[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Mittwoch, 1 Mai 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Wed May  1 04:42:04 2019
        Date Range Processed: yesterday
                              ( 2019-Apr-30 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [351:354]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 2 sites probed the server 
    61.219.11.153
    82.223.25.122
 
 Requests with error response codes
    400 Bad Request
       mstshash=Administr: 7 Time(s)
       /: 3 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 3 Time(s)
       /css/font-awesome.min.css: 1 Time(s)
       /css/font-merriweather.css: 1 Time(s)
       /css/highlight/default.css: 1 Time(s)
       /css/style.css: 1 Time(s)
       /socket.io/?noteId=l0f-i9RnSOGs2_JFbW1A6g& ... eSE2wCoNaJJAAl0: 1 Time(s)
       http://110.249.212.46/testget?q=23333&port=80: 1 Time(s)
       null: 1 Time(s)
    404 Not Found
       /robots.txt: 35 Time(s)
       /sites/default/files/2013_SoSe_Jena.pdf: 2 Time(s)
       //blog/: 1 Time(s)
       /berlin/helfika/apple-touch-icon.png: 1 Time(s)
       /reader/2016_sose_konstanz_lang.pdf: 1 Time(s)
       /resolutionen/sose14/reso_sose14_zusammenarbeitzapf-che.pdf: 1 Time(s)
       /sites/default/file/2013_05_Stellungnahme_CHERanking.pdf: 1 Time(s)
       /sites/default/files/1983_WiSe_Darmstadt.pdf: 1 Time(s)
       /sites/default/files/2007_SoSe_Berlin.pdf: 1 Time(s)
       /sites/default/files/2012_SoSe_Bochum.pdf: 1 Time(s)
       /user/login?destination=comment%2Freply%2F32%23comment-form: 1 Time(s)
       /verein/satzung/%7CSatzung: 1 Time(s)
       /wp-login.php: 1 Time(s)
       /zapf/berichte/ausgestaltung-studiengaenge ... _zapf-sose-2010: 1 Time(s)
    499 (undefined)
       /socket.io/?noteId=l0f-i9RnSOGs2_JFbW1A6g& ... eSE2wCoNaJJAAl0: 1 Time(s)
    500 Internal Server Error
       /: 32 Time(s)
       /admin//config.php: 2 Time(s)
       /.env.example: 1 Time(s)
       /.git/config: 1 Time(s)
       /api/v1/pods: 1 Time(s)
       /bonn: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (177.170.146.113): 95 Time(s)
       unknown (200.137.131.115): 44 Time(s)
       unknown (106.13.15.122): 42 Time(s)
       unknown (123.206.44.110): 42 Time(s)
       unknown (236.ip-213-32-20.eu): 42 Time(s)
       unknown (119.29.135.217): 41 Time(s)
       unknown (129.204.47.217): 41 Time(s)
       unknown (192.144.151.63): 40 Time(s)
       unknown (128.199.178.188): 39 Time(s)
       unknown (152.250.252.179): 39 Time(s)
       unknown (178.152.79.9): 39 Time(s)
       unknown (211.104.172.236): 39 Time(s)
       unknown (62.234.119.16): 39 Time(s)
       unknown (13.65.82.161): 38 Time(s)
       unknown (104.248.69.142): 36 Time(s)
       unknown (180.169.149.94): 36 Time(s)
       unknown (91.215.128.131): 36 Time(s)
       unknown (ns2.cablebox.co): 35 Time(s)
       unknown (214.ip-51-38-237.eu): 34 Time(s)
       unknown (46.44.201.212): 34 Time(s)
       unknown (206.189.150.231): 33 Time(s)
       unknown (217.219.132.254): 33 Time(s)
       unknown (67.205.135.65): 33 Time(s)
       unknown (c-73-239-74-86.hsd1.wa.comcast.net): 33 Time(s)
