[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu May 30 04:42:07 2019 Date Range Processed: yesterday ( 2019-May-29 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [538:533] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 2 sites probed the server 61.219.11.153 66.240.205.34 Requests with error response codes 400 Bad Request /: 2 Time(s) mstshash=Administr: 2 Time(s) null: 2 Time(s) /robots.txt: 1 Time(s) \x9D\xE8\xC3Mf: 1 Time(s) 404 Not Found /robots.txt: 30 Time(s) /berlin/apple-touch-icon.png: 4 Time(s) /resolutionen/wise15/Gefl%C3%83%C2%BCchtet ... efluechtete.pdf: 1 Time(s) /resolutionen/wise17/Akkreditierung_PosPap/Pospap_: 1 Time(s) /sites/all/libraries/elfinder/connectors/php/connector.php: 1 Time(s) /sites/all/libraries/elfinder/elfinder.html: 1 Time(s) /sites/all/libraries/elfinder/src/connecto ... p/connector.php: 1 Time(s) /sites/all/libraries/plupload/examples/upload.php: 1 Time(s) /sites/default/files/2011_WiSe_Bonn.pdf: 1 Time(s) /sites/default/files/Bericht_SommerZaPF13_Jena.pdf: 1 Time(s) /wp-login.php: 1 Time(s) /zapf/geschaeftsordnung: 1 Time(s) 500 Internal Server Error /: 37 Time(s) /downloader/: 1 Time(s) /login_sid.lua: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (159.89.28.170): 91 Time(s) unknown (148.70.113.127): 63 Time(s) unknown (193.112.251.73): 59 Time(s) unknown (14.162.144.117): 55 Time(s) unknown (122.199.152.114): 52 Time(s) unknown (165.227.2.127): 51 Time(s) unknown (201.149.20.162): 51 Time(s) unknown (46.209.45.58): 51 Time(s) unknown (79.ip-178-32-35.eu): 51 Time(s) unknown (c-73-2-139-100.hsd1.tn.comcast.net): 51 Time(s) unknown (106.12.205.132): 50 Time(s) unknown (119.29.10.25): 50 Time(s) unknown (80.91.176.139): 50 Time(s) unknown (static.9.130.203.116.clients.your-server.de): 50 Time(s) unknown (122.225.100.82): 49 Time(s) unknown (178.128.126.188): 49 Time(s) unknown (45.55.129.23): 49 Time(s) unknown (60.174.80.79): 49 Time(s) unknown (88-119-221-196.static.zebra.lt): 49 Time(s) unknown (95.130.9.44): 49 Time(s) unknown (dsl-emcali-190.1.203.180.emcali.net.co): 49 Time(s) unknown (10.ip-37-59-116.eu): 48 Time(s) unknown (111.93.235.78): 48 Time(s) unknown (130.ip-92-222-70.eu): 48 Time(s) unknown (45.55.224.209): 48 Time(s) unknown (69.162.68.54): 48 Time(s) unknown (142.93.171.138): 44 Time(s) unknown (1.9.21.100): 43 Time(s) unknown (75.ip-164-132-98.eu): 43 Time(s) unknown (103.127.50.100): 40 Time(s) unknown (68.183.84.15): 40 Time(s) unknown (104-189-118-224.lightspeed.rcsntx.sbcglobal.net): 39 Time(s) unknown (67.205.142.246): 36 Time(s) unknown (129.122.16.156): 31 Time(s) unknown (112.196.54.138): 24 Time(s) unknown (181.40.76.162): 24 Time(s) unknown (118.144.139.216): 18 Time(s) unknown (106.74.78.227): 16 Time(s) unknown (118.144.139.214): 11 Time(s) unknown (219.149.225.154): 11 Time(s) unknown (host-85-201-45-127.dynamic.voo.be): 9 Time(s) root (lfbn-idf2-1-282-119.w82-123.abo.wanadoo.fr): 7 Time(s) unknown (ec2-18-195-121-43.eu-central-1.compute.amazonaws.com): 7 Time(s) root (115.52.159.210): 6 Time(s) root (36-236-205-127.dynamic-ip.hinet.net): 6 Time(s) root (r167-58-34-51.dialup.adsl.anteldata.net.uy): 6 Time(s) unknown (178.128.201.224): 6 Time(s) unknown (53.216-223-215-net.sccoast.net): 6 Time(s) unknown (ns392548.ip-176-31-106.eu): 6 Time(s) unknown (115.159.185.205): 5 Time(s) unknown (167.99.235.251): 5 Time(s) unknown (66.49.84.65.nw.nuvox.net): 5 Time(s) unknown (r190-0-159-69.ir-static.adinet.com.uy): 5 Time(s) unknown (104.248.87.201): 4 Time(s) unknown (ppp91-122-14-178.pppoe.avangarddsl.ru): 4 Time(s) irc (75.ip-164-132-98.eu): 2 Time(s) unknown (194.179.101.6): 2 Time(s) unknown (45.235.11.2): 2 Time(s) backup (122.225.100.82): 1 Time(s) backup (148.70.113.127): 1 Time(s) backup (static.9.130.203.116.clients.your-server.de): 1 Time(s) daemon (1.9.21.100): 1 Time(s) daemon (159.89.28.170): 1 Time(s) daemon (181.40.76.162): 1 Time(s) games (10.ip-37-59-116.eu): 1 Time(s) games (103.127.50.100): 1 Time(s) games (118.144.139.216): 1 Time(s) games (178.128.201.224): 1 Time(s) games (88-119-221-196.static.zebra.lt): 1 Time(s) games (95.130.9.44): 1 Time(s) gnats (129.122.16.156): 1 Time(s) gnats (130.ip-92-222-70.eu): 1 Time(s) irc (106.12.205.132): 1 Time(s) irc (ppp91-122-14-178.pppoe.avangarddsl.ru): 1 Time(s) mail (119.29.10.25): 1 Time(s) mail (165.227.2.127): 1 Time(s) mailman (148.70.113.127): 1 Time(s) mailman (181.40.76.162): 1 Time(s) mailman (46.209.45.58): 1 Time(s) mailman (68.183.84.15): 1 Time(s) mailman (75.ip-164-132-98.eu): 1 Time(s) mailman (95.130.9.44): 1 Time(s) man (142.93.171.138): 1 Time(s) man (159.89.28.170): 1 Time(s) man (60.174.80.79): 1 Time(s) man (68.183.84.15): 1 Time(s) man (80.91.176.139): 1 Time(s) mysql (122.225.100.82): 1 Time(s) mysql (dsl-emcali-190.1.203.180.emcali.net.co): 1 Time(s) news (159.89.28.170): 1 Time(s) nobody (104.248.87.201): 1 Time(s) nobody (106.12.205.132): 1 Time(s) nobody (122.225.100.82): 1 Time(s) nobody (14.162.144.117): 1 Time(s) nobody (142.93.171.138): 1 Time(s) nobody (68.183.84.15): 1 Time(s) postfix (1.9.21.100): 1 Time(s) postfix (118.144.139.216): 1 Time(s) postfix (static.9.130.203.116.clients.your-server.de): 1 Time(s) postgres (10.ip-37-59-116.eu): 1 Time(s) postgres (104-189-118-224.lightspeed.rcsntx.sbcglobal.net): 1 Time(s) postgres (118.144.139.214): 1 Time(s) postgres (122.225.100.82): 1 Time(s) postgres (129.122.16.156): 1 Time(s) postgres (142.93.171.138): 1 Time(s) postgres (178.128.126.188): 1 Time(s) postgres (201.149.20.162): 1 Time(s) postgres (95.130.9.44): 1 Time(s) proxy (14.162.144.117): 1 Time(s) proxy (178.128.126.188): 1 Time(s) proxy (60.174.80.79): 1 Time(s) root (20.49.198.35.bc.googleusercontent.com): 1 Time(s) root (ip-166-62-86-209.ip.secureserver.net): 1 Time(s) smmsp (130.ip-92-222-70.eu): 1 Time(s) smmsp (45.55.129.23): 1 Time(s) sshd (159.89.28.170): 1 Time(s) sshd (68.183.84.15): 1 Time(s) sshd (79.ip-178-32-35.eu): 1 Time(s) sshd (80.91.176.139): 1 Time(s) sync (111.93.235.78): 1 Time(s) sync (119.29.10.25): 1 Time(s) sync (159.89.28.170): 1 Time(s) sync (60.174.80.79): 1 Time(s) sync (88-119-221-196.static.zebra.lt): 1 