[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Sep 25 04:42:14 2019 Date Range Processed: yesterday ( 2019-Sep-24 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [373:373] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 110.80.155.42 -> zapf.wiki:443: 1 Time(s) 60.191.52.254 -> zapf.wiki:443: 1 Time(s) A total of 2 sites probed the server 172.104.242.173 61.219.11.153 Requests with error response codes 400 Bad Request /w00tw00t.at.ISC.SANS.DFind:): 4 Time(s) null: 4 Time(s) zapf.wiki:443: 2 Time(s) ../../mnt/custom/ProductDefinition: 1 Time(s) /whoami.php: 1 Time(s) 403 Forbidden /resolutionen/sose17/: 1 Time(s) 404 Not Found /robots.txt: 58 Time(s) /berlin/apple-touch-icon.png: 4 Time(s) /wp-login.php: 2 Time(s) /adminer/: 1 Time(s) /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 1 Time(s) /berlin/helfika/apple-touch-icon.png: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/1993-wi-reader_st93.pdf: 1 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s) /reader/umfrage.fsphy.de: 1 Time(s) /sites/default/files/1995_SoSe_Hannover.pdf: 1 Time(s) /sites/default/files/1999_SoSe_Karlsruhe.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... Fach_Physik.pdf: 1 Time(s) /verein.html: 1 Time(s) 413 Request Entity Too Large /msdn.cpp: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 2 Time(s) /favicon.png: 2 Time(s) /build/af7ae505a9eed503f8b8e6982036873e.woff2: 1 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 1 Time(s) /fonts/SourceCodePro-Regular.woff: 1 Time(s) /fonts/SourceSansPro-Regular.woff: 1 Time(s) /me: 1 Time(s) 500 Internal Server Error /: 107 Time(s) /robots.txt: 2 Time(s) /cgi-bin/config.exp: 1 Time(s) /version: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (mail.criterion.com.py): 100 Time(s) unknown (125.99.173.162): 93 Time(s) unknown (106.13.5.170): 89 Time(s) unknown (182.219.172.224): 83 Time(s) unknown (129.211.135.187): 79 Time(s) unknown (180.214.247.153): 77 Time(s) unknown (103.10.30.204): 70 Time(s) unknown (51.15.51.2): 63 Time(s) unknown (45.80.64.222): 62 Time(s) unknown (46.61.235.111): 62 Time(s) unknown (103.23.100.87): 61 Time(s) unknown (185.164.63.234): 61 Time(s) unknown (blog.jungleland.co.id): 61 Time(s) unknown (96.56.82.194): 60 Time(s) unknown (106.13.43.192): 58 Time(s) unknown (192.144.253.79): 54 Time(s) unknown (61.76.173.244): 53 Time(s) unknown (106.12.202.181): 52 Time(s) unknown (165.227.210.71): 52 Time(s) unknown (103.45.99.214): 51 Time(s) unknown (106.12.92.14): 51 Time(s) unknown (106.13.142.212): 51 Time(s) unknown (146.185.175.132): 44 Time(s) unknown (106.75.31.215): 38 Time(s) unknown (117.121.97.94): 37 Time(s) unknown (103.1.153.103): 35 Time(s) unknown (112.33.16.34): 32 Time(s) unknown (91.222.195.26): 30 Time(s) unknown (175.ip-193-70-39.eu): 29 Time(s) unknown (new1-31-160-a8.bta.net.cn): 29 Time(s) unknown (ip103.ip-46-105-94.eu): 26 Time(s) unknown (103.207.11.10): 25 Time(s) unknown (206.81.8.14): 25 Time(s) unknown (203.142.69.203): 24 Time(s) unknown (ns1.starbroadband.co.in): 23 Time(s) unknown (139.ip-213-32-21.eu): 22 Time(s) unknown (180.168.76.222): 16 Time(s) unknown (223.220.159.78): 16 Time(s) unknown (58.37.225.126): 15 Time(s) unknown (165.227.87.32): 14 Time(s) unknown (81.30.212.14.static.ufanet.ru): 14 Time(s) unknown (185.74.4.189): 13 Time(s) unknown (ns3137201.ip-51-77-134.eu): 12 