[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Donnerstag, 5 Dezember 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Thu Dec  5 04:42:04 2019
        Date Range Processed: yesterday
                              ( 2019-Dec-04 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [298:301]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 5 sites probed the server 
    122.232.201.42
    218.211.168.178
    61.219.11.153
    66.240.236.119
    80.82.64.125
 
 Requests with error response codes
    400 Bad Request
       null: 10 Time(s)
       mstshash=Administr: 2 Time(s)
       /: 1 Time(s)
       HTTP/1.1: 1 Time(s)
    403 Forbidden
       /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s)
    404 Not Found
       /robots.txt: 25 Time(s)
       /berlin/apple-touch-icon.png: 8 Time(s)
       /wp-login.php: 3 Time(s)
       /wp-content/: 2 Time(s)
       /.bitcoin/wallet.dat: 1 Time(s)
       /berichte/SoSe14/stapf(a)googlegroups.com: 1 Time(s)
       /berlin/exkursionen/apple-touch-icon.png: 1 Time(s)
       /license.php: 1 Time(s)
       /protokolle/Protokoll_MV_12.11.2016.pdf: 1 Time(s)
       /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s)
       /resolutionen/sose15/Netzneutralitaet_in_U ... %A4tsnetzen.pdf: 1 Time(s)
       /stapf: 1 Time(s)
       /wallet.dat: 1 Time(s)
    499 (undefined)
       /apple-touch-icon.png: 1 Time(s)
       /build/index-styles-pack.2c73dce02b1eaa3a3b4e.css: 1 Time(s)
    500 Internal Server Error
       /: 80 Time(s)
       /cgi-bin/config.exp: 1 Time(s)
       /robots.txt: 1 Time(s)
       /sitemap.xml: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (218.92.0.135): 60 Time(s)
       root (222.186.180.147): 58 Time(s)
       root (222.186.175.140): 54 Time(s)
       root (222.186.190.2): 54 Time(s)
       root (222.186.173.154): 48 Time(s)
       root (222.186.175.148): 48 Time(s)
       root (222.186.180.223): 48 Time(s)
       root (222.186.175.147): 47 Time(s)
       root (222.186.180.41): 46 Time(s)
       root (49.88.112.58): 43 Time(s)
       root (222.186.173.226): 42 Time(s)
       root (112.85.42.173): 36 Time(s)
       root (218.92.0.141): 36 Time(s)
       root (222.186.169.194): 36 Time(s)
       root (112.85.42.180): 35 Time(s)
       unknown (62-210-103-181.rev.poneytelecom.eu): 31 Time(s)
       root (112.85.42.182): 30 Time(s)
       root (218.92.0.179): 30 Time(s)
       root (218.92.0.212): 30 Time(s)
       root (222.186.169.192): 30 Time(s)
       root (222.186.173.183): 30 Time(s)
       root (222.186.173.238): 30 Time(s)
       root (222.186.175.151): 30 Time(s)
       root (222.186.175.181): 30 Time(s)
       root (222.186.175.182): 30 Time(s)
       root (222.186.175.202): 30 Time(s)
       root (222.186.175.216): 30 Time(s)
       root (222.186.180.8): 30 Time(s)
       root (218.92.0.134): 29 Time(s)
       root (222.186.175.155): 29 Time(s)
       root (112.85.42.174): 24 Time(s)
       root (218.92.0.158): 24 Time(s)
       root (218.92.0.181): 24 Time(s)
       root (218.92.0.193): 24 Time(s)
       root (222.186.173.142): 24 Time(s)
       root (222.186.173.180): 24 Time(s)
       root (222.186.175.150): 24 Time(s)
       root (222.186.175.161): 24 Time(s)
       root (222.186.175.163): 24 Time(s)
       root (222.186.175.215): 24 Time(s)
       root (112.85.42.176): 23 Time(s)
       root (218.92.0.139): 23 Time(s)
       root (218.92.0.170): 23 Time(s)
       root (218.92.0.175): 23 Time(s)
       root (222.186.175.167): 23 Time(s)
       root (218.92.0.145): 18 Time(s)
       root (218.92.0.148): 18 Time(s)
       root (218.92.0.182): 18 Time(s)
       root (222.186.175.183): 18 Time(s)
       root (222.186.175.217): 18 Time(s)
       root (112.85.42.177): 17 Time(s)
       root (112.85.42.178): 17 Time(s)
       root (218.92.0.176): 17 Time(s)
       root (222.186.180.9): 15 Time(s)
