[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Donnerstag, 12 Dezember 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Thu Dec 12 04:42:03 2019
        Date Range Processed: yesterday
                              ( 2019-Dec-11 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [204:204]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    149.129.50.37 -> zapf.wiki:443: 1 Time(s)
 
 A total of 3 sites probed the server 
    149.129.50.37
    45.56.78.64
    61.219.11.153
 
 Requests with error response codes
    400 Bad Request
       mstshash=Administr: 6 Time(s)
       null: 5 Time(s)
       mstshash=Test: 2 Time(s)
       ../../mnt/custom/ProductDefinition: 1 Time(s)
       ../../proc/: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       zapf.wiki:443: 1 Time(s)
    403 Forbidden
       /resolutionen/wise19/lernraume/: 1 Time(s)
    404 Not Found
       /robots.txt: 35 Time(s)
       /berlin/apple-touch-icon.png: 8 Time(s)
       /protokolle/Protokoll_MV_12.11.2016.pdf: 2 Time(s)
       /wp-login.php: 2 Time(s)
       /.bitcoin/backup.dat: 1 Time(s)
       /.bitcoin/bitcoin.dat: 1 Time(s)
       /.bitcoin/wallet.dat: 1 Time(s)
       /backup.dat: 1 Time(s)
       /backup/backup.dat: 1 Time(s)
       /backup/bitcoin.dat: 1 Time(s)
       /backup/wallet.dat: 1 Time(s)
       /bitcoin.dat: 1 Time(s)
       /reader/1998-so-reader_ro98.pdf: 1 Time(s)
       /reader/Deutsche%20Mathematiker-Vereinigun ... Unterrichts.pdf: 1 Time(s)
       /reader/Sammlung_aller_Resolutionen.pdf: 1 Time(s)
       /reader/SoSe14_AK_Kommentierte_Studienordnungen.pdf: 1 Time(s)
       /reader/SoSe14_AK_Zivilklausel.pdf: 1 Time(s)
       /reader/SoSe15_AK_Studienf%C3%BChrer.pdf: 1 Time(s)
       /reader/WiSe14_AK_GO_und_Satzungs%C3%A4nderung.pdf: 1 Time(s)
       /reader/commit/09360d9fceaee264132be600f2762d7b2827fd01: 1 Time(s)
       /reader/commit/82b5625412a9488dc60b801646d3cc89c9316610: 1 Time(s)
       /reader/commit/bc29b23744db65c1ce152b44c6d6b27a7e79fd5f: 1 Time(s)
       /resolutionen/sose14/reso_sose14_zusammenarbeitzapf-che.pdf: 1 Time(s)
       /resolutionen/wise19/lernraume/Lernra%CC%88ume.pdf: 1 Time(s)
       /wallet.dat: 1 Time(s)
    500 Internal Server Error
       /: 87 Time(s)
       /app/provision/000000000000.cfg: 5 Time(s)
       /app/provision/?mac=00a2895806ec: 4 Time(s)
       /app/provision/: 2 Time(s)
       /robots.txt: 2 Time(s)
       /HNAP1: 1 Time(s)
       /evox/about: 1 Time(s)
       /nmaplowercheck1576083875: 1 Time(s)
       /sdk: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (222.186.175.216): 48 Time(s)
       root (222.186.175.167): 42 Time(s)
       root (222.186.175.215): 37 Time(s)
       root (218.92.0.148): 36 Time(s)
       root (222.186.180.8): 36 Time(s)
       root (222.186.169.194): 33 Time(s)
       root (218.92.0.170): 30 Time(s)
       root (222.186.173.154): 30 Time(s)
       root (222.186.173.238): 30 Time(s)
       root (222.186.175.161): 30 Time(s)
       root (222.186.180.223): 30 Time(s)
       root (222.186.42.4): 30 Time(s)
       root (222.186.175.202): 29 Time(s)
