Logwatch for h2361197.stratoserver.net (Linux)

Mittwoch, 21 Juli 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Wed Jul 21 04:42:06 2021
        Date Range Processed: yesterday
                              ( 2021-Jul-20 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [191:191]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 13 sites probed the server 
    136.144.41.150
    143.198.66.250
    144.86.173.21
    147.182.179.241
    147.182.179.245
    161.35.230.183
    167.71.102.95
    205.185.115.135
    209.141.41.98
    27.215.82.134
    34.82.21.192
    62.210.84.49
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       /: 18 Time(s)
       null: 14 Time(s)
       mstshash=Administr: 3 Time(s)
       /_profiler/phpinfo: 2 Time(s)
       /aaa9: 2 Time(s)
       /aab9: 2 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
       /oSYA: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
    404 Not Found
       /robots.txt: 110 Time(s)
       /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 3 Time(s)
       /download/zapfev_satzung.pdf: 3 Time(s)
       /.well-known/security.txt: 2 Time(s)
       /security.txt: 2 Time(s)
       /wp-login.php: 2 Time(s)
       /berlin/apple-touch-icon.png: 1 Time(s)
       /berlin/orientierung/apple-touch-icon.png: 1 Time(s)
       /protokolle/Protokoll_MV_FFM_21.11.2015.pdf: 1 Time(s)
       /reader/1993-wi-reader_st93.pdf: 1 Time(s)
       /reader/1995-wi-reader_bn95.pdf: 1 Time(s)
       /xmlrpc.php: 1 Time(s)
    500 Internal Server Error
       /: 25 Time(s)
       /.env: 3 Time(s)
       /aaa9: 2 Time(s)
       /aab9: 2 Time(s)
       /favicon.ico: 2 Time(s)
       /robots.txt: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /ReportServer: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /login: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (103.236.229.2): 70 Time(s)
       root (111.67.194.94): 70 Time(s)
       root (171.214.16.158): 70 Time(s)
       root (190.13.81.219): 70 Time(s)
       root (211.193.31.52): 70 Time(s)
       root (23.97.180.45): 70 Time(s)
       root (61.155.209.51): 70 Time(s)
       root (c-73-203-141-143.hsd1.ms.comcast.net): 70 Time(s)
       root (121.5.3.180): 66 Time(s)
       root (peruintercorp.com): 61 Time(s)
       root (125.141.139.9): 60 Time(s)
       root (118.89.81.149): 57 Time(s)
       root (42.192.173.196): 56 Time(s)
       root (49.234.134.90): 52 Time(s)
       root (117.50.45.241): 51 Time(s)
       root (121.4.98.173): 51 Time(s)
       root (101.255.81.91): 50 Time(s)
       root (183.91.69.13): 50 Time(s)
       root (187.109.41.238): 50 Time(s)
       root (51.132.144.126): 50 Time(s)
       root (123.55.73.209): 48 Time(s)
       root (101.36.151.78): 45 Time(s)
       root (152.136.212.92): 43 Time(s)
       root (180.76.181.175): 40 Time(s)
       root (81.71.32.72): 37 Time(s)
       root (104.248.49.90): 36 Time(s)
       root (139.198.126.110): 35 Time(s)
       root (112.95.225.158): 34 Time(s)
       root (81.71.8.200): 34 Time(s)
       root (165.232.124.209): 33 Time(s)
       root (49.234.221.197): 32 Time(s)
       root (103.215.82.159): 30 Time(s)
       unknown (132.232.84.124): 29 Time(s)
       root (36.133.35.228): 27 Time(s)
       root (103.245.189.38): 26 Time(s)
       root (211.200.178.178): 24 Time(s)
       root (lfbn-cle-1-206-68.w2-3.abo.wanadoo.fr): 24 Time(s)
       unknown (193.112.135.95): 23 Time(s)
       unknown (209.97.186.17): 23 Time(s)
       root (77.40.123.115): 20 Time(s)
       unknown (45.249.245.148): 20 Time(s)
       unknown (129.28.162.79): 19 Time(s)
       unknown (45.146.166.111): 19 Time(s)
       root (209.97.186.17): 18 Time(s)
