[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Jun 1 04:42:08 2019 Date Range Processed: yesterday ( 2019-May-31 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [404:403] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 185.142.236.35 66.240.205.34 77.247.110.60 Requests with error response codes 400 Bad Request null: 8 Time(s) mstshash=Test: 4 Time(s) /: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) mstshash=Administr: 1 Time(s) r\xBE\xA4\x00\x00.\xC0+\xC0/\x00\x9E\x00\x9C\xC0: 1 Time(s) 404 Not Found /robots.txt: 31 Time(s) /berlin/apple-touch-icon.png: 10 Time(s) /connectors/system/phpthumb.php: 1 Time(s) /index.php?option=com_user&task=register: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/1989-wi-berlin.pdf: 1 Time(s) /reader/1993-so-reader_do93.pdf: 1 Time(s) /reader/1993-wi-reader_st93.pdf: 1 Time(s) /reader/1994-wi-reader_hb94.pdf: 1 Time(s) /reader/1995-so-reader_ha95.pdf: 1 Time(s) /reader/1995-wi-reader_bn95.pdf: 1 Time(s) /reader/1998-so-reader_ro98.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /user/register: 1 Time(s) /wp-login.php: 1 Time(s) /wp-login.php?action=register: 1 Time(s) 500 Internal Server Error /: 32 Time(s) /.well-known/security.txt: 1 Time(s) /admin//config.php: 1 Time(s) /favicon.ico: 1 Time(s) /recordings/index.php: 1 Time(s) /robots.txt: 1 Time(s) /vtigercrm/vtigerservice.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (cpe-74-73-145-47.nyc.res.rr.com): 77 Time(s) unknown (164.132.24.138): 62 Time(s) unknown (200.140.194.111): 62 Time(s) unknown (188.pool85-57-40.dynamic.orange.es): 61 Time(s) unknown (182.73.220.18): 55 Time(s) unknown (118.24.62.17): 53 Time(s) unknown (134.175.93.162): 53 Time(s) unknown (123.206.27.113): 52 Time(s) unknown (193.112.49.155): 52 Time(s) unknown (241.ip-51-77-194.eu): 52 Time(s) unknown (120.31.140.51): 51 Time(s) unknown (180.149.242.246): 51 Time(s) unknown (201.174.182.159): 51 Time(s) unknown (45.6.72.14.leonetprovedor.com.br): 51 Time(s) unknown (182.156.209.222): 49 Time(s) unknown (211.103.222.149): 47 Time(s) unknown (hsi-kbw-46-237-216-237.hsi.kabel-badenwuerttemberg.de): 47 Time(s) unknown (165.227.212.99): 46 Time(s) unknown (mail.onlypellets.com): 44 Time(s) unknown (officialgalaxy.com): 43 Time(s) unknown (206.189.165.94): 40 Time(s) unknown (70.ip-79-137-35.eu): 39 Time(s) unknown (89.106.108.29.unicsbg.net): 29 Time(s) unknown (179.228.196.232): 27 Time(s) unknown (216.7.159.250): 26 Time(s) unknown (117.131.51.157): 24 Time(s) unknown (140.143.203.168): 18 Time(s) unknown (212.64.44.165): 18 Time(s) unknown (152.168.240.115): 17 Time(s) unknown (144-155-255-130.dynamic.t-mont.net.pl): 14 Time(s) unknown (mail2.bergschneider.de): 12 Time(s) unknown (128.199.178.188): 11 Time(s) unknown (49.249.248.34): 11 Time(s) unknown (189.63.255.169): 8 Time(s) unknown (5.158.186.82): 7 Time(s) root (123.179.191.11): 6 Time(s) root (183.105.99.92): 6 Time(s) root (212.108.144.51): 6 Time(s) unknown (106.56.195.163): 6 Time(s) unknown (110.12.202.244): 6 Time(s) unknown (119.1.81.110): 6 Time(s) unknown (79.2.22.244): 6 Time(s) unknown (175.6.77.235): 