[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Dec 4 04:42:04 2019 Date Range Processed: yesterday ( 2019-Dec-03 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [256:255] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 5 sites probed the server 107.172.94.68 125.105.83.167 172.105.4.227 46.118.152.141 74.63.227.26 Requests with error response codes 400 Bad Request null: 29 Time(s) mstshash=Administr: 6 Time(s) mstshash=Test: 2 Time(s) /robots.txt: 1 Time(s) /setup.cgi?next_file=netgear.cfg&todo=sysc ... ntsetting.htm=1: 1 Time(s) 7: 1 Time(s) 404 Not Found /robots.txt: 42 Time(s) /berlin/apple-touch-icon.png: 12 Time(s) /wp-login.php: 5 Time(s) /protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 4 Time(s) /download/reader_bw92.pdf: 2 Time(s) /datenschutz/: 1 Time(s) /reader/https//zapf.wiki/User:Kuschelb%C3%A4r9000: 1 Time(s) /s/release-not: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /sites/default/files/Lehramtstellungnahme.pdf: 1 Time(s) 500 Internal Server Error /: 143 Time(s) /HNAP1/: 1 Time(s) /version: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (222.186.175.147): 66 Time(s) root (222.186.190.92): 53 Time(s) root (222.186.42.4): 52 Time(s) root (222.186.175.216): 48 Time(s) root (222.186.175.155): 47 Time(s) root (222.186.169.194): 42 Time(s) root (222.186.173.226): 42 Time(s) root (222.186.175.154): 42 Time(s) root (222.186.175.202): 42 Time(s) root (222.186.190.2): 36 Time(s) root (218.92.0.155): 35 Time(s) root (222.186.173.154): 35 Time(s) root (222.186.175.181): 35 Time(s) root (222.186.175.215): 35 Time(s) root (112.85.42.175): 30 Time(s) root (218.92.0.212): 30 Time(s) root (222.186.180.8): 30 Time(s) root (222.186.180.9): 30 Time(s) root (61.177.172.128): 30 Time(s) root (222.186.180.41): 29 Time(s) root (222.186.175.169): 27 Time(s) root (112.85.42.178): 24 Time(s) root (112.85.42.179): 24 Time(s) root (112.85.42.180): 24 Time(s) root (218.92.0.182): 24 Time(s) root (222.186.173.142): 24 Time(s) root (222.186.173.180): 24 Time(s) root (222.186.173.238): 24 Time(s) root (222.186.175.167): 24 Time(s) root (222.186.175.182): 24 Time(s) root (222.186.175.217): 24 Time(s) root (218.92.0.131): 23 Time(s) root (218.92.0.148): 23 Time(s) root (218.92.0.178): 23 Time(s) root (112.85.42.173): 21 Time(s) root (218.92.0.170): 19 Time(s) root (218.92.0.135): 18 Time(s) root (218.92.0.158): 18 Time(s) root (218.92.0.179): 18 Time(s) root (218.92.0.181): 18 Time(s) root (222.186.169.192): 18 Time(s) root (222.186.175.140): 18 Time(s) root (222.186.175.150): 18 Time(s) root (222.186.175.161): 18 Time(s) root (222.186.175.183): 18 Time(s) root (222.186.175.220): 18 Time(s) root (222.186.180.223): 18 Time(s) root (112.85.42.174): 17 Time(s) root (218.92.0.145): 17 Time(s) root (218.92.0.176): 17 Time(s) root (222.186.175.151): 14 Time(s) root (112.85.42.171): 12 Time(s) root (218.92.0.134): 12 Time(s) root (218.92.0.141): 12 Time(s) root (218.92.0.175): 12 Time(s) root (222.186.173.183): 12 Time(s) root (222.186.175.148): 12 Time(s) root (222.186.180.147): 12 Time(s) root (49.88.112.55): 12 Time(s) root (112.85.42.177): 11 Time(s) root (222.186.180.17): 11 Time(s) root (222.186.180.6): 11 Time(s) root (112.85.42.176): 6 Time(s) root (218.92.0.139): 6 Time(s) root (218.92.0.193): 6 Time(s) root (222.186.173.215): 6 Time(s) root (222.186.175.212): 6 Time(s) root (49.88.112.58): 6 Time(s) unknown (171.251.22.179): 5 Time(s) unknown (103.99.3.185): 3 Time(s) unknown (27.69.242.187): 3 Time(s) root (45.119.212.105): 2 Time(s) unknown (112.186.77.98): 2 Time(s) unknown (118.24.99.163): 2 Time(s) unknown (185.249.151.43): 2 Time(s) unknown (206.189.159.78): 2 Time(s) unknown (92.63.194.26): 2 Time(s) postgres (112.231.213.112): 1 Time(s) postgres (5.11.37.63): 1 Time(s) proxy (122.49.35.37): 1 Time(s) root (171.224.180.232): 1 Time(s) root (178.243.186.247): 1 Time(s) root (196.152.78.245): 1 Time(s) root (206.189.159.78): 1 Time(s) root (85.209.0.31): 1 Time(s) root (ns301667.ip-94-23-50.eu): 1 Time(s) unknown (104.236.131.54): 1 Time(s) unknown (104.236.246.16): 1 Time(s) unknown (105.155.5.190): 1 Time(s) unknown (106.12.27.107): 1 Time(s) unknown (109.110.52.77): 1 Time(s) unknown (111.95.138.234): 1 Time(s) unknown (112.135.35.39): 1 Time(s) unknown (112.78.177.70): 1 Time(s) unknown (113.160.178.148): 1 Time(s) unknown (113.190.139.97): 1 Time(s) unknown (117.232.127.50): 1 Time(s) unknown (119.152.150.145): 1 Time(s) unknown (119.94.146.2): 1 Time(s) unknown (130.61.122.5): 1 Time(s) unknown (139.59.180.53): 1 Time(s) unknown (139.59.56.121): 1 Time(s) unknown (139.59.59.187): 1 Time(s) unknown (145.249.105.204): 1 Time(s) unknown (154.184.232.48): 1 Time(s) unknown (159.65.144.233): 1 Time(s) unknown (175.205.139.30): 1 Time(s) unknown (178.132.216.194): 1 Time(s) unknown (178.254.143.78): 1 Time(s) unknown (197.232.56.157): 1 Time(s) unknown (198.211.123.183): 1 Time(s) unknown (202.169.56.98): 1 Time(s) unknown (202.88.241.107): 1 Time(s) unknown (206.189.136.160): 1 Time(s) unknown (207.154.232.160): 1 Time(s) unknown (210.217.24.246): 1 Time(s) unknown (221.176.177.194): 1 Time(s) unknown (255.red-2-139-215.staticip.rima-tde.net): 1 Time(s) unknown (41.79.239.7): 1 Time(s) unknown (42.116.255.216): 1 Time(s) unknown (45.55.12.248): 1 Time(s) unknown (52.231.153.23): 1 Time(s) unknown (54.ip-51-68-230.eu): 1 Time(s) unknown (54.ip-54-39-21.net): 1 Time(s) unknown (58.242.68.178): 1 Time(s) unknown (79.112.45.9): 1 Time(s) unknown (81.12.159.146): 1 Time(s) unknown (82-64-138-80.subs.proxad.net): 1 Time(s) unknown (92-255-95-242.customer.comfortel.pro): 1 Time(s) unknown (94.207.211.238): 1 Time(s) unknown (96.56.82.194): 1 Time(s) unknown (b2b-37-24-236-114.unitymedia.biz): 1 Time(s) unknown (business-24-134-34-173.pool2.vodafone-ip.de): 1 Time(s) unknown (correo.administradoraintegral.com): 1 Time(s) unknown (host-212.178.52.190.copaco.com.py): 1 Time(s) unknown (host81-136-255-20.in-addr.btopenworld.com): 1 Time(s) unknown (ip-7a77.proline.net.ua): 1 Time(s) unknown (ip170.ip-5-196-110.eu): 1 Time(s) unknown (mail6.keltron.in): 1 Time(s) unknown (ns3045583.ip-46-105-122.eu): 1 Time(s) unknown (ns322653.ip-37-187-155.eu): 1 Time(s) unknown (ns388423.ip-176-31-253.eu): 1 Time(s) Invalid Users: Unknown Account: 77 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 13.510K Bytes accepted 13,834 13.510K Bytes sent via SMTP 13,834 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 166 Connections 121 Connections lost (inbound) 166 Disconnections 1 Removed from queue 1 Sent via SMTP 36 Timeouts (inbound) 5 SMTP dialog errors 6 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 263 Time(s) Failed logins from: 5.11.37.63: 1 time 45.119.212.105: 2 times 49.88.112.55: 12 times 49.88.112.58: 6 times 61.177.172.128: 30 times 85.209.0.31: 1 time 94.23.50.194 (ns301667.ip-94-23-50.eu): 1 time 112.85.42.171: 12 times 112.85.42.173: 21 times 112.85.42.174: 17 times 112.85.42.175: 30 times 112.85.42.176: 6 times 112.85.42.177: 11 times 112.85.42.178: 24 times 112.85.42.179: 24 times 112.85.42.180: 24 times 112.231.213.112: 1 time 122.49.35.37: 1 time 171.224.180.232 (dynamic-adsl.viettel.vn): 1 time 178.243.186.247: 1 time 196.152.78.245: 1 time 206.189.159.78 (ubuntu16.04-8vcpu-16gb-sgp1-dsci): 1 time 218.92.0.131: 23 times 218.92.0.134: 12 times 218.92.0.135: 18 times 218.92.0.139: 6 times 218.92.0.141: 12 times 218.92.0.145: 17 times 218.92.0.148: 23 times 218.92.0.155: 35 times 218.92.0.158: 18 times 218.92.0.170: 19 times 218.92.0.175: 12 times 218.92.0.176: 17 times 218.92.0.178: 23 times 218.92.0.179: 18 times 218.92.0.181: 18 