[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Oct 25 04:42:05 2019 Date Range Processed: yesterday ( 2019-Oct-24 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [117:118] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 113.200.72.194 -> zapf.wiki:443: 1 Time(s) 60.191.52.254 -> zapf.wiki:443: 1 Time(s) A total of 2 sites probed the server 172.104.242.173 61.219.11.153 Requests with error response codes 400 Bad Request mstshash=Administr: 9 Time(s) null: 3 Time(s) /: 2 Time(s) zapf.wiki:443: 2 Time(s) /setup.cgi?next_file=netgear.cfg&todo=sysc ... ntsetting.htm=1: 1 Time(s) 404 Not Found /robots.txt: 83 Time(s) /berlin/apple-touch-icon.png: 2 Time(s) /datenschutz/: 1 Time(s) /download/reader_ka99.pdf: 1 Time(s) /download/reader_re94.pdf: 1 Time(s) /reader/2016_SoSe_Konstanz_lang.pdf%7CLangversion: 1 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf%7C: 1 Time(s) /reader/Deutsche%20Mathematiker-Vereinigun ... Unterrichts.pdf: 1 Time(s) /sites/default/files/1995_WiSe_Bonn.pdf: 1 Time(s) /sites/default/files/2002_SoSe_Berlin-Cottbus.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /wp-login.php: 1 Time(s) 500 Internal Server Error /: 14 Time(s) /HNAP1/: 2 Time(s) /corporate/webpages/login.jsp: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (116.214.56.11): 37 Time(s) root (161.117.0.23): 34 Time(s) unknown (106.12.130.235): 33 Time(s) root (106.12.16.179): 32 Time(s) root (154.ip-54-37-204.eu): 32 Time(s) root (111.93.52.182): 31 Time(s) root (159.89.194.103): 31 Time(s) root (serverinfo.bbnl.in): 31 Time(s) root (198-200-124-197.cpe.distributel.net): 30 Time(s) root (167.ip-51-75-133.eu): 29 Time(s) root (220.149.241.71): 29 Time(s) unknown (40.ip-176-31-172.eu): 29 Time(s) root (118.48.211.197): 28 Time(s) unknown (160.ip-137-74-171.eu): 28 Time(s) root (103.48.232.123): 27 Time(s) root (138.197.221.114): 27 Time(s) root (157.245.103.117): 27 Time(s) root (200.41.86.59): 27 Time(s) unknown (104.248.58.71): 27 Time(s) unknown (106.12.96.226): 27 Time(s) unknown (194.181.140.218): 27 Time(s) unknown (49.ip-51-68-227.eu): 27 Time(s) root (59.45.99.99): 26 Time(s) unknown (72.139.119.82): 26 Time(s) unknown (ks3100764.kimsufi.com): 26 Time(s) root (118.24.119.134): 25 Time(s) root (132.232.93.195): 25 Time(s) root (148.70.17.61): 25 Time(s) root (212.237.37.100): 25 Time(s) root (23.247.33.61): 25 Time(s) unknown (128.199.185.42): 25 Time(s) unknown (132.232.93.195): 25 Time(s) unknown (52.163.221.85): 25 Time(s) root (178.128.194.116): 24 Time(s) root (93-250-47-212.rev.cloud.scaleway.com): 24 Time(s) root (128.199.170.77): 23 Time(s) root (194.181.140.218): 23 Time(s) root (58.229.208.187): 23 Time(s) unknown (113.80.86.2): 23 Time(s) unknown (157.245.103.117): 23 Time(s) unknown (223.241.247.214): 23 Time(s) unknown (49.234.5.134): 23 Time(s) root (212.64.109.31): 22 Time(s) root (49.234.5.134): 22 Time(s) unknown (93-250-47-212.rev.cloud.scaleway.com): 22 Time(s) root (118.193.31.19): 21 Time(s) root (218.104.204.101): 21 Time(s) root (223.241.247.214): 21 Time(s) unknown (103.48.232.123): 21 Time(s) unknown (200.41.86.59): 