[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Jun 10 04:42:08 2019 Date Range Processed: yesterday ( 2019-Jun-09 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [371:376] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 125.64.94.220 61.219.11.153 77.247.110.141 Requests with error response codes 400 Bad Request null: 5 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... 0_hH7pu1mVsAA6k: 4 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... qF1RaVjam8WAAwa: 4 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... u37g2Guu9DoAA6D: 4 Time(s) /socket.io/?noteId=NqXFlx-0RMCv9Q793zPtWA& ... 0a0WhOOJCr7AAfi: 4 Time(s) /socket.io/?noteId=NqXFlx-0RMCv9Q793zPtWA& ... F3lni-MNqWGAAe7: 4 Time(s) /socket.io/?noteId=NqXFlx-0RMCv9Q793zPtWA& ... dW0NRnE2e3yAAfU: 4 Time(s) /socket.io/?noteId=TyQ6NU6xQCq7L-4nykHZiQ& ... Yo4glEqRIZDAAo9: 4 Time(s) /socket.io/?noteId=_rv4VAWPSn6clUimmGBjFg& ... Pcn612bAB2NAAnS: 4 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... q5UvPGUt1v-AA2_: 3 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... ymoEYqG0Q1cAA3A: 3 Time(s) /socket.io/?noteId=Mp2j3pRqRsqyarkZlU5zXQ& ... TwvW4N-DuvwAAnV: 3 Time(s) /socket.io/?noteId=Mp2j3pRqRsqyarkZlU5zXQ& ... tNXN4IfBSS9AApQ: 3 Time(s) /socket.io/?noteId=Po3pDOXHRWK1Ub7-j3J1nA& ... tp-468E01uFAAuY: 3 Time(s) /socket.io/?noteId=Rwn-wx6wQ3u0XFRC9PRBtA& ... Lqhb9Y-PPNlAApC: 3 Time(s) /socket.io/?noteId=TyQ6NU6xQCq7L-4nykHZiQ& ... veWt3PjHLKwAApl: 3 Time(s) /socket.io/?noteId=_rv4VAWPSn6clUimmGBjFg& ... PWum01E5iMgAApF: 3 Time(s) /socket.io/?noteId=features&EIO=3&transpor ... nD3NRevjW7vAAm0: 3 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... Xu2UW1pmIlNAAz7: 2 Time(s) /socket.io/?noteId=Mp2j3pRqRsqyarkZlU5zXQ& ... Qlm2_nesj3mAApt: 2 Time(s) /socket.io/?noteId=NqXFlx-0RMCv9Q793zPtWA& ... CRfeJZKN06AAAnt: 2 Time(s) /socket.io/?noteId=Po3pDOXHRWK1Ub7-j3J1nA& ... 9p7PJYWbtShAA22: 2 Time(s) /socket.io/?noteId=Rwn-wx6wQ3u0XFRC9PRBtA& ... eJegzjlHhKiAAps: 2 Time(s) /socket.io/?noteId=Rwn-wx6wQ3u0XFRC9PRBtA& ... eTy5oZcvUOwAApO: 2 Time(s) /socket.io/?noteId=TyQ6NU6xQCq7L-4nykHZiQ& ... MVhHpESvbBtAApP: 2 Time(s) /socket.io/?noteId=_rv4VAWPSn6clUimmGBjFg& ... 1FjRcADXBOLAAoF: 2 Time(s) /socket.io/?noteId=_rv4VAWPSn6clUimmGBjFg& ... mskKK8nSlJKAArG: 2 Time(s) /socket.io/?noteId=sx0e5O3kQ7u-G5oQdrhxIA& ... PqQAHwHDOalAAcn: 2 Time(s) /socket.io/?noteId=sx0e5O3kQ7u-G5oQdrhxIA& ... vHWW9tBDA4qAAc2: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) mstshash=Administr: 2 Time(s) /socket.io/?noteId=NqXFlx-0RMCv9Q793zPtWA& ... 00MvnZR66axAAe1: 1 Time(s) /socket.io/?noteId=NqXFlx-0RMCv9Q793zPtWA& ... Wv232apNJ8ZAAfa: 1 Time(s) /socket.io/?noteId=Po3pDOXHRWK1Ub7-j3J1nA& ... y1c1rc32UPvAAsF: 1 Time(s) /socket.io/?noteId=Rwn-wx6wQ3u0XFRC9PRBtA& ... hnM_QOf0dQWAAoc: 1 Time(s) /socket.io/?noteId=Rwn-wx6wQ3u0XFRC9PRBtA& ... lcFQ0SrGO31AAoQ: 1 Time(s) /socket.io/?noteId=Rwn-wx6wQ3u0XFRC9PRBtA& ... nNaTWq3uyZxAAoC: 1 Time(s) /socket.io/?noteId=Rwn-wx6wQ3u0XFRC9PRBtA& ... q1GqvrcuG0jAApH: 1 Time(s) /socket.io/?noteId=TyQ6NU6xQCq7L-4nykHZiQ& ... 