       unknown (107.170.131.23): 18 Time(s)
       unknown (138.197.130.138): 18 Time(s)
       unknown (212.64.2.118): 18 Time(s)
       unknown (115.159.209.172): 17 Time(s)
       unknown (157.230.113.8): 17 Time(s)
       unknown (170.106.50.105): 17 Time(s)
       unknown (180.76.235.96): 17 Time(s)
       unknown (vps-b1a9d427.vps.ovh.ca): 17 Time(s)
       root (106.75.11.201): 16 Time(s)
       root (139.59.102.170): 16 Time(s)
       root (1.227.57.66): 14 Time(s)
       unknown (1.227.57.66): 14 Time(s)
       unknown (152.166.116.97): 14 Time(s)
       root (104.131.74.150): 13 Time(s)
       unknown (121.5.223.154): 13 Time(s)
       unknown (222.73.62.184): 13 Time(s)
       root (179.43.175.125): 12 Time(s)
       unknown (139.5.146.112): 12 Time(s)
       unknown (141.98.10.203): 12 Time(s)
       unknown (175.123.253.220): 12 Time(s)
       root (138.197.130.138): 10 Time(s)
       root (212.64.2.118): 10 Time(s)
       unknown (77.40.123.115): 10 Time(s)
       root (115.159.209.172): 9 Time(s)
       root (132.232.84.124): 9 Time(s)
       root (180.76.235.96): 9 Time(s)
       unknown (141.98.10.29): 9 Time(s)
       unknown (205.185.127.25): 9 Time(s)
       root (107.170.131.23): 8 Time(s)
       root (139.155.84.24): 8 Time(s)
       unknown (176.111.173.156): 8 Time(s)
       unknown (199.195.248.154): 8 Time(s)
       root (87.241.1.186): 7 Time(s)
       unknown (106.12.98.175): 7 Time(s)
       root (117.63.58.91): 6 Time(s)
       root (183.105.164.159): 6 Time(s)
       root (222.73.62.184): 6 Time(s)
       root (45.249.245.148): 6 Time(s)
       root (vps-b1a9d427.vps.ovh.ca): 6 Time(s)
       unknown (141.98.10.56): 6 Time(s)
       root (106.54.222.51): 5 Time(s)
       root (121.5.223.154): 5 Time(s)
       root (157.230.113.8): 5 Time(s)
       root (170.106.50.105): 5 Time(s)
       unknown (193.169.254.113): 5 Time(s)
       root (012-golden.ear1.london2.level3.net): 4 Time(s)
       root (110.247.62.165): 4 Time(s)
       root (129.28.162.79): 4 Time(s)
       root (193.112.135.95): 4 Time(s)
       unknown (104.248.20.236): 4 Time(s)
       unknown (142.93.105.220): 4 Time(s)
       root (210.212.207.129): 3 Time(s)
       root (45.146.166.111): 3 Time(s)
       unknown (107.189.1.174): 3 Time(s)
       unknown (141.98.10.179): 3 Time(s)
       unknown (141.98.10.27): 3 Time(s)
       unknown (205.185.125.109): 3 Time(s)
       unknown (37.0.11.249): 3 Time(s)
       unknown (45.135.232.165): 3 Time(s)
       postgres (209.97.186.17): 2 Time(s)
       root (104.244.79.229): 2 Time(s)
       root (104.244.79.92): 2 Time(s)
       root (176.111.173.156): 2 Time(s)
       root (193.169.254.113): 2 Time(s)
       root (82.156.97.165): 2 Time(s)
       unknown (107.189.30.221): 2 Time(s)
       unknown (42.192.76.45): 2 Time(s)
       unknown (45.146.165.72): 2 Time(s)
       unknown (94.19.49.235): 2 Time(s)
       backup (107.170.131.23): 1 Time(s)
       backup (157.230.113.8): 1 Time(s)
       bin (176.111.173.156): 1 Time(s)
       mysql (139.5.146.112): 1 Time(s)
       mysql (170.106.50.105): 1 Time(s)
       mysql (193.169.254.113): 1 Time(s)
       mysql (45.249.245.148): 1 Time(s)
       postgres (107.170.131.23): 1 Time(s)
       postgres (129.28.162.79): 1 Time(s)
       postgres (138.197.130.138): 1 Time(s)
       postgres (42.192.76.45): 1 Time(s)
       root (1.15.86.33): 1 Time(s)
       root (103.242.56.122): 1 Time(s)
       root (107.189.1.174): 1 Time(s)
       root (107.189.30.221): 1 Time(s)
       root (111.229.219.57): 1 Time(s)
       root (117.33.247.28): 1 Time(s)
       root (123.134.167.62): 1 Time(s)
       root (123.156.225.58): 1 Time(s)