       unknown (135.ip-192-99-245.net): 28 Time(s)
       unknown (190.215.113.11): 27 Time(s)
       unknown (pool-100-6-87-221.pitbpa.fios.verizon.net): 26 Time(s)
       unknown (pool-108-30-0-18.nycmny.fios.verizon.net): 23 Time(s)
       unknown (139.199.24.69): 22 Time(s)
       unknown (wp.eckinox.net): 21 Time(s)
       unknown (182.74.252.58): 17 Time(s)
       unknown (45.55.63.164): 12 Time(s)
       unknown (103.85.60.83): 9 Time(s)
       unknown (58.59.2.26): 7 Time(s)
       root (111.59.163.42): 6 Time(s)
       root (89.197.161.164): 6 Time(s)
       unknown (111.183.122.25): 6 Time(s)
       unknown (118.25.128.19): 6 Time(s)
       unknown (14.ip-144-217-4.net): 6 Time(s)
       unknown (188.187.110.10): 6 Time(s)
       unknown (211-22-154-225.hinet-ip.hinet.net): 6 Time(s)
       unknown (42.112.68.192): 6 Time(s)
       unknown (139.59.143.213): 3 Time(s)
       unknown (ip156.ip-178-33-45.eu): 3 Time(s)
       postgres (13.65.82.161): 2 Time(s)
       root (19.ip-37-187-193.eu): 2 Time(s)
       unknown (132.ip-193-70-90.eu): 2 Time(s)
       unknown (188.92.75.248): 2 Time(s)
       unknown (ns207822.ip-94-23-215.eu): 2 Time(s)
       backup (123.206.44.110): 1 Time(s)
       backup (190.215.113.11): 1 Time(s)
       backup (91.215.128.131): 1 Time(s)
       backup (c-73-239-74-86.hsd1.wa.comcast.net): 1 Time(s)
       games (pool-100-6-87-221.pitbpa.fios.verizon.net): 1 Time(s)
       gnats (129.204.47.217): 1 Time(s)
       gnats (182.74.252.58): 1 Time(s)
       mailman (178.128.79.169): 1 Time(s)
       mysql (45.55.63.164): 1 Time(s)
       mysql (62.234.119.16): 1 Time(s)
       openproject (106.13.15.122): 1 Time(s)
       postfix (142.93.39.29): 1 Time(s)
       postgres (129.204.47.217): 1 Time(s)
       postgres (46.44.201.212): 1 Time(s)
       postgres (62.234.119.16): 1 Time(s)
       postgres (c-73-239-74-86.hsd1.wa.comcast.net): 1 Time(s)
       root (109.110.52.77): 1 Time(s)
       root (121.190.197.205): 1 Time(s)
       root (128.199.69.86): 1 Time(s)
       root (139.199.5.74): 1 Time(s)
       root (139.59.59.90): 1 Time(s)
       root (163-172-16-67.rev.poneytelecom.eu): 1 Time(s)
       root (167.99.200.84): 1 Time(s)
       root (178.62.117.82): 1 Time(s)
       root (180.151.8.180): 1 Time(s)
       root (189.208.19.137): 1 Time(s)
       root (189.7.121.28): 1 Time(s)
       root (36.73.6.232): 1 Time(s)
       root (41.58.157.149): 1 Time(s)
       root (59.8.177.80): 1 Time(s)
       root (c-73-12-65-212.hsd1.va.comcast.net): 1 Time(s)
       root (correo.administradoraintegral.com): 1 Time(s)
       root (crushdigital.co.uk): 1 Time(s)
       root (h1392292.stratoserver.net): 1 Time(s)
       root (linux158.grserver.gr): 1 Time(s)
       root (mail.nemchem.co.zw): 1 Time(s)
       sshd (pool-108-30-0-18.nycmny.fios.verizon.net): 1 Time(s)
       sys (62.234.119.16): 1 Time(s)
       temp (129.204.47.217): 1 Time(s)
       temp (159.65.149.131): 1 Time(s)
       temp (180.169.149.94): 1 Time(s)
       unknown (103.94.130.4): 1 Time(s)
       unknown (104.248.240.235): 1 Time(s)
