[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Feb 8 04:42:04 2020 Date Range Processed: yesterday ( 2020-Feb-07 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [1144:1140] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 45.79.89.50 Requests with error response codes 400 Bad Request mstshash=Administr: 5 Time(s) /: 4 Time(s) null: 2 Time(s) \x84\xB4,\x85\xAFn\xE3Y\xBBbhl\xFF(=':\xA9 ... B9\x90\x00(\xC0: 1 Time(s) 403 Forbidden /.git/config: 1 Time(s) /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s) /resolutionen/wise17/Zwangsexmatrikulation/: 1 Time(s) 404 Not Found /robots.txt: 44 Time(s) /berlin/apple-touch-icon.png: 6 Time(s) /verein/satzung/%7CSatzung: 2 Time(s) /wp-login.php: 2 Time(s) /reader/2016_SoSe_Konstanz_lang.pdf%7CLangversion: 1 Time(s) /reader/Sammlung_aller_Resolutionen.pdf: 1 Time(s) /reader/SoSe13_AK_MatheVorkurs.pdf: 1 Time(s) /reader/SoSe14_AK_Kommentierte_Studienordnungen.pdf: 1 Time(s) /reader/SoSe14_AK_Pr%C3%BCfungssystem_Sammlung.pdf: 1 Time(s) /reader/SoSe14_AK_Zivilklausel.pdf: 1 Time(s) /reader/SoSe15_AK_Studienf%C3%BChrer.pdf: 1 Time(s) /reader/WiSe14_AK_GO_und_Satzungs%C3%A4nderung.pdf: 1 Time(s) /reader/ZiP_Zivilklausel.pdf: 1 Time(s) /reader/commit/09360d9fceaee264132be600f2762d7b2827fd01: 1 Time(s) /reader/commit/82b5625412a9488dc60b801646d3cc89c9316610: 1 Time(s) /reader/commit/bc29b23744db65c1ce152b44c6d6b27a7e79fd5f: 1 Time(s) /reader/commit/da0fd0463ced8baff84cce5549ee7c76a5e7ca05: 1 Time(s) /reader/commit/f296a13ca2c01c535b80f726f1d0e62f3620d14e: 1 Time(s) /stapf: 1 Time(s) /verein%7CZaPF: 1 Time(s) /xmlrpc.php: 1 Time(s) /zapf/reader/%7CTagungsreader: 1 Time(s) /zapf/resolutionen/%7D%7Bwww.zapfev.de/zapf/resolutionen%7D: 1 Time(s) 499 (undefined) /build/MathJax/MathJax.js: 1 Time(s) /build/MathJax/config/TeX-AMS-MML_HTMLorMML.js: 1 Time(s) /build/index-styles-pack.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /build/index-styles.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /build/index.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /js/mathjax-config-extra.js: 1 Time(s) 500 Internal Server Error /: 82 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... ]=HelloThinkPHP: 1 Time(s) /robots.txt: 1 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (139.59.89.195): 58 Time(s) unknown (206.189.139.179): 58 Time(s) unknown (185.141.213.134): 56 Time(s) unknown (200.146.215.26): 56 Time(s) unknown (77.60.37.105): 56 Time(s) unknown (94-232-124-233.ip.airnet.lt): 56 Time(s) unknown (159.203.69.48): 55 Time(s) unknown (162.243.98.66): 55 Time(s) unknown (110.78.23.131): 54 Time(s) unknown (119.146.150.134): 54 Time(s) unknown (118.89.237.20): 53 Time(s) unknown (125.ip-51-89-151.eu): 53 Time(s) unknown (ns3074068.ip-37-187-101.eu): 53 Time(s) unknown (128.199.218.137): 52 Time(s) unknown (138.ip-51-79-84.net): 52 Time(s) unknown (188.128.39.127): 52 Time(s) unknown (188.213.175.92): 52 Time(s) unknown (39.ip-51-178-29.eu): 52 Time(s) unknown (45.10.1.186): 52 Time(s) unknown (89.46.86.65): 52 Time(s) unknown (ppp-129-68.grgrid.net): 52 Time(s) unknown (163.172.47.194): 51 Time(s) unknown (124.29.236.163): 49 Time(s) unknown (188.131.174.3): 49 Time(s) unknown (37.120.12.212): 49 Time(s) root (222.186.173.142): 48 Time(s) unknown (185.244.173.194): 48 Time(s) unknown (188.131.232.70): 48 Time(s) unknown (95.78.176.107): 48 Time(s) unknown (123.153.1.189): 46 Time(s) unknown (213.251.41.52): 46 Time(s) unknown (net-5-94-203-205.cust.vodafonedsl.it): 46 Time(s) unknown (42.123.99.67): 45 Time(s) unknown (87.ip-54-37-136.eu): 45 Time(s) unknown (104.248.181.156): 44 Time(s) unknown (14.63.167.192): 44 Time(s) unknown (159.89.115.126): 44 Time(s) unknown (182.61.176.45): 44 Time(s) unknown (113.118.15.226): 43 Time(s) unknown (121.11.109.194): 43 Time(s) unknown (199.192.105.249): 43 Time(s) unknown (223.111.144.155): 43 Time(s) unknown (203.229.206.22): 42 Time(s) unknown (59.45.99.99): 42 Time(s) unknown (128.199.145.205): 41 Time(s) unknown (46.172.71.49): 40 Time(s) unknown (182.61.105.127): 38 Time(s) unknown (120.201.125.191): 37 Time(s) root (222.186.175.183): 36 Time(s) unknown (121.178.212.67): 36 Time(s) root (222.186.180.9): 35 Time(s) unknown (202.104.31.42): 35 Time(s) unknown (230.ip-217-182-253.eu): 35 Time(s) unknown (101.71.2.164): 34 Time(s) unknown (180.179.48.101): 34 Time(s) unknown (106.13.230.219): 33 Time(s) unknown (182.214.170.72): 33 Time(s) unknown (182.61.136.53): 31 Time(s) root (222.186.175.151): 30 Time(s) unknown (122.165.187.114): 30 Time(s) unknown (159.65.144.64): 30 Time(s) unknown (188.166.23.215): 30 Time(s) unknown (69.17.153.139): 30 Time(s) root (112.85.42.172): 29 Time(s) root (222.186.175.150): 29 Time(s) root (222.186.175.216): 29 Time(s) unknown (30.ip-51-75-70.eu): 29 Time(s) root (222.186.180.17): 28 Time(s) unknown (148.70.180.217): 28 Time(s) unknown (201.247.45.117): 28 Time(s) unknown (216.80.26.83): 28 Time(s) unknown (host230.200-117-185.telecom.net.ar): 28 Time(s) unknown (ns3280070.ip-5-39-93.eu): 28 Time(s) unknown (118.25.196.31): 27 Time(s) unknown (121.200.61.37): 27 Time(s) unknown (191.179.173.245): 27 Time(s) unknown (203.95.212.41): 27 Time(s) root (222.186.175.140): 25 Time(s) unknown (181.164.77.63): 25 Time(s) root (112.85.42.176): 24 Time(s) root (218.92.0.165): 24 Time(s) root (222.186.173.238): 24 Time(s) root (222.186.175.181): 24 Time(s) root (222.186.175.217): 24 Time(s) root (222.186.190.92): 24 Time(s) unknown (157.245.61.195): 24 Time(s) unknown (23-112-140-33.lightspeed.mssnks.sbcglobal.net): 24 Time(s) root (222.186.175.154): 23 Time(s) root (222.186.173.226): 22 Time(s) root (222.186.175.182): 22 Time(s) root (222.186.175.215): 22 Time(s) unknown (101.231.126.114): 22 Time(s) unknown (106.12.176.188): 22 Time(s) unknown (80.211.237.180): 22 Time(s) unknown (121.134.159.21): 21 Time(s) unknown (pool-70-21-181-75.nwrk.east.verizon.net): 21 Time(s) unknown (5.ip-79-137-75.eu): 20 Time(s) unknown (112.196.96.36): 19 Time(s) unknown (118.25.195.244): 19 Time(s) root (112.85.42.181): 18 Time(s) root (218.92.0.179): 18 Time(s) root (222.186.169.194): 18 Time(s) root (222.186.173.154): 18 Time(s) root (222.186.173.180): 18 Time(s) root (222.186.180.223): 18 Time(s) root (222.186.180.41): 18 Time(s) root (222.186.180.6): 18 Time(s) unknown (45.55.177.230): 18 Time(s) root (222.186.175.169): 17 Time(s) unknown (106.13.81.18): 17 Time(s) unknown (123.206.45.16): 17 Time(s) unknown (225.ip-137-74-193.eu): 17 Time(s) root (112.85.42.178): 16 Time(s) root (222.186.173.215): 15 Time(s) unknown (59.21.227.206): 15 Time(s) unknown (106.13.23.105): 13 Time(s) root (112.85.42.174): 12 Time(s) root (112.85.42.180): 12 Time(s) root (218.92.0.148): 12 Time(s) root (218.92.0.178): 12 Time(s) root (222.186.173.183): 12 Time(s) root (222.186.175.167): 12 Time(s) root (222.186.180.8): 12 Time(s) root (49.88.112.55): 12 Time(s) root (49.88.112.62): 12 Time(s) root (61.177.172.128): 12 Time(s) unknown (106.13.26.62): 12 Time(s) unknown (109.202.17.37): 12 Time(s) unknown (139.199.34.54): 12 Time(s) root (112.85.42.182): 11 Time(s) root (222.186.175.202): 11 Time(s) unknown (104.248.114.67): 10 Time(s) unknown (198.red-88-26-231.staticip.rima-tde.net): 10 Time(s) unknown (178.128.121.188): 9 Time(s) unknown (178.128.226.52): 9 Time(s) unknown (198.144.190.209): 9 Time(s) unknown (49.233.165.151): 9 Time(s) unknown (52.191.189.131): 9 Time(s) unknown (81-174-8-105.v4.ngi.it): 9 Time(s) unknown (118.69.32.244): 8 Time(s) unknown (223.111.144.148): 7 Time(s) root (185.227.111.135): 6 Time(s) root (218.92.0.158): 6 Time(s) root (222.186.175.148): 6 Time(s) root (222.186.175.163): 6 Time(s) root (222.186.175.212): 6 Time(s) unknown (103.218.170.116): 6 Time(s) unknown (162.246.107.56): 6 Time(s) unknown (221.231.126.170): 6 Time(s) unknown (103.232.215.24): 5 Time(s) unknown (123.143.222.173): 5 Time(s) unknown (188.113.171.246): 5 Time(s) unknown (221.231.126.45): 5 Time(s) unknown (223.111.144.150): 5 Time(s) unknown (52.186.168.121): 5 Time(s) unknown (ip-148-72-207-248.ip.secureserver.net): 5 Time(s) unknown (106.54.184.153): 3 Time(s) unknown (116.230.48.59): 3 Time(s) unknown (13.92.189.179): 3 Time(s) unknown (159.65.81.187): 3 Time(s) unknown (180.87.34.76): 3 Time(s) unknown (catv-176-63-131-99.catv.broadband.hu): 3 Time(s) root (159.65.81.187): 2 Time(s) unknown (119.147.88.77): 2 Time(s) unknown (177.93.67.180): 2 Time(s) unknown (59.72.122.148): 2 Time(s) unknown (82-64-15-106.subs.proxad.net): 2 Time(s) unknown (94.231.68.222): 2 Time(s) root (123.16.109.55): 1 Time(s) root (180.87.34.76): 1 Time(s) root (190.237.52.233): 1 Time(s) root (ppp-141-101-1-72.wildpark.net): 1 Time(s) unknown (103.225.124.29): 1 Time(s) unknown (117.50.43.236): 1 Time(s) unknown (122.15.65.204): 1 Time(s) unknown (123.49.47.26): 1 Time(s) unknown (186-90-155-42.genericrev.cantv.net): 1 Time(s) unknown (196.27.127.61): 1 Time(s) unknown (218.70.174.23): 1 Time(s) unknown (223.111.144.152): 1 Time(s) unknown (36.73.191.194): 1 Time(s) unknown (41.79.199.20): 1 Time(s) unknown (52.172.131.106): 1 Time(s) unknown (77.47.20.215.dynamic.cablesurf.de): 1 Time(s) unknown (dev.sygec.mapgears.com): 1 Time(s) unknown (host-143-net-71-160-119.mobilinkinfinity.net.pk): 1 Time(s) unknown (host-89-238-5-94.smgr.pl): 1 Time(s) unknown (ip-103-14-71-217.static.vorco.net): 1 Time(s) Invalid Users: Unknown Account: 3517 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 4 Miscellaneous warnings 22.893K Bytes accepted 23,442 22.893K Bytes sent via SMTP 23,442 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 8 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 8 Total 4xx Rejects 100.00% ======== ================================================== 525 Connections 431 Connections lost (inbound) 525 Disconnections 1 Removed from queue 1 Sent via SMTP 9 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Network