       root (218.92.0.155): 24 Time(s)
       root (218.92.0.164): 24 Time(s)
       root (218.92.0.178): 24 Time(s)
       root (218.92.0.179): 24 Time(s)
       root (222.186.175.140): 24 Time(s)
       root (222.186.175.148): 24 Time(s)
       root (222.186.175.155): 24 Time(s)
       root (222.186.175.163): 24 Time(s)
       root (222.186.175.181): 24 Time(s)
       root (222.186.175.183): 24 Time(s)
       root (222.186.175.217): 24 Time(s)
       root (222.186.180.6): 24 Time(s)
       root (49.88.112.61): 24 Time(s)
       root (49.88.112.62): 24 Time(s)
       root (222.186.169.192): 23 Time(s)
       root (222.186.173.226): 23 Time(s)
       root (222.186.175.150): 23 Time(s)
       root (222.186.175.151): 23 Time(s)
       root (222.186.180.17): 23 Time(s)
       root (222.186.180.41): 23 Time(s)
       root (218.92.0.172): 22 Time(s)
       root (222.186.175.212): 19 Time(s)
       root (218.92.0.131): 18 Time(s)
       root (222.186.173.142): 18 Time(s)
       root (222.186.173.183): 18 Time(s)
       root (222.186.175.147): 18 Time(s)
       root (222.186.175.154): 18 Time(s)
       root (222.186.180.9): 18 Time(s)
       root (49.88.112.59): 18 Time(s)
       root (112.85.42.180): 17 Time(s)
       root (218.92.0.134): 17 Time(s)
       root (218.92.0.175): 17 Time(s)
       root (49.88.112.64): 17 Time(s)
       root (61.177.172.128): 17 Time(s)
       root (112.85.42.175): 16 Time(s)
       root (112.85.42.181): 12 Time(s)
       root (218.92.0.145): 12 Time(s)
       root (218.92.0.158): 12 Time(s)
       root (218.92.0.165): 12 Time(s)
       root (218.92.0.212): 12 Time(s)
       root (49.88.112.55): 12 Time(s)
       root (112.85.42.174): 11 Time(s)
       root (218.92.0.141): 11 Time(s)
       root (112.85.42.171): 10 Time(s)
       unknown (62-210-149-143.rev.poneytelecom.eu): 8 Time(s)
       root (112.85.42.172): 6 Time(s)
       root (218.92.0.135): 6 Time(s)
       root (222.186.173.180): 6 Time(s)
       root (222.186.173.215): 6 Time(s)
       root (222.186.175.169): 6 Time(s)
       root (222.186.175.182): 6 Time(s)
       root (222.186.175.220): 6 Time(s)
       root (222.186.180.147): 6 Time(s)
       root (222.186.190.92): 6 Time(s)
       unknown (51.75.199.23): 6 Time(s)
       root (112.85.42.173): 5 Time(s)
       root (112.85.42.176): 5 Time(s)
       root (112.85.42.178): 5 Time(s)
       root (112.85.42.182): 5 Time(s)
       root (62-210-149-143.rev.poneytelecom.eu): 3 Time(s)
       backup (ns3075683.ip-217-182-194.eu): 1 Time(s)
       list (109.110.52.77): 1 Time(s)
       postgres (ip33.ip-198-50-159.net): 1 Time(s)
       postgres (pyrumas.com): 1 Time(s)
       root (120.132.124.237): 1 Time(s)
       root (197.45.156.12): 1 Time(s)
       root (51.75.199.23): 1 Time(s)
       root (90.220.55.200): 1 Time(s)
       unknown (1.213.195.154): 1 Time(s)
       unknown (101.255.130.114): 1 Time(s)
       unknown (110.164.76.61): 1 Time(s)
       unknown (111.161.72.176): 1 Time(s)
       unknown (112.175.232.155): 1 Time(s)
       unknown (112.214.136.5): 1 Time(s)
