Logwatch for h2361197.stratoserver.net (Linux)

Samstag, 23 Oktober 2021

 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sat Oct 23 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-22 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 

 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [106:106]

 ---------------------- fail2ban-messages End ------------------------- 

 --------------------- httpd Begin ------------------------ 

 A total of 8 sites probed the server 
    159.223.2.130
    185.170.144.50
    198.20.70.114
    199.195.251.43
    212.67.214.41
    34.86.35.3
    45.61.139.65
    66.23.232.198

 Requests with error response codes
    400 Bad Request
       null: 13 Time(s)
       /config/getuser?index=0: 7 Time(s)
       /: 6 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s)
       /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e ... e%2e/etc/passwd: 2 Time(s)
       /aaa9: 2 Time(s)
       /aab9: 2 Time(s)
       /index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s)
    500 Internal Server Error
       /: 42 Time(s)
       /favicon.ico: 15 Time(s)
       /robots.txt: 5 Time(s)
       /sitemap.xml: 4 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 2 Time(s)
       /Autodiscover/Autodiscover.xml: 2 Time(s)
       /_ignition/execute-solution: 2 Time(s)
       /aaa9: 2 Time(s)
       /aab9: 2 Time(s)
       /api/jsonws/invoke: 2 Time(s)
       /console/: 2 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s)
       /mifs/.;/services/LogService: 2 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s)
       /.git/HEAD: 1 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /GponForm/diag_Form?style/: 1 Time(s)
       /actuator/health: 1 Time(s)
       /cgi-bin/config.exp: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s)