       root (134.175.206.145): 1 Time(s)
       root (175.123.253.220): 1 Time(s)
       root (181.188.128.236): 1 Time(s)
       root (181.214.243.18): 1 Time(s)
       root (182.208.252.91): 1 Time(s)
       root (183.238.243.30): 1 Time(s)
       root (185.201.9.205): 1 Time(s)
       root (185.220.101.193): 1 Time(s)
       root (188.166.247.82): 1 Time(s)
       root (192.144.230.43): 1 Time(s)
       root (212.230.136.124): 1 Time(s)
       root (23.129.64.153): 1 Time(s)
       root (42.192.76.45): 1 Time(s)
       root (45.146.165.72): 1 Time(s)
       root (49.235.122.197): 1 Time(s)
       root (onion.xor.sc): 1 Time(s)
       root (v163-44-155-206.a010.g.sin1.static.cnode.io): 1 Time(s)
       root (vmi548745.contaboserver.net): 1 Time(s)
       sshd (45.146.166.111): 1 Time(s)
       temp (132.232.84.124): 1 Time(s)
       unknown (012-golden.ear1.london2.level3.net): 1 Time(s)
       unknown (1.116.131.247): 1 Time(s)
       unknown (101.36.151.78): 1 Time(s)
       unknown (103.113.104.49): 1 Time(s)
       unknown (107.189.8.71): 1 Time(s)
       unknown (110.247.62.165): 1 Time(s)
       unknown (112.15.9.98): 1 Time(s)
       unknown (134.122.103.82): 1 Time(s)
       unknown (139.155.81.221): 1 Time(s)
       unknown (162.209.206.207): 1 Time(s)
       unknown (180.76.174.59): 1 Time(s)
       unknown (51.15.197.4): 1 Time(s)
       www-data (193.112.135.95): 1 Time(s)
       www-data (209.97.186.17): 1 Time(s)
    Invalid Users:
       Unknown Account: 470 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        2   Miscellaneous warnings  
 
   17.137K  Bytes accepted                              17,548
   17.137K  Bytes sent via SMTP                         17,548
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        4   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        4   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      376   Connections             
      257   Connections lost (inbound) 
      376   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
       44   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 2 Time(s)
 
 Failed logins from:
    1.15.86.33: 1 time
    1.227.57.66: 14 times
    2.3.53.68 (lfbn-cle-1-206-68.w2-3.abo.wanadoo.fr): 24 times
    23.97.180.45: 70 times
    23.129.64.153: 1 time
    36.133.35.228: 27 times
    42.192.76.45: 2 times
    42.192.173.196: 56 times
    45.146.165.72: 1 time
    45.146.166.111: 4 times
    45.249.245.148: 7 times
    49.234.134.90: 52 times
    49.234.221.197: 32 times
    49.235.122.197: 1 time
    51.79.65.236 (vps-b1a9d427.vps.ovh.ca): 6 times
    51.132.144.126: 50 times
    61.155.209.51: 70 times
    62.171.189.31 (vmi548745.contaboserver.net): 1 time
    73.203.141.143 (c-73-203-141-143.hsd1.ms.comcast.net): 70 times
    77.40.123.115 (mail.wessen.ru): 20 times
    81.71.8.200: 34 times
    81.71.32.72: 37 times
    82.156.97.165: 2 times
    87.241.1.186: 7 times
    101.36.151.78: 45 times
    101.255.81.91: 50 times
    103.215.82.159: 30 times
    103.236.229.2: 70 times
    103.242.56.122: 1 time
    103.245.189.38: 26 times
    104.131.74.150: 13 times
    104.244.79.92: 2 times
    104.244.79.229 (localhost): 2 times
    104.248.49.90: 36 times
    106.54.222.51: 5 times
    106.75.11.201: 16 times
    107.170.131.23: 10 times
    107.189.1.174: 1 time
    107.189.30.221: 1 time
    110.247.62.165: 4 times
    111.67.194.94: 70 times
    111.229.219.57: 1 time
    112.95.225.158: 34 times
    115.159.209.172: 9 times
    117.33.247.28: 1 time
    117.50.45.241: 51 times
    117.63.58.91: 6 times
    118.89.81.149: 57 times
    121.4.98.173: 51 times
    121.5.3.180: 66 times