97SVa2JxSVoAApL: 1 Time(s) /socket.io/?noteId=TyQ6NU6xQCq7L-4nykHZiQ& ... s_DlWpr6qFPAAqB: 1 Time(s) /socket.io/?noteId=_rv4VAWPSn6clUimmGBjFg& ... 4dZ9MF6LNkrAAo8: 1 Time(s) /socket.io/?noteId=_rv4VAWPSn6clUimmGBjFg& ... Pn9MyvwuH1gAAo1: 1 Time(s) /socket.io/?noteId=_rv4VAWPSn6clUimmGBjFg& ... VOdRiHLsNeuAApd: 1 Time(s) /socket.io/?noteId=_rv4VAWPSn6clUimmGBjFg& ... l3ehFBndM5jAAqK: 1 Time(s) /socket.io/?noteId=_rv4VAWPSn6clUimmGBjFg& ... ruhUqzydW1lAAoP: 1 Time(s) /socket.io/?noteId=sx0e5O3kQ7u-G5oQdrhxIA& ... EM3co9COd_EAAcm: 1 Time(s) /socket.io/?noteId=sx0e5O3kQ7u-G5oQdrhxIA& ... RGTkiSJFRseAAdP: 1 Time(s) /socket.io/?noteId=sx0e5O3kQ7u-G5oQdrhxIA& ... aWAoAEhOLP-AAdB: 1 Time(s) /socket.io/?noteId=sx0e5O3kQ7u-G5oQdrhxIA& ... bMdBqz4tEibAAdN: 1 Time(s) /socket.io/?noteId=sx0e5O3kQ7u-G5oQdrhxIA& ... bg6sfI-dprVAAdT: 1 Time(s) 404 Not Found /robots.txt: 30 Time(s) /wp-login.php: 7 Time(s) /berlin/apple-touch-icon.png: 6 Time(s) /404: 1 Time(s) /reader/2017_SoSe_Berlin_lang.pdf: 1 Time(s) /resolutionen/sose15/Netzneutralitaet_in_U ... %A4tsnetzen.pdf: 1 Time(s) 408 Request Timeout /socket.io/?noteId=_rv4VAWPSn6clUimmGBjFg& ... ruhUqzydW1lAAoP: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 11 Time(s) /build/af7ae505a9eed503f8b8e6982036873e.woff2: 6 Time(s) /favicon.png: 6 Time(s) /fonts/SourceSansPro-Regular.woff: 3 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 2 Time(s) /fonts/SourceCodePro-Regular.woff: 2 Time(s) /build/cover-styles-pack.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /fonts/SourceSansPro-Semibold.woff: 1 Time(s) /socket.io/?noteId=NqXFlx-0RMCv9Q793zPtWA& ... 0a0WhOOJCr7AAfi: 1 Time(s) /socket.io/?noteId=TyQ6NU6xQCq7L-4nykHZiQ& ... 2y075SqpdPGAAbu: 1 Time(s) 500 Internal Server Error /: 3 Time(s) //libs/js/iframe.js: 3 Time(s) /admin/images/cal_date_over.gif: 2 Time(s) /admin/login.php: 2 Time(s) /fckeditor/editor/filemanager/connectors/p ... .php?Type=Media: 2 Time(s) /templates/system/css/system.css: 2 Time(s) /.env: 1 Time(s) /admin//config.php: 1 Time(s) /bremen/2014/indexeb91.html%253Fp=207: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (139.59.25.252): 58 Time(s) unknown (188.131.186.207): 57 Time(s) unknown (68.183.233.239): 53 Time(s) unknown (177.84.244.96): 51 Time(s) unknown (122.165.149.75): 44 Time(s) unknown (140.143.206.137): 44 Time(s) unknown (180.250.205.114): 44 Time(s) unknown (111.230.38.241): 43 Time(s) unknown (121.12.87.109): 43 Time(s) unknown (139.199.6.107): 43 Time(s) unknown (150.109.107.178): 43 Time(s) unknown (129.213.117.53): 42 Time(s) unknown (gadgedo.com): 42 Time(s) unknown (120.131.13.186): 41 Time(s) unknown (125.63.68.2): 41 Time(s) unknown (153.92.5.183): 41 Time(s) unknown (118.24.108.205): 39 Time(s) unknown (58.229.208.187): 39 Time(s) unknown (66.49.84.65.nw.nuvox.net): 39 Time(s) unknown (74.63.226.142): 39 Time(s) unknown (eh213.internetdsl.tpnet.pl): 39 Time(s) unknown (36.80.48.9): 35 Time(s) unknown (111.230.152.118): 26 Time(s) unknown (187.0.221.222): 21 Time(s) unknown (203.129.219.198): 21 Time(s) unknown (41.164.195.204): 18 Time(s) unknown (217-133-99-111.static.clienti.tiscali.it): 17 Time(s) unknown (ip148.ip-66-70-130.net): 17 Time(s) unknown (ppp91-122-14-178.pppoe.avangarddsl.ru): 14 Time(s) unknown (106.12.125.27): 11 Time(s) unknown (106.12.99.173): 10 Time(s) unknown (52.166.196.196): 10 Time(s) unknown (1.109.59.63): 9 Time(s) unknown (106.75.93.253): 9 Time(s) unknown (118.25.90.127): 9 Time(s) unknown (dynamic-adsl-84-221-181-24.clienti.tiscali.it): 8 Time(s) root (39.75.157.250): 6 Time(s) unknown (87.ip-51-254-34.eu): 6 Time(s) unknown (ns364702.ip-94-23-204.eu): 3 Time(s) unknown (ns37798.ip-91-121-7.eu): 3 Time(s) list (121.12.87.109): 2 Time(s) unknown (94.107.166.97): 2 Time(s) unknown (ip-24-221-18-234.atlnga.spcsdns.net): 2 Time(s) backup (129.213.117.53): 1 Time(s) backup (140.143.206.137): 1 Time(s) backup (187.0.221.222): 1 Time(s) backup (217-133-99-111.static.clienti.tiscali.it): 1 Time(s) backup (36.80.48.9): 1 Time(s) backup (74.63.226.142): 1 Time(s) backup (ip148.ip-66-70-130.net): 1 Time(s) games (153.92.5.183): 1 Time(s) games (gadgedo.com): 1 Time(s) irc (125.63.68.2): 1 Time(s) lp (125.63.68.2): 1 Time(s) mail (120.131.13.186): 1 Time(s) mail (125.63.68.2): 1 Time(s) mail (153.92.5.183): 1 Time(s) mail (36.80.48.9): 1 Time(s) mail (68.183.233.239): 1 Time(s) mail (eh213.internetdsl.tpnet.pl): 1 Time(s) man (120.131.13.186): 1 Time(s) man (36.80.48.9): 1 Time(s) mysql (111.230.38.241): 1 Time(s) mysql (125.63.68.2): 1 Time(s) mysql (ppp91-122-14-178.pppoe.avangarddsl.ru): 1 Time(s) nobody (120.131.13.186): 1 Time(s) nobody (124.205.9.241): 1 Time(s) nobody (140.143.206.137): 1 Time(s) nobody (dynamic-adsl-84-221-181-24.clienti.tiscali.it): 1 Time(s) postfix (125.63.68.2): 1 Time(s) postfix (187.0.221.222): 1 Time(s) proxy (140.143.206.137): 1 Time(s) proxy (68.183.233.239): 1 Time(s) root (45.67.14.148): 1 Time(s) root (58.242.82.13): 1 Time(s) root (58.242.82.5): 1 Time(s) smmsp (125.63.68.2): 1 Time(s) smmsp (150.109.107.178): 1 Time(s) smmsp (gadgedo.com): 1 Time(s) sshd (129.213.117.53): 1 Time(s) sshd (203.129.219.198): 1 Time(s) sync (120.131.13.186): 1 Time(s) sync (153.92.5.183): 1 Time(s) temp (118.24.108.205): 1 Time(s) temp (66.49.84.65.nw.nuvox.net): 1 Time(s) temp (ns364702.ip-94-23-204.eu): 1 Time(s) unknown (128.199.221.18): 1 Time(s) unknown (177.106.220.250): 1 Time(s) unknown (188.92.75.248): 1 Time(s) unknown (78-21-57-20.access.telenet.be): 1 Time(s) unknown (ip-245-062-064-178.pools.atnet.ru): 1 Time(s) unknown (ool-2f127260.dyn.optonline.net): 1 Time(s) unknown (vps32436.lws-hosting.com): 1 Time(s) uucp (177.84.244.96): 1 Time(s) www-data (125.63.68.2): 1 Time(s) Invalid Users: Unknown Account: 1183 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 5 Miscellaneous warnings 15.447K Bytes accepted 15,818 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 150 Connections 141 Connections lost (inbound) 150 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Timeouts (inbound) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 36.80.48.9: 3 times 39.75.157.250: 6 times 45.67.14.148: 1 time 58.242.82.5: 1 