       unknown (106.13.118.41): 1 Time(s)
       unknown (107.170.231.42): 1 Time(s)
       unknown (112.64.33.38): 1 Time(s)
       unknown (118.182.122.77): 1 Time(s)
       unknown (118.193.234.122): 1 Time(s)
       unknown (118.25.7.83): 1 Time(s)
       unknown (119.29.156.13): 1 Time(s)
       unknown (121.229.216.246): 1 Time(s)
       unknown (128.199.133.249): 1 Time(s)
       unknown (129.204.161.47): 1 Time(s)
       unknown (134.red-80-28-234.staticip.rima-tde.net): 1 Time(s)
       unknown (139.199.5.74): 1 Time(s)
       unknown (139.59.14.210): 1 Time(s)
       unknown (142.93.177.246): 1 Time(s)
       unknown (143.ip-51-38-179.eu): 1 Time(s)
       unknown (159.192.107.238): 1 Time(s)
       unknown (159.65.149.131): 1 Time(s)
       unknown (159.65.245.203): 1 Time(s)
       unknown (162.144.72.163): 1 Time(s)
       unknown (163-172-16-65.rev.poneytelecom.eu): 1 Time(s)
       unknown (167.99.75.174): 1 Time(s)
       unknown (170.239.86.115): 1 Time(s)
       unknown (171.221.206.245): 1 Time(s)
       unknown (178.128.124.83): 1 Time(s)
       unknown (178.128.62.134): 1 Time(s)
       unknown (188.166.216.84): 1 Time(s)
       unknown (188.166.229.205): 1 Time(s)
       unknown (189.56.127.250): 1 Time(s)
       unknown (190.145.100.109): 1 Time(s)
       unknown (193.32.163.89): 1 Time(s)
       unknown (2.ip-51-68-141.eu): 1 Time(s)
       unknown (206.189.86.17): 1 Time(s)
       unknown (23.ip-92-222-69.eu): 1 Time(s)
       unknown (232.ip-5-196-7.eu): 1 Time(s)
       unknown (41.77.146.98): 1 Time(s)
       unknown (58.206.100.88): 1 Time(s)
       unknown (59.8.177.80): 1 Time(s)
       unknown (60.12.26.9): 1 Time(s)
       unknown (62.234.117.19): 1 Time(s)
       unknown (77.9.191.95.adsl.tomsknet.ru): 1 Time(s)
       unknown (82.165.30.36): 1 Time(s)
       unknown (89.36.214.38): 1 Time(s)
       unknown (92.43.0.71): 1 Time(s)
       unknown (99-46-143-22.lightspeed.sntcca.sbcglobal.net): 1 Time(s)
       unknown (dsl-emcali-200.29.120.94.emcali.net.co): 1 Time(s)
       unknown (ip4d16ea81.dynamic.kabel-deutschland.de): 1 Time(s)
       unknown (mail.nelsonmandela.org): 1 Time(s)
       unknown (mail2.duncanwierman.com): 1 Time(s)
       unknown (ns3016508.ip-51-254-47.eu): 1 Time(s)
       unknown (oc-144-21-68-97.compute.oraclecloud.com): 1 Time(s)
       unknown (p03148b.tokynt01.ap.so-net.ne.jp): 1 Time(s)
       unknown (talaiotsillot.es): 1 Time(s)
       unknown (vikfashion.cl): 1 Time(s)
       unknown (zenlar-4.cosmonova.net.ua): 1 Time(s)
       www-data (217.219.132.254): 1 Time(s)
       www-data (67.205.135.65): 1 Time(s)
    Invalid Users:
       Unknown Account: 1269 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        3   Miscellaneous warnings  
 
   21.276K  Bytes accepted                              21,787
   21.276K  Bytes sent via SMTP                         21,787
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       32   Connections             
        8   Connections lost (inbound) 
       32   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   SMTP dialog errors      
