[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Dienstag, 3 Dezember 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Tue Dec  3 04:42:04 2019
        Date Range Processed: yesterday
                              ( 2019-Dec-02 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [300:300]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 1 sites probed the server 
    61.219.11.153
 
 Requests with error response codes
    400 Bad Request
       mstshash=Administr: 8 Time(s)
       null: 2 Time(s)
       /confirm/%s: 1 Time(s)
       /manager/html: 1 Time(s)
    404 Not Found
       /robots.txt: 22 Time(s)
       /berlin/apple-touch-icon.png: 8 Time(s)
       /wp-login.php: 4 Time(s)
       ///wp-login.php: 2 Time(s)
       /backup/: 1 Time(s)
       /berichte/WiSe15/stapf(a)googlegroups.com: 1 Time(s)
       /blog/: 1 Time(s)
       /cms/: 1 Time(s)
       /demo/: 1 Time(s)
       /dev/: 1 Time(s)
       /main/: 1 Time(s)
       /new/: 1 Time(s)
       /old/: 1 Time(s)
       /portal/: 1 Time(s)
       /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s)
       /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s)
       /site/: 1 Time(s)
       /temp/: 1 Time(s)
       /test/: 1 Time(s)
       /tmp/: 1 Time(s)
       /verein/satzung/%7CSatzung: 1 Time(s)
       /web/: 1 Time(s)
       /wordpress/: 1 Time(s)
       /wp/: 1 Time(s)
    500 Internal Server Error
       /: 30 Time(s)
       /remote/login: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (222.186.169.192): 65 Time(s)
       root (222.186.173.154): 48 Time(s)
       root (222.186.173.226): 45 Time(s)
       root (222.186.175.167): 44 Time(s)
       root (222.186.173.183): 42 Time(s)
       root (222.186.42.4): 42 Time(s)
       root (222.186.190.92): 41 Time(s)
       root (222.186.169.194): 38 Time(s)
       root (218.92.0.155): 36 Time(s)
       root (222.186.175.155): 36 Time(s)
       root (222.186.175.163): 36 Time(s)
       root (222.186.180.41): 36 Time(s)
       root (49.88.112.54): 36 Time(s)
       root (222.186.173.180): 35 Time(s)
       root (112.85.42.176): 30 Time(s)
       root (218.92.0.135): 30 Time(s)
       root (218.92.0.179): 30 Time(s)
       root (218.92.0.182): 30 Time(s)
       root (222.186.173.142): 30 Time(s)
       root (222.186.175.140): 30 Time(s)
       root (222.186.175.147): 30 Time(s)
       root (222.186.175.169): 30 Time(s)
       root (222.186.175.215): 30 Time(s)
       root (222.186.180.17): 30 Time(s)
       root (222.186.190.2): 30 Time(s)
       root (222.186.180.147): 28 Time(s)
       root (112.85.42.174): 27 Time(s)
       root (112.85.42.178): 24 Time(s)
       root (112.85.42.179): 24 Time(s)
       root (112.85.42.182): 24 Time(s)
       root (218.92.0.212): 24 Time(s)
       root (222.186.173.215): 24 Time(s)
       root (222.186.173.238): 24 Time(s)
       root (222.186.175.150): 24 Time(s)
       root (222.186.175.154): 24 Time(s)
       root (222.186.175.182): 24 Time(s)
       root (222.186.175.183): 24 Time(s)
       root (222.186.175.202): 24 Time(s)
       root (222.186.175.212): 24 Time(s)
       root (222.186.180.6): 24 Time(s)