21 Time(s) unknown (212.237.37.100): 21 Time(s) unknown (218.104.204.101): 21 Time(s) root (128.199.185.42): 20 Time(s) unknown (118.48.211.197): 20 Time(s) unknown (128.199.170.77): 20 Time(s) unknown (138.197.221.114): 20 Time(s) unknown (148.70.17.61): 20 Time(s) unknown (212.64.109.31): 20 Time(s) unknown (59.45.99.99): 20 Time(s) unknown (111.93.52.182): 19 Time(s) unknown (167.ip-51-75-133.eu): 19 Time(s) unknown (220.149.241.71): 19 Time(s) unknown (serverinfo.bbnl.in): 19 Time(s) root (106.12.130.235): 18 Time(s) unknown (106.12.16.179): 18 Time(s) unknown (154.ip-54-37-204.eu): 18 Time(s) unknown (180.96.14.98): 18 Time(s) root (123.138.18.35): 17 Time(s) unknown (159.89.194.103): 17 Time(s) unknown (178.128.194.116): 17 Time(s) unknown (198-200-124-197.cpe.distributel.net): 17 Time(s) root (104.248.58.71): 16 Time(s) root (106.12.211.247): 16 Time(s) root (113.80.86.2): 16 Time(s) unknown (118.24.119.134): 16 Time(s) unknown (123.138.18.35): 16 Time(s) unknown (58.229.208.187): 16 Time(s) root (221.150.22.201): 15 Time(s) root (221.214.74.10): 15 Time(s) root (52.163.221.85): 15 Time(s) unknown (221.150.22.201): 15 Time(s) root (160.ip-137-74-171.eu): 13 Time(s) root (202.169.62.187): 13 Time(s) root (211.144.114.26): 13 Time(s) root (ks3100764.kimsufi.com): 13 Time(s) unknown (161.117.0.23): 13 Time(s) unknown (190.102.140.7): 13 Time(s) unknown (23.247.33.61): 13 Time(s) unknown (62.234.146.45): 13 Time(s) unknown (sonarqube.exatronix.com): 13 Time(s) root (190.102.140.7): 12 Time(s) root (72.139.119.82): 12 Time(s) unknown (ns3006809.ip-151-80-36.eu): 12 Time(s) root (180.96.14.98): 11 Time(s) unknown (116.214.56.11): 11 Time(s) unknown (118.193.31.19): 11 Time(s) root (106.12.96.226): 10 Time(s) root (40.ip-176-31-172.eu): 10 Time(s) unknown (202.169.62.187): 10 Time(s) root (185.170.209.66): 9 Time(s) root (sonarqube.exatronix.com): 9 Time(s) unknown (106.12.211.247): 8 Time(s) unknown (58.221.60.49): 8 Time(s) root (101.89.139.49): 7 Time(s) root (112.216.39.29): 7 Time(s) root (139.155.105.217): 7 Time(s) root (58.221.60.49): 7 Time(s) unknown (118.24.153.230): 7 Time(s) unknown (123.206.13.46): 7 Time(s) unknown (221.214.74.10): 7 Time(s) unknown (174-26-185-74.phnx.qwest.net): 6 Time(s) unknown (211.144.114.26): 6 Time(s) unknown (101.89.139.49): 5 Time(s) unknown (104.ip-51-83-98.eu): 5 Time(s) unknown (112.216.39.29): 5 Time(s) unknown (5.2.72.100): 5 Time(s) root (148.70.1.210): 4 Time(s) root (49.ip-51-68-227.eu): 4 Time(s) root (51.254.79.235): 4 Time(s) unknown (140.143.90.154): 4 Time(s) unknown (148.70.1.210): 4 Time(s) unknown (191.249.189.240): 4 Time(s) postgres (sonarqube.exatronix.com): 3 Time(s) root (118.24.153.230): 3 Time(s) root (140.143.90.154): 3 Time(s) root (223.25.97.250): 3 Time(s) unknown (121.160.198.198): 3 Time(s) unknown (185.170.209.66): 3 Time(s) root (5.2.72.100): 2 Time(s) temp (157.245.103.117): 2 Time(s) unknown (1.232.77.64): 2 Time(s) unknown (103.141.138.131): 2 Time(s) unknown (139.155.105.217): 2 Time(s) unknown (148.70.35.109): 2 Time(s) unknown (193.32.163.182): 2 Time(s) unknown (lfbn-ren-1-543-117.w81-53.abo.wanadoo.fr): 2 Time(s) daemon (178.128.194.116): 1 Time(s) irc (118.193.31.19): 1 Time(s) mailman (178.128.194.116): 1 Time(s) mysql (116.214.56.11): 1 Time(s) mysql (40.ip-176-31-172.eu): 1 Time(s) mysql (72.139.119.82): 1 Time(s) nobody (59.45.99.99): 1 Time(s) postgres (113.80.86.2): 1 Time(s) postgres (116.214.56.11): 1 Time(s) postgres (220.149.241.71): 1 Time(s) postgres (ks3100764.kimsufi.com): 1 Time(s) proxy (112.216.39.29): 1 Time(s) root (111.199.19.111): 1 Time(s) root (114.108.181.139): 1 Time(s) root (148.70.35.109): 1 Time(s) root (152.136.62.232): 1 Time(s) root (182.72.187.97): 1 Time(s) root (185.158.113.63): 1 Time(s) root (191.232.198.212): 1 Time(s) root (ns394014.ip-176-31-115.eu): 1 Time(s) root (pooladsl-b-8-149.ipcom.comunitel.net): 1 Time(s) sshd (180.96.14.98): 1 Time(s) temp (138.197.221.114): 1 Time(s) temp (161.117.0.23): 1 Time(s) temp (167.ip-51-75-133.eu): 1 Time(s) temp (178.128.194.116): 1 Time(s) temp (23.247.33.61): 1 Time(s) unknown (106.12.36.176): 1 Time(s) unknown (106.124.131.70): 1 Time(s) unknown (110-4-2-216.static.pccw-hkt.com): 1 Time(s) unknown (115.167.124.249): 1 Time(s) unknown (116.6.45.180): 1 Time(s) unknown (118.191.0.3): 1 Time(s) unknown (119.196.83.22): 1 Time(s) unknown (123.214.186.186): 1 Time(s) unknown (14.241.245.4): 1 Time(s) unknown (142.93.39.29): 1 Time(s) unknown (145.249.105.204): 1 Time(s) unknown (159.65.144.233): 1 Time(s) unknown (16.145.92.34.bc.googleusercontent.com): 1 Time(s) unknown (165.231.33.66): 1 Time(s) unknown (167.249.224.85): 1 Time(s) unknown (181.124.70.34.bc.googleusercontent.com): 1 Time(s) unknown (182.74.25.246): 1 Time(s) unknown (186.206.149.33): 1 Time(s) unknown (206.189.136.160): 1 Time(s) unknown (219.83.162.23): 1 Time(s) unknown (222.120.192.98): 1 Time(s) unknown (223.25.97.250): 1 Time(s) unknown (37.139.21.75): 1 Time(s) unknown (45.114.244.56): 1 Time(s) unknown (51.254.79.235): 1 Time(s) unknown (89.189.154.66.dynamic.ufanet.ru): 1 Time(s) unknown (92.63.194.26): 1 Time(s) unknown (94.229.66.131): 1 Time(s) unknown (95.140.188.35.bc.googleusercontent.com): 1 Time(s) unknown (grappling.betrothal.volia.net): 1 Time(s) unknown (ns388423.ip-176-31-253.eu): 1 Time(s) unknown (ool-2f168746.static.optonline.net): 1 Time(s) unknown (ool-8e366592.static.optonline.net): 1 Time(s) unknown (pooladsl-b-8-149.ipcom.comunitel.net): 1 Time(s) unknown (smtp2.aircheckindia.com): 1 Time(s) unknown (static.200.22.203.116.clients.your-server.de): 1 Time(s) uucp (167.ip-51-75-133.eu): 1 Time(s) www-data (118.24.119.134): 1 Time(s) Invalid Users: Unknown Account: 1131 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 24.318K Bytes accepted 24,902 24.318K Bytes sent via SMTP 24,902 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 59 Connections 24 Connections lost (inbound) 59 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) Failed logins from: 5.2.72.100: 2 times 23.247.33.61: 26 times 49.234.5.134: 22 times 51.68.227.49 (49.ip-51-68-227.eu): 4 times 51.75.133.167 (167.ip-51-75-133.eu): 31 times 51.254.79.235: 4 times 