[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Oct 10 04:42:06 2019 Date Range Processed: yesterday ( 2019-Oct-09 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [295:291] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 61.219.11.153 Requests with error response codes 400 Bad Request mstshash=Administr: 4 Time(s) null: 4 Time(s) ../../mnt/custom/ProductDefinition: 1 Time(s) /: 1 Time(s) /robots.txt: 1 Time(s) 404 Not Found /robots.txt: 41 Time(s) /berlin/apple-touch-icon.png: 6 Time(s) /wp-login.php: 2 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) 500 Internal Server Error /: 60 Time(s) /81.169.150.252/_/: 1 Time(s) /cgi-bin/config.exp: 1 Time(s) /default: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (200.149.231.50): 100 Time(s) root (49.235.35.12): 99 Time(s) root (171.221.217.145): 98 Time(s) root (komutodev.aptmi.com): 94 Time(s) root (221.224.194.83): 92 Time(s) root (128.199.235.18): 89 Time(s) root (142.93.163.125): 89 Time(s) root (151.80.254.78): 76 Time(s) root (182.61.175.71): 74 Time(s) root (202.131.126.142): 73 Time(s) root (68.183.110.49): 73 Time(s) root (57-160-94-138.turbonetburitis.com.br): 68 Time(s) root (138.197.152.113): 67 Time(s) root (61.161.125.1): 66 Time(s) root (l37-195-105-57.novotelecom.ru): 66 Time(s) root (125.162.37.129): 63 Time(s) root (129.28.142.81): 62 Time(s) root (59.108.143.83): 60 Time(s) root (92.188.124.228): 55 Time(s) unknown (219.93.20.155): 54 Time(s) unknown (106.12.90.45): 52 Time(s) root (117.139.166.203): 50 Time(s) root (202.127.26.219): 46 Time(s) unknown (c-69-245-220-97.hsd1.il.comcast.net): 44 Time(s) root (118.24.121.240): 42 Time(s) unknown (115.68.77.68): 42 Time(s) root (103.85.4.2): 41 Time(s) unknown (190.186.170.83): 41 Time(s) unknown (95-105-237-69.dynamic.orange.sk): 41 Time(s) unknown (185.187.74.235): 39 Time(s) root (106.12.74.238): 38 Time(s) unknown (103.85.4.2): 38 Time(s) unknown (134.175.189.153): 38 Time(s) unknown (181.49.153.74): 38 Time(s) root (106.12.80.204): 37 Time(s) root (185.187.74.235): 37 Time(s) root (157.230.113.218): 36 Time(s) root (95-105-237-69.dynamic.orange.sk): 35 Time(s) unknown (106.12.80.204): 35 Time(s) unknown (46.101.43.224): 34 Time(s) unknown (213.128.67.212): 33 Time(s) root (182.73.123.118): 32 Time(s) root (c-69-245-220-97.hsd1.il.comcast.net): 32 Time(s) unknown (157.230.113.218): 32 Time(s) root (115.68.77.68): 31 Time(s) unknown (128.199.212.82): 31 Time(s) unknown (92.188.124.228): 31 Time(s) root (114.67.98.243): 30 Time(s) root (46.101.43.224): 29 Time(s) unknown (202.127.26.219): 29 Time(s) root (27.254.130.69): 28 Time(s) root (ns3262586.ip-5-39-77.eu): 28 Time(s) unknown (118.24.121.240): 28 Time(s) root (128.199.212.82): 26 Time(s) unknown (129.28.142.81): 25 Time(s) root (50-250-231-41-static.hfc.comcastbusiness.net): 24 Time(s) unknown (125.162.37.129): 24 Time(s) root (111.43.70.254): 22 Time(s) root (ns3055979.ip-193-70-8.eu): 22 Time(s) root (ns329837.ip-37-187-117.eu): 22 Time(s) unknown (173.239.37.159): 22 Time(s) unknown (197.248.205.53): 22 Time(s) unknown (l37-195-105-57.novotelecom.ru): 21 Time(s) unknown (138.197.152.113): 20 Time(s) root (134.175.189.153): 19 Time(s) root (89.216.47.154): 19 Time(s) unknown (202.131.126.142): 19 Time(s) unknown (68.183.110.49): 19 Time(s) root (197.248.205.53): 18 Time(s) unknown (61.161.125.1): 18 Time(s) root (123.30.174.85): 17 Time(s) root (178.128.202.35): 16 Time(s) root (211-75-136-208.hinet-ip.hinet.net): 16 