    121.5.223.154: 5 times
    123.55.73.209: 48 times
    123.134.167.62: 1 time
    123.156.225.58: 1 time
    125.141.139.9: 60 times
    129.28.162.79: 5 times
    132.232.84.124: 10 times
    134.175.206.145: 1 time
    138.197.130.138 (shitcointopia-grana.com.py-clima.grana.com.py): 11 times
    139.5.146.112 (rev-dns-cloud-bkk-112-146-5-139-th.nipa.cloud): 1 time
    139.59.102.170: 16 times
    139.155.84.24: 8 times
    139.198.126.110: 35 times
    152.136.212.92: 43 times
    157.230.113.8: 6 times
    163.44.155.206 (v163-44-155-206.a010.g.sin1.static.cnode.io): 1 time
    165.232.124.209: 33 times
    167.86.110.92 (peruintercorp.com): 61 times
    170.106.50.105: 6 times
    171.214.16.158: 70 times
    175.123.253.220: 1 time
    176.111.173.156: 3 times
    179.43.175.125: 12 times
    180.76.181.175: 40 times
    180.76.235.96: 9 times
    181.188.128.236 (mail.global-bolivia.com): 1 time
    181.214.243.18: 1 time
    182.208.252.91: 1 time
    183.91.69.13: 50 times
    183.105.164.159: 6 times
    183.238.243.30: 1 time
    185.56.80.65 (onion.xor.sc): 1 time
    185.201.9.205 (ruangwebjogja.com): 1 time
    185.220.101.193: 1 time
    187.109.41.238: 50 times
    188.166.247.82: 1 time
    190.13.81.219 (azteca-comunicaciones.com): 70 times
    192.144.230.43: 1 time
    193.112.135.95: 5 times
    193.169.254.113: 3 times
    195.50.124.234 (012-GOLDEN.ear1.London2.Level3.net): 4 times
    209.97.186.17: 21 times
    210.212.207.129: 3 times
    211.193.31.52: 70 times
    211.200.178.178: 24 times
    212.64.2.118: 10 times
    212.230.136.124: 1 time
    222.73.62.184: 6 times
 
 Illegal users from:
    undef: 275 times
    1.116.131.247: 1 time
    1.227.57.66: 14 times
    37.0.11.249: 3 times
    42.192.76.45: 2 times
    45.135.232.165: 3 times
    45.146.165.72: 2 times
    45.146.166.111: 19 times
    45.249.245.148: 20 times
    51.15.197.4 (4-197-15-51.instances.scw.cloud): 1 time
    51.79.65.236 (vps-b1a9d427.vps.ovh.ca): 17 times
    65.49.20.66 (scan-17.shadowserver.org): 1 time
    77.40.123.115 (mail.wessen.ru): 10 times
    94.19.49.235 (94.19.49.235.pool.sknt.ru): 2 times
    101.36.151.78: 1 time
    103.113.104.49 (axntech-dynamic-49.104.113.103.axntechnologies.in): 1 time
    104.248.20.236: 4 times
    106.12.98.175: 7 times
    107.170.131.23: 18 times
    107.189.1.174: 3 times
    107.189.8.71: 1 time
    107.189.30.221: 2 times
    110.247.62.165: 1 time
    112.15.9.98: 1 time
    115.159.209.172: 17 times
    121.5.223.154: 13 times
    129.28.162.79: 19 times
    132.232.84.124: 29 times
    134.122.103.82: 1 time
    138.197.130.138 (shitcointopia-grana.com.py-clima.grana.com.py): 18 times
    139.5.146.112 (rev-dns-cloud-bkk-112-146-5-139-th.nipa.cloud): 12 times
    139.155.81.221: 1 time
    141.98.10.27: 3 times
    141.98.10.29: 9 times
    141.98.10.56: 6 times
    141.98.10.179 (er.includeswitche.com): 3 times
    141.98.10.203: 12 times
    142.93.105.220: 4 times
    152.32.172.182: 1 time
    152.166.116.97 (adsl-54-97.tricom.net): 15 times
    157.230.113.8: 17 times
    162.209.206.207: 1 time
    170.106.50.105: 17 times
    175.123.253.220: 12 times
    176.111.173.156: 8 times
    180.76.174.59: 1 time
    180.76.235.96: 17 times
    193.112.135.95: 23 times
    193.169.254.113: 5 times
    195.50.124.234 (012-GOLDEN.ear1.London2.Level3.net): 1 time
    199.195.248.154: 8 times
    205.185.125.109: 3 times
    205.185.127.25 (serveroperations.com): 9 times
    209.97.186.17: 23 times
    212.64.2.118: 18 times
    222.73.62.184: 13 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop23974p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016