[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Sep 18 04:42:10 2019 Date Range Processed: yesterday ( 2019-Sep-17 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [619:619] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 61.219.11.153 Requests with error response codes 400 Bad Request /login.cgi: 1 Time(s) /robots.txt: 1 Time(s) null: 1 Time(s) 404 Not Found /robots.txt: 22 Time(s) /berlin/apple-touch-icon.png: 8 Time(s) /berichte/SoSe15/stapf(a)googlegroups.de: 1 Time(s) /berichte/SoSe15/www.zapfev.de: 1 Time(s) /berichte/WiSe16/stapf(a)zapf.in: 1 Time(s) /berichte/WiSe16/www.zapfev.de: 1 Time(s) /berlin/helfika/apple-touch-icon.png: 1 Time(s) /home/verein: 1 Time(s) /reader/Deutsche%20Mathematiker-Vereinigun ... Unterrichts.pdf: 1 Time(s) /wp-login.php: 1 Time(s) /wp/wp-admin/: 1 Time(s) /xmlrpc.php: 1 Time(s) 413 Request Entity Too Large /msdn.cpp: 1 Time(s) 500 Internal Server Error /: 120 Time(s) /robots.txt: 2 Time(s) //a2billing/customer/templates/default/footer.tpl: 1 Time(s) //vtigercrm/vtigerservice.php: 1 Time(s) /secure/ContactAdministrators!default.jspa: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (130.61.83.71): 106 Time(s) unknown (net-37-119-230-22.cust.vodafonedsl.it): 91 Time(s) unknown (200.165.167.10): 81 Time(s) unknown (148.70.163.48): 77 Time(s) unknown (152.136.87.219): 73 Time(s) unknown (139.59.77.237): 71 Time(s) unknown (178.128.217.135): 71 Time(s) unknown (95.170.205.151): 69 Time(s) unknown (106.12.211.247): 66 Time(s) unknown (103.40.235.233): 63 Time(s) unknown (178.128.21.45): 63 Time(s) unknown (188.128.39.127): 63 Time(s) unknown (agramant.fr): 63 Time(s) unknown (104.248.116.140): 62 Time(s) unknown (131.1.253.6): 62 Time(s) unknown (134.209.197.66): 62 Time(s) unknown (162.243.164.246): 62 Time(s) unknown (165.227.18.169): 62 Time(s) unknown (188.166.115.226): 62 Time(s) unknown (208.68.36.133): 62 Time(s) unknown (transactional-email-server1.plantiaes.com): 62 Time(s) unknown (159.65.77.254): 61 Time(s) unknown (182.93.48.21): 61 Time(s) unknown (195.31.160.73): 61 Time(s) unknown (228.ip-51-38-186.eu): 61 Time(s) unknown (76.ip-51-83-41.eu): 61 Time(s) unknown (85.113.60.3): 61 Time(s) unknown (134.ip-51-75-28.eu): 60 Time(s) unknown (190.85.145.162): 59 Time(s) unknown (37.ip-51-68-123.eu): 52 Time(s) unknown (s010600f28b41237d.gv.shawcable.net): 52 Time(s) unknown (45.228.137.6): 51 Time(s) unknown (58.246.125.198): 51 Time(s) unknown (211.64.67.48): 50 Time(s) unknown (84.93.153.9): 48 Time(s) unknown (104.40.8.62): 47 Time(s) unknown (14.116.222.170): 47 Time(s) unknown (162.ip-137-74-44.eu): 37 Time(s) unknown (181.176.221.221): 36 Time(s) unknown (112.217.225.61): 33 Time(s) unknown (223.243.29.102): 30 Time(s) unknown (68.183.104.230): 28 Time(s) unknown (178.128.200.69): 25 Time(s) unknown (37.252.190.224): 25 Time(s) unknown (228.ip-51-75-17.eu): 24 Time(s) root (160.119.141.196): 22 Time(s) unknown (117.239.48.242): 22 Time(s) unknown (139.59.87.250): 22 Time(s) unknown (201.52.45.218): 22 Time(s) unknown (170.243.201.35.bc.googleusercontent.com): 21 Time(s) root (45.114.129.67): 18 Time(s) unknown (106.13.48.157): 17 Time(s) unknown (66.49.84.65.nw.nuvox.net): 16 Time(s) unknown (167.71.191.53): 13 Time(s) unknown (120.88.185.39): 7 