Time(s) unknown (na-172-242.static.avantel.net.mx): 16 Time(s) root (106.12.90.45): 15 Time(s) root (110.47.218.84): 15 Time(s) unknown (151.80.254.78): 15 Time(s) unknown (59.108.143.83): 15 Time(s) unknown (106.12.74.238): 14 Time(s) unknown (27.254.130.69): 14 Time(s) unknown (ns329837.ip-37-187-117.eu): 14 Time(s) root (181.49.153.74): 13 Time(s) unknown (129.204.77.45): 12 Time(s) unknown (190.113.142.197): 12 Time(s) root (219.93.20.155): 11 Time(s) unknown (182.73.123.118): 11 Time(s) unknown (ns3055979.ip-193-70-8.eu): 11 Time(s) root (45.55.224.209): 10 Time(s) root (186.153.138.2): 9 Time(s) unknown (117.139.166.203): 9 Time(s) root (118.69.32.167): 8 Time(s) root (190.186.170.83): 8 Time(s) unknown (128.199.235.18): 8 Time(s) unknown (142.93.163.125): 8 Time(s) unknown (183.146.209.68): 8 Time(s) root (na-172-242.static.avantel.net.mx): 7 Time(s) root (102.152.33.164): 6 Time(s) root (112.85.42.180): 6 Time(s) unknown (118.69.32.167): 6 Time(s) unknown (182.61.175.71): 6 Time(s) unknown (211-75-136-208.hinet-ip.hinet.net): 6 Time(s) unknown (ns3262586.ip-5-39-77.eu): 6 Time(s) root (li1364-67.members.linode.com): 5 Time(s) unknown (komutodev.aptmi.com): 5 Time(s) root (203.121.116.11): 4 Time(s) root (129.204.77.45): 3 Time(s) root (173.239.37.159): 3 Time(s) root (213.128.67.212): 3 Time(s) unknown (116.110.117.42): 3 Time(s) unknown (171.235.84.8): 3 Time(s) unknown (183.191.179.151): 3 Time(s) unknown (193.32.163.182): 3 Time(s) unknown (80.82.64.125): 3 Time(s) unknown (ool-2f168252.static.optonline.net): 3 Time(s) root (195.223.59.201): 2 Time(s) root (51.254.248.18): 2 Time(s) unknown (123.30.174.85): 2 Time(s) unknown (142.93.39.29): 2 Time(s) unknown (36.66.149.211): 2 Time(s) unknown (49.235.35.12): 2 Time(s) unknown (s70.metronv.ru): 2 Time(s) mysql (181.63.245.127): 1 Time(s) mysql (198.199.107.41): 1 Time(s) root (103.101.52.48): 1 Time(s) root (109.110.52.77): 1 Time(s) root (110.164.205.133): 1 Time(s) root (139.59.180.53): 1 Time(s) root (139.59.78.236): 1 Time(s) root (159.224.194.240): 1 Time(s) root (183.146.209.68): 1 Time(s) root (185.211.245.202): 1 Time(s) root (190.113.142.197): 1 Time(s) root (195.29.105.125): 1 Time(s) root (221.162.255.82): 1 Time(s) root (223.197.175.171): 1 Time(s) root (45.114.244.56): 1 Time(s) root (45.55.210.248): 1 Time(s) root (5751a94a.skybroadband.com): 1 Time(s) root (80.82.64.125): 1 Time(s) root (kch-106-33.tm.net.my): 1 Time(s) root (ns3045583.ip-46-105-122.eu): 1 Time(s) unknown (111.85.11.22): 1 Time(s) unknown (113.190.145.250): 1 Time(s) unknown (121.141.5.199): 1 Time(s) unknown (124.133.246.162): 1 Time(s) unknown (128.106.195.126): 1 Time(s) unknown (139.59.180.53): 1 Time(s) unknown (142.93.81.77): 1 Time(s) unknown (159.203.77.51): 1 Time(s) unknown (159.65.149.131): 1 Time(s) unknown (189.10.195.130): 1 Time(s) unknown (190.85.203.254): 1 Time(s) unknown (196.32.194.90): 1 Time(s) unknown (206.189.137.113): 1 Time(s) unknown (210.183.236.30): 1 Time(s) unknown (221.162.255.82): 1 Time(s) unknown (37.139.13.105): 1 Time(s) unknown (43.252.36.98): 1 Time(s) unknown (45.182.159.193): 1 Time(s) unknown (54.ip-51-68-230.eu): 1 Time(s) unknown (58.215.12.226): 1 Time(s) unknown (59.25.197.150): 1 Time(s) unknown (8.81.69.111.dynamic.snap.net.nz): 1 Time(s) unknown (83.25.25.222.ipv4.supernova.orange.pl): 1 Time(s) unknown (89-71-114-153.dynamic.chello.pl): 1 Time(s) unknown (92.63.194.26): 1 Time(s) unknown (96.57.82.166): 1 Time(s) unknown (bfay1.pndsl.co.uk): 