[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Nov 2 04:42:04 2019 Date Range Processed: yesterday ( 2019-Nov-01 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [165:166] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 132.148.144.214 198.108.67.80 5.188.210.101 Requests with error response codes 400 Bad Request null: 8 Time(s) /socket.io/?noteId=8CkbtYP5S527TvsF_TuNKw& ... BsH0ZrhxWnwAA7O: 4 Time(s) /socket.io/?noteId=8CkbtYP5S527TvsF_TuNKw& ... 56ef_CGtVYgAA79: 3 Time(s) /socket.io/?noteId=8CkbtYP5S527TvsF_TuNKw& ... 1YLqgrwhuglAA7z: 2 Time(s) /socket.io/?noteId=8CkbtYP5S527TvsF_TuNKw& ... PfsLct5NXawAA8H: 2 Time(s) /: 1 Time(s) \xDB\xEB\x05\xE6QE\x88\xCD\xAD\x00\x00\xA0 ... C0$\xC0\x14\xC0: 1 Time(s) http://5.188.210.101/echo.php: 1 Time(s) 404 Not Found /robots.txt: 25 Time(s) /datenschutz/: 17 Time(s) /berlin/apple-touch-icon.png: 15 Time(s) /wp-login.php: 4 Time(s) /sites/default/files/2004_WiSe_Hamburg.pdf: 3 Time(s) /berlin//apple-touch-icon.png: 2 Time(s) /reader/1998-so-reader_ro98.pdf: 2 Time(s) /-%20Zusammenkunft%20aller%20Physik-Fachschaften: 1 Time(s) /.git/config: 1 Time(s) /berlin/exkursionen/apple-touch-icon.png: 1 Time(s) /berlin/zapf/apple-touch-icon.png: 1 Time(s) /node?page=1: 1 Time(s) /protokolle/Protokoll_MV_12.11.2016.pdf: 1 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf%7C: 1 Time(s) /reader/www.dfg.de/download/programme/grad ... e/2_22/2_22.pdf: 1 Time(s) /resolutionen/sose15/Netzneutralitaet_in_U ... %A4tsnetzen.pdf: 1 Time(s) /sites/default/files/1984_WiSe_Bonn.pdf: 1 Time(s) /sites/default/files/2001_SoSe_Erlangen.pdf: 1 Time(s) /sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s) /user: 1 Time(s) /zapf/resolutionen/sose19: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 5 Time(s) /fonts/SourceSansPro-Regular.woff: 5 Time(s) /build/font-pack.2c73dce02b1eaa3a3b4e.css: 4 Time(s) /favicon.png: 4 Time(s) /build/af7ae505a9eed503f8b8e6982036873e.woff2: 2 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 2 Time(s) /build/index-styles-pack.2c73dce02b1eaa3a3b4e.css: 2 Time(s) /fonts/SourceCodePro-Medium.woff: 2 Time(s) /fonts/SourceCodePro-Regular.woff: 2 Time(s) /fonts/SourceSansPro-Italic.woff: 2 Time(s) /build/cover.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /build/emojify.js/dist/images/basic/smile.png: 1 Time(s) /socket.io/?noteId=8CkbtYP5S527TvsF_TuNKw& ... 1YLqgrwhuglAA7z: 1 Time(s) /socket.io/?noteId=8CkbtYP5S527TvsF_TuNKw& ... BsH0ZrhxWnwAA7O: 1 Time(s) /socket.io/?noteId=8CkbtYP5S527TvsF_TuNKw& ... PfsLct5NXawAA8H: 1 Time(s) 500 Internal Server Error /: 30 Time(s) /MyAdmin/index.php: 1 Time(s) /MySQL/index.php: 1 Time(s) /MySQLDumper-1.24.4/index.php: 1 Time(s) /MySQLDumper/index.php: 1 Time(s) /P/M/A/index.php: 1 Time(s) /PMA/index.php: 1 Time(s) /SQL/index.php: 1 Time(s) /_MySQL/index.php: 1 Time(s) /_SQL/index.php: 1 Time(s) /_dumper/index.php: 1 Time(s) /_mysql/index.php: 1 Time(s) /_phpMyAdmin/index.php: 1 Time(s) /_phpmyadmin/index.php: 1 Time(s) /_sql/index.php: 1 Time(s) /api/v1/pods: 1 Time(s) /backup/index.php: 1 Time(s) /database/index.php: 1 Time(s) /datenbank/index.php: 1 Time(s) /dba/index.php: 1 