Time(s) unknown (ns3022614.ip-51-254-199.eu): 11 Time(s) unknown (94.177.163.133): 10 Time(s) unknown (ns557495.ip-54-39-29.net): 10 Time(s) root (106.13.5.170): 9 Time(s) unknown (103.121.26.150): 9 Time(s) unknown (134.175.141.166): 8 Time(s) unknown (148.70.11.98): 8 Time(s) root (1-64-97-094.static.netvigator.com): 6 Time(s) root (112.85.42.174): 6 Time(s) root (218.92.0.175): 6 Time(s) root (218.92.0.181): 6 Time(s) root (49.88.112.54): 6 Time(s) root (58.185.164.83): 6 Time(s) root (net-93-70-205-226.cust.vodafonedsl.it): 6 Time(s) root (ns3137201.ip-51-77-134.eu): 6 Time(s) postgres (46.61.235.111): 5 Time(s) root (106.13.43.192): 5 Time(s) root (106.75.31.215): 5 Time(s) root (112.33.16.34): 5 Time(s) unknown (78.194.214.19): 5 Time(s) root (103.10.30.204): 4 Time(s) root (106.12.202.181): 4 Time(s) root (125.99.173.162): 4 Time(s) root (146.185.175.132): 4 Time(s) root (46.61.235.111): 4 Time(s) root (blog.jungleland.co.id): 4 Time(s) unknown (103.35.198.219): 4 Time(s) unknown (138.68.82.220): 4 Time(s) unknown (193.32.163.182): 4 Time(s) root (103.23.100.87): 3 Time(s) root (103.45.99.214): 3 Time(s) root (185.164.63.234): 3 Time(s) unknown (182.72.139.6): 3 Time(s) unknown (183.103.35.202): 3 Time(s) unknown (189.181.212.63): 3 Time(s) unknown (221.162.255.86): 3 Time(s) mysql (180.214.247.153): 2 Time(s) postgres (106.13.142.212): 2 Time(s) postgres (182.219.172.224): 2 Time(s) postgres (ns1.starbroadband.co.in): 2 Time(s) root (103.1.153.103): 2 Time(s) root (106.13.142.212): 2 Time(s) root (165.227.210.71): 2 Time(s) root (180.214.247.153): 2 Time(s) root (182.219.172.224): 2 Time(s) root (192.144.253.79): 2 Time(s) root (45.80.64.222): 2 Time(s) root (96.56.82.194): 2 Time(s) root (new1-31-160-a8.bta.net.cn): 2 Time(s) root (ns3022614.ip-51-254-199.eu): 2 Time(s) temp (61.76.173.244): 2 Time(s) unknown (121.130.93.250): 2 Time(s) unknown (14.43.82.242): 2 Time(s) unknown (92.63.194.26): 2 Time(s) backup (112.33.16.34): 1 Time(s) backup (146.185.175.132): 1 Time(s) bin (180.214.247.153): 1 Time(s) bin (51.15.51.2): 1 Time(s) games (185.164.63.234): 1 Time(s) games (91.222.195.26): 1 Time(s) irc (185.164.63.234): 1 Time(s) irc (new1-31-160-a8.bta.net.cn): 1 Time(s) lp (blog.jungleland.co.id): 1 Time(s) mail (blog.jungleland.co.id): 1 Time(s) mysql (103.45.99.214): 1 Time(s) mysql (112.33.16.34): 1 Time(s) mysql (117.121.97.94): 1 Time(s) mysql (182.219.172.224): 1 Time(s) mysql (81.30.212.14.static.ufanet.ru): 1 Time(s) mysql (91.222.195.26): 1 Time(s) news (45.80.64.222): 1 Time(s) nobody (185.164.63.234): 1 Time(s) nobody (203.142.69.203): 1 Time(s) nobody (58.37.225.126): 1 Time(s) nobody (96.56.82.194): 1 Time(s) openproject (103.10.30.204): 1 Time(s) postgres (103.35.198.219): 1 Time(s) postgres (103.45.99.214): 1 Time(s) postgres (122.161.199.110): 1 Time(s) postgres (203.142.69.203): 1 Time(s) postgres (223.220.159.78): 1 Time(s) postgres (45.80.64.222): 1 Time(s) postgres (81.30.212.14.static.ufanet.ru): 1 Time(s) proxy (103.207.11.10): 1 Time(s) root (103.207.11.10): 1 Time(s) root (117.121.97.94): 1 Time(s) root (121.142.111.106): 1 Time(s) root (123.108.35.186): 1 Time(s) root (129.211.135.187): 1 Time(s) root (134.175.141.166): 1 Time(s) root (139.ip-213-32-21.eu): 1 Time(s) root (180.168.76.222): 1 Time(s) root (203.142.69.203): 1 Time(s) root (223.220.159.78): 1 Time(s) root (51.15.51.2): 