Time(s) temp (10.ip-37-59-116.eu): 1 Time(s) temp (104.248.87.201): 1 Time(s) temp (142.93.171.138): 1 Time(s) temp (68.183.84.15): 1 Time(s) unknown (103.44.132.44): 1 Time(s) unknown (104.131.84.59): 1 Time(s) unknown (106.13.118.41): 1 Time(s) unknown (113.162.175.244): 1 Time(s) unknown (113.190.223.225): 1 Time(s) unknown (124.205.9.241): 1 Time(s) unknown (132.255.29.228): 1 Time(s) unknown (181.111.181.50): 1 Time(s) unknown (183.red-88-10-39.dynamicip.rima-tde.net): 1 Time(s) unknown (188-183-154-93-cable.dk.customer.tdc.net): 1 Time(s) unknown (193.32.163.89): 1 Time(s) unknown (211.169.249.156): 1 Time(s) unknown (213-162-251-185.ftth.cust.kwaoo.net): 1 Time(s) unknown (223.17.237.138): 1 Time(s) unknown (arellanolaw.edu): 1 Time(s) unknown (h79-138-37-5.cust.a3fiber.se): 1 Time(s) unknown (ip-178-203-177-136.hsi10.unitymediagroup.de): 1 Time(s) unknown (ns207822.ip-94-23-215.eu): 1 Time(s) uucp (122.225.100.82): 1 Time(s) www-data (14.162.144.117): 1 Time(s) www-data (178.128.126.188): 1 Time(s) www-data (67.205.142.246): 1 Time(s) Invalid Users: Unknown Account: 1862 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 6 Miscellaneous warnings 78.737K Bytes accepted 80,627 78.737K Bytes sent via SMTP 80,627 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 229 Connections 201 Connections lost (inbound) 229 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 2 Time(s) root : 3 Time(s) Failed logins from: 1.9.21.100: 2 times 14.162.144.117 (static.vnpt.vn): 3 times 35.198.49.20 (20.49.198.35.bc.googleusercontent.com): 1 time 36.236.205.127 (36-236-205-127.dynamic-ip.hinet.net): 6 times 37.59.116.10 (10.ip-37-59-116.eu): 3 times 45.55.129.23 (git.autocasion.com): 1 time 46.209.45.58: 1 time 60.174.80.79: 3 times 67.205.142.246: 1 time 68.183.84.15: 5 times 80.91.176.139: 2 times 82.123.120.119 (lfbn-idf2-1-282-119.w82-123.abo.wanadoo.fr): 7 times 88.119.221.196 (88-119-221-196.static.zebra.lt): 2 times 91.122.14.178 (ppp91-122-14-178.pppoe.avangarddsl.ru): 1 time 92.222.70.130 (130.ip-92-222-70.eu): 2 times 95.130.9.44 (digi2.lafourmi-immo.com): 3 times 103.127.50.100: 1 time 104.189.118.224 (104-189-118-224.lightspeed.rcsntx.sbcglobal.net): 1 time 104.248.87.201: 2 times 106.12.205.132: 2 times 111.93.235.78 (static-78.235.93.111-tataidc.co.in): 1 time 115.52.159.210 (hn.kd.ny.adsl): 6 times 116.203.130.9 (static.9.130.203.116.clients.your-server.de): 2 times 118.144.139.214: 1 time 118.144.139.216: 2 times 119.29.10.25: 2 times 122.225.100.82: 5 times 129.122.16.156: 2 times 142.93.171.138: 4 times 148.70.113.127: 2 times 159.89.28.170: 5 times 164.132.98.75 (75.ip-164-132-98.eu): 3 times 165.227.2.127: 1 time 166.62.86.209 (ip-166-62-86-209.ip.secureserver.net): 1 time 167.58.34.51 (r167-58-34-51.dialup.adsl.anteldata.net.uy): 6 times 178.32.35.79 (79.ip-178-32-35.eu): 1 time 178.128.126.188: 3 times 178.128.201.224: 1 time 181.40.76.162 (pool-162-76-40-181.telecel.com.py): 2 times 190.1.203.180 (dsl-emcali-190.1.203.180.emcali.net.co): 1 time 201.149.20.162 (162.20.149.201.in-addr.arpa): 1 time