Time(s) unknown (123.207.79.126): 7 Time(s) root (114.216.176.68): 6 Time(s) root (117.222.237.3): 6 Time(s) root (122.231.40.113): 6 Time(s) root (182.119.152.163): 6 Time(s) root (200.165.167.10): 6 Time(s) root (218.92.0.182): 6 Time(s) root (223.95.1.106): 6 Time(s) root (49.88.112.55): 6 Time(s) root (net-37-119-230-22.cust.vodafonedsl.it): 6 Time(s) unknown (121.149.168.193): 6 Time(s) unknown (182.34.121.180): 6 Time(s) unknown (193.112.19.70): 6 Time(s) unknown (c-67-160-1-83.hsd1.wa.comcast.net): 6 Time(s) unknown (c-67-182-89-30.hsd1.ca.comcast.net): 6 Time(s) unknown (h-252-250.a259.priv.bahnhof.se): 6 Time(s) root (106.12.211.247): 5 Time(s) unknown (180.66.34.140): 5 Time(s) root (104.40.8.62): 4 Time(s) root (148.70.163.48): 4 Time(s) root (181.176.221.221): 4 Time(s) unknown (119.196.83.14): 4 Time(s) root (130.61.83.71): 3 Time(s) root (134.209.197.66): 3 Time(s) root (178.128.21.45): 3 Time(s) root (182.93.48.21): 3 Time(s) root (188.128.39.127): 3 Time(s) root (190.85.145.162): 3 Time(s) root (195.31.160.73): 3 Time(s) root (45.228.137.6): 3 Time(s) root (84.93.153.9): 3 Time(s) root (85.113.60.3): 3 Time(s) root (agramant.fr): 3 Time(s) root (transactional-email-server1.plantiaes.com): 3 Time(s) unknown (124.160.102.197): 3 Time(s) unknown (183.103.35.202): 3 Time(s) unknown (193.32.163.182): 3 Time(s) unknown (45.114.129.67): 3 Time(s) unknown (49.234.18.158): 3 Time(s) unknown (58.250.79.7): 3 Time(s) unknown (dd5773bd0.access.telenet.be): 3 Time(s) unknown (ool-4b7f9302.static.optonline.net): 3 Time(s) root (104.248.116.140): 2 Time(s) root (106.13.48.157): 2 Time(s) root (139.59.77.237): 2 Time(s) root (14.116.222.170): 2 Time(s) root (152.136.87.219): 2 Time(s) root (162.243.164.246): 2 Time(s) root (162.ip-137-74-44.eu): 2 Time(s) root (165.227.18.169): 2 Time(s) root (188.166.115.226): 2 Time(s) root (211.64.67.48): 2 Time(s) root (228.ip-51-38-186.eu): 2 Time(s) root (37.ip-51-68-123.eu): 2 Time(s) root (58.246.125.198): 2 Time(s) root (66.49.84.65.nw.nuvox.net): 2 Time(s) root (95.170.205.151): 2 Time(s) temp (182.93.48.21): 2 Time(s) temp (190.85.145.162): 2 Time(s) unknown (128.199.159.8): 2 Time(s) unknown (211.114.176.34): 2 Time(s) unknown (52.130.66.246): 2 Time(s) unknown (66-214-40-126.static.lnbh.ca.charter.com): 2 Time(s) unknown (78-67-184-204-no260.tbcn.telia.com): 2 Time(s) unknown (92.63.194.26): 2 Time(s) unknown (ns3077451.ip-188-165-242.eu): 2 Time(s) unknown (ool-2f168746.static.optonline.net): 2 Time(s) unknown (vpn-245-108.wlan.uni-bonn.de): 2 Time(s) backup (104.248.116.140): 1 Time(s) backup (178.128.217.135): 1 Time(s) backup (188.128.39.127): 1 Time(s) backup (208.68.36.133): 1 Time(s) bin (152.136.87.219): 1 Time(s) bin (188.128.39.127): 1 Time(s) games (103.40.235.233): 1 Time(s) games (128.199.159.8): 1 Time(s) games (152.136.87.219): 1 Time(s) games (188.128.39.127): 1 Time(s) irc (104.248.116.140): 1 Time(s) irc (134.ip-51-75-28.eu): 1 Time(s) irc (208.68.36.133): 1 Time(s) mail (148.70.163.48): 1 Time(s) mail (170.243.201.35.bc.googleusercontent.com): 1 Time(s) mail (net-37-119-230-22.cust.vodafonedsl.it): 1 Time(s) mailman (152.136.87.219): 1 Time(s) mysql (120.88.185.39): 1 Time(s) mysql (162.ip-137-74-44.eu): 1 Time(s) mysql (188.166.115.226): 1 Time(s) mysql (agramant.fr): 1 Time(s) news (104.248.116.140): 1 Time(s) news (162.ip-137-74-44.eu): 1 Time(s) news (223.243.29.102): 1 Time(s) news (58.246.125.198): 1 Time(s) news (85.113.60.3): 1 Time(s) nobody (130.61.83.71): 1 Time(s) nobody (134.ip-51-75-28.eu): 1 Time(s) nobody (139.59.77.237): 1 Time(s) nobody (165.227.18.169): 1 Time(s) opendkim (228.ip-51-38-186.eu): 1 Time(s) openproject (106.12.211.247): 1 Time(s) postgres (104.248.116.140): 1 Time(s) postgres (148.70.163.48): 1 Time(s) postgres (152.136.87.219): 1 Time(s) postgres (162.243.164.246): 1 Time(s) postgres (165.227.18.169): 1 Time(s) postgres (208.68.36.133): 1 Time(s) postgres (agramant.fr): 1 Time(s) proxy (139.59.87.250): 1 Time(s) proxy (14.116.222.170): 1 Time(s) proxy (228.ip-51-38-186.eu): 1 Time(s) proxy (95.170.205.151): 1 Time(s) root (103.40.235.233): 1 Time(s) root (112.217.225.61): 1 Time(s) root (117.239.48.242): 1 Time(s) root (128.199.159.8): 1 Time(s) root (131.1.253.6): 1 Time(s) root (134.ip-51-75-28.eu): 1 Time(s) root (139.59.87.250): 1 Time(s) root (157.230.109.166): 1 Time(s) root (159.65.77.254): 1 Time(s) root (167.71.191.53): 1 Time(s) root (178.128.200.69): 1 Time(s) root (178.128.217.135): 1 Time(s) root (208.68.36.133): 1 Time(s) root (223.243.29.102): 1 Time(s) root (228.ip-51-75-17.eu): 1 Time(s) root (68.183.104.230): 1 Time(s) root (ool-2f168746.static.optonline.net): 1 Time(s) root (pub13-14.mobius.fr): 1 Time(s) root (s010600f28b41237d.gv.shawcable.net): 1 Time(s) smmsp (139.59.87.250): 1 Time(s) smmsp (14.116.222.170): 1 Time(s) sshd (139.59.87.250): 1 Time(s) sshd (148.70.163.48): 1 Time(s) sshd (165.227.18.169): 1 Time(s) sshd (66.49.84.65.nw.nuvox.net): 1 Time(s) sshd (agramant.fr): 1 Time(s) sys (162.243.164.246): 1 Time(s) sys (165.227.18.169): 1 Time(s) sys (agramant.fr): 1 Time(s) sys (net-37-119-230-22.cust.vodafonedsl.it): 1 Time(s) temp (103.40.235.233): 1 Time(s) temp (106.12.211.247): 1 Time(s) temp (134.209.197.66): 1 Time(s) temp (134.ip-51-75-28.eu): 1 Time(s) temp (139.59.77.237): 1 Time(s) temp (152.136.87.219): 1 Time(s) temp (162.243.164.246): 1 Time(s) temp (178.128.21.45): 1 Time(s) temp (181.176.221.221): 1 Time(s) temp (188.166.115.226): 1 Time(s) temp (76.ip-51-83-41.eu): 1 Time(s) temp (transactional-email-server1.plantiaes.com): 1 Time(s) unknown (117.50.49.57): 1 Time(s) unknown (123.20.57.94): 1 Time(s) unknown (14.172.255.118): 1 Time(s) unknown (176-130-149-145.abo.bbox.fr): 1 Time(s) unknown (195-154-182-205.rev.poneytelecom.eu): 1 Time(s) unknown (222.127.101.155): 1 Time(s) unknown (51.15.56.145): 1 Time(s) unknown (68.183.204.162): 1 Time(s) unknown (92.ip-51-38-126.eu): 1 Time(s) unknown (98.ip-151-80-155.eu): 1 Time(s) unknown (host86-158-99-45.range86-158.btcentralplus.com): 1 Time(s) unknown (ns81.cloudnuvem.com.br): 1 Time(s) unknown (ool-2f168252.static.optonline.net): 1 Time(s) unknown (pppoe-static.82.209.223.100.telecom.mogilev.by): 1 Time(s) unknown (static-100-37-253-46.nycmny.fios.verizon.net): 1 Time(s) uucp (104.40.8.62): 1 Time(s) uucp (178.128.217.135): 1 Time(s) uucp (200.165.167.10): 1 Time(s) www-data (103.40.235.233): 1 Time(s) www-data (159.65.77.254): 1 Time(s) www-data (181.176.221.221): 1 Time(s) www-data (211.64.67.48): 1 Time(s) Invalid Users: Unknown