[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Dienstag, 15 Oktober 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Tue Oct 15 04:42:05 2019
        Date Range Processed: yesterday
                              ( 2019-Oct-14 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [153:152]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 8 sites probed the server 
    15.188.47.240
    183.129.160.229
    185.234.218.15
    61.219.11.153
    62.210.189.8
    66.240.205.34
    80.82.64.125
    89.248.169.17
 
 Requests with error response codes
    400 Bad Request
       null: 9 Time(s)
       ../../mnt/custom/ProductDefinition: 2 Time(s)
       mstshash=Administr: 2 Time(s)
       /dana-na/../dana/html5acc/guacamole/../../ ... 5acc/guacamole/: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
    404 Not Found
       /robots.txt: 39 Time(s)
       /wp-login.php: 4 Time(s)
       /berlin/apple-touch-icon.png: 2 Time(s)
       /reader/2016_sose_konstanz_lang.pdf: 1 Time(s)
       /reader/2017_SoSe_Berlin_vorlaeufig.pdf%7C: 1 Time(s)
       /reader/https//zapf.wiki/User:Kuschelb%C3%A4r9000: 1 Time(s)
       /verein/satzung/%7CSatzung: 1 Time(s)
    500 Internal Server Error
       /: 14 Time(s)
       //xmlrpc.php: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (ns3003413.ip-5-196-75.eu): 96 Time(s)
       root (ns3075598.ip-164-132-207.eu): 95 Time(s)
       root (118.24.108.205): 93 Time(s)
       root (113.80.86.2): 90 Time(s)
       root (vmi264252.contaboserver.net): 74 Time(s)
       root (140.143.22.200): 73 Time(s)
       unknown (118.89.30.76): 65 Time(s)
       unknown (106.13.140.110): 63 Time(s)
       root (111.ip-144-217-242.net): 62 Time(s)
       root (52.232.31.246): 54 Time(s)
       root (103.54.219.106): 52 Time(s)
       unknown (159.89.153.54): 52 Time(s)
       root (148.70.65.131): 48 Time(s)
       unknown (srv208.firstheberg.net): 45 Time(s)
       root (182.61.176.53): 44 Time(s)
       unknown (81.4.106.152): 42 Time(s)
       root (159.89.201.59): 41 Time(s)
       root (185.25.48.194): 36 Time(s)
       unknown (115.159.86.75): 36 Time(s)
       unknown (159.89.201.59): 36 Time(s)
       unknown (106.13.4.117): 32 Time(s)
       unknown (103.54.219.106): 31 Time(s)
       root (202.119.81.229): 30 Time(s)
       root (host213-120-170-33.in-addr.btopenworld.com): 29 Time(s)
       unknown (150.109.52.25): 29 Time(s)
       unknown (36.92.95.10): 29 Time(s)
       unknown (52.232.31.246): 29 Time(s)
       unknown (115.249.92.88): 28 Time(s)
       root (40.122.29.117): 27 Time(s)
       root (ns513151.ip-167-114-157.net): 27 Time(s)
       unknown (140.143.22.200): 27 Time(s)
       unknown (49.206.31.144): 27 Time(s)
       unknown (vmi264252.contaboserver.net): 27 Time(s)
       root (106.13.140.110): 26 Time(s)
       root (177.ip-54-38-183.eu): 26 Time(s)
       root (118.89.30.76): 25 Time(s)
       unknown (111.ip-144-217-242.net): 25 Time(s)
       unknown (58.ip-51-255-35.eu): 25 Time(s)
       unknown (139.199.48.217): 24 Time(s)
       root (115.249.92.88): 23 Time(s)
       root (169.ip-167-114-98.net): 23 Time(s)
       unknown (169.ip-167-114-98.net): 23 Time(s)
       root (36.92.95.10): 22 Time(s)
       root (49.235.101.153): 22 Time(s)
       unknown (177.ip-54-38-183.eu): 22 Time(s)
       root (104.236.230.165): 21 Time(s)
       unknown (ns513151.ip-167-114-157.net): 21 Time(s)
       root (49.206.31.144): 20 Time(s)
       unknown (40.73.101.100): 20 Time(s)