Time(s) /dbadmin/index.php: 1 Time(s) /dbs/index.php: 1 Time(s) /msd-1.24.4/index.php: 1 Time(s) /msd/index.php: 1 Time(s) /msd1.24.4/index.php: 1 Time(s) /myadmin/index.php: 1 Time(s) /mysql/index.php: 1 Time(s) /mysql_dumper/index.php: 1 Time(s) /mysqldumper-1.24.4/index.php: 1 Time(s) /mysqldumper/index.php: 1 Time(s) /p/m/a/index.php: 1 Time(s) /phpMyAdmin/index.php: 1 Time(s) /phpmyadmin/index.php: 1 Time(s) /pma/index.php: 1 Time(s) /sb/index.php: 1 Time(s) /sql/index.php: 1 Time(s) /sqla/index.php: 1 Time(s) /sqladmin/index.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (203.48.246.66): 46 Time(s) unknown (207.154.211.36): 45 Time(s) unknown (87.101.240.10): 44 Time(s) unknown (132.232.52.60): 40 Time(s) unknown (180.68.177.209): 40 Time(s) root (180.68.177.209): 35 Time(s) unknown (180.76.173.189): 34 Time(s) root (80.211.237.180): 32 Time(s) unknown (159.65.30.66): 32 Time(s) unknown (218.28.168.4): 32 Time(s) root (106.75.134.239): 31 Time(s) root (139.59.3.151): 31 Time(s) unknown (188.213.49.60): 31 Time(s) root (201.48.206.146): 30 Time(s) root (smartspace.wenet.my): 30 Time(s) unknown (193.112.164.113): 30 Time(s) unknown (106.12.74.222): 29 Time(s) unknown (109.116.196.174): 29 Time(s) unknown (193.112.49.155): 29 Time(s) root (123.207.233.222): 28 Time(s) root (139.155.5.132): 28 Time(s) unknown (127.ip-51-75-248.eu): 28 Time(s) root (106.13.6.116): 27 Time(s) unknown (cable-86-56-81-242.cust.telecolumbus.net): 27 Time(s) root (106.13.120.176): 26 Time(s) root (128.199.173.127): 26 Time(s) root (49.73.235.149): 26 Time(s) root (fixed-187-190-236-88.totalplay.net): 26 Time(s) unknown (178.128.217.58): 26 Time(s) unknown (58.221.60.145): 26 Time(s) root (106.12.58.4): 25 Time(s) root (139.198.18.120): 25 Time(s) root (167.172.82.230): 25 Time(s) root (188.131.213.192): 25 Time(s) unknown (106.248.49.62): 25 Time(s) unknown (2.ip-158-69-222.net): 25 Time(s) unknown (212.192.35.149): 25 Time(s) root (112.21.191.54): 24 Time(s) root (178.62.239.205): 24 Time(s) root (190.210.42.83): 24 Time(s) root (221.132.17.74): 24 Time(s) unknown (139.198.18.120): 24 Time(s) unknown (190.210.42.83): 24 Time(s) root (122.152.214.172): 23 Time(s) unknown (188.131.213.192): 23 Time(s) unknown (49.247.207.56): 23 Time(s) unknown (60.255.230.202): 23 Time(s) unknown (96.ip-167-114-98.net): 23 Time(s) root (45.80.64.246): 22 Time(s) unknown (122.152.214.172): 22 Time(s) unknown (167.172.82.230): 22 Time(s) unknown (fixed-187-190-236-88.totalplay.net): 22 Time(s) root (196.ip-213-32-71.eu): 21 Time(s) root (68.183.114.226): 21 Time(s) unknown (139.155.5.132): 21 Time(s) unknown (178.62.239.205): 21 Time(s) unknown (221.132.17.74): 21 Time(s) unknown (123.207.233.222): 20 Time(s) unknown (128.199.170.77): 20 Time(s) unknown (128.199.173.127): 20 Time(s) unknown (201.48.206.146): 20 Time(s) root (157.230.235.233): 19 Time(s) unknown (106.13.120.176): 19 Time(s) unknown (106.75.134.239): 19 Time(s) unknown (45.80.64.246): 19 Time(s) unknown (smartspace.wenet.my): 19 Time(s) unknown (49.73.235.149): 18 Time(s) root (58.221.60.145): 17 Time(s) unknown (139.59.3.151): 17 Time(s) unknown (157.230.235.233): 17 