4 Time(s) unknown (152.136.72.17): 3 Time(s) postfix (211.103.222.149): 2 Time(s) postgres (hsi-kbw-46-237-216-237.hsi.kabel-badenwuerttemberg.de): 2 Time(s) sshd (200.140.194.111): 2 Time(s) temp (118.24.62.17): 2 Time(s) unknown (93-42-75-89.ip85.fastwebnet.it): 2 Time(s) backup (cpe-74-73-145-47.nyc.res.rr.com): 1 Time(s) backup (hsi-kbw-46-237-216-237.hsi.kabel-badenwuerttemberg.de): 1 Time(s) daemon (182.156.209.222): 1 Time(s) games (134.175.93.162): 1 Time(s) games (cpe-74-73-145-47.nyc.res.rr.com): 1 Time(s) gnats (120.31.140.51): 1 Time(s) gnats (45.6.72.14.leonetprovedor.com.br): 1 Time(s) irc (117.131.51.157): 1 Time(s) irc (182.73.220.18): 1 Time(s) irc (211.103.222.149): 1 Time(s) list (123.206.27.113): 1 Time(s) list (200.140.194.111): 1 Time(s) lp (officialgalaxy.com): 1 Time(s) mail (200.140.194.111): 1 Time(s) mail (49.249.248.34): 1 Time(s) mail (cpe-74-73-145-47.nyc.res.rr.com): 1 Time(s) mailman (118.24.62.17): 1 Time(s) mailman (144-155-255-130.dynamic.t-mont.net.pl): 1 Time(s) man (164.132.24.138): 1 Time(s) man (211.103.222.149): 1 Time(s) man (mail2.bergschneider.de): 1 Time(s) mysql (mail.onlypellets.com): 1 Time(s) news (164.132.24.138): 1 Time(s) news (193.112.49.155): 1 Time(s) nobody (182.73.220.18): 1 Time(s) nobody (45.6.72.14.leonetprovedor.com.br): 1 Time(s) nobody (mail.onlypellets.com): 1 Time(s) postfix (123.206.27.113): 1 Time(s) postfix (182.156.209.222): 1 Time(s) postgres (117.131.51.157): 1 Time(s) postgres (118.24.62.17): 1 Time(s) postgres (134.175.93.162): 1 Time(s) postgres (201.174.182.159): 1 Time(s) postgres (216.7.159.250): 1 Time(s) postgres (89.106.108.29.unicsbg.net): 1 Time(s) proxy (128.199.178.188): 1 Time(s) proxy (182.156.209.222): 1 Time(s) proxy (182.73.220.18): 1 Time(s) proxy (211.103.222.149): 1 Time(s) proxy (cpe-74-73-145-47.nyc.res.rr.com): 1 Time(s) root (49.167.241.224): 1 Time(s) sshd (216.7.159.250): 1 Time(s) temp (164.132.24.138): 1 Time(s) unknown (101.99.65.72): 1 Time(s) unknown (193.32.163.89): 1 Time(s) unknown (194.179.101.6): 1 Time(s) unknown (201.229.156.138): 1 Time(s) unknown (27.72.88.199): 1 Time(s) unknown (74.208.239.79): 1 Time(s) unknown (94.158.83.31): 1 Time(s) uucp (164.132.24.138): 1 Time(s) www-data (120.31.140.51): 1 Time(s) www-data (216.7.159.250): 1 Time(s) Invalid Users: Unknown Account: 1400 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 15.433K Bytes accepted 15,803 15.433K Bytes sent via SMTP 15,803 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 7 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 7 Total 4xx Rejects 100.00% ======== ================================================== 541 Connections 515 Connections lost (inbound) 541 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 2 Time(s) root : 3 Time(s) Failed logins from: 45.6.72.14 (45.6.72.14.leonetprovedor.com.br): 2 times 46.237.216.237 (HSI-KBW-46-237-216-237.hsi.kabel-badenwuerttemberg.de): 3 times 49.167.241.224: 1 time 49.249.248.34 (static-34.248.249.49-tataidc.co.in): 1 time 74.73.145.47 (cpe-74-73-145-47.nyc.res.rr.com): 4 times 82.149.162.78 (mail2.bergschneider.de): 1 time 