1 Time(s) root (58.37.225.126): 1 Time(s) root (89.44.45.232): 1 Time(s) root (ip103.ip-46-105-94.eu): 1 Time(s) root (mail.criterion.com.py): 1 Time(s) root (ns1.starbroadband.co.in): 1 Time(s) smmsp (182.219.172.224): 1 Time(s) sshd (103.207.11.10): 1 Time(s) sshd (182.219.172.224): 1 Time(s) sshd (223.220.159.78): 1 Time(s) temp (103.23.100.87): 1 Time(s) temp (103.45.99.214): 1 Time(s) temp (106.13.142.212): 1 Time(s) temp (106.13.43.192): 1 Time(s) temp (117.121.97.94): 1 Time(s) temp (129.211.135.187): 1 Time(s) temp (185.164.63.234): 1 Time(s) temp (46.61.235.111): 1 Time(s) temp (ns1.starbroadband.co.in): 1 Time(s) unknown (114.222.100.234): 1 Time(s) unknown (119.207.126.21): 1 Time(s) unknown (122.15.65.70): 1 Time(s) unknown (123.16.145.180): 1 Time(s) unknown (148.70.3.199): 1 Time(s) unknown (154.70.200.107): 1 Time(s) unknown (167.99.75.143): 1 Time(s) unknown (172.81.248.249): 1 Time(s) unknown (178.124.145.242): 1 Time(s) unknown (182.74.25.246): 1 Time(s) unknown (195.81.85.58): 1 Time(s) unknown (201.ip-144-217-83.net): 1 Time(s) unknown (50-250-231-41-static.hfc.comcastbusiness.net): 1 Time(s) unknown (86.57.139.110): 1 Time(s) unknown (89.108.84.80): 1 Time(s) unknown (91.210.224.192): 1 Time(s) unknown (95.76.236.66): 1 Time(s) unknown (ool-2f168252.static.optonline.net): 1 Time(s) unknown (pc-55187.zdnet.com.pl): 1 Time(s) unknown (server.multixservices.net): 1 Time(s) uucp (106.13.5.170): 1 Time(s) uucp (45.80.64.222): 1 Time(s) www-data (185.164.63.234): 1 Time(s) Invalid Users: Unknown Account: 2073 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 20.970K Bytes accepted 21,473 20.970K Bytes sent via SMTP 21,473 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 292 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 292 Total 4xx Rejects 100.00% ======== ================================================== 346 Connections 295 Connections lost (inbound) 346 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 7 Time(s) Failed logins from: 1.64.97.94 (1-64-97-094.static.netvigator.com): 6 times 45.80.64.222: 5 times 45.115.99.38 (ns1.starbroadband.co.in): 4 times 46.61.235.111: 10 times 46.105.94.103 (ip103.ip-46-105-94.eu): 1 time 49.88.112.54: 6 times 51.15.51.2 (2-51-15-51.rev.cloud.scaleway.com): 2 times 51.77.134.230 (ns3137201.ip-51-77-134.eu): 6 times 51.254.199.97 (ns3022614.ip-51-254-199.eu): 2 times 58.37.225.126 (126.225.37.58.broad.xw.sh.dynamic.163data.com.cn): 2 times 58.185.164.83: 6 times 61.76.173.244: 2 times 81.30.212.14 (81.30.212.14.static.ufanet.ru): 2 times 89.44.45.232: 1 time 91.222.195.26: 2 times 93.70.205.226 (net-93-70-205-226.cust.vodafonedsl.it): 6 times 96.56.82.194 (ool-603852c2.static.optonline.net): 3 times 103.1.153.103: 2 times 103.10.30.204: 5 times 103.23.100.87 (87.subnet-103.23.100.host.unnes.ac.id): 4 times 103.35.198.219: 1 time 103.45.99.214: 6 times 103.207.11.10: 3 times 106.12.202.181: 4 times 106.13.5.170: 10 times 106.13.43.192: 6 times 106.13.142.212: 5 times 106.75.31.215: 5 times 112.33.16.34: 7 times 112.85.42.174: 6 times 117.121.97.94: 3 times 121.142.111.106: 1 time 122.161.199.110 (abts-north-static-110.199.161.122-airtelbroadband.in): 1 time 123.108.35.186: 1 time 125.99.173.162: 4 times 129.211.135.187: 2 times 134.175.141.166: 1 time 139.59.249.255 (blog.jungleland.co.id): 6 times 146.185.175.132: 5 times 165.227.210.71: 