       root (112.85.42.171): 12 Time(s)
       root (112.85.42.175): 12 Time(s)
       root (218.92.0.178): 12 Time(s)
       root (222.186.173.215): 12 Time(s)
       root (222.186.175.220): 12 Time(s)
       root (222.186.180.17): 12 Time(s)
       root (222.186.180.6): 12 Time(s)
       root (222.186.42.4): 12 Time(s)
       unknown (125.17.228.202): 8 Time(s)
       root (125.17.228.202): 6 Time(s)
       root (218.92.0.131): 6 Time(s)
       root (218.92.0.155): 6 Time(s)
       root (222.186.175.154): 6 Time(s)
       root (222.186.175.169): 6 Time(s)
       root (222.186.190.92): 6 Time(s)
       root (49.88.112.55): 6 Time(s)
       root (61.177.172.128): 6 Time(s)
       root (62-210-103-181.rev.poneytelecom.eu): 6 Time(s)
       root (222.186.175.212): 5 Time(s)
       unknown (112.186.77.86): 4 Time(s)
       unknown (36.red-88-15-54.dynamicip.rima-tde.net): 4 Time(s)
       unknown (lfbn-rei-1-233-232.w86-225.abo.wanadoo.fr): 4 Time(s)
       unknown (static.153.129.194.213.ibercom.com): 4 Time(s)
       mysql (125.17.228.202): 2 Time(s)
       unknown (110.141.234.220): 2 Time(s)
       unknown (112.186.77.98): 2 Time(s)
       unknown (h109-124-148-164.cust.a3fiber.se): 2 Time(s)
       unknown (net-2-36-95-111.cust.vodafonedsl.it): 2 Time(s)
       postgres (061092014168.ctinets.com): 1 Time(s)
       postgres (145.249.105.204): 1 Time(s)
       postgres (178.128.81.125): 1 Time(s)
       postgres (s17783852.onlinehome-server.info): 1 Time(s)
       proxy (196.32.194.90): 1 Time(s)
       root (103.255.5.67): 1 Time(s)
       root (123.147.248.68): 1 Time(s)
       root (125.161.106.114): 1 Time(s)
       root (180.191.172.115): 1 Time(s)
       root (181.225.102.181): 1 Time(s)
       root (188.166.216.84): 1 Time(s)
       root (197.230.162.139): 1 Time(s)
       root (219.144.65.204): 1 Time(s)
       root (36.red-88-15-54.dynamicip.rima-tde.net): 1 Time(s)
       root (59.13.139.42): 1 Time(s)
       root (90.220.55.200): 1 Time(s)
       root (ec2-18-253-83-143.us-gov-east-1.compute.amazonaws.com): 1 Time(s)
       unknown (103.101.52.48): 1 Time(s)
       unknown (110-44-121-14.vianet.com.np): 1 Time(s)
       unknown (111.131.90.149.rev.vodafone.pt): 1 Time(s)
       unknown (112.140.185.64): 1 Time(s)
       unknown (112.220.24.131): 1 Time(s)
       unknown (115.73.215.96): 1 Time(s)
       unknown (116.74.25.161): 1 Time(s)
       unknown (118-163-178-146.hinet-ip.hinet.net): 1 Time(s)
       unknown (120.194.119.173): 1 Time(s)
       unknown (120.29.75.11): 1 Time(s)
       unknown (121.141.5.199): 1 Time(s)
       unknown (121.190.197.205): 1 Time(s)
       unknown (122.51.23.79): 1 Time(s)
       unknown (123.30.154.184): 1 Time(s)
       unknown (130.61.122.5): 1 Time(s)
       unknown (132.145.18.157): 1 Time(s)
       unknown (138.68.20.158): 1 Time(s)
       unknown (139.59.79.56): 1 Time(s)
       unknown (14.169.160.175): 1 Time(s)
       unknown (14.175.93.64): 1 Time(s)
       unknown (142.93.39.29): 1 Time(s)
       unknown (151.236.171.185): 1 Time(s)
       unknown (159.203.77.51): 1 Time(s)
       unknown (159.65.149.131): 1 Time(s)
       unknown (167.99.75.174): 1 Time(s)
       unknown (176-135-172-128.abo.bbox.fr): 1 Time(s)
       unknown (178.128.158.113): 1 Time(s)
       unknown (182.73.222.70): 1 Time(s)
       unknown (190.148.78.113): 1 Time(s)
       unknown (190.19.76.184): 1 Time(s)
       unknown (196.203.31.154): 1 Time(s)
       unknown (197.51.57.197): 1 Time(s)
       unknown (2.152.192.52.dyn.user.ono.com): 1 Time(s)
       unknown (200.69.250.253): 1 Time(s)
       unknown (212.115.245.182): 1 Time(s)
       unknown (217.115.183.228): 1 Time(s)
       unknown (218.211.169.103): 1 Time(s)
       unknown (221.160.100.14): 1 Time(s)
       unknown (223.244.87.132): 1 Time(s)
       unknown (27.61.140.15): 1 Time(s)