Read Write Errors: 1 Disconnecting after too many authentication failures for user: root : 149 Time(s) Failed logins from: 49.88.112.55: 12 times 49.88.112.62: 12 times 61.177.172.128: 12 times 112.85.42.172: 28 times 112.85.42.174: 12 times 112.85.42.176: 24 times 112.85.42.178: 16 times 112.85.42.180: 12 times 112.85.42.181: 18 times 112.85.42.182: 11 times 123.16.109.55 (static.vnpt.vn): 1 time 141.101.1.72 (ppp-141-101-1-72.wildpark.net): 1 time 159.65.81.187: 2 times 180.87.34.76: 1 time 185.227.111.135: 6 times 190.237.52.233: 1 time 218.92.0.148: 12 times 218.92.0.158: 6 times 218.92.0.165: 24 times 218.92.0.178: 12 times 218.92.0.179: 18 times 222.186.169.194: 19 times 222.186.173.142: 48 times 222.186.173.154: 18 times 222.186.173.180: 18 times 222.186.173.183: 12 times 222.186.173.215: 15 times 222.186.173.226: 22 times 222.186.173.238: 24 times 222.186.175.140: 25 times 222.186.175.148: 6 times 222.186.175.150: 29 times 222.186.175.151: 30 times 222.186.175.154: 23 times 222.186.175.163: 6 times 222.186.175.167: 12 times 222.186.175.169: 17 times 222.186.175.181: 24 times 222.186.175.182: 22 times 222.186.175.183: 36 times 222.186.175.202: 11 times 222.186.175.212: 6 times 222.186.175.215: 22 times 222.186.175.216: 29 times 222.186.175.217: 24 times 222.186.180.6: 18 times 222.186.180.8: 12 times 222.186.180.9: 35 times 222.186.180.17: 28 times 222.186.180.41: 18 times 222.186.180.223: 18 times 222.186.190.92: 24 times Illegal users from: undef: 3141 times 5.39.93.158 (ns3280070.ip-5-39-93.eu): 28 times 5.94.203.205 (net-5-94-203-205.cust.vodafonedsl.it): 46 times 13.92.189.179: 3 times 14.63.167.192: 44 times 23.112.140.33 (23-112-140-33.lightspeed.mssnks.sbcglobal.net): 24 times 36.73.191.194: 1 time 37.120.12.212 (cable-37-120-12-212.cust.telecolumbus.net): 49 times 37.187.101.60 (ns3074068.ip-37-187-101.eu): 53 times 41.79.199.20: 1 time 42.123.99.67: 45 times 45.10.1.186: 52 times 45.55.177.230: 18 times 46.172.71.49 (49.71.172.46): 40 times 49.233.165.151: 9 times 51.75.70.30 (30.ip-51-75-70.eu): 29 times 51.79.84.138 (138.ip-51-79-84.net): 52 times 51.89.151.125 (125.ip-51-89-151.eu): 53 times 51.178.29.39 (39.ip-51-178-29.eu): 52 times 52.172.131.106: 1 time 52.186.168.121: 5 times 52.191.189.131: 9 times 54.37.136.87 (87.ip-54-37-136.eu): 45 times 59.21.227.206: 15 times 59.45.99.99 (99.99.45.59.broad.yk.ln.dynamic.163data.com.cn): 42 times 59.72.122.148: 2 times 66.70.189.236 (dev.sygec.mapgears.com): 1 time 69.17.153.139 (unallocated-static.rogers.com): 30 times 70.21.181.75 (pool-70-21-181-75.nwrk.east.verizon.net): 21 times 77.47.20.215 (77.47.20.215.dynamic.cablesurf.de): 1 time 77.60.37.105 (static.kpn.net): 56 times 79.137.75.5 (5.ip-79-137-75.eu): 20 times 80.211.237.180 (host180-237-211-80.serverdedicati.aruba.it): 22 times 81.174.8.105 (81-174-8-105.v4.ngi.it): 9 times 82.64.15.106 (82-64-15-106.subs.proxad.net): 2 times 88.26.231.198 (198.red-88-26-231.staticip.rima-tde.net): 10 times 89.46.86.65: 52 times 89.238.5.94 (host-89-238-5-94.smgr.pl): 1 time 94.231.68.222 (pppoe.lvivlan.net.ua): 2 times 94.232.124.233 (94-232-124-233.ip.airnet.lt): 56 times 95.78.176.107 (95x78x176x107.static-business.chel.ertelecom.ru): 48 times 101.71.2.164: 34 times 101.231.126.114: 22 times 103.14.71.217 (ip-103-14-71-217.static.vorco.net): 