1 Time(s) unknown (host81-149-211-134.in-addr.btopenworld.com): 1 Time(s) unknown (kch-106-33.tm.net.my): 1 Time(s) unknown (s.nixc.us): 1 Time(s) Invalid Users: Unknown Account: 1124 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 25 Miscellaneous warnings 19.687K Bytes accepted 20,159 19.687K Bytes sent via SMTP 20,159 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 62 Connections 49 Connections lost (inbound) 62 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 5.39.77.117 (ns3262586.ip-5-39-77.eu): 28 times 27.254.130.69: 28 times 37.187.117.187 (ns329837.ip-37-187-117.eu): 22 times 37.195.105.57 (l37-195-105-57.novotelecom.ru): 66 times 45.55.210.248: 1 time 45.55.224.209: 10 times 45.114.244.56: 1 time 46.101.43.224: 29 times 46.105.122.62 (ns3045583.ip-46-105-122.eu): 1 time 49.235.35.12: 99 times 50.250.231.41 (50-250-231-41-static.hfc.comcastbusiness.net): 24 times 51.254.248.18: 2 times 59.108.143.83: 60 times 61.161.125.1: 66 times 68.183.110.49: 73 times 69.245.220.97 (c-69-245-220-97.hsd1.il.comcast.net): 32 times 80.82.64.125: 1 time 87.81.169.74 (5751a94a.skybroadband.com): 1 time 89.216.47.154: 19 times 92.188.124.228 (228.124.188.92.dynamic.ftth.abo.nordnet.fr): 55 times 95.105.237.69 (95-105-237-69.dynamic.orange.sk): 35 times 102.152.33.164: 6 times 103.85.4.2: 41 times 103.101.52.48 (48.52.101.103.in-addr.arpa.semarangkota.go.id): 1 time 106.12.74.238: 38 times 106.12.80.204: 37 times 106.12.90.45: 15 times 109.110.52.77: 1 time 110.47.218.84: 15 times 110.164.205.133 (mx-ll-110.164.205-133.static.3bb.co.th): 1 time 111.43.70.254: 22 times 112.85.42.180: 6 times 114.67.98.243: 30 times 115.68.77.68: 31 times 117.139.166.203: 50 times 118.24.121.240: 42 times 118.69.32.167: 8 times 123.30.174.85 (static.vnpt.vn): 17 times 125.162.37.129 (129.subnet125-162-37.speedy.telkom.net.id): 63 times 128.199.212.82 (94123-73017.cloudwaysapps.com): 26 times 128.199.235.18: 89 times 129.28.142.81: 62 times 129.204.77.45: 3 times 134.175.189.153: 19 times 138.94.160.57 (57-160-94-138.turbonetburitis.com.br): 68 times 138.197.152.113: 67 times 139.59.78.236: 1 time 139.59.180.53: 1 time 139.162.201.67 (li1364-67.members.linode.com): 5 times 142.93.163.125: 89 times 148.245.172.242 (na-172-242.static.avantel.net.mx): 7 times 151.80.254.78: 76 times 157.230.113.218: 36 times 159.224.194.240 (240.194.224.159.triolan.net): 1 time 171.221.217.145: 98 times 173.239.37.159: 3 times 178.128.202.35: 16 times 181.49.153.74: 13 times 181.63.245.127 (static-ip-cr18163245127.cable.net.co): 1 time 182.61.175.71: 74 times 182.73.123.118: 32 times 183.146.209.68: 1 time 185.187.74.235: 37 times 185.211.245.202 (ping.diverseenvironment.com): 1 time 186.153.138.2 (host2.186-153-138.telecom.net.ar): 9 times 188.166.246.46 (komutodev.aptmi.com): 94 times 190.113.142.197 (190-113-142-197.supercanal.com.ar): 1 time 190.186.170.83 (static-ip-adsl-190.186.170.83.cotas.com.bo): 8 times 193.70.8.163 (ns3055979.ip-193-70-8.eu): 22 times 195.29.105.125: 1 time 195.223.59.201: 2 times 197.248.205.53 (197-248-205-53.safaricombusiness.co.ke): 18 times 198.199.107.41: 1 time 200.149.231.50: 100 times 202.127.26.219: 46 times 202.131.126.142: 73 times 203.121.116.11: 4 times 211.75.136.208 (211-75-136-208.HINET-IP.hinet.net): 16 times 213.128.67.212 (server-213.128.67.212.as42926.net): 3 times 219.93.20.155: 11 times 219.93.106.33 (kch-106-33.tm.net.my): 1 time 221.162.255.82: 1 time 221.224.194.83: 92 times 223.197.175.171 (223-197-175-171.static.imsbiz.com): 1 time Illegal users from: undef: 931 times 5.39.77.117 (ns3262586.ip-5-39-77.eu): 6 times 5.39.85.175 (s.nixc.us): 1 time 27.254.130.69: 14 times 36.66.149.211: 2 times 37.139.13.105: 1 time 37.187.117.187 (ns329837.ip-37-187-117.eu): 14 times 37.195.105.57 (l37-195-105-57.novotelecom.ru): 21 times 43.252.36.98 (snugglation.com): 1 time 45.182.159.193 (45-182-159-193.biosnet.com.br): 1 time 46.101.43.224: 34 times 47.22.130.82 (ool-2f168252.static.optonline.net): 3 times 49.235.35.12: 2 times 51.68.230.54 (54.ip-51-68-230.eu): 1 time 58.215.12.226: 1 time 59.25.197.150: 1 time 59.108.143.83: 15 times 61.161.125.1: 18 times 68.183.110.49: 19 times 69.245.220.97 (c-69-245-220-97.hsd1.il.comcast.net): 44 times 80.82.64.125: 3 times 80.229.253.212 (bfay1.pndsl.co.uk): 1 time 81.139.60.251: 1 time 81.149.211.134 (host81-149-211-134.in-addr.btopenworld.com): 1 time 83.25.25.222 (83.25.25.222.ipv4.supernova.orange.pl): 1 time 89.71.114.153 (89-71-114-153.dynamic.chello.pl): 1 time 92.63.194.26: 1 time 92.188.124.228 (228.124.188.92.dynamic.ftth.abo.nordnet.fr): 31 times 95.105.237.69 (95-105-237-69.dynamic.orange.sk): 41 times 96.57.82.166 (ool-603952a6.static.optonline.net): 1 time 103.85.4.2: 38 times 106.12.74.238: 14 times 106.12.80.204: 35 times 106.12.90.45: 52 times 111.69.81.8 (8.81.69.111.dynamic.snap.net.nz): 1 time 111.85.11.22: 1 time 113.190.145.250 (static.vnpt.vn): 1 time 115.68.77.68: 42 times 116.110.117.42: 3 times 117.139.166.203: 9 times 118.24.121.240: 28 times 118.69.32.167: 6 times 121.141.5.199: 1 time 123.30.174.85 (static.vnpt.vn): 2 times 124.133.246.162: 1 time 125.162.37.129 (129.subnet125-162-37.speedy.telkom.net.id): 24 times 128.106.195.126 (bb128-106-195-126.singnet.com.sg): 1 time 128.199.212.82 (94123-73017.cloudwaysapps.com): 31 times 128.199.235.18: 8 times 129.28.142.81: 25 times 129.204.77.45: 12 times 134.175.189.153: 38 times 138.197.152.113: 20 times 139.59.180.53: 1 time 142.93.39.29: 2 times 142.93.81.77: 1 time 142.93.163.125: 8 times 148.245.172.242 (na-172-242.static.avantel.net.mx): 16 times 151.80.254.78: 15 times 157.230.113.218: 32 times 159.65.149.131 (187449.cloudwaysapps.com): 1 time 159.203.77.51: 1 time 171.235.84.8 (dynamic-ip-adsl.viettel.vn): 3 times 173.239.37.159: 22 times 178.208.255.70 (s70.metronv.ru): 2 times 181.49.153.74: 38 times 182.61.175.71: 6 times 182.73.123.118: 11 times 183.146.209.68: 8 times 183.191.179.151 (151.179.191.183.adsl-pool.sx.cn): 3 times 185.187.74.235: 39 times 188.166.246.46 (komutodev.aptmi.com): 5 times 189.10.195.130 (189-10-195.smace300.ipd.brasiltelecom.net.br): 1 time 190.85.203.254: 1 time 190.113.142.197 (190-113-142-197.supercanal.com.ar): 12 times 190.186.170.83 (static-ip-adsl-190.186.170.83.cotas.com.bo): 41 times 193.32.163.182 (hosting-by.cloud-home.me): 3 times 193.70.8.163 (ns3055979.ip-193-70-8.eu): 11 times 196.32.194.90: 1 time 197.248.205.53 (197-248-205-53.safaricombusiness.co.ke): 22 times 202.127.26.219: 29 times 202.131.126.142: 19 times 206.189.137.113: 1 time 210.183.236.30: 1 time 211.75.136.208 (211-75-136-208.HINET-IP.hinet.net): 6 times 213.128.67.212 (server-213.128.67.212.as42926.net): 33 times 219.93.20.155: 54 times 219.93.106.33 (kch-106-33.tm.net.my): 1 time 221.162.255.82: 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 3 time(s) fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 7 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################