51.254.252.178 (sonarqube.exatronix.com): 12 times 52.163.221.85: 15 times 54.37.204.154 (154.ip-54-37-204.eu): 32 times 58.221.60.49: 7 times 58.229.208.187: 23 times 59.45.99.99 (99.99.45.59.broad.yk.ln.dynamic.163data.com.cn): 27 times 72.139.119.82 (unallocated-static.rogers.com): 13 times 101.89.139.49: 7 times 103.48.232.123: 27 times 104.248.58.71: 16 times 106.12.16.179: 32 times 106.12.96.226: 10 times 106.12.130.235: 18 times 106.12.211.247: 16 times 111.93.52.182 (static-182.52.93.111-tataidc.co.in): 31 times 111.199.19.111: 1 time 112.216.39.29: 8 times 113.80.86.2: 17 times 114.108.181.139: 1 time 116.214.56.11 (user.nova.net.cn): 39 times 118.24.119.134: 26 times 118.24.153.230: 3 times 118.48.211.197: 28 times 118.193.31.19: 22 times 123.138.18.35: 17 times 124.40.244.229 (serverinfo.bbnl.in): 31 times 128.199.170.77: 23 times 128.199.185.42 (boutique.snssystem.com): 20 times 132.232.93.195: 25 times 137.74.171.160 (160.ip-137-74-171.eu): 13 times 138.197.221.114: 28 times 139.155.105.217: 7 times 140.143.90.154: 3 times 148.70.1.210: 4 times 148.70.17.61: 25 times 148.70.35.109: 1 time 152.136.62.232: 1 time 157.245.103.117: 29 times 159.89.194.103: 31 times 161.117.0.23: 35 times 176.31.115.162 (ns394014.ip-176-31-115.eu): 1 time 176.31.172.40 (40.ip-176-31-172.eu): 11 times 176.31.250.171 (ks3100764.kimsufi.com): 14 times 178.128.194.116: 27 times 180.96.14.98: 12 times 182.72.187.97 (dprotechnologies.com): 1 time 185.158.113.63: 1 time 185.170.209.66: 9 times 190.102.140.7: 12 times 191.232.198.212: 1 time 194.181.140.218: 23 times 198.200.124.197 (198-200-124-197.cpe.distributel.net): 30 times 200.41.86.59: 27 times 202.169.62.187 (smtp-l.pesonaedu.com): 13 times 211.144.114.26: 13 times 212.47.250.93 (93-250-47-212.rev.cloud.scaleway.com): 24 times 212.64.109.31: 22 times 212.145.231.149 (pooladsl-b-8-149.ipcom.comunitel.net): 1 time 212.237.37.100 (host100-37-237-212.serverdedicati.aruba.it): 25 times 218.104.204.101: 21 times 220.149.241.71: 30 times 221.150.22.201: 15 times 221.214.74.10: 15 times 223.25.97.250 (250.97.25.223.iconpln.net.id): 3 times 223.241.247.214: 21 times Illegal users from: undef: 888 times 1.232.77.64: 2 times 5.2.72.100: 5 times 14.241.245.4 (static.vnpt.vn): 1 time 23.247.33.61: 13 times 34.70.124.181 (181.124.70.34.bc.googleusercontent.com): 1 time 34.92.145.16 (16.145.92.34.bc.googleusercontent.com): 1 time 35.188.140.95 (95.140.188.35.bc.googleusercontent.com): 1 time 37.139.21.75: 1 time 45.114.244.56: 1 time 47.22.135.70 (ool-2f168746.static.optonline.net): 1 time 49.234.5.134: 23 times 51.68.227.49 (49.ip-51-68-227.eu): 27 times 51.75.133.167 (167.ip-51-75-133.eu): 19 times 51.83.98.104 (104.ip-51-83-98.eu): 5 times 51.254.79.235: 1 time 51.254.252.178 (sonarqube.exatronix.com): 13 times 52.163.221.85: 25 times 54.37.204.154 (154.ip-54-37-204.eu): 18 times 58.221.60.49: 8 times 58.229.208.187: 16 times 59.45.99.99 (99.99.45.59.broad.yk.ln.dynamic.163data.com.cn): 20 times 62.234.146.45: 13 times 72.139.119.82 (unallocated-static.rogers.com): 26 times 81.53.125.117 (lfbn-ren-1-543-117.w81-53.abo.wanadoo.fr): 