[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri May 31 04:42:08 2019 Date Range Processed: yesterday ( 2019-May-30 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [579:581] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 2 sites probed the server 183.129.160.229 61.219.11.153 Requests with error response codes 400 Bad Request mstshash=Administr: 4 Time(s) null: 3 Time(s) /: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) mstshash=Test: 2 Time(s) http://110.249.212.46/testget?q=23333&port=80: 1 Time(s) 404 Not Found /robots.txt: 36 Time(s) /berlin/apple-touch-icon.png: 6 Time(s) /wp-content/plugins/easyrotator-for-wordpress/prv8.php: 2 Time(s) /home/zapf: 1 Time(s) /reader/2016_sose_konstanz_lang.pdf: 1 Time(s) /resolutionen/sose15/Netzneutralitaet_in_U ... %A4tsnetzen.pdf: 1 Time(s) /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 1 Time(s) /resolutionen/wise15/Gefl%C3%83%C2%BCchtet ... efluechtete.pdf: 1 Time(s) /sites/all/libraries/elfinder/connectors/php/connector.php: 1 Time(s) /sites/all/libraries/elfinder/elfinder.html: 1 Time(s) /sites/all/libraries/elfinder/src/connecto ... p/connector.php: 1 Time(s) /sites/all/libraries/plupload/examples/upload.php: 1 Time(s) /sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s) /sites/default/files/2011_WiSe_Bonn.pdf: 1 Time(s) /wp-login.php: 1 Time(s) 500 Internal Server Error /: 10 Time(s) /api/v1/pods: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (66.49.84.65.nw.nuvox.net): 86 Time(s) unknown (95.ip-51-77-147.eu): 62 Time(s) unknown (149.225.148.77.rev.sfr.net): 61 Time(s) unknown (152.136.34.52): 61 Time(s) unknown (222.212.136.215): 61 Time(s) unknown (182.253.1.213): 60 Time(s) unknown (116.196.104.100): 55 Time(s) unknown (117.131.51.157): 54 Time(s) unknown (178.32.47.97): 52 Time(s) unknown (106.251.169.200): 51 Time(s) unknown (159.89.132.190): 51 Time(s) unknown (222.128.9.20): 51 Time(s) unknown (39.ip-164-132-46.eu): 51 Time(s) unknown (cyp-consultores.cl): 51 Time(s) unknown (103.36.84.180): 50 Time(s) unknown (130.ip-54-37-19.eu): 50 Time(s) unknown (157.230.153.75): 49 Time(s) unknown (188.131.134.157): 49 Time(s) unknown (204.48.31.143): 49 Time(s) unknown (80.211.7.198): 49 Time(s) unknown (ip5f5b084b.dynamic.kabel-deutschland.de): 49 Time(s) unknown (v22018107104875398.bestsrv.de): 49 Time(s) unknown (142.93.198.48): 48 Time(s) unknown (152.136.72.17): 48 Time(s) unknown (254.ip-51-75-27.eu): 48 Time(s) unknown (104.248.87.201): 44 Time(s) unknown (106.74.78.227): 44 Time(s) unknown (79.2.22.244): 44 Time(s) unknown (167.99.235.251): 43 Time(s) unknown (ns356732.ip-91-121-142.eu): 43 Time(s) unknown (128.199.178.188): 39 Time(s) unknown (112.196.54.138): 37 Time(s) unknown (212.64.44.165): 32 Time(s) unknown (129.122.16.156): 26 Time(s) unknown (cpe-74-73-145-47.nyc.res.rr.com): 19 Time(s) unknown (111.221.241.112): 17 Time(s) unknown (104-189-118-224.lightspeed.rcsntx.sbcglobal.net): 14 Time(s) unknown (118.144.139.216): 14 Time(s) unknown (178.128.107.61): 13 Time(s) unknown (67.205.142.246): 12 Time(s) unknown (ppp91-122-14-178.pppoe.avangarddsl.ru): 10 Time(s) unknown (68.183.84.15): 9 Time(s) unknown (pc-72-6-104-200.cm.vtr.net): 9 Time(s) root (183.105.56.37): 6 Time(s) root (pool-96-234-157-38.bltmmd.fios.verizon.net): 6 Time(s) root (ppp-58-8-255-177.revip2.asianet.co.th): 6 Time(s) unknown (185.10.63.224): 6 Time(s) unknown (70.ip-79-137-35.eu): 6 Time(s) unknown (182.254.146.167): 5 Time(s) unknown (142.93.171.138): 4 Time(s) unknown (159.89.28.170): 4 Time(s) unknown (111.93.235.78): 3 Time(s) unknown (189.62.104.121): 3 Time(s) postfix (254.ip-51-75-27.eu): 2 Time(s) postgres (157.230.153.75): 2 Time(s) temp (95.ip-51-77-147.eu): 2 Time(s) backup (80.211.7.198): 1 Time(s) backup (ns356732.ip-91-121-142.eu): 1 Time(s) games (149.225.148.77.rev.sfr.net): 1 Time(s) games (167.99.235.251): 1 Time(s) games (95.ip-51-77-147.eu): 1 Time(s) games (cyp-consultores.cl): 1 Time(s) games (v22018107104875398.bestsrv.de): 1 Time(s) irc (254.ip-51-75-27.eu): 1 Time(s) irc (67.205.142.246): 1 Time(s) list (117.131.51.157): 1 Time(s) list (157.230.153.75): 1 Time(s) list (95.ip-51-77-147.eu): 1 Time(s) lp (130.ip-54-37-19.eu): 1 Time(s) lp (79.2.22.244): 1 Time(s) lp (ip5f5b084b.dynamic.kabel-deutschland.de): 1 Time(s) mail (104.248.87.201): 1 Time(s) mail (182.253.1.213): 1 Time(s) mail (ip5f5b084b.dynamic.kabel-deutschland.de): 1 Time(s) mailman (111.221.241.112): 1 Time(s) man (188.131.134.157): 1 Time(s) man (ip5f5b084b.dynamic.kabel-deutschland.de): 1 Time(s) man (v22018107104875398.bestsrv.de): 1 Time(s) mysql (117.131.51.157): 1 Time(s) mysql (152.136.72.17): 1 Time(s) mysql (v22018107104875398.bestsrv.de): 1 Time(s) news (142.93.198.48): 1 Time(s) news (182.253.1.213): 1 Time(s) news (95.ip-51-77-147.eu): 1 Time(s) nobody (188.131.134.157): 1 Time(s) nobody (204.48.31.143): 1 Time(s) nobody (254.ip-51-75-27.eu): 1 Time(s) nobody (79.2.22.244): 1 Time(s) postfix (106.251.169.200): 1 Time(s) postfix (178.128.107.61): 1 Time(s) postfix (182.253.1.213): 1 Time(s) postfix (66.49.84.65.nw.nuvox.net): 1 Time(s) postgres (118.144.139.216): 1 Time(s) postgres (152.136.34.52): 1 Time(s) postgres (222.212.136.215): 1 Time(s) postgres (66.49.84.65.nw.nuvox.net): 1 Time(s) postgres (80.211.7.198): 1 Time(s) postgres (cyp-consultores.cl): 1 Time(s) proxy (116.196.104.100): 1 Time(s) proxy (130.ip-54-37-19.eu): 1 Time(s) proxy (222.128.9.20): 1 Time(s) proxy (254.ip-51-75-27.eu): 1 Time(s) proxy (80.211.7.198): 1 Time(s) proxy (95.ip-51-77-147.eu): 1 Time(s) root (112.196.54.138): 1 Time(s) root (37.10.112.66): 1 Time(s) smmsp (103.36.84.180): 1 Time(s) smmsp (129.122.16.156): 1 Time(s) sshd (116.196.104.100): 1 Time(s) sshd (128.199.178.188): 1 Time(s) sshd (188.131.134.157): 1 Time(s) sync (104-189-118-224.lightspeed.rcsntx.sbcglobal.net): 1 Time(s) sync (117.131.51.157): 1 Time(s) sync (66.49.84.65.nw.nuvox.net): 1 Time(s) temp (103.36.84.180): 1 Time(s) temp (116.196.104.100): 1 Time(s) temp (129.122.16.156): 1 Time(s) temp (149.225.148.77.rev.sfr.net): 1 Time(s) temp (182.253.1.213): 1 Time(s) unknown (118.144.139.214): 1 Time(s) unknown (160.198.108.93.rev.vodafone.pt): 1 Time(s) unknown (178.19.106.108): 1 Time(s) unknown (182.61.177.66): 1 Time(s) unknown (193.32.163.89): 1 Time(s) unknown (31.162.255.194): 1 Time(s) unknown (37.114.190.53): 1 Time(s) unknown (78-21-57-20.access.telenet.be): 1 Time(s) unknown (host-109-88-29-58.dynamic.voo.be): 1 Time(s) unknown (ip-176-199-254-116.hsi06.unitymediagroup.de): 1 Time(s) unknown (officialgalaxy.com): 1 Time(s) uucp (103.36.84.180): 1 Time(s) uucp (204.48.31.143): 1 Time(s) uucp (222.212.136.215): 1 Time(s) www-data (103.36.84.180): 1 Time(s) www-data (66.49.84.65.nw.nuvox.net): 1 Time(s) Invalid Users: Unknown Account: 1856 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 5 Miscellaneous warnings 16.795K Bytes accepted 17,198 16.795K Bytes sent via SMTP 17,198 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 182 Connections 149 Connections lost (inbound) 182 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 3 Time(s) Failed logins from: 37.10.112.66: 1 time 45.7.229.226 (cyp-consultores.cl): 2 times 51.75.27.254 (254.ip-51-75-27.eu): 5 times 51.77.147.95 (95.ip-51-77-147.eu): 6 times 54.37.19.130 (130.ip-54-37-19.eu): 2 times 58.8.255.177 (ppp-58-8-255-177.revip2.asianet.co.th): 6 times 66.49.84.65 (66.49.84.65.nw.nuvox.net): 4 times 67.205.142.246: 1 time 77.148.225.149 (149.225.148.77.rev.sfr.net): 2 times 79.2.22.244: 2 times 80.211.7.198 (mail.growthbiz.pl): 3 times 91.121.142.225 (ns356732.ip-91-121-142.eu): 1 time 94.16.119.194 (v22018107104875398.bestsrv.de): 3 times 95.91.8.75 (ip5f5b084b.dynamic.kabel-deutschland.de): 3 times 96.234.157.38 (pool-96-234-157-38.bltmmd.fios.verizon.net): 6 times 103.36.84.180: 4 times 104.189.118.224 (104-189-118-224.lightspeed.rcsntx.sbcglobal.net): 1 time 104.248.87.201: 1 time 106.251.169.200: 1 time 111.221.241.112: 1 time 112.196.54.138: 1 time 116.196.104.100: 3 times 117.131.51.157 (.): 3 times 118.144.139.216: 1 time 128.199.178.188: 1 time 129.122.16.156: 2 times 142.93.198.48: 1 time 152.136.34.52: 1 time 152.136.72.17: 1 time 157.230.153.75: 3 times 167.99.235.251 (new-luncheon.com): 1 time 178.128.107.61: 1 time 182.253.1.213: 4 times 183.105.56.37: 6 times 188.131.134.157: 3 times 204.48.31.143: 2 times 222.128.9.20: 1 time 222.212.136.215 (215.136.212.222.broad.cd.sc.dynamic.163data.com.cn): 2 times Illegal users from: undef: 1312 times 31.162.255.194: 1 time 37.114.190.53: 1 time 45.7.229.226 (cyp-consultores.cl): 51 times 51.75.27.254 (254.ip-51-75-27.eu): 48 times 51.77.147.95 (95.ip-51-77-147.eu): 62 times 54.37.19.130 (130.ip-54-37-19.eu): 50 times 66.49.84.65 (66.49.84.65.nw.nuvox.net): 86 times 67.205.142.246: 12 times 68.183.84.15: 9 times 74.73.145.47 (cpe-74-73-145-47.nyc.res.rr.com): 19 times 77.148.225.149 (149.225.148.77.rev.sfr.net): 61 times 78.21.57.20 (78-21-57-20.access.telenet.be): 1 time 79.2.22.244: 44 times 79.137.35.70 (70.ip-79-137-35.eu): 6 times 80.211.7.198 (mail.growthbiz.pl): 49 times 91.121.142.225 (ns356732.ip-91-121-142.eu): 43 times 91.122.14.178 (ppp91-122-14-178.pppoe.avangarddsl.ru): 10 times 93.108.198.160 (160.198.108.93.rev.vodafone.pt): 1 time 94.16.119.194 (v22018107104875398.bestsrv.de): 49 times 95.91.8.75 (ip5f5b084b.dynamic.kabel-deutschland.de): 49 times 103.36.84.180: 50 times 104.189.118.224 (104-189-118-224.lightspeed.rcsntx.sbcglobal.net): 14 times 104.248.87.201: 44 times 106.74.78.227: 44 times 106.251.169.200: 51 times 109.88.29.58 (host-109-88-29-58.dynamic.voo.be): 1 time 111.93.235.78 (static-78.235.93.111-tataidc.co.in): 3 times 111.221.241.112: 17 times 112.196.54.138: 37 times 116.196.104.100: 55 times 117.131.51.157 (.): 54 times 118.144.139.214: 1 time 118.144.139.216: 14 times 128.199.178.188: 39 times 129.122.16.156: 26 times 142.93.171.138: 4 times 142.93.198.48: 48 times 152.136.34.52: 61 times 152.136.72.17: 48 times 157.230.153.75: 49 times 159.89.28.170: 4 times 159.89.132.190: 51 times 164.132.46.39 (39.ip-164-132-46.eu): 51 times 167.99.235.251 (new-luncheon.com): 43 times 176.199.254.116 (ip-176-199-254-116.hsi06.unitymediagroup.de): 1 time 178.19.106.108 (hosted-by.slaskdatacenter.pl): 1 time 178.32.47.97: 52 times 178.128.107.61: 13 times 182.61.177.66: 1 time 182.253.1.213: 60 times 182.254.146.167: 5 times 185.10.63.224 (node-185-10-63-224.caravan.ru): 6 times 188.131.134.157: 49 times 189.62.104.121 (bd3e6879.virtua.com.br): 3 times 193.32.163.89 (srv.eqaltech.su): 1 time 200.104.6.72 (pc-72-6-104-200.cm.vtr.net): 9 times 204.48.31.143: 49 times 207.154.249.20 (officialgalaxy.com): 1 time 212.64.44.165: 32 times 222.128.9.20: 51 times 222.212.136.215 (215.136.212.222.broad.cd.sc.dynamic.163data.com.cn): 61 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################