2 times 180.168.76.222: 1 time 180.214.247.153: 5 times 181.126.83.125 (mail.criterion.com.py): 1 time 182.219.172.224: 7 times 185.164.63.234: 8 times 192.144.253.79: 2 times 202.108.31.160 (new1-31-160-a8.bta.net.cn): 3 times 203.142.69.203: 3 times 213.32.21.139 (139.ip-213-32-21.eu): 1 time 218.92.0.175: 6 times 218.92.0.181: 6 times 223.220.159.78: 3 times Illegal users from: undef: 1485 times 14.43.82.242: 2 times 45.80.64.222: 62 times 45.115.99.38 (ns1.starbroadband.co.in): 23 times 46.61.235.111: 62 times 46.105.94.103 (ip103.ip-46-105-94.eu): 26 times 47.22.130.82 (ool-2f168252.static.optonline.net): 1 time 50.250.231.41 (50-250-231-41-static.hfc.comcastbusiness.net): 1 time 51.15.51.2 (2-51-15-51.rev.cloud.scaleway.com): 63 times 51.77.134.230 (ns3137201.ip-51-77-134.eu): 12 times 51.254.199.97 (ns3022614.ip-51-254-199.eu): 11 times 54.39.29.105 (ns557495.ip-54-39-29.net): 10 times 58.37.225.126 (126.225.37.58.broad.xw.sh.dynamic.163data.com.cn): 15 times 61.76.173.244: 53 times 78.194.214.19 (imb69-1-78-194-214-19.fbxo.proxad.net): 5 times 81.30.212.14 (81.30.212.14.static.ufanet.ru): 14 times 86.57.139.110 (110-139-57-86-static.mgts.by): 1 time 89.108.84.80 (francesco.ru): 1 time 91.210.224.192: 1 time 91.222.195.26: 30 times 92.63.194.26: 2 times 94.177.163.133 (host133-163-177-94.serverdedicati.aruba.it): 10 times 95.76.236.66: 1 time 96.56.82.194 (ool-603852c2.static.optonline.net): 60 times 103.1.153.103: 35 times 103.10.30.204: 70 times 103.23.100.87 (87.subnet-103.23.100.host.unnes.ac.id): 61 times 103.35.198.219: 4 times 103.45.99.214: 51 times 103.121.26.150: 9 times 103.207.11.10: 25 times 106.12.92.14: 51 times 106.12.202.181: 52 times 106.13.5.170: 89 times 106.13.43.192: 58 times 106.13.142.212: 51 times 106.75.31.215: 38 times 112.33.16.34: 32 times 114.222.100.234: 1 time 117.121.97.94: 37 times 119.207.126.21: 1 time 121.130.93.250: 2 times 122.15.65.70: 1 time 123.16.145.180 (static.vnpt.vn): 1 time 125.99.173.162: 93 times 129.211.135.187: 79 times 134.175.141.166: 8 times 138.68.82.220: 4 times 139.59.249.255 (blog.jungleland.co.id): 61 times 144.217.83.201 (201.ip-144-217-83.net): 1 time 146.185.175.132: 44 times 148.70.3.199: 1 time 148.70.11.98: 8 times 154.70.200.107: 1 time 162.241.178.219 (server.multixservices.net): 1 time 165.227.87.32: 14 times 165.227.210.71: 52 times 167.99.75.143: 1 time 172.81.248.249: 1 time 178.124.145.242 (178.124.145.242.belpak.gomel.by): 1 time 180.168.76.222: 16 times 180.214.247.153: 77 times 181.126.83.125 (mail.criterion.com.py): 100 times 182.72.139.6 (nsg-static-006.139.72.182.airtel.in): 3 times 182.74.25.246: 1 time 182.219.172.224: 83 times 183.103.35.202: 3 times 185.74.4.189: 13 times 185.164.63.234: 61 times 189.181.212.63 (dsl-189-181-212-63-dyn.prod-infinitum.com.mx): 3 times 192.144.253.79: 54 times 193.32.163.182 (hosting-by.cloud-home.me): 4 times 193.70.39.175 (175.ip-193-70-39.eu): 29 times 194.150.251.187 (pc-55187.zdnet.com.pl): 1 time 195.81.85.58: 1 time 202.108.31.160 (new1-31-160-a8.bta.net.cn): 29 times 203.142.69.203: 24 times 206.81.8.14: 25 times 213.32.21.139 (139.ip-213-32-21.eu): 22 times 221.162.255.86: 3 times 223.220.159.78: 16 times **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 4 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 4 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################