 ---------------------- httpd End ------------------------- 

 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (188.166.245.67): 209 Time(s)
       unknown (h2773033.stratoserver.net): 141 Time(s)
       root (103.165.81.130): 39 Time(s)
       root (49.232.161.195): 37 Time(s)
       root (122.176.55.24): 35 Time(s)
       root (177.220.164.124): 35 Time(s)
       root (189.6.45.130): 35 Time(s)
       root (61.155.106.101): 32 Time(s)
       root (49.235.129.160): 31 Time(s)
       root (1.14.72.164): 30 Time(s)
       root (h2773033.stratoserver.net): 29 Time(s)
       root (81.70.205.107): 27 Time(s)
       root (192.144.227.180): 25 Time(s)
       root (42.193.2.199): 24 Time(s)
       unknown (81.70.205.107): 22 Time(s)
       root (111-243-66-152.dynamic-ip.hinet.net): 21 Time(s)
       root (113.215.181.54): 21 Time(s)
       unknown (81.68.215.204): 21 Time(s)
       unknown (49.235.129.160): 19 Time(s)
       root (112.166.133.216): 18 Time(s)
       root (121.5.126.248): 18 Time(s)
       root (124.156.139.172): 18 Time(s)
       unknown (61.155.106.101): 18 Time(s)
       root (124.43.9.184): 17 Time(s)
       root (101-137-237-76.mobile.dynamic.aptg.com.tw): 16 Time(s)
       unknown (1.14.72.164): 16 Time(s)
       root (13.82.0.138): 15 Time(s)
       unknown (122.176.55.24): 15 Time(s)
       unknown (177.220.164.124): 15 Time(s)
       unknown (189.6.45.130): 15 Time(s)
       unknown (42.193.2.199): 15 Time(s)
       unknown (45-19-182-225.lightspeed.snantx.sbcglobal.net): 15 Time(s)
       unknown (13.82.0.138): 13 Time(s)
       root (200.31.122.174): 12 Time(s)
       unknown (192.144.227.180): 12 Time(s)
       root (111-243-46-171.dynamic-ip.hinet.net): 11 Time(s)
       unknown (103.165.81.130): 11 Time(s)
       unknown (49.232.161.195): 11 Time(s)
       unknown (121.5.126.248): 10 Time(s)
       unknown (124.156.139.172): 10 Time(s)
       unknown (112.166.133.216): 9 Time(s)
       unknown (124.43.9.184): 7 Time(s)
       unknown (smtp4.achtungumbedingt.de): 7 Time(s)
       unknown (111-243-46-171.dynamic-ip.hinet.net): 6 Time(s)
       unknown (113.215.181.54): 6 Time(s)
       unknown (167.88.161.219): 6 Time(s)
       unknown (176.111.173.237): 6 Time(s)
       root (117.158.107.107): 5 Time(s)
       unknown (117.158.107.107): 5 Time(s)
       unknown (200.31.122.174): 5 Time(s)
       root (179.129.204.45): 4 Time(s)
       root (199.195.253.210): 4 Time(s)
       root (68.183.180.46): 4 Time(s)
       root (orion.psigenix.net): 4 Time(s)
       unknown (101-137-237-76.mobile.dynamic.aptg.com.tw): 4 Time(s)
       unknown (111-243-66-152.dynamic-ip.hinet.net): 4 Time(s)
       unknown (176.111.173.238): 4 Time(s)
       unknown (199.195.251.49): 4 Time(s)
       unknown (199.195.253.210): 4 Time(s)
       root (81.68.215.204): 3 Time(s)
       root (smtp4.achtungumbedingt.de): 3 Time(s)
       unknown (136.144.41.253): 3 Time(s)
       unknown (209.141.55.232): 3 Time(s)
       root (176.111.173.238): 2 Time(s)
       unknown (141.98.10.82): 2 Time(s)
       unknown (bras-base-mtrlpq3708w-grc-25-76-65-84-229.dsl.bell.ca): 2 Time(s)
       unknown (gw-td2.simplexxion.nl): 2 Time(s)
       unknown (host-87-10-232-7.retail.telecomitalia.it): 2 Time(s)
       unknown (pd9e531e0.dip0.t-ipconnect.de): 2 Time(s)
       mysql (199.195.253.210): 1 Time(s)
       postgres (smtp4.achtungumbedingt.de): 1 Time(s)
       root (103.160.42.81): 1 Time(s)
       root (116.113.17.210): 1 Time(s)
       root (176.111.173.237): 1 Time(s)
       root (180.250.115.121): 1 Time(s)
       root (193.169.254.234): 1 Time(s)
       root (223.95.88.199): 1 Time(s)
       root (45-19-182-225.lightspeed.snantx.sbcglobal.net): 1 Time(s)
       unknown (179.129.204.45): 1 Time(s)
       unknown (180.254.68.135): 1 Time(s)
       unknown (188.126.89.37): 1 Time(s)
       unknown (36.152.127.130): 1 Time(s)
       unknown (68.183.180.46): 1 Time(s)
       unknown (orion.psigenix.net): 1 Time(s)
       unknown (tor-exit-se1.privex.cc): 1 Time(s)
    Invalid Users:
       Unknown Account: 479 Time(s)

 ---------------------- pam_unix End ------------------------- 

 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  

   14.560K  Bytes accepted                              14,909
   14.560K  Bytes sent via SMTP                         14,909
 ========   ==================================================

        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================

        4   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        4   Total 4xx Rejects                          100.00%
 ========   ==================================================

      316   Connections             
      116   Connections lost (inbound) 
      316   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           

        1   Illegal address syntax in SMTP command 
        1   SMTP dialog errors      
        1   Hostname verification errors (FCRDNS) 

 ---------------------- Postfix End ------------------------- 

 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)