89.106.108.29 (89.106.108.29.unicsbg.net): 1 time 117.131.51.157 (.): 2 times 118.24.62.17: 4 times 120.31.140.51 (ns1.eflydns.net): 2 times 123.179.191.11: 6 times 123.206.27.113: 2 times 128.199.178.188: 1 time 130.255.155.144 (144-155-255-130.dynamic.t-mont.net.pl): 1 time 134.175.93.162: 2 times 164.132.24.138: 4 times 167.86.102.48 (mail.onlypellets.com): 2 times 182.73.220.18: 3 times 182.156.209.222 (static-222.209.156.182-tataidc.co.in): 3 times 183.105.99.92: 6 times 193.112.49.155: 1 time 200.140.194.111 (antispam.tulio.com.br): 4 times 201.174.182.159 (201-174-182-159.transtelco.net): 1 time 207.154.249.20 (officialgalaxy.com): 1 time 211.103.222.149: 5 times 212.108.144.51: 6 times 216.7.159.250 (host-216-7-159-250.mtnsat.com): 3 times Illegal users from: undef: 1021 times 5.158.186.82 (HSI-KBW-5-158-186-82.hsi19.kabel-badenwuerttemberg.de): 7 times 27.72.88.199 (dynamic-adsl.viettel.vn): 1 time 45.6.72.14 (45.6.72.14.leonetprovedor.com.br): 51 times 46.237.216.237 (HSI-KBW-46-237-216-237.hsi.kabel-badenwuerttemberg.de): 47 times 49.249.248.34 (static-34.248.249.49-tataidc.co.in): 11 times 51.77.194.241 (241.ip-51-77-194.eu): 52 times 74.73.145.47 (cpe-74-73-145-47.nyc.res.rr.com): 77 times 74.208.239.79: 1 time 79.2.22.244: 6 times 79.137.35.70 (70.ip-79-137-35.eu): 39 times 82.149.162.78 (mail2.bergschneider.de): 12 times 85.57.40.188 (188.pool85-57-40.dynamic.orange.es): 61 times 89.106.108.29 (89.106.108.29.unicsbg.net): 29 times 93.42.75.89 (93-42-75-89.ip85.fastwebnet.it): 2 times 94.158.83.31: 1 time 101.99.65.72: 1 time 106.56.195.163: 6 times 110.12.202.244: 6 times 117.131.51.157 (.): 24 times 118.24.62.17: 53 times 119.1.81.110: 6 times 120.31.140.51 (ns1.eflydns.net): 51 times 123.206.27.113: 52 times 128.199.178.188: 11 times 130.255.155.144 (144-155-255-130.dynamic.t-mont.net.pl): 14 times 134.175.93.162: 53 times 139.162.122.110 (scan-8.security.ipip.net): 1 time 140.143.203.168: 18 times 152.136.72.17: 3 times 152.168.240.115 (115-240-168-152.fibertel.com.ar): 17 times 163.172.106.114 (163-172-106-114.rev.poneytelecom.eu): 1 time 164.132.24.138: 62 times 165.227.212.99: 46 times 167.86.102.48 (mail.onlypellets.com): 44 times 175.6.77.235: 4 times 179.228.196.232 (179-228-196-232.user.vivozap.com.br): 27 times 180.149.242.246: 51 times 182.73.220.18: 55 times 182.156.209.222 (static-222.209.156.182-tataidc.co.in): 49 times 189.63.255.169 (bd3fffa9.virtua.com.br): 8 times 193.32.163.89 (srv.eqaltech.su): 1 time 193.112.49.155: 52 times 194.179.101.6 (6.red-194-179-101.customer.static.ccgg.telefonica.net): 1 time 200.140.194.111 (antispam.tulio.com.br): 62 times 201.174.182.159 (201-174-182-159.transtelco.net): 51 times 201.229.156.138 (138.156.229.201.l.static.claro.net.do): 1 time 206.189.165.94: 40 times 207.154.249.20 (officialgalaxy.com): 43 times 211.103.222.149: 47 times 212.64.44.165: 18 times 216.7.159.250 (host-216-7-159-250.mtnsat.com): 26 times **Unmatched Entries** error: Received disconnect from 163.172.106.114: 3: com.jcraft.jsch.JSchException: Auth cancel [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################