       root (139.199.80.67): 19 Time(s)
       root (58.ip-51-255-35.eu): 19 Time(s)
       unknown (119.29.11.242): 19 Time(s)
       unknown (178.128.59.109): 19 Time(s)
       root (119.29.11.242): 18 Time(s)
       unknown (49.235.101.153): 18 Time(s)
       root (106.13.4.117): 17 Time(s)
       root (116.214.56.11): 17 Time(s)
       unknown (40.122.29.117): 17 Time(s)
       unknown (202.119.81.229): 16 Time(s)
       unknown (16.ip-51-83-46.eu): 15 Time(s)
       unknown (b2b-37-24-118-239.unitymedia.biz): 14 Time(s)
       root (45.119.212.105): 13 Time(s)
       root (81.4.106.152): 13 Time(s)
       unknown (185.25.48.194): 13 Time(s)
       root (139.199.48.217): 10 Time(s)
       root (40.73.101.100): 10 Time(s)
       root (static-47-180-89-23.lsan.ca.frontiernet.net): 10 Time(s)
       unknown (139.199.80.67): 10 Time(s)
       root (159.89.153.54): 9 Time(s)
       unknown (ns563195.ip-192-99-19.net): 9 Time(s)
       unknown (104.236.230.165): 8 Time(s)
       unknown (118.24.108.205): 8 Time(s)
       root (srv208.firstheberg.net): 7 Time(s)
       root (115.68.1.14): 6 Time(s)
       root (net-93-71-35-76.cust.vodafonedsl.it): 6 Time(s)
       root (ns563195.ip-192-99-19.net): 6 Time(s)
       unknown (host213-120-170-33.in-addr.btopenworld.com): 6 Time(s)
       unknown (net-93-71-35-76.cust.vodafonedsl.it): 6 Time(s)
       unknown (static-47-180-89-23.lsan.ca.frontiernet.net): 6 Time(s)
       root (150.109.52.25): 5 Time(s)
       root (177.ip-137-74-199.eu): 5 Time(s)
       root (80.211.245.103): 5 Time(s)
       unknown (116.214.56.11): 5 Time(s)
       unknown (193.201.224.232): 5 Time(s)
       root (157.red-81-47-160.staticip.rima-tde.net): 4 Time(s)
       unknown (157.red-81-47-160.staticip.rima-tde.net): 4 Time(s)
       unknown (218.4.169.82): 4 Time(s)
       unknown (45.119.212.105): 4 Time(s)
       unknown (148.70.65.131): 3 Time(s)
       unknown (185.88.197.15): 3 Time(s)
       unknown (193.32.163.182): 3 Time(s)
       unknown (200-98-1-189.tlf.dialuol.com.br): 3 Time(s)
       unknown (80.211.245.103): 3 Time(s)
       unknown (cpe-104-175-32-206.socal.res.rr.com): 3 Time(s)
       unknown (ns3075598.ip-164-132-207.eu): 3 Time(s)
       root (16.ip-51-83-46.eu): 2 Time(s)
       root (200.70.56.204): 2 Time(s)
       unknown (113.80.86.2): 2 Time(s)
       unknown (118.141.215.184): 2 Time(s)
       unknown (177.ip-137-74-199.eu): 2 Time(s)
       unknown (178.33.216.209): 2 Time(s)
       unknown (200.70.56.204): 2 Time(s)
       unknown (62.168.141.253): 2 Time(s)
       unknown (92.63.194.26): 2 Time(s)
       unknown (areims-651-1-138-75.w92-142.abo.wanadoo.fr): 2 Time(s)
       unknown (ns3108173.ip-54-37-253.eu): 2 Time(s)
       unknown (ns388423.ip-176-31-253.eu): 2 Time(s)
       unknown (ool-2f168746.static.optonline.net): 2 Time(s)
       unknown (static-100-37-253-46.nycmny.fios.verizon.net): 2 Time(s)
       backup (49.206.31.144): 1 Time(s)
       irc (169.ip-167-114-98.net): 1 Time(s)
       mysql (40.122.29.117): 1 Time(s)
       postgres (40.122.29.117): 1 Time(s)
       postgres (45.119.212.105): 1 Time(s)
       postgres (server.herojus.lt): 1 Time(s)
       root (103.91.95.223): 1 Time(s)
       root (104.131.113.106): 1 Time(s)
       root (115.159.86.75): 1 Time(s)
       root (140.ip-164-132-49.eu): 1 Time(s)
       root (142.93.39.29): 1 Time(s)
       root (213.135.230.147): 1 Time(s)
       root (87.247.157.122): 1 Time(s)
       root (96.57.82.166): 1 Time(s)