2 times 89.189.154.66 (89.189.154.66.dynamic.ufanet.ru): 1 time 92.63.194.26: 1 time 93.74.162.49 (grappling.betrothal.volia.net): 1 time 94.229.66.131: 1 time 101.89.139.49: 5 times 103.48.232.123: 21 times 103.141.138.131: 2 times 104.248.58.71: 27 times 106.12.16.179: 18 times 106.12.36.176: 1 time 106.12.96.226: 27 times 106.12.130.235: 33 times 106.12.211.247: 8 times 106.124.131.70: 1 time 110.4.2.216 (110-4-2-216.static.pccw-hkt.com): 1 time 111.93.52.182 (static-182.52.93.111-tataidc.co.in): 19 times 112.216.39.29: 5 times 113.80.86.2: 23 times 115.167.124.249 (115-167-124-249.wi-tribe.net.pk): 1 time 116.6.45.180 (Acni.net.cn): 1 time 116.203.22.200 (static.200.22.203.116.clients.your-server.de): 1 time 116.214.56.11 (user.nova.net.cn): 11 times 118.24.119.134: 16 times 118.24.153.230: 7 times 118.48.211.197: 20 times 118.191.0.3: 1 time 118.193.31.19: 11 times 119.196.83.22: 1 time 121.160.198.198: 3 times 123.138.18.35: 16 times 123.206.13.46: 7 times 123.214.186.186: 1 time 124.40.244.229 (serverinfo.bbnl.in): 19 times 125.18.8.22 (smtp2.aircheckindia.com): 1 time 128.199.170.77: 20 times 128.199.185.42 (boutique.snssystem.com): 25 times 132.232.93.195: 25 times 137.74.171.160 (160.ip-137-74-171.eu): 28 times 138.197.221.114: 20 times 139.155.105.217: 2 times 140.143.90.154: 4 times 142.54.101.146 (ool-8e366592.static.optonline.net): 1 time 142.93.39.29: 1 time 145.249.105.204: 1 time 148.70.1.210: 4 times 148.70.17.61: 20 times 148.70.35.109: 2 times 151.80.36.188 (ns3006809.ip-151-80-36.eu): 12 times 157.245.103.117: 23 times 159.65.144.233: 1 time 159.89.194.103: 17 times 161.117.0.23: 13 times 165.231.33.66: 1 time 167.249.224.85: 1 time 174.26.185.74 (174-26-185-74.phnx.qwest.net): 6 times 176.31.172.40 (40.ip-176-31-172.eu): 29 times 176.31.250.171 (ks3100764.kimsufi.com): 26 times 176.31.253.204 (ns388423.ip-176-31-253.eu): 1 time 178.128.194.116: 17 times 180.96.14.98: 18 times 182.74.25.246: 1 time 185.170.209.66: 3 times 186.206.149.33 (bace9521.virtua.com.br): 1 time 190.102.140.7: 13 times 191.249.189.240 (191.249.189.240.dynamic.adsl.gvt.net.br): 4 times 193.32.163.182 (hosting-by.cloud-home.me): 2 times 194.181.140.218: 27 times 198.200.124.197 (198-200-124-197.cpe.distributel.net): 17 times 200.41.86.59: 21 times 202.169.62.187 (smtp-l.pesonaedu.com): 10 times 206.189.136.160: 1 time 211.144.114.26: 6 times 212.47.250.93 (93-250-47-212.rev.cloud.scaleway.com): 22 times 212.64.109.31: 20 times 212.145.231.149 (pooladsl-b-8-149.ipcom.comunitel.net): 1 time 212.237.37.100 (host100-37-237-212.serverdedicati.aruba.it): 21 times 218.104.204.101: 21 times 219.83.162.23: 1 time 220.149.241.71: 19 times 221.150.22.201: 15 times 221.214.74.10: 7 times 222.120.192.98: 1 time 223.25.97.250 (250.97.25.223.iconpln.net.id): 1 time 223.241.247.214: 23 times **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 3 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (ftp,ssh-connection) [preauth] : 2 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 2 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################