       root (222.186.180.8): 24 Time(s)
       root (218.92.0.178): 23 Time(s)
       root (222.186.180.9): 23 Time(s)
       root (218.92.0.181): 22 Time(s)
       root (218.92.0.131): 21 Time(s)
       root (112.85.42.175): 18 Time(s)
       root (112.85.42.180): 18 Time(s)
       root (218.92.0.134): 18 Time(s)
       root (218.92.0.158): 18 Time(s)
       root (218.92.0.170): 18 Time(s)
       root (218.92.0.176): 18 Time(s)
       root (222.186.175.161): 18 Time(s)
       root (222.186.175.216): 18 Time(s)
       root (222.186.175.217): 18 Time(s)
       root (222.186.175.220): 18 Time(s)
       root (222.186.180.223): 18 Time(s)
       root (49.88.112.58): 18 Time(s)
       root (218.92.0.139): 17 Time(s)
       root (218.92.0.193): 17 Time(s)
       root (222.186.175.151): 13 Time(s)
       root (112.85.42.171): 12 Time(s)
       root (112.85.42.173): 12 Time(s)
       root (218.92.0.141): 12 Time(s)
       root (218.92.0.145): 12 Time(s)
       root (218.92.0.148): 12 Time(s)
       root (218.92.0.175): 12 Time(s)
       root (222.186.175.181): 12 Time(s)
       root (112.85.42.177): 11 Time(s)
       unknown (69.158.207.141): 8 Time(s)
       root (80.82.64.125): 7 Time(s)
       root (222.186.175.148): 6 Time(s)
       root (45.95.168.105): 6 Time(s)
       root (61.177.172.128): 6 Time(s)
       root (69.158.207.141): 6 Time(s)
       unknown (80.82.64.125): 6 Time(s)
       unknown (171.235.61.38): 5 Time(s)
       unknown (171.251.22.179): 4 Time(s)
       unknown (222.122.94.18): 4 Time(s)
       unknown (27.69.242.187): 4 Time(s)
       unknown (194.105.205.42): 3 Time(s)
       mysql (45.95.168.105): 2 Time(s)
       mysql (69.158.207.141): 2 Time(s)
       root (194.105.205.42): 2 Time(s)
       root (27.69.242.187): 2 Time(s)
       unknown (124.133.174.253): 2 Time(s)
       unknown (27.104.208.151): 2 Time(s)
       unknown (45.95.168.105): 2 Time(s)
       mysql (206.189.137.113): 1 Time(s)
       nobody (81.177.159.109): 1 Time(s)
       root (110.138.137.154): 1 Time(s)
       root (119.158.35.41): 1 Time(s)
       root (171.235.61.38): 1 Time(s)
       root (221.162.255.82): 1 Time(s)
       root (51.219.29.163): 1 Time(s)
       root (59.99.197.54): 1 Time(s)
       unknown (103.134.170.6): 1 Time(s)
       unknown (103.192.78.102): 1 Time(s)
       unknown (114.134.24.199): 1 Time(s)
       unknown (119.42.175.200): 1 Time(s)
       unknown (125.161.128.78): 1 Time(s)
       unknown (130.61.122.5): 1 Time(s)
       unknown (159.65.54.221): 1 Time(s)
       unknown (171.247.53.117): 1 Time(s)
       unknown (177.72.190.47): 1 Time(s)
       unknown (182.70.158.187): 1 Time(s)
       unknown (196.188.72.79): 1 Time(s)
       unknown (197.48.39.216): 1 Time(s)
       unknown (212.252.177.211): 1 Time(s)
       unknown (221.162.255.82): 1 Time(s)
       unknown (36.90.82.184): 1 Time(s)
       unknown (37.114.179.250): 1 Time(s)
       unknown (45.175.208.73): 1 Time(s)
       unknown (49.232.166.229): 1 Time(s)
       unknown (49.49.245.155): 1 Time(s)
    Invalid Users:
       Unknown Account: 59 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        5   Miscellaneous warnings  
 