Time(s) unknown (196.ip-213-32-71.eu): 17 Time(s) unknown (68.183.114.226): 17 Time(s) root (178.128.217.58): 16 Time(s) root (51.68.115.235): 16 Time(s) root (60.255.230.202): 16 Time(s) root (96.ip-167-114-98.net): 16 Time(s) unknown (222.242.223.75): 16 Time(s) unknown (80.211.237.180): 16 Time(s) unknown (106.13.6.116): 15 Time(s) root (106.12.74.222): 14 Time(s) root (106.248.49.62): 14 Time(s) root (119.29.245.158): 14 Time(s) root (2.ip-158-69-222.net): 14 Time(s) root (94.191.76.23): 14 Time(s) unknown (51.68.115.235): 14 Time(s) root (209-50-54-22.us-chi1.upcloud.host): 13 Time(s) root (212.192.35.149): 13 Time(s) root (49.247.207.56): 13 Time(s) root (cable-86-56-81-242.cust.telecolumbus.net): 13 Time(s) unknown (106.12.202.181): 13 Time(s) unknown (112.21.191.54): 13 Time(s) root (139.155.112.94): 12 Time(s) root (188.213.49.60): 12 Time(s) unknown (94.191.76.23): 12 Time(s) root (132.232.52.60): 11 Time(s) root (206.189.30.229): 11 Time(s) unknown (106.12.58.4): 11 Time(s) root (109.116.196.174): 10 Time(s) root (180.76.173.189): 10 Time(s) root (42.51.156.6): 10 Time(s) root (193.112.49.155): 9 Time(s) unknown (104.248.32.164): 9 Time(s) unknown (134.176.71.202.sta.prodatanet.com.ph): 9 Time(s) root (134.176.71.202.sta.prodatanet.com.ph): 8 Time(s) unknown (119.29.245.158): 8 Time(s) unknown (42.51.156.6): 8 Time(s) root (127.ip-51-75-248.eu): 7 Time(s) root (218.28.168.4): 7 Time(s) root (87.101.240.10): 7 Time(s) root (128.199.170.77): 6 Time(s) root (182.135.65.186): 6 Time(s) root (193.112.164.113): 6 Time(s) root (207.154.211.36): 6 Time(s) root (put92-5-82-243-236-16.fbx.proxad.net): 6 Time(s) unknown (112.171.248.197): 6 Time(s) unknown (118.24.143.110): 6 Time(s) root (106.12.202.181): 5 Time(s) unknown (27.red-2-137-102.dynamicip.rima-tde.net): 5 Time(s) root (109.131.12.106): 4 Time(s) root (113.31.112.11): 4 Time(s) root (118.24.143.110): 4 Time(s) unknown (113.31.112.11): 4 Time(s) unknown (121.160.198.198): 4 Time(s) unknown (139.155.112.94): 4 Time(s) unknown (206.189.30.229): 4 Time(s) unknown (209-50-54-22.us-chi1.upcloud.host): 4 Time(s) root (203.48.246.66): 3 Time(s) root (167.71.220.221): 2 Time(s) unknown (132.232.52.48): 2 Time(s) unknown (193.32.163.182): 2 Time(s) unknown (49.151.240.222): 2 Time(s) unknown (ool-addccea2.static.optonline.net): 2 Time(s) backup (180.76.173.189): 1 Time(s) backup (smartspace.wenet.my): 1 Time(s) deployment (206.189.30.229): 1 Time(s) games (188.131.213.192): 1 Time(s) mysql (106.13.6.116): 1 Time(s) news (106.248.49.62): 1 Time(s) postgres (190.210.42.83): 1 Time(s) postgres (49.247.207.56): 1 Time(s) postgres (49.73.235.149): 1 Time(s) root (159.65.30.66): 1 Time(s) root (182.23.104.231): 1 Time(s) root (192.144.184.199): 1 Time(s) root (253.ip-79-137-73.eu): 1 Time(s) root (72-11-168-29.cpe.axion.ca): 1 Time(s) root (82.187.186.115): 1 Time(s) root (86.43.103.111): 1 Time(s) root (pd907ef75.dip0.t-ipconnect.de): 1 Time(s) unknown (103.79.141.92): 1 Time(s) unknown (106.13.39.233): 1 Time(s) unknown (106.51.230.190): 1 Time(s) unknown (109.131.12.106): 1 Time(s) unknown (123.133.78.91): 1 Time(s) unknown (123.20.211.253): 1 Time(s) unknown (145.249.105.204): 1 Time(s) unknown (182.23.104.231): 1 Time(s) unknown (187.230.1.93.rev.sfr.net): 1 Time(s) unknown (197.47.173.240): 1 Time(s) unknown (200.69.250.253): 1 Time(s) unknown (92.63.194.26): 1 Time(s) unknown (c-76-27-163-60.hsd1.va.comcast.net): 1 Time(s) Invalid Users: Unknown Account: 1356 Time(s) Bad User: +: 2 Time(s) systemd-user: Unknown Entries: session closed for user root: 1 Time(s) session opened for user root by (uid=0): 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 24.392K Bytes accepted 24,977 24.392K Bytes sent via SMTP 24,977 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 2043 Connections 2004 Connections lost (inbound) 2042 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 1 Time(s) Failed logins from: 42.51.156.6 (idc.ly.ha): 10 times 45.80.64.246: 22 times 49.73.235.149: 27 times 49.247.207.56: 14 times 51.68.115.235 (ip-51-68-115.eu): 16 times 51.75.248.127 (127.ip-51-75-248.eu): 7 times 58.221.60.145: 17 times 60.255.230.202: 16 times 68.183.114.226: 21 times 72.11.168.29 (72-11-168-29.cpe.axion.ca): 1 time 79.137.73.253 (253.ip-79-137-73.eu): 1 time 80.211.237.180 (host180-237-211-80.serverdedicati.aruba.it): 32 times 82.187.186.115: 1 time 82.243.236.16 (put92-5-82-243-236-16.fbx.proxad.net): 6 times 86.43.103.111: 1 time 86.56.81.242 (cable-86-56-81-242.cust.telecolumbus.net): 13 times 87.101.240.10: 7 times 94.191.76.23: 14 times 106.12.58.4: 25 times 106.12.74.222: 14 times 106.12.202.181: 5 times 106.13.6.116: 28 times 106.13.120.176: 26 times 106.75.134.239: 31 times 106.248.49.62: 15 times 109.116.196.174: 10 times 109.131.12.106 (106.12-131-109.adsl-dyn.isp.belgacom.be): 4 times 112.21.191.54: 24 times 113.31.112.11: 4 times 118.24.143.110: 4 times 119.29.245.158: 14 times 122.152.214.172: 23 times 123.207.233.222: 28 times 128.199.170.77: 6 times 128.199.173.127: 26 times 132.232.52.60: 11 times 139.59.3.151: 31 times 139.155.5.132: 28 times 139.155.112.94: 12 times 139.198.18.120: 25 times 157.230.235.233: 19 times 158.69.222.2 (2.ip-158-69-222.net): 14 times 159.65.30.66: 1 time 167.71.220.221: 2 times 167.114.98.96 (96.ip-167-114-98.net): 16 times 167.172.82.230: 25 times 178.62.239.205: 24 times 178.128.217.58: 16 times 180.68.177.209: 35 times 180.76.173.189: 11 times 182.23.104.231: 1 time 182.135.65.186: 6 times 187.190.236.88 (fixed-187-190-236-88.totalplay.net): 26 times 188.131.213.192: 26 times 188.213.49.60: 12 times 190.210.42.83 (customer-static-210-42-83.iplannetworks.net): 25 times 192.144.184.199: 1 time 193.112.49.155: 9 times 193.112.164.113: 6 times 201.48.206.146 (201-048-206-146.static.ctbctelecom.com.br): 30 times 202.71.176.134 (134.176.71.202.sta.prodatanet.com.ph): 8 times 202.73.9.76 (smartspace.wenet.my): 31 times 203.48.246.66: 3 times 206.189.30.229: 12 times 207.154.211.36: 6 times 209.50.54.22 (209-50-54-22.us-chi1.upcloud.host): 13 times 212.192.35.149: 13 times 213.32.71.196 (196.ip-213-32-71.eu): 21 times 217.7.239.117 (pd907ef75.dip0.t-ipconnect.de): 1 time 218.28.168.4 (pc0.zz.ha.cn): 7 times 221.132.17.74: 24 times Illegal users from: undef: 1123 times 2.137.102.27 (27.red-2-137-102.dynamicip.rima-tde.net): 