1 time 103.218.170.116: 6 times 103.225.124.29: 1 time 103.232.215.24: 5 times 104.248.114.67: 10 times 104.248.181.156: 44 times 106.12.176.188: 22 times 106.13.23.105: 13 times 106.13.26.62: 12 times 106.13.81.18: 17 times 106.13.230.219: 33 times 106.54.184.153: 3 times 109.202.17.37 (corp.gigansk.ru): 12 times 110.78.23.131: 54 times 112.196.96.36: 19 times 113.118.15.226: 43 times 116.230.48.59: 3 times 117.50.43.236: 1 time 118.25.195.244: 19 times 118.25.196.31: 27 times 118.69.32.244: 8 times 118.89.237.20: 53 times 119.146.150.134: 54 times 119.147.88.77: 2 times 119.160.71.143 (host-143-net-71-160-119.mobilinkinfinity.net.pk): 1 time 120.201.125.191: 37 times 121.11.109.194: 43 times 121.134.159.21: 21 times 121.178.212.67: 36 times 121.200.61.37 (nmail.naztech.us.com): 27 times 122.15.65.204: 1 time 122.165.187.114 (abts-tn-static-114.187.165.122.airtelbroadband.in): 30 times 123.49.47.26: 1 time 123.143.222.173: 5 times 123.153.1.189: 46 times 123.206.45.16: 17 times 124.29.236.163: 49 times 128.199.145.205: 41 times 128.199.218.137: 52 times 137.74.193.225 (225.ip-137-74-193.eu): 17 times 139.59.89.195: 58 times 139.199.34.54: 12 times 148.70.180.217: 28 times 148.72.207.248 (ip-148-72-207-248.ip.secureserver.net): 5 times 157.245.61.195: 24 times 159.65.81.187: 3 times 159.65.144.64: 30 times 159.89.115.126: 44 times 159.203.69.48: 55 times 162.243.98.66: 55 times 162.246.107.56: 6 times 163.172.47.194 (163-172-47-194.rev.poneytelecom.eu): 51 times 176.63.131.99 (catv-176-63-131-99.catv.broadband.hu): 3 times 177.93.67.180 (max-tdma-177-93-67-180.yune.com.br): 2 times 178.128.121.188: 9 times 178.128.226.52: 9 times 180.87.34.76: 3 times 180.179.48.101: 34 times 181.164.77.63 (63-77-164-181.fibertel.com.ar): 25 times 182.61.105.127: 38 times 182.61.136.53: 31 times 182.61.176.45: 44 times 182.214.170.72: 33 times 185.141.213.134: 56 times 185.244.173.194 (rusdts.ru): 48 times 186.90.155.42 (186-90-155-42.genericrev.cantv.net): 1 time 188.113.171.246 (ip-188-113-171-246.z43.ysk.scts.tv): 5 times 188.128.39.127: 52 times 188.131.174.3: 49 times 188.131.232.70: 48 times 188.166.23.215: 30 times 188.213.175.92 (host92-175-213-188.serverdedicati.aruba.it): 52 times 191.179.173.245 (bfb3adf5.virtua.com.br): 27 times 196.27.127.61 (300080-host.customer.zol.co.zw): 1 time 198.144.190.209 (198-144-190-209-host.colocrossing.com): 9 times 199.192.105.249: 43 times 200.117.185.230 (host230.200-117-185.telecom.net.ar): 28 times 200.146.215.26 (200-146-215-026.static.ctbctelecom.com.br): 56 times 201.247.45.117: 28 times 202.104.31.42: 35 times 202.124.129.68 (ppp-129-68.grgrid.net): 52 times 203.95.212.41: 27 times 203.229.206.22: 42 times 206.189.139.179: 58 times 213.251.41.52: 46 times 216.80.26.83 (216-80-26-83.s5969.c3-0.stk-ubr2.chi-stk.il.cable.rcncustomer.com): 28 times 217.182.253.230 (230.ip-217-182-253.eu): 35 times 218.70.174.23: 1 time 221.231.126.45: 5 times 221.231.126.170: 6 times 223.111.144.148 (promote.cache-dns.local): 7 times 223.111.144.150 (promote.cache-dns.local): 5 times 223.111.144.152 (promote.cache-dns.local): 1 time 223.111.144.155 (promote.cache-dns.local): 43 times **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 3 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################