time 58.242.82.13: 4 times 66.49.84.65 (66.49.84.65.nw.nuvox.net): 1 time 66.70.130.148 (ip148.ip-66-70-130.net): 1 time 68.183.233.239: 2 times 74.63.226.142 (142-226-63-74.static.reverse.lstn.net): 1 time 80.53.7.213 (eh213.internetdsl.tpnet.pl): 1 time 84.221.181.24 (dynamic-adsl-84-221-181-24.clienti.tiscali.it): 1 time 91.122.14.178 (ppp91-122-14-178.pppoe.avangarddsl.ru): 1 time 94.23.204.136 (ns364702.ip-94-23-204.eu): 1 time 111.230.38.241: 1 time 118.24.108.205: 1 time 120.131.13.186: 4 times 121.12.87.109: 2 times 124.205.9.241: 1 time 125.63.68.2 (125.63.68.2.reverse.spectranet.in): 7 times 129.213.117.53: 2 times 140.143.206.137: 3 times 150.109.107.178: 1 time 153.92.5.183: 3 times 177.84.244.96 (96.244.84.177.4inet.net.br): 1 time 187.0.221.222: 2 times 188.166.239.106 (gadgedo.com): 2 times 203.129.219.198: 1 time 217.133.99.111 (217-133-99-111.static.clienti.tiscali.it): 1 time Illegal users from: undef: 866 times 1.109.59.63: 9 times 24.221.18.234 (ip-24-221-18-234.atlnga.spcsdns.net): 2 times 36.80.48.9: 35 times 41.164.195.204: 18 times 47.18.114.96 (ool-2f127260.dyn.optonline.net): 1 time 51.254.34.87 (87.ip-51-254-34.eu): 6 times 52.166.196.196: 10 times 58.229.208.187: 39 times 66.49.84.65 (66.49.84.65.nw.nuvox.net): 39 times 66.70.130.148 (ip148.ip-66-70-130.net): 17 times 68.183.233.239: 53 times 74.63.226.142 (142-226-63-74.static.reverse.lstn.net): 39 times 78.21.57.20 (78-21-57-20.access.telenet.be): 1 time 80.53.7.213 (eh213.internetdsl.tpnet.pl): 39 times 84.221.181.24 (dynamic-adsl-84-221-181-24.clienti.tiscali.it): 8 times 91.121.7.107 (ns37798.ip-91-121-7.eu): 3 times 91.122.14.178 (ppp91-122-14-178.pppoe.avangarddsl.ru): 14 times 94.23.204.136 (ns364702.ip-94-23-204.eu): 3 times 94.107.166.97: 2 times 106.12.99.173: 10 times 106.12.125.27: 11 times 106.75.93.253: 9 times 111.230.38.241: 43 times 111.230.152.118: 26 times 118.24.108.205: 39 times 118.25.90.127: 9 times 120.131.13.186: 41 times 121.12.87.109: 43 times 122.165.149.75 (abts-tn-static-075.149.165.122.airtelbroadband.in): 44 times 125.63.68.2 (125.63.68.2.reverse.spectranet.in): 41 times 128.199.221.18 (133668.cloudwaysapps.com): 1 time 129.213.117.53: 42 times 139.59.25.252: 58 times 139.199.6.107: 43 times 140.143.206.137: 44 times 150.109.107.178: 43 times 153.92.5.183: 41 times 177.84.244.96 (96.244.84.177.4inet.net.br): 51 times 177.106.220.250 (177-106-220-250.xd-dynamic.algarnetsuper.com.br): 1 time 178.64.62.245 (ip-245-062-064-178.pools.atnet.ru): 1 time 180.250.205.114: 44 times 187.0.221.222: 22 times 188.92.75.248: 1 time 188.131.186.207: 57 times 188.166.239.106 (gadgedo.com): 42 times 192.162.68.149 (vps32436.lws-hosting.com): 1 time 203.129.219.198: 21 times 217.133.99.111 (217-133-99-111.static.clienti.tiscali.it): 17 times **Unmatched Entries** fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,twofish-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 2 time(s) Disconnecting: Change of username or service not allowed: (0,ssh-connection) -> (22,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################