[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Jul 9 04:42:06 2019 Date Range Processed: yesterday ( 2019-Jul-08 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 93:93 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 171.12.10.74 -> zapf.wiki:443: 1 Time(s) Requests with error response codes 400 Bad Request mstshash=Administr: 5 Time(s) http://110.249.212.46/testget?q=23333&port=80: 3 Time(s) /robots.txt: 1 Time(s) 7: 1 Time(s) zapf.wiki:443: 1 Time(s) 404 Not Found /robots.txt: 28 Time(s) /berlin/apple-touch-icon.png: 6 Time(s) /wp-login.php: 3 Time(s) /sites/default/files/1983_SoSe_Clausthal-Zellerfeld.pdf: 2 Time(s) /ads.txt: 1 Time(s) /neuigkeiten/einladung-zapf-sose2011: 1 Time(s) /neuigkeiten/einladung-zapf-wise2011: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /sites/default/files/2011_05_Stellungnahme_EQR-DQR_0.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... Fach_Physik.pdf: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 1 Time(s) 500 Internal Server Error /robots.txt: 16 Time(s) /: 6 Time(s) /api/v1/pods: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (41.221.146.138): 10 Time(s) unknown (119.29.15.124): 8 Time(s) unknown (189.34.62.36): 8 Time(s) unknown (191.100.24.188): 8 Time(s) unknown (69.171.206.254): 8 Time(s) unknown (139.59.7.5): 7 Time(s) unknown (62.123.231.35.bc.googleusercontent.com): 7 Time(s) root (114.237.195.127): 6 Time(s) root (218.10.217.148): 6 Time(s) unknown (104.236.119.79): 6 Time(s) unknown (111.231.138.136): 6 Time(s) unknown (178.32.47.97): 6 Time(s) unknown (178.62.252.89): 6 Time(s) unknown (201.91.132.170): 6 Time(s) unknown (210.21.226.2): 6 Time(s) unknown (94.191.15.73): 6 Time(s) unknown (95.58.194.141): 6 Time(s) unknown (ec2-52-83-214-230.cn-northwest-1.compute.amazonaws.com.cn): 6 Time(s) unknown (1.71.129.108): 5 Time(s) unknown (104.248.175.232): 5 Time(s) unknown (106.12.38.109): 5 Time(s) unknown (108.ip-164-132-197.eu): 5 Time(s) unknown (111.205.247.2): 5 Time(s) unknown (111.230.112.37): 5 Time(s) unknown (111.230.211.183): 5 Time(s) unknown (115.159.111.193): 5 Time(s) unknown (118.24.125.130): 5 Time(s) unknown (119.29.62.104): 5 Time(s) unknown (123.207.96.242): 5 Time(s) unknown (128.199.196.155): 5 Time(s) unknown (129.28.53.159): 5 Time(s) unknown (139.168.56.89): 5 Time(s) unknown (139.59.94.192): 5 Time(s) unknown (165.227.153.159): 5 Time(s) unknown (172-220-009-054.dhcp.chtrptr.net): 5 Time(s) unknown (188.166.241.93): 5 Time(s) unknown (189.103.69.191): 5 Time(s) unknown (195.24.207.199): 5 Time(s) unknown (210.14.77.102): 5 Time(s) unknown (36.112.137.55): 5 Time(s) unknown (68.183.181.7): 5 Time(s) unknown (87.97.76.16): 5 Time(s) unknown (94.191.20.179): 5 Time(s) unknown (97-88-249-182.static.mdsn.wi.charter.com): 5 Time(s) unknown (adsl-70-234-236-10.dsl.rcsntx.sbcglobal.net): 5 Time(s) unknown (bl13-129-162.dsl.telepac.pt): 5 Time(s) unknown (c-98-246-48-95.hsd1.or.comcast.net): 5 Time(s) unknown (contabilita.id): 5 Time(s) unknown (110.44.126.83): 4 Time(s) unknown (115.159.216.187): 4 Time(s) unknown (120.92.20.197): 4 Time(s) unknown (123.206.45.16): 4 Time(s) unknown (123.207.8.86): 4 Time(s) unknown (129.204.147.102): 4 Time(s) unknown (134.175.39.108): 4 Time(s) unknown (138.204.26.112): 4 Time(s) unknown (139.199.112.85): 4 Time(s) unknown (139.199.6.107): 4 Time(s) unknown (148.70.4.242): 4 Time(s) unknown (178.128.17.76): 4 Time(s) unknown (188.121.9.105): 4 Time(s) unknown (191.ip-51-77-221.eu): 4 Time(s) unknown (201.225.172.116): 4 Time(s) unknown (58.246.138.30): 4 Time(s) unknown (59.44.139.132): 4 Time(s) unknown (b2b-37-24-143-134.unitymedia.biz): 4 Time(s) unknown (conm200-116-105-213.epm.net.co): 4 Time(s) unknown (noobs.at.lamers.zone): 4 Time(s) unknown (103.62.239.77): 3 Time(s) unknown (106.13.98.92): 3 Time(s) unknown (124.127.98.230): 3 Time(s) unknown (125.27.12.20): 3 Time(s) unknown (154.68.39.6): 3 Time(s) unknown (157.230.128.181): 3 Time(s) unknown (190.144.14.170): 3 Time(s) unknown (202.120.40.69): 3 Time(s) unknown (58.82.192.104): 3 Time(s) unknown (94.191.102.171): 3 Time(s) unknown (c-76-27-163-60.hsd1.va.comcast.net): 3 Time(s) postgres (103.62.239.77): 2 Time(s) root (103.235.227.208): 2 Time(s) root (110.44.126.83): 2 Time(s) root (118.25.124.210): 2 Time(s) root (119.29.15.124): 2 Time(s) root (202.120.40.69): 2 Time(s) root (62.123.231.35.bc.googleusercontent.com): 2 Time(s) unknown (103.235.227.208): 2 Time(s) unknown (104.248.211.180): 2 Time(s) unknown (106.13.43.242): 2 Time(s) unknown (106.13.74.47): 2 Time(s) unknown (118.25.124.210): 2 Time(s) unknown (165.227.97.108): 2 Time(s) unknown (181.111.181.50): 2 Time(s) unknown (193.32.163.182): 2 Time(s) unknown (222.114.16.117): 2 Time(s) unknown (45.248.133.36): 2 Time(s) unknown (84-236-50-110.pool.digikabel.hu): 2 Time(s) unknown (lfbn-1-13813-234.w90-3.abo.wanadoo.fr): 2 Time(s) unknown (mail.matrixtelecoms.com): 2 Time(s) mail (36.89.209.22): 1 Time(s) mysql (139.59.7.5): 1 Time(s) mysql (c-76-27-163-60.hsd1.va.comcast.net): 1 Time(s) postgres (120.92.20.197): 1 Time(s) postgres (124.127.98.230): 1 Time(s) postgres (125.27.12.20): 1 Time(s) root (106.13.98.92): 1 Time(s) root (108.ip-164-132-197.eu): 1 Time(s) root (115.159.216.187): 1 Time(s) root (123.206.45.16): 1 Time(s) root (123.207.8.86): 1 Time(s) root (123.207.96.242): 1 Time(s) root (125.27.12.20): 1 Time(s) root (134.175.39.108): 1 Time(s) root (138.197.105.79): 1 Time(s) root (138.197.77.22): 1 Time(s) root (138.204.26.112): 1 Time(s) root (138.68.146.186): 1 Time(s) root (139.168.56.89): 1 Time(s) root (139.199.6.107): 1 Time(s) root (139.59.59.187): 1 Time(s) root (144.0.227.80): 1 Time(s) root (148.70.4.242): 1 Time(s) root (154.68.39.6): 1 Time(s) root (157.230.128.181): 1 Time(s) root (162.ip-54-37-205.eu): 1 Time(s) root (165.227.153.159): 1 Time(s) root (189.103.69.191): 1 Time(s) root (190.119.190.122): 1 Time(s) root (210.14.77.102): 1 Time(s) root (244.ip-164-132-230.eu): 1 Time(s) root (51.75.169.236): 1 Time(s) root (58.82.192.104): 1 Time(s) root (59.44.139.132): 1 Time(s) root (94.191.102.171): 1 Time(s) root (94.191.20.179): 1 Time(s) root (b2b-37-24-143-134.unitymedia.biz): 1 Time(s) temp (b2b-37-24-143-134.unitymedia.biz): 1 Time(s) unknown (104.236.102.16): 1 Time(s) unknown (104.236.186.24): 1 Time(s) unknown (110.19.65.43): 1 Time(s) unknown (112.30.117.22): 1 Time(s) unknown (115.140.87.39): 1 Time(s) unknown (116.108.76.143): 1 Time(s) unknown (120.132.31.120): 1 Time(s) unknown (124.243.198.187): 1 Time(s) unknown (128.199.133.249): 1 Time(s) unknown (132.255.29.228): 1 Time(s) unknown (138.197.153.228): 1 Time(s) unknown (139.59.78.236): 1 Time(s) unknown (157.230.237.76): 1 Time(s) unknown (162.ip-54-37-205.eu): 1 Time(s) unknown (178.128.156.144): 1 Time(s) unknown (178.128.158.113): 1 Time(s) unknown (178.128.79.169): 1 Time(s) unknown (188.166.237.191): 1 Time(s) unknown (189.254.33.157): 1 