       unknown (27.78.103.132): 1 Time(s)
       unknown (36.66.149.211): 1 Time(s)
       unknown (41.226.248.221): 1 Time(s)
       unknown (45.229.82.147): 1 Time(s)
       unknown (45.234.214.176): 1 Time(s)
       unknown (46.101.1.198): 1 Time(s)
       unknown (46.164.155.9): 1 Time(s)
       unknown (59.13.139.42): 1 Time(s)
       unknown (66.70.188.12): 1 Time(s)
       unknown (81.28.167.30): 1 Time(s)
       unknown (91.132.172.87): 1 Time(s)
       unknown (92.46.109.18): 1 Time(s)
       unknown (94.158.83.31): 1 Time(s)
       unknown (95.189.104.67): 1 Time(s)
       unknown (cable-24-135-251-21.dynamic.sbb.rs): 1 Time(s)
       unknown (cpc125480-croy27-2-0-cust149.19-2.cable.virginm.net): 1 Time(s)
       unknown (host217-35-75-193.in-addr.btopenworld.com): 1 Time(s)
       unknown (p4fc360c2.dip0.t-ipconnect.de): 1 Time(s)
       unknown (vmi319677.contaboserver.net): 1 Time(s)
    Invalid Users:
       Unknown Account: 122 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  
 
   16.396K  Bytes accepted                              16,789
   16.396K  Bytes sent via SMTP                         16,789
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        5   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        5   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       17   Connections             
       14   Connections lost (inbound) 
       17   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        3   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 295 Time(s)
 
 Failed logins from:
    18.253.83.143 (ec2-18-253-83-143.us-gov-east-1.compute.amazonaws.com): 1 time
    49.88.112.55: 6 times
    49.88.112.58: 46 times
    59.13.139.42: 1 time
    61.92.14.168 (061092014168.ctinets.com): 1 time
    61.177.172.128: 6 times
    62.210.103.181 (62-210-103-181.rev.poneytelecom.eu): 6 times
    82.165.35.17 (s17783852.onlinehome-server.info): 1 time
    88.15.54.36 (36.red-88-15-54.dynamicip.rima-tde.net): 1 time
    90.220.55.200 (5adc37c8.bb.sky.com): 1 time
    103.255.5.67: 1 time
    112.85.42.171: 12 times
    112.85.42.173: 36 times
    112.85.42.174: 24 times
    112.85.42.175: 12 times
    112.85.42.176: 23 times
    112.85.42.177: 17 times
    112.85.42.178: 17 times
    112.85.42.180: 35 times
    112.85.42.182: 30 times
    123.147.248.68: 1 time
    125.17.228.202: 8 times
    125.161.106.114 (114.subnet125-161-106.speedy.telkom.net.id): 1 time
    145.249.105.204: 1 time
    178.128.81.125: 1 time
    180.191.172.115: 1 time
    181.225.102.181 (azteca-comunicaciones.com): 1 time
    188.166.216.84: 1 time
    196.32.194.90: 1 time
    197.230.162.139: 1 time
    218.92.0.131: 6 times
    218.92.0.134: 29 times
    218.92.0.135: 60 times
    218.92.0.139: 23 times
    218.92.0.141: 36 times
    218.92.0.145: 18 times
    218.92.0.148: 18 times
    218.92.0.155: 6 times
    218.92.0.158: 24 times
    218.92.0.170: 23 times
    218.92.0.175: 23 times
    218.92.0.176: 17 times
    218.92.0.178: 12 times
    218.92.0.179: 30 times
    218.92.0.181: 24 times
    218.92.0.182: 18 times
    218.92.0.193: 24 times
    218.92.0.212: 30 times
    219.144.65.204: 1 time
    222.186.42.4: 12 times
    222.186.169.192: 30 times
    222.186.169.194: 36 times
    222.186.173.142: 24 times
    222.186.173.154: 48 times
    222.186.173.180: 24 times
    222.186.173.183: 30 times
    222.186.173.215: 12 times
    222.186.173.226: 42 times
    222.186.173.238: 30 times
    222.186.175.140: 54 times
    222.186.175.147: 47 times
    222.186.175.148: 48 times
    222.186.175.150: 24 times
    222.186.175.151: 30 times
    222.186.175.154: 6 times
    222.186.175.155: 29 times
    222.186.175.161: 24 times
    222.186.175.163: 24 times
    222.186.175.167: 23 times
    222.186.175.169: 6 times
    222.186.175.181: 30 times