5 times 42.51.156.6 (idc.ly.ha): 8 times 45.80.64.246: 19 times 49.73.235.149: 18 times 49.151.240.222 (dsl.49.151.240.222.pldt.net): 2 times 49.247.207.56: 23 times 51.68.115.235 (ip-51-68-115.eu): 14 times 51.75.248.127 (127.ip-51-75-248.eu): 28 times 58.221.60.145: 26 times 60.255.230.202: 23 times 68.183.114.226: 17 times 76.27.163.60 (c-76-27-163-60.hsd1.va.comcast.net): 1 time 80.211.237.180 (host180-237-211-80.serverdedicati.aruba.it): 16 times 86.56.81.242 (cable-86-56-81-242.cust.telecolumbus.net): 27 times 87.101.240.10: 44 times 92.63.194.26: 1 time 93.1.230.187 (187.230.1.93.rev.sfr.net): 1 time 94.191.76.23: 12 times 103.79.141.92: 1 time 104.248.32.164: 9 times 106.12.58.4: 11 times 106.12.74.222: 29 times 106.12.202.181: 13 times 106.13.6.116: 15 times 106.13.39.233: 1 time 106.13.120.176: 19 times 106.51.230.190 (broadband.actcorp.in): 1 time 106.75.134.239: 19 times 106.248.49.62: 25 times 109.116.196.174: 29 times 109.131.12.106 (106.12-131-109.adsl-dyn.isp.belgacom.be): 1 time 112.21.191.54: 13 times 112.171.248.197: 6 times 113.31.112.11: 4 times 118.24.143.110: 6 times 119.29.245.158: 8 times 121.160.198.198: 4 times 122.152.214.172: 22 times 123.20.211.253: 1 time 123.133.78.91: 1 time 123.207.233.222: 20 times 128.199.170.77: 20 times 128.199.173.127: 20 times 132.232.52.48: 2 times 132.232.52.60: 40 times 139.59.3.151: 17 times 139.155.5.132: 21 times 139.155.112.94: 4 times 139.198.18.120: 24 times 145.249.105.204: 1 time 157.230.235.233: 17 times 158.69.222.2 (2.ip-158-69-222.net): 25 times 159.65.30.66: 32 times 167.114.98.96 (96.ip-167-114-98.net): 23 times 167.172.82.230: 22 times 173.220.206.162 (ool-addccea2.static.optonline.net): 2 times 178.62.239.205: 21 times 178.128.217.58: 26 times 180.68.177.209: 41 times 180.76.173.189: 34 times 182.23.104.231: 1 time 187.190.236.88 (fixed-187-190-236-88.totalplay.net): 22 times 188.131.213.192: 23 times 188.213.49.60: 31 times 190.210.42.83 (customer-static-210-42-83.iplannetworks.net): 24 times 193.32.163.182 (hosting-by.cloud-home.me): 2 times 193.112.49.155: 29 times 193.112.164.113: 30 times 197.47.173.240 (host-197.47.173.240.tedata.net): 1 time 200.69.250.253 (customer-static-250-253.iplannetworks.net): 1 time 201.48.206.146 (201-048-206-146.static.ctbctelecom.com.br): 20 times 202.71.176.134 (134.176.71.202.sta.prodatanet.com.ph): 9 times 202.73.9.76 (smartspace.wenet.my): 19 times 203.48.246.66: 46 times 206.189.30.229: 4 times 207.154.211.36: 45 times 209.50.54.22 (209-50-54-22.us-chi1.upcloud.host): 4 times 212.192.35.149: 26 times 213.32.71.196 (196.ip-213-32-71.eu): 17 times 218.28.168.4 (pc0.zz.ha.cn): 32 times 221.132.17.74: 21 times 222.242.223.75: 16 times Users logging in through sshd: root: 192.52.1.151 (eduroam-192-52-1-151.mobile.uni-freiburg.de): 2 times 192.52.1.68 (eduroam-192-52-1-68.mobile.uni-freiburg.de): 1 time **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 7 time(s) error: Received disconnect from 180.149.125.161: 7: Service not available [preauth] : 1 time(s) error: Received disconnect from 103.79.141.92: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################