Illegal users from: undef: 1190 times 1.9.21.100: 43 times 14.162.144.117 (static.vnpt.vn): 55 times 18.195.121.43 (ec2-18-195-121-43.eu-central-1.compute.amazonaws.com): 7 times 37.59.116.10 (10.ip-37-59-116.eu): 48 times 45.55.129.23 (git.autocasion.com): 49 times 45.55.224.209: 48 times 45.235.11.2 (45-235-11-2.bsa-dynamic.wikinet.com.br): 2 times 46.209.45.58: 51 times 60.174.80.79: 49 times 66.49.84.65 (66.49.84.65.nw.nuvox.net): 5 times 67.205.142.246: 36 times 68.183.84.15: 40 times 69.162.68.54 (54-68-162-69.static.reverse.lstn.net): 48 times 73.2.139.100 (c-73-2-139-100.hsd1.tn.comcast.net): 51 times 79.138.37.5 (h79-138-37-5.cust.a3fiber.se): 1 time 80.91.176.139: 50 times 85.201.45.127 (host-85-201-45-127.dynamic.voo.be): 9 times 88.10.39.183 (183.red-88-10-39.dynamicip.rima-tde.net): 1 time 88.119.221.196 (88-119-221-196.static.zebra.lt): 49 times 91.122.14.178 (ppp91-122-14-178.pppoe.avangarddsl.ru): 4 times 92.222.70.130 (130.ip-92-222-70.eu): 48 times 94.23.215.158 (ns207822.ip-94-23-215.eu): 1 time 95.130.9.44 (digi2.lafourmi-immo.com): 49 times 103.44.132.44: 1 time 103.127.50.100: 40 times 104.131.84.59: 1 time 104.189.118.224 (104-189-118-224.lightspeed.rcsntx.sbcglobal.net): 39 times 104.248.87.201: 4 times 106.12.205.132: 50 times 106.13.118.41: 1 time 106.74.78.227: 16 times 111.93.235.78 (static-78.235.93.111-tataidc.co.in): 48 times 112.196.54.138: 24 times 113.162.175.244 (static.vnpt.vn): 1 time 113.190.223.225 (static.vnpt.vn): 1 time 115.159.185.205: 5 times 116.203.130.9 (static.9.130.203.116.clients.your-server.de): 50 times 118.144.139.214: 11 times 118.144.139.216: 18 times 119.29.10.25: 50 times 122.199.152.114 (static.122-199-152-114.nexg.net): 52 times 122.225.100.82: 49 times 124.205.9.241: 1 time 129.122.16.156: 31 times 132.255.29.228 (132-255-29-228.informac.com.br): 1 time 142.93.171.138: 44 times 148.70.113.127: 63 times 159.89.28.170: 91 times 164.132.98.75 (75.ip-164-132-98.eu): 43 times 165.227.2.127: 51 times 167.99.235.251: 5 times 176.31.106.57 (ns392548.ip-176-31-106.eu): 6 times 178.32.35.79 (79.ip-178-32-35.eu): 51 times 178.128.126.188: 49 times 178.128.201.224: 6 times 178.203.177.136 (ip-178-203-177-136.hsi10.unitymediagroup.de): 1 time 180.232.96.162 (arellanolaw.edu): 1 time 181.40.76.162 (pool-162-76-40-181.telecel.com.py): 24 times 181.111.181.50 (host50.181-111-181.telecom.net.ar): 1 time 185.251.162.213 (213-162-251-185.ftth.cust.kwaoo.net): 1 time 188.183.154.93 (188-183-154-93-cable.dk.customer.tdc.net): 1 time 190.0.159.69 (r190-0-159-69.ir-static.adinet.com.uy): 5 times 190.1.203.180 (dsl-emcali-190.1.203.180.emcali.net.co): 49 times 193.32.163.89 (srv.eqaltech.su): 1 time 193.112.251.73: 59 times 194.179.101.6 (6.red-194-179-101.customer.static.ccgg.telefonica.net): 2 times 201.149.20.162 (162.20.149.201.in-addr.arpa): 51 times 211.169.249.156: 1 time 216.223.215.53 (53.216-223-215-net.sccoast.net): 6 times 219.149.225.154: 11 times 223.17.237.138 (138-237-17-223-on-nets.com): 1 time ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################