       unknown (112.78.1.247): 1 Time(s)
       unknown (115.254.63.52): 1 Time(s)
       unknown (116.72.16.15): 1 Time(s)
       unknown (117.232.127.50): 1 Time(s)
       unknown (118-163-178-146.hinet-ip.hinet.net): 1 Time(s)
       unknown (118.69.55.61): 1 Time(s)
       unknown (119.205.235.251): 1 Time(s)
       unknown (122.154.134.38): 1 Time(s)
       unknown (123.30.154.184): 1 Time(s)
       unknown (125.163.105.65): 1 Time(s)
       unknown (130.ip-142-4-203.net): 1 Time(s)
       unknown (139.59.78.236): 1 Time(s)
       unknown (14.232.245.27): 1 Time(s)
       unknown (145.249.105.204): 1 Time(s)
       unknown (159.65.144.233): 1 Time(s)
       unknown (163.172.36.72): 1 Time(s)
       unknown (175.6.5.233): 1 Time(s)
       unknown (179.108.126.114): 1 Time(s)
       unknown (189.15.66.218): 1 Time(s)
       unknown (191-215-81-140.user3p.veloxzone.com.br): 1 Time(s)
       unknown (196.203.31.154): 1 Time(s)
       unknown (197.69.194.35.bc.googleusercontent.com): 1 Time(s)
       unknown (2.49.222.127): 1 Time(s)
       unknown (200.252.132.22): 1 Time(s)
       unknown (202.169.56.98): 1 Time(s)
       unknown (203.114.109.57): 1 Time(s)
       unknown (206.189.131.213): 1 Time(s)
       unknown (212.34.246.73): 1 Time(s)
       unknown (217.115.183.228): 1 Time(s)
       unknown (220.149.241.71): 1 Time(s)
       unknown (221.239.86.19): 1 Time(s)
       unknown (222.239.78.88): 1 Time(s)
       unknown (27.199.67.141): 1 Time(s)
       unknown (27.50.24.83): 1 Time(s)
       unknown (27.72.119.192): 1 Time(s)
       unknown (36.66.188.183): 1 Time(s)
       unknown (37.114.173.138): 1 Time(s)
       unknown (41.36.108.58): 1 Time(s)
       unknown (45.55.12.248): 1 Time(s)
       unknown (46.101.27.6): 1 Time(s)
       unknown (5751a94a.skybroadband.com): 1 Time(s)
       unknown (58.215.215.134): 1 Time(s)
       unknown (59.152.218.230): 1 Time(s)
       unknown (91.185.193.101): 1 Time(s)
       unknown (95.188.95.60): 1 Time(s)
       unknown (95.189.104.67): 1 Time(s)
       unknown (aob6.internetdsl.tpnet.pl): 1 Time(s)
       unknown (cloud-io.cloud): 1 Time(s)
       unknown (crushdigital.co.uk): 1 Time(s)
       unknown (host142.190-226-48.telecom.net.ar): 1 Time(s)
       unknown (ip170.ip-5-196-110.eu): 1 Time(s)
       unknown (mail.socialyze.asia): 1 Time(s)
       unknown (net-5-88-155-130.cust.vodafonedsl.it): 1 Time(s)
       unknown (nkym.com.ph): 1 Time(s)
       unknown (ns301667.ip-94-23-50.eu): 1 Time(s)
       unknown (ns3045583.ip-46-105-122.eu): 1 Time(s)
       unknown (ns3143240.ip-51-77-246.eu): 1 Time(s)
       unknown (s17783852.onlinehome-server.info): 1 Time(s)
       unknown (svr3.geekcloud.net): 1 Time(s)
       unknown (v133-130-109-118.a038.g.tyo1.static.cnode.io): 1 Time(s)
    Invalid Users:
       Unknown Account: 80 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        5   Miscellaneous warnings  
 
   19.443K  Bytes accepted                              19,910
   19.443K  Bytes sent via SMTP                         19,910