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    invalid : 3 Time(s)
    root : 2 Time(s)
 
 Failed logins from:
    13.65.82.161: 2 times
    36.73.6.232: 1 time
    37.187.193.19 (19.ip-37-187-193.eu): 2 times
    41.58.157.149 (lhlsvr01.legacygroup.local): 1 time
    45.55.63.164: 1 time
    46.44.201.212 (46-44-201-212.ip.welcomeitalia.it): 1 time
    46.101.88.10 (crushdigital.co.uk): 1 time
    59.8.177.80: 1 time
    62.234.119.16: 3 times
    67.205.135.65: 1 time
    73.12.65.212 (c-73-12-65-212.hsd1.va.comcast.net): 1 time
    73.239.74.86 (c-73-239-74-86.hsd1.wa.comcast.net): 2 times
    85.214.133.9 (h1392292.stratoserver.net): 1 time
    89.197.161.164 (89-197-161-164.virtual1.co.uk): 6 times
    91.215.128.131: 1 time
    100.6.87.221 (pool-100-6-87-221.pitbpa.fios.verizon.net): 1 time
    106.13.15.122: 1 time
    108.30.0.18 (pool-108-30-0-18.nycmny.fios.verizon.net): 1 time
    109.110.52.77: 1 time
    111.59.163.42: 6 times
    121.190.197.205: 1 time
    123.206.44.110: 1 time
    128.199.69.86: 1 time
    129.204.47.217: 3 times
    139.59.59.90: 1 time
    139.199.5.74: 1 time
    142.93.39.29: 1 time
    159.65.149.131 (187449.cloudwaysapps.com): 1 time
    163.172.16.67 (163-172-16-67.rev.poneytelecom.eu): 1 time
    167.99.200.84: 1 time
    178.62.117.82: 1 time
    178.128.79.169: 1 time
    180.151.8.180 (180.151.8.180.reverse.spectranet.in): 1 time
    180.169.149.94: 1 time
    182.74.252.58: 1 time
    188.138.74.132 (linux158.grserver.gr): 1 time
    189.7.121.28 (bd07791c.virtua.com.br): 1 time
    189.208.19.137 (wimax-cpe-189-208-19-137.gdljal.static.axtel.net): 1 time
    190.215.113.11 (srv11.sibaritos.cl): 1 time
    197.155.236.50 (mail.nemchem.co.zw): 1 time
    200.11.150.238 (correo.administradoraintegral.com): 1 time
    217.219.132.254: 1 time
 
 Illegal users from:
    undef: 880 times
    5.196.7.232 (232.ip-5-196-7.eu): 1 time
    13.65.82.161: 38 times
    41.77.146.98 (41.77.146.98.liquidtelecom.net): 1 time
    42.112.68.192: 6 times
    45.55.63.164: 12 times
    46.44.201.212 (46-44-201-212.ip.welcomeitalia.it): 34 times
    50.2.191.138 (mail2.duncanwierman.com): 5 times
    51.38.179.143 (143.ip-51-38-179.eu): 1 time
    51.38.237.214 (214.ip-51-38-237.eu): 34 times
    51.68.141.2 (2.ip-51-68-141.eu): 1 time
    51.254.47.198 (ns3016508.ip-51-254-47.eu): 1 time
    58.59.2.26: 7 times
    58.206.100.88: 1 time
    59.8.177.80: 1 time
    60.12.26.9: 1 time
    62.234.117.19: 1 time
    62.234.119.16: 39 times
    67.205.135.65: 33 times
    73.239.74.86 (c-73-239-74-86.hsd1.wa.comcast.net): 33 times
    77.22.234.129 (ip4d16ea81.dynamic.kabel-deutschland.de): 1 time
    80.28.234.134 (134.red-80-28-234.staticip.rima-tde.net): 1 time
    82.165.30.36 (amirdz.com): 1 time
    89.36.214.38 (host38-214-36-89.serverdedicati.aruba.it): 1 time
    91.142.212.205 (talaiotsillot.es): 1 time
    91.215.128.131: 36 times
    92.43.0.71: 1 time
    92.222.69.23 (23.ip-92-222-69.eu): 1 time
    94.23.215.158 (ns207822.ip-94-23-215.eu): 2 times
    95.67.71.109 (zenlar-4.cosmonova.net.ua): 1 time
    95.191.9.77 (77.9.191.95.adsl.tomsknet.ru): 1 time