Time(s) unknown (200.69.250.253): 1 Time(s) unknown (209.97.187.108): 1 Time(s) unknown (213.6.16.226): 1 Time(s) unknown (220.167.100.60): 1 Time(s) unknown (220.247.175.58): 1 Time(s) unknown (223.171.42.178): 1 Time(s) unknown (223.94.95.221): 1 Time(s) unknown (37.114.176.96): 1 Time(s) unknown (41.73.5.2): 1 Time(s) unknown (46.101.1.198): 1 Time(s) unknown (46.101.127.49): 1 Time(s) unknown (46.101.27.6): 1 Time(s) unknown (46.101.49.156): 1 Time(s) unknown (54.ip-51-68-230.eu): 1 Time(s) unknown (mail.taccm.com): 1 Time(s) unknown (ns3016508.ip-51-254-47.eu): 1 Time(s) unknown (sonet.tychy.pl): 1 Time(s) Invalid Users: Unknown Account: 439 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 7 Miscellaneous warnings 25.936K Bytes accepted 26,558 25.936K Bytes sent via SMTP 26,558 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 21 Connections 7 Connections lost (inbound) 21 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 35.231.123.62 (62.123.231.35.bc.googleusercontent.com): 2 times 36.89.209.22: 1 time 37.24.143.134 (b2b-37-24-143-134.unitymedia.biz): 2 times 51.75.169.236 (ip-51-75-169.eu): 1 time 54.37.205.162 (162.ip-54-37-205.eu): 1 time 58.82.192.104: 1 time 59.44.139.132 (132.139.44.59.broad.as.ln.dynamic.163data.com.cn): 1 time 76.27.163.60 (c-76-27-163-60.hsd1.va.comcast.net): 1 time 94.191.20.179: 1 time 94.191.102.171: 1 time 103.62.239.77: 2 times 103.235.227.208: 2 times 106.13.98.92: 1 time 110.44.126.83: 2 times 114.237.195.127 (127.195.237.114.broad.lyg.js.dynamic.163data.com.cn): 6 times 115.159.216.187: 1 time 118.25.124.210: 2 times 119.29.15.124: 2 times 120.92.20.197: 1 time 123.206.45.16: 1 time 123.207.8.86: 1 time 123.207.96.242: 1 time 124.127.98.230: 1 time 125.27.12.20 (node-2dw.pool-125-27.dynamic.totinternet.net): 2 times 134.175.39.108: 1 time 138.68.146.186 (server.fsxapp.xyz): 1 time 138.197.77.22: 1 time 138.197.105.79: 1 time 138.204.26.112 (112.26.204.138.rfc6598.dynamic.copelfibra.com.br): 1 time 139.59.7.5: 1 time 139.59.59.187: 1 time 139.168.56.89 (cpe-139-168-56-89.nb07.nsw.asp.telstra.net): 1 time 139.199.6.107: 1 time 144.0.227.80: 1 time 148.70.4.242: 1 time 154.68.39.6 (wimax-154.68.39.6.aviso.ci): 1 time 157.230.128.181: 1 time 164.132.197.108 (108.ip-164-132-197.eu): 1 time 164.132.230.244 (244.ip-164-132-230.eu): 1 time 165.227.153.159: 1 time 189.103.69.191 (bd6745bf.virtua.com.br): 1 time 190.119.190.122: 1 time 202.120.40.69: 2 times 210.14.77.102: 1 time 218.10.217.148: 6 times Illegal users from: undef: 358 times 1.71.129.108: 5 times 35.231.123.62 (62.123.231.35.bc.googleusercontent.com): 7 times 36.112.137.55: 5 times 37.24.143.134 (b2b-37-24-143-134.unitymedia.biz): 4 times 37.114.176.96: 1 time 41.73.5.2: 1 time 41.211.116.32 (mail.taccm.com): 3 times 41.221.146.138: 10 times 45.248.133.36: 2 times 46.101.1.198: 1 time 46.101.27.6: 1 time 46.101.49.156: 1 time 46.101.127.49: 1 time 51.68.230.54 (54.ip-51-68-230.eu): 1 time 51.77.221.191 (191.ip-51-77-221.eu): 4 times 51.254.47.198 (ns3016508.ip-51-254-47.eu): 1 time 52.83.214.230 (ec2-52-83-214-230.cn-northwest-1.compute.amazonaws.com.cn): 6 times 54.37.205.162 (162.ip-54-37-205.eu): 1 time 58.82.192.104: 3 times 58.246.138.30: 4 times 59.44.139.132 (132.139.44.59.broad.as.ln.dynamic.163data.com.cn): 4 times 68.183.181.7: 5 times 69.171.206.254: 8 times 70.234.236.10 (adsl-70-234-236-10.dsl.rcsntx.sbcglobal.net): 5 times 76.27.163.60 (c-76-27-163-60.hsd1.va.comcast.net): 3 times 