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        9   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        9   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      309   Connections             
      296   Connections lost (inbound) 
      309   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        8   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 231 Time(s)
 
 Failed logins from:
    49.88.112.55: 12 times
    49.88.112.59: 18 times
    49.88.112.61: 24 times
    49.88.112.62: 24 times
    49.88.112.64: 17 times
    51.75.199.23 (ip-51-75-199.eu): 1 time
    61.177.172.128: 17 times
    62.210.149.143 (62-210-149-143.rev.poneytelecom.eu): 3 times
    90.220.55.200 (5adc37c8.bb.sky.com): 1 time
    109.110.52.77: 1 time
    112.85.42.171: 10 times
    112.85.42.172: 6 times
    112.85.42.173: 5 times
    112.85.42.174: 11 times
    112.85.42.175: 16 times
    112.85.42.176: 5 times
    112.85.42.178: 5 times
    112.85.42.180: 17 times
    112.85.42.181: 12 times
    112.85.42.182: 5 times
    120.132.124.237: 1 time
    139.59.34.17 (pyrumas.com): 1 time
    197.45.156.12 (host-197.45.156.12.tedata.net): 1 time
    198.50.159.33 (ip33.ip-198-50-159.net): 1 time
    217.182.194.95 (ns3075683.ip-217-182-194.eu): 1 time
    218.92.0.131: 18 times
    218.92.0.134: 17 times
    218.92.0.135: 6 times
    218.92.0.141: 11 times
    218.92.0.145: 12 times
    218.92.0.148: 36 times
    218.92.0.155: 24 times
    218.92.0.158: 12 times
    218.92.0.164: 23 times
    218.92.0.165: 12 times
    218.92.0.170: 30 times
    218.92.0.172: 22 times
    218.92.0.175: 17 times
    218.92.0.178: 24 times
    218.92.0.179: 24 times
    218.92.0.212: 12 times
    222.186.42.4: 30 times
    222.186.169.192: 23 times
    222.186.169.194: 33 times
    222.186.173.142: 18 times
    222.186.173.154: 30 times
    222.186.173.180: 6 times
    222.186.173.183: 18 times
    222.186.173.215: 6 times
    222.186.173.226: 23 times
    222.186.173.238: 30 times
    222.186.175.140: 24 times
    222.186.175.147: 18 times
    222.186.175.148: 24 times
    222.186.175.150: 23 times
    222.186.175.151: 23 times
    222.186.175.154: 18 times
    222.186.175.155: 24 times
    222.186.175.161: 30 times
    222.186.175.163: 24 times
    222.186.175.167: 42 times
    222.186.175.169: 6 times
    222.186.175.181: 24 times
    222.186.175.182: 6 times
    222.186.175.183: 24 times
    222.186.175.202: 29 times
    222.186.175.212: 20 times
    222.186.175.215: 37 times
    222.186.175.216: 48 times
    222.186.175.217: 24 times
    222.186.175.220: 6 times
    222.186.180.6: 24 times
    222.186.180.8: 36 times
    222.186.180.9: 18 times
    222.186.180.17: 24 times
    222.186.180.41: 23 times
    222.186.180.147: 6 times
    222.186.180.223: 30 times
    222.186.190.92: 6 times
 
 Illegal users from:
    undef: 48 times
    1.213.195.154: 1 time
    2.49.222.127: 1 time
    5.88.155.130 (net-5-88-155-130.cust.vodafonedsl.it): 1 time
    5.196.110.170 (ip170.ip-5-196-110.eu): 1 time
    14.232.245.27 (static.vnpt.vn): 1 time
    27.50.24.83 (ip-27-50-24-83.cepat.net.id): 1 time