Account: 2823 Time(s) systemd-user: Unknown Entries: session closed for user root: 1 Time(s) session opened for user root by (uid=0): 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 5 Miscellaneous warnings 20.668K Bytes accepted 21,164 20.668K Bytes sent via SMTP 21,164 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 453 Connections 8 Connections lost (inbound) 453 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 4 Time(s) root : 7 Time(s) Failed logins from: 5.196.226.217 (agramant.fr): 7 times 14.116.222.170: 4 times 35.201.243.170 (170.243.201.35.bc.googleusercontent.com): 1 time 37.119.230.22 (net-37-119-230-22.cust.vodafonedsl.it): 8 times 45.114.129.67: 18 times 45.228.137.6 (6.137.228.45.consoft.com.py): 3 times 47.22.135.70 (ool-2f168746.static.optonline.net): 1 time 49.88.112.55: 6 times 51.38.186.228 (228.ip-51-38-186.eu): 4 times 51.68.123.37 (37.ip-51-68-123.eu): 2 times 51.75.17.228 (228.ip-51-75-17.eu): 1 time 51.75.28.134 (134.ip-51-75-28.eu): 4 times 51.83.41.76 (76.ip-51-83-41.eu): 1 time 58.246.125.198: 3 times 66.49.84.65 (66.49.84.65.nw.nuvox.net): 3 times 68.183.104.230: 1 time 80.69.213.14 (pub13-14.mobius.fr): 1 time 84.93.153.9 (84.93.153.9.plusnet.pte-ag1.dyn.plus.net): 3 times 85.113.60.3 (85x113x60x3.static-customer.samara.ertelecom.ru): 4 times 95.170.205.151: 3 times 103.40.235.233: 4 times 104.40.8.62: 5 times 104.248.116.140: 6 times 106.12.211.247: 7 times 106.13.48.157: 2 times 112.217.225.61: 1 time 114.216.176.68: 6 times 117.222.237.3: 6 times 117.239.48.242: 1 time 120.88.185.39: 1 time 122.231.40.113: 6 times 128.199.159.8: 2 times 130.61.83.71: 4 times 131.1.253.6 (host6-253-static.1-131-olivetti.it): 1 time 134.209.197.66: 4 times 137.74.44.162 (162.ip-137-74-44.eu): 4 times 139.59.77.237 (251656.cloudwaysapps.com): 4 times 139.59.87.250: 4 times 148.70.163.48: 7 times 152.136.87.219: 7 times 157.230.109.166: 1 time 159.65.77.254: 2 times 160.119.141.196: 22 times 162.243.164.246: 5 times 165.227.18.169: 6 times 167.71.191.53: 1 time 178.128.21.45: 4 times 178.128.200.69: 1 time 178.128.217.135: 3 times 181.176.221.221: 6 times 182.93.48.21 (n18293z48l21.static.ctmip.net): 5 times 182.119.152.163 (hn.kd.ny.adsl): 6 times 184.66.248.150 (S010600f28b41237d.gv.shawcable.net): 1 time 188.128.39.127: 6 times 188.166.115.226: 4 times 190.85.145.162: 5 times 195.31.160.73 (host73-160-static.31-195-b.business.telecomitalia.it): 3 times 195.154.112.70 (transactional-email-server1.plantiaes.com): 4 times 200.165.167.10: 7 times 208.68.36.133: 4 times 211.64.67.48: 3 times 218.92.0.182: 6 times 223.95.1.106: 6 times 223.243.29.102: 2 times Illegal users from: undef: 1941 times 5.196.226.217 (agramant.fr): 63 times 14.116.222.170: 47 times 14.172.255.118 (static.vnpt.vn): 1 time 35.201.243.170 (170.243.201.35.bc.googleusercontent.com): 21 times 37.119.230.22 (net-37-119-230-22.cust.vodafonedsl.it): 91 times 37.252.190.224: 25 times 45.114.129.67: 3 times 45.228.137.6 (6.137.228.45.consoft.com.py): 51 times 47.22.130.82 (ool-2f168252.static.optonline.net): 1 time 47.22.135.70 (ool-2f168746.static.optonline.net): 2 times 49.234.18.158: 3 times 51.15.56.145 (145-56-15-51.rev.cloud.scaleway.com): 1 time 51.38.126.92 (92.ip-51-38-126.eu): 1 time 51.38.186.228 (228.ip-51-38-186.eu): 61 times 51.68.123.37 (37.ip-51-68-123.eu): 52 times 51.75.17.228 (228.ip-51-75-17.eu): 24 times 51.75.28.134 (134.ip-51-75-28.eu): 60 times 51.83.41.76 (76.ip-51-83-41.eu): 61 times 52.130.66.246: 2 times 58.246.125.198: 51 times 58.250.79.7: 3 times 66.49.84.65 (66.49.84.65.nw.nuvox.net): 16 times 66.214.40.126 (66-214-40-126.static.lnbh.ca.charter.com): 2 times 67.160.1.83 (c-67-160-1-83.hsd1.wa.comcast.net): 6 times 67.182.89.30 (c-67-182-89-30.hsd1.ca.comcast.net): 6 times 68.183.104.230: 28 times 68.183.204.162: 1 time 75.127.147.2 (ool-4b7f9302.static.optonline.net): 3 times 78.67.184.204 (78-67-184-204-no260.tbcn.telia.com): 2 times 82.209.223.100 (pppoe-static.82.209.223.100.telecom.mogilev.by): 1 time 84.93.153.9 (84.93.153.9.plusnet.pte-ag1.dyn.plus.net): 48 times 85.113.60.3 (85x113x60x3.static-customer.samara.ertelecom.ru): 61 times 86.158.99.45 (host86-158-99-45.range86-158.btcentralplus.com): 1 time 92.63.194.26: 2 times 95.170.205.151: 69 times 100.37.253.46 (static-100-37-253-46.nycmny.fios.verizon.net): 1 time 103.40.235.233: 63 times 104.40.8.62: 47 times 104.248.116.140: 62 times 106.12.211.247: 66 times 106.13.48.157: 17 times 112.217.225.61: 33 times 117.50.49.57: 1 time 117.239.48.242: 22 times 119.196.83.14: 4 times 120.88.185.39: 7 times 121.149.168.193: 6 times 123.20.57.94: 1 time 123.207.79.126: 7 times 124.160.102.197: 3 times 128.199.159.8: 2 times 130.61.83.71: 106 times 131.1.253.6 (host6-253-static.1-131-olivetti.it): 62 times 131.220.245.108 (vpn-245-108.wlan.uni-bonn.de): 2 times 134.209.197.66: 62 times 137.74.44.162 (162.ip-137-74-44.eu): 37 times 139.59.77.237 (251656.cloudwaysapps.com): 71 times 139.59.87.250: 22 times 139.162.122.110 (scan-8.security.ipip.net): 1 time 148.70.163.48: 77 times 151.80.155.98 (98.ip-151-80-155.eu): 1 time 152.136.87.219: 73 times 155.4.252.250 (h-252-250.A259.priv.bahnhof.se): 6 times 159.65.77.254: 61 times 162.243.164.246: 62 times 165.227.18.169: 62 times 167.71.191.53: 13 times 167.114.47.81 (ns81.cloudnuvem.com.br): 1 time 176.130.149.145 (176-130-149-145.abo.bbox.fr): 1 time 178.128.21.45: 63 times 178.128.200.69: 25 times 178.128.217.135: 71 times 180.66.34.140: 5 times 181.176.221.221: 36 times 182.34.121.180: 6 times 182.93.48.21 (n18293z48l21.static.ctmip.net): 61 times 183.103.35.202: 3 times 184.66.248.150 (S010600f28b41237d.gv.shawcable.net): 52 times 188.128.39.127: 63 times 188.165.242.200 (ns3077451.ip-188-165-242.eu): 2 times 188.166.115.226: 62 times 190.85.145.162: 59 times 193.32.163.182 (hosting-by.cloud-home.me): 3 times 193.112.19.70: 6 times 195.31.160.73 (host73-160-static.31-195-b.business.telecomitalia.it): 61 times 195.154.112.70 (transactional-email-server1.plantiaes.com): 62 times 195.154.182.205 (195-154-182-205.rev.poneytelecom.eu): 1 time 200.165.167.10: 81 times 201.52.45.218 (c9342dda.virtua.com.br): 22 times 208.68.36.133: 62 times 211.64.67.48: 50 times 211.114.176.34: 2 times 213.119.59.208 (dd5773bd0.access.telenet.be): 3 times 222.127.101.155: 1 time 223.243.29.102: 30 times Users logging in through sshd: root: 131.220.245.108 (vpn-245-108.wlan.uni-bonn.de): 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 3 time(s) fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################