81.15.218.220 (sonet.tychy.pl): 1 time 84.236.50.110 (84-236-50-110.pool.digikabel.hu): 2 times 85.246.129.162 (bl13-129-162.dsl.telepac.pt): 5 times 87.97.76.16: 5 times 90.3.202.234 (lfbn-1-13813-234.w90-3.abo.wanadoo.fr): 2 times 94.191.15.73: 6 times 94.191.20.179: 5 times 94.191.102.171: 3 times 95.58.194.141 (95.58.194.141.megaline.telecom.kz): 6 times 97.88.249.182 (97-88-249-182.static.mdsn.wi.charter.com): 5 times 98.246.48.95 (c-98-246-48-95.hsd1.or.comcast.net): 5 times 103.62.239.77: 3 times 103.235.227.208: 2 times 104.236.102.16: 1 time 104.236.119.79: 6 times 104.236.186.24 (ap-yoconciente.com): 1 time 104.248.175.232: 5 times 104.248.211.180: 2 times 106.12.38.109: 5 times 106.13.43.242: 2 times 106.13.74.47: 2 times 106.13.98.92: 3 times 110.19.65.43: 5 times 110.44.126.83: 4 times 111.205.247.2: 5 times 111.230.112.37: 5 times 111.230.211.183: 5 times 111.231.138.136: 6 times 112.30.117.22: 1 time 115.140.87.39: 1 time 115.159.111.193: 5 times 115.159.216.187: 4 times 116.108.76.143: 1 time 118.24.125.130: 5 times 118.25.124.210: 2 times 119.29.15.124: 8 times 119.29.62.104: 5 times 120.92.20.197: 4 times 120.132.31.120: 1 time 123.206.45.16: 4 times 123.207.8.86: 4 times 123.207.96.242: 5 times 124.127.98.230: 3 times 124.243.198.187: 1 time 125.27.12.20 (node-2dw.pool-125-27.dynamic.totinternet.net): 3 times 128.199.133.249 (152717.cloudwaysapps.com): 1 time 128.199.196.155: 5 times 129.28.53.159: 5 times 129.204.147.102: 4 times 132.255.29.228 (132-255-29-228.informac.com.br): 1 time 134.175.39.108: 4 times 138.197.153.228: 1 time 138.204.26.112 (112.26.204.138.rfc6598.dynamic.copelfibra.com.br): 4 times 139.59.7.5: 7 times 139.59.78.236: 1 time 139.59.94.192 (129360.cloudwaysapps.com): 5 times 139.168.56.89 (cpe-139-168-56-89.nb07.nsw.asp.telstra.net): 5 times 139.199.6.107: 4 times 139.199.112.85: 4 times 148.70.4.242: 4 times 153.92.5.4 (contabilita.id): 5 times 154.68.39.6 (wimax-154.68.39.6.aviso.ci): 3 times 157.230.128.181: 3 times 157.230.237.76: 1 time 164.132.197.108 (108.ip-164-132-197.eu): 5 times 165.227.97.108: 2 times 165.227.153.159: 5 times 172.220.9.54 (172-220-009-054.dhcp.chtrptr.net): 5 times 178.32.47.97: 6 times 178.62.252.89: 6 times 178.128.17.76: 4 times 178.128.79.169: 1 time 178.128.156.144: 1 time 178.128.158.113: 1 time 181.111.181.50 (host50.181-111-181.telecom.net.ar): 2 times 188.121.9.105 (ipv4-188-121-9-105.net.internetunion.pl): 4 times 188.166.237.191: 1 time 188.166.241.93: 5 times 189.34.62.36 (bd223e24.virtua.com.br): 8 times 189.103.69.191 (bd6745bf.virtua.com.br): 5 times 189.254.33.157 (customer-189-254-33-157-sta.uninet-ide.com.mx): 1 time 190.144.14.170: 3 times 191.100.24.188 (188.191-100-24.etapanet.net): 8 times 193.32.163.182 (hosting-by.cloud-home.me): 2 times 195.24.207.199: 5 times 200.69.250.253 (customer-static-250-253.iplannetworks.net): 1 time 200.116.105.213 (conm200-116-105-213.epm.net.co): 4 times 201.91.132.170 (201-91-132-170.customer.tdatabrasil.net.br): 6 times 201.225.172.116: 4 times 202.120.40.69: 3 times 209.97.187.108: 1 time 210.14.77.102: 5 times 210.21.226.2 (reverse.gdsz.cncnet.net): 6 times 213.6.16.226: 1 time 213.32.18.189 (noobs.at.lamers.zone): 4 times 220.167.100.60 (60.100.167.220.dial.dy.sc.dynamic.163data.com.cn): 1 time 220.247.175.58 (bandungkab.iconpln.net.id): 1 time 222.114.16.117: 2 times 223.94.95.221: 1 time 223.171.42.178: 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################