    27.72.119.192 (dynamic-ip-adsl.viettel.vn): 1 time
    27.199.67.141: 1 time
    35.194.69.197 (197.69.194.35.bc.googleusercontent.com): 1 time
    36.66.188.183: 1 time
    37.114.173.138: 1 time
    41.36.108.58 (host-41.36.108.58.tedata.net): 1 time
    45.55.12.248 (hostmaster.vitalconnectionuniversity.com): 1 time
    46.101.27.6 (wetech.digital.demo): 1 time
    46.101.88.10 (crushdigital.co.uk): 1 time
    46.105.122.62 (ns3045583.ip-46-105-122.eu): 1 time
    51.75.199.23 (ip-51-75-199.eu): 6 times
    51.77.246.155 (ns3143240.ip-51-77-246.eu): 1 time
    58.215.215.134: 1 time
    59.152.218.230: 1 time
    62.210.149.143 (62-210-149-143.rev.poneytelecom.eu): 8 times
    80.211.9.57 (cloud-io.cloud): 1 time
    82.165.35.17 (s17783852.onlinehome-server.info): 1 time
    83.17.109.6 (aob6.internetdsl.tpnet.pl): 1 time
    87.81.169.74 (5751a94a.skybroadband.com): 1 time
    91.185.193.101: 1 time
    94.23.50.194 (ns301667.ip-94-23-50.eu): 1 time
    95.188.95.60 (static.60.95.188.95.dsl.krasnet.ru): 1 time
    95.189.104.67 (xn--80apagqjddln9b0ga.xn--p1ai.104.189.95.in-addr.arpa): 1 time
    101.255.130.114: 1 time
    103.57.210.12 (mail.socialyze.asia): 1 time
    110.164.76.61 (mx-ll-110-164-76-61.static.3bb.co.th): 1 time
    111.161.72.176 (dns176.online.tj.cn): 1 time
    112.78.1.247: 1 time
    112.175.232.155: 1 time
    112.214.136.5: 1 time
    115.254.63.52: 1 time
    116.72.16.15: 1 time
    117.232.127.50: 1 time
    118.69.55.61: 1 time
    118.163.178.146 (118-163-178-146.HINET-IP.hinet.net): 1 time
    119.205.235.251: 1 time
    122.55.19.115 (nkym.com.ph): 1 time
    122.154.134.38: 1 time
    123.30.154.184 (static.vnpt.vn): 1 time
    125.163.105.65 (65.subnet125-163-105.speedy.telkom.net.id): 1 time
    133.130.109.118 (v133-130-109-118.a038.g.tyo1.static.cnode.io): 1 time
    139.59.78.236: 1 time
    139.162.122.110 (scan-8.security.ipip.net): 1 time
    142.4.203.130 (130.ip-142-4-203.net): 1 time
    145.249.105.204: 1 time
    158.69.220.178 (svr3.geekcloud.net): 1 time
    159.65.144.233: 1 time
    163.172.36.72 (163-172-36-72.rev.poneytelecom.eu): 1 time
    175.6.5.233: 1 time
    179.108.126.114 (static-179-108-126-114.optitel.net.br): 1 time
    189.15.66.218 (189-015-066-218.xd-dynamic.algarnetsuper.com.br): 1 time
    190.226.48.142 (host142.190-226-48.telecom.net.ar): 1 time
    191.215.81.140 (191-215-81-140.user3p.veloxzone.com.br): 1 time
    196.203.31.154: 1 time
    200.252.132.22: 1 time
    202.169.56.98: 1 time
    203.114.109.57: 1 time
    206.189.131.213: 1 time
    212.34.246.73 (host-73.246.34.212.ucom.am): 1 time
    217.115.183.228 (relay.admhmao.ru): 1 time
    220.149.241.71: 1 time
    221.239.86.19 (19.86.239.221.broad.tj.tj.dynamic.163data.com.cn): 1 time
    222.239.78.88 (222-239-78-88.youiwe.co.kr): 1 time
 
 **Unmatched Entries**
 error: Received disconnect from 141.98.10.39: 2: Handshake failed [preauth] : 1 time(s)
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 6 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)