       root (b2b-37-24-118-239.unitymedia.biz): 1 Time(s)
       root (server.multixservices.net): 1 Time(s)
       sshd (139.199.80.67): 1 Time(s)
       sshd (169.ip-167-114-98.net): 1 Time(s)
       sync (169.ip-167-114-98.net): 1 Time(s)
       unknown (103.91.54.100): 1 Time(s)
       unknown (106.12.89.13): 1 Time(s)
       unknown (112.220.24.131): 1 Time(s)
       unknown (113.160.165.66): 1 Time(s)
       unknown (113.172.0.136): 1 Time(s)
       unknown (123.30.154.184): 1 Time(s)
       unknown (130.61.122.5): 1 Time(s)
       unknown (139.59.56.121): 1 Time(s)
       unknown (140.ip-164-132-49.eu): 1 Time(s)
       unknown (154.120.242.70): 1 Time(s)
       unknown (206.189.132.204): 1 Time(s)
       unknown (255.red-2-139-215.staticip.rima-tde.net): 1 Time(s)
       unknown (46.ip-51-254-114.eu): 1 Time(s)
       unknown (60.12.26.9): 1 Time(s)
       unknown (68.183.105.52): 1 Time(s)
       unknown (94.156.119.230): 1 Time(s)
       unknown (94.51.140.253): 1 Time(s)
       unknown (host-212.96.235.122.tvksmp.pl): 1 Time(s)
       unknown (ns335893.ip-37-59-17.eu): 1 Time(s)
       unknown (rrcs-108-176-0-2.nyc.biz.rr.com): 1 Time(s)
       unknown (s17783852.onlinehome-server.info): 1 Time(s)
       www-data (185.25.48.194): 1 Time(s)
    Invalid Users:
       Unknown Account: 1030 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  
 
   18.881K  Bytes accepted                              19,334
   18.881K  Bytes sent via SMTP                         19,334
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
     1879   Connections             
     1873   Connections lost (inbound) 
     1880   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   SMTP dialog errors      
        1   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    invalid : 1 Time(s)
    root : 1 Time(s)
 
 Failed logins from:
    5.196.75.47 (ns3003413.ip-5-196-75.eu): 96 times
    36.92.95.10: 22 times
    37.24.118.239 (b2b-37-24-118-239.unitymedia.biz): 1 time
    40.73.101.100: 10 times
    40.122.29.117: 29 times
    45.119.212.105: 14 times
    46.101.163.220 (server.herojus.lt): 1 time
    47.180.89.23 (static-47-180-89-23.lsan.ca.frontiernet.net): 10 times
    49.206.31.144 (broadband.actcorp.in): 21 times
    49.235.101.153: 22 times
    51.83.46.16 (16.ip-51-83-46.eu): 2 times
    51.255.35.58 (58.ip-51-255-35.eu): 19 times
    52.232.31.246: 54 times
    54.38.183.177 (177.ip-54-38-183.eu): 26 times
    80.211.245.103 (host103-245-211-80.static.arubacloud.pl): 5 times
    81.4.106.152 (lamb.lardcave.net): 13 times
    81.47.160.157 (157.red-81-47-160.staticip.rima-tde.net): 4 times
    87.247.157.122: 1 time
    91.236.239.56 (srv208.firstheberg.net): 7 times
    93.71.35.76 (net-93-71-35-76.cust.vodafonedsl.it): 6 times
    96.57.82.166 (ool-603952a6.static.optonline.net): 1 time
    103.54.219.106: 52 times
    103.91.95.223: 1 time
    104.131.113.106: 1 time
    104.236.230.165 (24autobids.com): 21 times
    106.13.4.117: 17 times
    106.13.140.110: 26 times
    113.80.86.2: 90 times
    115.68.1.14: 6 times
    115.159.86.75: 1 time
    115.249.92.88: 23 times
    116.214.56.11 (user.nova.net.cn): 17 times
    118.24.108.205: 93 times
    118.89.30.76: 25 times
    119.29.11.242: 18 times
    137.74.199.177 (177.ip-137-74-199.eu): 5 times
    139.199.48.217: 10 times
    139.199.80.67: 20 times
    140.143.22.200: 73 times
    142.93.39.29: 1 time
    144.217.242.111 (111.ip-144-217-242.net): 62 times