    99.46.143.22 (99-46-143-22.lightspeed.sntcca.sbcglobal.net): 1 time
    100.6.87.221 (pool-100-6-87-221.pitbpa.fios.verizon.net): 26 times
    103.85.60.83 (ip-103-85-60-83.moratelindo.net.id): 9 times
    103.94.130.4: 1 time
    104.248.69.142: 36 times
    104.248.240.235: 1 time
    106.13.15.122: 42 times
    106.13.118.41: 1 time
    107.170.231.42: 1 time
    108.30.0.18 (pool-108-30-0-18.nycmny.fios.verizon.net): 23 times
    111.183.122.25: 6 times
    112.64.33.38: 1 time
    118.25.7.83: 1 time
    118.25.128.19: 6 times
    118.182.122.77: 1 time
    118.193.234.122: 1 time
    119.29.135.217: 41 times
    119.29.156.13: 1 time
    121.3.20.139 (p03148b.tokynt01.ap.so-net.ne.jp): 1 time
    121.229.216.246: 5 times
    123.206.44.110: 42 times
    128.199.133.249 (152717.cloudwaysapps.com): 1 time
    128.199.178.188: 39 times
    129.204.47.217: 41 times
    129.204.161.47: 1 time
    138.197.151.248 (wp.eckinox.net): 21 times
    139.59.14.210: 1 time
    139.59.143.213: 3 times
    139.199.5.74: 1 time
    139.199.24.69: 22 times
    142.93.177.246: 1 time
    144.21.68.97 (oc-144-21-68-97.compute.oraclecloud.com): 1 time
    144.217.4.14 (14.ip-144-217-4.net): 6 times
    144.217.79.233 (ns2.cablebox.co): 35 times
    152.250.252.179 (152-250-252-179.user.vivozap.com.br): 39 times
    159.65.149.131 (187449.cloudwaysapps.com): 1 time
    159.65.245.203: 1 time
    159.192.107.238: 1 time
    162.144.72.163 (162-144-72-163.unifiedlayer.com): 1 time
    163.172.16.65 (163-172-16-65.rev.poneytelecom.eu): 1 time
    167.99.75.174: 1 time
    170.239.84.215 (vikfashion.cl): 1 time
    170.239.86.115 (piopapua.ddns.net): 1 time
    171.221.206.245: 1 time
    177.170.146.113 (177-170-146-113.user.vivozap.com.br): 95 times
    178.33.45.156 (ip156.ip-178-33-45.eu): 3 times
    178.128.62.134: 1 time
    178.128.124.83 (ehalal.io): 1 time
    178.152.79.9: 39 times
    180.169.149.94: 36 times
    182.74.252.58: 17 times
    188.92.75.248: 4 times
    188.166.216.84: 1 time
    188.166.229.205: 1 time
    188.187.110.10 (188x187x110x10.dynamic.spb.ertelecom.ru): 6 times
    189.56.127.250 (189-56-127-250.customer.tdatabrasil.net.br): 1 time
    190.145.100.109: 1 time
    190.215.113.11 (srv11.sibaritos.cl): 27 times
    192.99.245.135 (135.ip-192-99-245.net): 28 times
    192.144.151.63: 40 times
    193.32.163.89: 1 time
    193.70.90.132 (132.ip-193-70-90.eu): 2 times
    196.35.3.50 (mail.nelsonmandela.org): 1 time
    200.29.120.94 (dsl-emcali-200.29.120.94.emcali.net.co): 1 time
    200.137.131.115: 44 times
    206.189.86.17 (176751.cloudwaysapps.com): 1 time
    206.189.150.231: 33 times
    211.22.154.225 (211-22-154-225.HINET-IP.hinet.net): 6 times
    211.104.172.236: 39 times
    213.32.20.236 (236.ip-213-32-20.eu): 42 times
    217.219.132.254: 33 times
 
 **Unmatched Entries**
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 1 time(s)
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 2 time(s)
 Disconnecting: Change of username or service not allowed: (0,ssh-connection) ->
(22,ssh-connection) [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)