 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Failed logins from:
    1.14.72.164: 30 times
    13.82.0.138: 15 times
    42.193.2.199: 24 times
    45.19.182.225 (45-19-182-225.lightspeed.snantx.sbcglobal.net): 1 time
    49.232.161.195: 37 times
    49.235.129.160: 31 times
    61.155.106.101: 32 times
    68.183.180.46: 4 times
    81.68.215.204: 3 times
    81.70.205.107: 27 times
    81.169.158.95 (h2773033.stratoserver.net): 29 times
    101.137.237.76 (101-137-237-76.mobile.dynamic.aptg.com.tw): 16 times
    103.160.42.81: 1 time
    103.165.81.130: 39 times
    107.189.30.134 (smtp4.achtungumbedingt.de): 4 times
    111.243.46.171 (111-243-46-171.dynamic-ip.hinet.net): 11 times
    111.243.66.152 (111-243-66-152.dynamic-ip.hinet.net): 21 times
    112.166.133.216: 18 times
    113.215.181.54: 21 times
    116.113.17.210: 1 time
    117.158.107.107: 5 times
    121.5.126.248: 18 times
    122.176.55.24 (abts-north-static-024.55.176.122.airtelbroadband.in): 35 times
    124.43.9.184: 17 times
    124.156.139.172: 18 times
    176.111.173.237: 1 time
    176.111.173.238: 2 times
    177.220.164.124 (124.164.220.177.dynamic.copel.net): 35 times
    179.129.204.45 (179-129-204-45.user.vivozap.com.br): 4 times
    180.250.115.121: 1 time
    188.166.245.67: 209 times
    189.6.45.130 (bd062d82.virtua.com.br): 35 times
    192.144.227.180: 25 times
    193.169.254.234: 1 time
    199.195.253.210: 5 times
    200.31.122.174 (host-200-31-122-174.americatelnet.com.pe): 12 times
    209.141.59.9 (orion.psigenix.net): 4 times
    223.95.88.199: 1 time

 Illegal users from:
    undef: 256 times
    1.14.72.164: 16 times
    13.82.0.138: 13 times
    36.152.127.130: 1 time
    42.193.2.199: 15 times
    45.19.182.225 (45-19-182-225.lightspeed.snantx.sbcglobal.net): 15 times
    49.232.161.195: 11 times
    49.235.129.160: 19 times
    61.155.106.101: 18 times
    62.45.10.152 (gw-td2.simplexxion.nl): 2 times
    65.49.20.69 (scan-20.shadowserver.org): 1 time
    68.183.180.46: 1 time
    76.65.84.229 (bras-base-mtrlpq3708w-grc-25-76-65-84-229.dsl.bell.ca): 2 times
    81.68.215.204: 21 times
    81.70.205.107: 22 times
    81.169.158.95 (h2773033.stratoserver.net): 141 times
    87.10.232.7 (host-87-10-232-7.retail.telecomitalia.it): 2 times
    101.137.237.76 (101-137-237-76.mobile.dynamic.aptg.com.tw): 4 times
    103.165.81.130: 11 times
    107.189.30.134 (smtp4.achtungumbedingt.de): 7 times
    111.243.46.171 (111-243-46-171.dynamic-ip.hinet.net): 6 times
    111.243.66.152 (111-243-66-152.dynamic-ip.hinet.net): 4 times
    112.166.133.216: 9 times
    113.215.181.54: 6 times
    117.158.107.107: 5 times
    121.5.126.248: 10 times
    122.176.55.24 (abts-north-static-024.55.176.122.airtelbroadband.in): 15 times
    124.43.9.184: 7 times
    124.156.139.172: 10 times
    136.144.41.253: 3 times
    141.98.10.82: 2 times
    167.88.161.219 (smtp21.gftvrsr.xyz): 6 times
    176.111.173.237: 6 times
    176.111.173.238: 4 times
    177.220.164.124 (124.164.220.177.dynamic.copel.net): 15 times
    179.129.204.45 (179-129-204-45.user.vivozap.com.br): 1 time
    180.254.68.135: 1 time
    185.130.44.108 (tor-exit-se1.privex.cc): 1 time
    188.126.89.37: 1 time
    189.6.45.130 (bd062d82.virtua.com.br): 15 times
    192.144.227.180: 12 times
    199.195.251.49: 4 times
    199.195.253.210: 4 times
    200.31.122.174 (host-200-31-122-174.americatelnet.com.pe): 5 times
    209.141.55.232: 3 times
    209.141.59.9 (orion.psigenix.net): 1 time
    217.229.49.224 (pd9e531e0.dip0.t-ipconnect.de): 2 times

 **Unmatched Entries**
 Protocol major versions differ for 199.195.251.43: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
vs. SSH-1.5-Server : 1 time(s)

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End ######################### 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016