   35.850K  Bytes accepted                              36,710
   35.850K  Bytes sent via SMTP                         36,710
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
      292   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
      292   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      310   Connections             
      306   Connections lost (inbound) 
      310   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   Timeouts (inbound)      
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 290 Time(s)
 
 Failed logins from:
    27.69.242.187 (localhost): 2 times
    45.95.168.105 (maxko-hosting.com): 8 times
    49.88.112.54: 36 times
    49.88.112.58: 18 times
    51.219.29.163: 1 time
    59.99.197.54: 1 time
    61.177.172.128: 6 times
    69.158.207.141: 8 times
    80.82.64.125: 7 times
    81.177.159.109: 1 time
    110.138.137.154 (154.subnet110-138-137.speedy.telkom.net.id): 1 time
    112.85.42.171: 12 times
    112.85.42.173: 12 times
    112.85.42.174: 29 times
    112.85.42.175: 18 times
    112.85.42.176: 30 times
    112.85.42.177: 11 times
    112.85.42.178: 24 times
    112.85.42.179: 24 times
    112.85.42.180: 18 times
    112.85.42.182: 24 times
    119.158.35.41: 1 time
    171.235.61.38 (dynamic-ip-adsl.viettel.vn): 1 time
    194.105.205.42: 2 times
    206.189.137.113: 1 time
    218.92.0.131: 23 times
    218.92.0.134: 18 times
    218.92.0.135: 30 times
    218.92.0.139: 17 times
    218.92.0.141: 12 times
    218.92.0.145: 12 times
    218.92.0.148: 12 times
    218.92.0.155: 36 times
    218.92.0.158: 18 times
    218.92.0.170: 18 times
    218.92.0.175: 12 times
    218.92.0.176: 18 times
    218.92.0.178: 23 times
    218.92.0.179: 30 times
    218.92.0.181: 22 times
    218.92.0.182: 30 times
    218.92.0.193: 17 times
    218.92.0.212: 24 times
    221.162.255.82: 1 time
    222.186.42.4: 42 times
    222.186.169.192: 65 times
    222.186.169.194: 42 times
    222.186.173.142: 30 times
    222.186.173.154: 48 times
    222.186.173.180: 36 times
    222.186.173.183: 42 times
    222.186.173.215: 24 times
    222.186.173.226: 48 times
    222.186.173.238: 24 times
    222.186.175.140: 30 times
    222.186.175.147: 30 times
    222.186.175.148: 6 times
    222.186.175.150: 24 times
    222.186.175.151: 16 times
    222.186.175.154: 24 times
    222.186.175.155: 36 times
    222.186.175.161: 18 times
    222.186.175.163: 36 times
    222.186.175.167: 48 times
    222.186.175.169: 30 times
    222.186.175.181: 12 times
    222.186.175.182: 24 times
    222.186.175.183: 24 times
    222.186.175.202: 24 times
    222.186.175.212: 24 times
    222.186.175.215: 30 times
    222.186.175.216: 18 times
    222.186.175.217: 18 times
    222.186.175.220: 18 times
    222.186.180.6: 24 times
    222.186.180.8: 24 times
    222.186.180.9: 23 times
    222.186.180.17: 30 times
    222.186.180.41: 36 times
    222.186.180.147: 30 times
    222.186.180.223: 18 times
    222.186.190.2: 30 times
    222.186.190.92: 41 times
 
 Illegal users from:
    undef: 34 times
    27.69.242.187 (localhost): 4 times
    27.104.208.151 (151.208.104.27.unknown.m1.com.sg): 2 times
    36.90.82.184: 1 time
    37.114.179.250: 1 time
    45.95.168.105 (maxko-hosting.com): 2 times
    45.175.208.73: 1 time
    49.49.245.155 (mx-ll-49.49.245-155.dynamic.3bb.in.th): 1 time
    49.232.166.229: 1 time
    69.158.207.141: 8 times
    80.82.64.125: 6 times
    103.134.170.6: 1 time
    103.192.78.102: 1 time
    114.134.24.199 (199.24.134.114.netplus.co.in): 1 time
    119.42.175.200: 1 time
    124.133.174.253: 2 times
    125.161.128.78 (78.subnet125-161-128.speedy.telkom.net.id): 1 time
    130.61.122.5: 1 time
    159.65.54.221: 1 time
    171.235.61.38 (dynamic-ip-adsl.viettel.vn): 5 times
    171.247.53.117 (dynamic-ip-adsl.viettel.vn): 1 time
    171.251.22.179 (dynamic-adsl.viettel.vn): 4 times
    177.72.190.47 (47.190.72.177.newline.com.br): 1 time
    182.70.158.187 (abts-mp-dynamic-187.158.70.182.airtelbroadband.in): 1 time
    194.105.205.42: 3 times
    196.188.72.79: 1 time
    197.48.39.216 (host-197.48.39.216.tedata.net): 1 time
    212.252.177.211 (host-212-252-177-211.reverse.superonline.net): 1 time
    221.162.255.82: 1 time
    222.122.94.18: 4 times
 
 **Unmatched Entries**
 error: Received disconnect from 141.98.10.39: 2: Handshake failed [preauth] : 2 time(s)
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 7 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)