    222.186.175.182: 30 times
    222.186.175.183: 18 times
    222.186.175.202: 30 times
    222.186.175.212: 5 times
    222.186.175.215: 24 times
    222.186.175.216: 30 times
    222.186.175.217: 18 times
    222.186.175.220: 12 times
    222.186.180.6: 12 times
    222.186.180.8: 30 times
    222.186.180.9: 18 times
    222.186.180.17: 12 times
    222.186.180.41: 48 times
    222.186.180.147: 58 times
    222.186.180.223: 48 times
    222.186.190.2: 55 times
    222.186.190.92: 6 times
 
 Illegal users from:
    undef: 80 times
    2.36.95.111 (net-2-36-95-111.cust.vodafonedsl.it): 2 times
    2.152.192.52 (2.152.192.52.dyn.user.ono.com): 1 time
    14.169.160.175 (static.vnpt.vn): 1 time
    14.175.93.64 (static.vnpt.vn): 1 time
    24.135.251.21 (cable-24-135-251-21.dynamic.sbb.rs): 1 time
    27.61.140.15: 1 time
    27.78.103.132 (localhost): 1 time
    36.66.149.211: 1 time
    41.226.248.221: 1 time
    45.229.82.147 (45-229-82-147.techzone-provedor.net.br): 1 time
    45.234.214.176 (45.234.214.176.flashnet.com.br): 1 time
    46.101.1.198: 1 time
    46.164.155.9 (46-164-155-9.datagroup.ua): 1 time
    59.13.139.42: 1 time
    62.210.103.181 (62-210-103-181.rev.poneytelecom.eu): 31 times
    66.70.188.12 (vps.villagersgroup.com): 1 time
    77.102.18.150 (cpc125480-croy27-2-0-cust149.19-2.cable.virginm.net): 1 time
    79.195.96.194 (p4FC360C2.dip0.t-ipconnect.de): 1 time
    81.28.167.30: 1 time
    82.49.115.58: 2 times
    86.225.192.232 (lfbn-rei-1-233-232.w86-225.abo.wanadoo.fr): 4 times
    88.15.54.36 (36.red-88-15-54.dynamicip.rima-tde.net): 4 times
    91.132.172.87 (ptr.abcom.al): 1 time
    92.46.109.18: 1 time
    94.158.83.31: 1 time
    95.189.104.67 (xn--80apagqjddln9b0ga.xn--p1ai.104.189.95.in-addr.arpa): 1 time
    103.101.52.48 (48.52.101.103.in-addr.arpa.semarangkota.go.id): 1 time
    109.124.148.164 (h109-124-148-164.cust.a3fiber.se): 2 times
    110.44.121.14 (110-44-121-14.vianet.com.np): 1 time
    110.141.234.220 (cpe-110-141-234-220.static.vic.bigpond.net.au): 2 times
    112.140.185.64: 1 time
    112.186.77.86: 4 times
    112.186.77.98: 2 times
    112.220.24.131: 1 time
    115.73.215.96: 1 time
    116.74.25.161: 1 time
    118.163.178.146 (118-163-178-146.HINET-IP.hinet.net): 1 time
    120.29.75.11: 1 time
    120.194.119.173: 1 time
    121.141.5.199: 1 time
    121.190.197.205: 1 time
    122.51.23.79: 1 time
    123.30.154.184 (static.vnpt.vn): 1 time
    125.17.228.202: 8 times
    130.61.122.5: 1 time
    132.145.18.157: 1 time
    138.68.20.158: 1 time
    139.59.79.56: 1 time
    139.162.122.110 (scan-8.security.ipip.net): 1 time
    142.93.39.29: 1 time
    144.91.102.234 (vmi319677.contaboserver.net): 1 time
    149.90.131.111 (111.131.90.149.rev.vodafone.pt): 1 time
    151.236.171.185: 1 time
    159.65.149.131 (187449.cloudwaysapps.com): 1 time
    159.203.77.51: 1 time
    167.99.75.174: 1 time
    176.135.172.128 (176-135-172-128.abo.bbox.fr): 1 time
    178.128.158.113: 1 time
    182.73.222.70: 1 time
    190.19.76.184 (184-76-19-190.fibertel.com.ar): 1 time
    190.148.78.113 (113.78.148.190.static.intelnet.net.gt): 1 time
    196.203.31.154: 1 time
    197.51.57.197 (host-197.51.57.197.tedata.net): 1 time
    200.69.250.253 (customer-static-250-253.iplannetworks.net): 1 time
    212.115.245.182: 1 time
    213.194.129.153 (static.153.129.194.213.ibercom.com): 4 times
    217.35.75.193 (host217-35-75-193.in-addr.btopenworld.com): 1 time
    217.115.183.228 (relay.admhmao.ru): 1 time
    218.211.169.103 (218-211-169-103.ll.static.sparqnet.net): 1 time
    221.160.100.14: 1 time
    223.244.87.132: 1 time
 
 **Unmatched Entries**
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 8 time(s)
 error: Received disconnect from 141.98.10.39: 2: Handshake failed [preauth] : 4 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)