivozap.com.br): 23 times
180.247.224.201: 1 time
181.49.117.166: 24 times
182.163.90.49 (v-182-163-90-49.ub-freebit.net): 23 times
186.206.147.242 (bace93f2.virtua.com.br): 34 times
205.185.119.4 (gbb.servergrid.win): 4 times
209.97.132.66 (rentguarantee.org): 53 times
213.6.130.133: 17 times
217.133.58.148 (217-133-58-148.static.clienti.tiscali.it): 30 times
221.226.39.202: 25 times
222.134.143.4: 33 times
Illegal users from:
2001:470:1:c84::24: 1 time
2001:470:1:c84::27: 1 time
undef: 376 times
1.15.25.243: 14 times
36.89.68.35: 1 time
36.134.155.34: 2 times
42.193.144.254: 19 times
45.114.192.154 (154-192-114-45.intechonline.net): 6 times
45.135.232.159: 2 times
45.155.204.39: 6 times
49.234.13.139: 19 times
49.234.59.246: 9 times
60.30.98.194 (no-data): 6 times
60.255.230.126: 10 times
61.218.40.145 (61-218-40-145.hinet-ip.hinet.net): 9 times
64.225.118.36 (icevilatinoamerica.org): 1 time
65.49.20.66 (scan-17.shadowserver.org): 1 time
81.1.24.10 (10.24.1.81.rev.sfr.net): 13 times
81.70.197.95: 12 times
82.156.81.59: 24 times
87.178.53.211 (p57b235d3.dip0.t-ipconnect.de): 2 times
90.187.21.137 (business-90-187-21-137.pool2.vodafone-ip.de): 16 times
92.55.42.79 (host92-55-42-079.etth.mark-itt.net): 15 times
104.131.1.89: 7 times
106.52.54.192: 17 times
106.55.251.223: 12 times
106.75.84.96: 18 times
111.206.4.222: 11 times
112.216.93.141: 17 times
113.215.181.54: 7 times
114.35.98.9 (114-35-98-9.hinet-ip.hinet.net): 1 time
118.25.1.48: 16 times
119.45.104.122: 13 times
123.195.99.9 (123-195-99-9.dynamic.kbronet.com.tw): 13 times
129.204.228.234: 19 times
134.17.16.92 (92-16-17-134-cloud.mts.by): 8 times
139.59.93.234 (st2symphony.com): 3 times
140.207.100.82: 1 time
141.98.10.60: 9 times
141.98.10.81: 2 times
141.98.10.121: 4 times
143.92.43.169: 17 times
150.158.164.53: 1 time
154.8.224.155: 3 times
154.89.5.43: 1 time
157.230.230.126: 6 times
160.251.8.225 (v160-251-8-225.fswu.static.cnode.io): 15 times
162.247.73.192 (mario-louis-sylvester-lap.tor-exit.calyxinstitute.org): 1 time
174.138.24.157: 7 times
175.43.133.4: 2 times
176.111.173.237: 3 times
176.111.173.238: 1 time
177.172.15.67 (177-172-15-67.user.vivozap.com.br): 6 times
181.49.117.166: 14 times
182.163.90.49 (v-182-163-90-49.ub-freebit.net): 13 times
185.129.61.2 (tor-project-exit2.dotsrc.org): 1 time
185.170.144.50: 2 times
185.220.102.250 (tor-exit-relay-4.anonymizing-proxy.digitalcourage.de): 1 time
186.206.147.242 (bace93f2.virtua.com.br): 16 times
188.126.89.158: 2 times
199.195.251.49: 2 times
205.185.119.4 (gbb.servergrid.win): 1 time
212.193.30.101 (slot0.iglogi-camo.com): 3 times
213.6.130.133: 12 times
217.133.58.148 (217-133-58-148.static.clienti.tiscali.it): 7 times
221.226.39.202: 16 times
222.134.143.4: 16 times
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop33257p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
1454
days inactive
1454
days old
0 comments
1 participants
participants (1)
-
root@zapf.in