times 218.92.0.182: 24 times 218.92.0.193: 6 times 218.92.0.212: 30 times 222.186.42.4: 54 times 222.186.169.192: 18 times 222.186.169.194: 42 times 222.186.173.142: 24 times 222.186.173.154: 35 times 222.186.173.180: 24 times 222.186.173.183: 12 times 222.186.173.215: 6 times 222.186.173.226: 42 times 222.186.173.238: 24 times 222.186.175.140: 18 times 222.186.175.147: 66 times 222.186.175.148: 12 times 222.186.175.150: 18 times 222.186.175.151: 17 times 222.186.175.154: 42 times 222.186.175.155: 48 times 222.186.175.161: 18 times 222.186.175.167: 24 times 222.186.175.169: 29 times 222.186.175.181: 35 times 222.186.175.182: 24 times 222.186.175.183: 18 times 222.186.175.202: 42 times 222.186.175.212: 6 times 222.186.175.215: 35 times 222.186.175.216: 48 times 222.186.175.217: 24 times 222.186.175.220: 18 times 222.186.180.6: 11 times 222.186.180.8: 30 times 222.186.180.9: 30 times 222.186.180.17: 12 times 222.186.180.41: 29 times 222.186.180.147: 12 times 222.186.180.223: 18 times 222.186.190.2: 36 times 222.186.190.92: 53 times Illegal users from: undef: 45 times 2.139.215.255 (255.red-2-139-215.staticip.rima-tde.net): 1 time 5.196.110.170 (ip170.ip-5-196-110.eu): 1 time 24.134.34.173 (business-24-134-34-173.pool2.vodafone-ip.de): 1 time 27.69.242.187 (localhost): 3 times 37.24.236.114 (b2b-37-24-236-114.unitymedia.biz): 1 time 37.187.155.186 (ns322653.ip-37-187-155.eu): 1 time 41.79.239.7: 1 time 42.116.255.216: 1 time 45.55.12.248 (hostmaster.vitalconnectionuniversity.com): 1 time 46.105.122.62 (ns3045583.ip-46-105-122.eu): 1 time 51.68.230.54 (54.ip-51-68-230.eu): 1 time 52.231.153.23: 1 time 54.39.21.54 (54.ip-54-39-21.net): 1 time 58.242.68.178: 1 time 79.112.45.9 (79-112-45-009.iasi.fiberlink.ro): 1 time 81.12.159.146: 1 time 81.136.255.20 (host81-136-255-20.in-addr.btopenworld.com): 1 time 82.64.138.80 (82-64-138-80.subs.proxad.net): 1 time 92.63.194.26: 2 times 92.255.95.242 (92-255-95-242.customer.comfortel.pro): 1 time 93.126.122.119 (ip-7a77.proline.net.ua): 1 time 94.207.211.238: 1 time 96.56.82.194 (ool-603852c2.static.optonline.net): 1 time 103.10.168.8 (mail6.keltron.in): 1 time 103.99.3.185: 3 times 104.236.131.54: 1 time 104.236.246.16: 1 time 105.155.5.190: 1 time 106.12.27.107: 1 time 109.110.52.77: 1 time 111.95.138.234 (fm-dyn-111-95-138-234.fast.net.id): 1 time 112.78.177.70: 1 time 112.135.35.39 (SLT-BB-CUST.slt.lk): 1 time 112.186.77.98: 2 times 113.160.178.148 (static.vnpt.vn): 1 time 113.190.139.97 (static.vnpt.vn): 1 time 117.232.127.50: 1 time 118.24.99.163: 2 times 119.94.146.2 (119.94.146.2.static.pldt.net): 1 time 119.152.150.145: 1 time 130.61.122.5: 1 time 139.59.56.121: 1 time 139.59.59.187: 1 time 139.59.180.53: 1 time 145.249.105.204: 1 time 154.184.232.48 (host-154.184.48.232-static.tedata.net): 1 time 159.65.144.233: 1 time 171.251.22.179 (dynamic-ip-adsl.viettel.vn): 5 times 175.205.139.30: 1 time 176.31.253.204 (ns388423.ip-176-31-253.eu): 1 time 178.132.216.194: 1 time 178.254.143.78 (free-143-78.mediaworksit.net): 1 time 185.249.151.43: 2 times 190.52.178.212 (host-212.178.52.190.copaco.com.py): 1 time 197.232.56.157: 1 time 198.211.123.183: 1 time 200.11.150.238 (correo.administradoraintegral.com): 1 time 202.88.241.107 (107.241.88.202.asianet.co.in): 1 time 202.169.56.98: 1 time 206.189.136.160: 1 time 206.189.159.78 (ubuntu16.04-8vcpu-16gb-sgp1-dsci): 2 times 207.154.232.160: 1 time 210.217.24.246: 1 time 221.176.177.194: 1 time **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 6 time(s) Protocol major versions differ for 172.105.4.227: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s) error: Received disconnect from 141.98.10.39: 2: Handshake failed [preauth] : 1 time(s) error: Received disconnect from 103.99.3.185: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################