    148.70.65.131: 48 times
    150.109.52.25: 5 times
    159.89.153.54: 9 times
    159.89.201.59: 41 times
    162.241.178.219 (server.multixservices.net): 1 time
    164.132.49.140 (140.ip-164-132-49.eu): 1 time
    164.132.207.231 (ns3075598.ip-164-132-207.eu): 95 times
    167.114.98.169 (169.ip-167-114-98.net): 26 times
    167.114.157.86 (ns513151.ip-167-114-157.net): 27 times
    178.238.230.212 (vmi264252.contaboserver.net): 74 times
    182.61.176.53: 44 times
    185.25.48.194: 37 times
    192.99.19.77 (ns563195.ip-192-99-19.net): 6 times
    200.70.56.204 (host204.advance.com.ar): 2 times
    202.119.81.229: 30 times
    213.120.170.33 (host213-120-170-33.in-addr.btopenworld.com): 29 times
    213.135.230.147 (ip-213-135-230-147.static.luxdsl.pt.lu): 1 time
 
 Illegal users from:
    undef: 853 times
    2.139.215.255 (255.red-2-139-215.staticip.rima-tde.net): 1 time
    36.92.95.10: 29 times
    37.24.118.239 (b2b-37-24-118-239.unitymedia.biz): 14 times
    37.59.17.24 (ns335893.ip-37-59-17.eu): 1 time
    40.73.101.100: 20 times
    40.122.29.117: 17 times
    45.119.212.105: 4 times
    47.22.135.70 (ool-2f168746.static.optonline.net): 2 times
    47.180.89.23 (static-47-180-89-23.lsan.ca.frontiernet.net): 6 times
    49.206.31.144 (broadband.actcorp.in): 27 times
    49.235.101.153: 18 times
    51.83.46.16 (16.ip-51-83-46.eu): 15 times
    51.254.114.46 (46.ip-51-254-114.eu): 1 time
    51.255.35.58 (58.ip-51-255-35.eu): 25 times
    52.232.31.246: 29 times
    54.37.253.161 (ns3108173.ip-54-37-253.eu): 2 times
    54.38.183.177 (177.ip-54-38-183.eu): 22 times
    60.12.26.9: 1 time
    62.168.141.253: 2 times
    68.183.105.52: 1 time
    80.211.245.103 (host103-245-211-80.static.arubacloud.pl): 3 times
    81.4.106.152 (lamb.lardcave.net): 42 times
    81.47.160.157 (157.red-81-47-160.staticip.rima-tde.net): 4 times
    82.165.35.17 (s17783852.onlinehome-server.info): 1 time
    91.236.239.56 (srv208.firstheberg.net): 45 times
    92.63.194.26: 2 times
    92.142.33.75 (areims-651-1-138-75.w92-142.abo.wanadoo.fr): 2 times
    93.71.35.76 (net-93-71-35-76.cust.vodafonedsl.it): 6 times
    94.51.140.253: 1 time
    94.156.119.230: 1 time
    100.37.253.46 (static-100-37-253-46.nycmny.fios.verizon.net): 2 times
    103.54.219.106: 31 times
    103.91.54.100: 1 time
    104.175.32.206 (cpe-104-175-32-206.socal.res.rr.com): 3 times
    104.236.230.165 (24autobids.com): 8 times
    106.12.89.13: 1 time
    106.13.4.117: 32 times
    106.13.140.110: 63 times
    108.176.0.2 (rrcs-108-176-0-2.nyc.biz.rr.com): 1 time
    112.220.24.131: 1 time
    113.80.86.2: 2 times
    113.160.165.66 (static.vnpt.vn): 1 time
    113.172.0.136 (static.vnpt.vn): 1 time
    115.159.86.75: 36 times
    115.249.92.88: 28 times
    116.214.56.11 (user.nova.net.cn): 5 times
    118.24.108.205: 8 times
    118.89.30.76: 65 times
    118.141.215.184 (sr-184-215-141-118-on-nets.com): 2 times
    119.29.11.242: 19 times
    123.30.154.184 (static.vnpt.vn): 1 time
    130.61.122.5: 1 time
    137.74.199.177 (177.ip-137-74-199.eu): 2 times
    139.59.56.121: 1 time
    139.199.48.217: 24 times
    139.199.80.67: 10 times
    140.143.22.200: 27 times
    144.217.242.111 (111.ip-144-217-242.net): 25 times
    148.70.65.131: 3 times
    150.109.52.25: 29 times
    154.120.242.70 (154.120.242.70.liquidtelecom.net): 1 time
    159.89.153.54: 52 times
    159.89.201.59: 36 times
    164.132.49.140 (140.ip-164-132-49.eu): 1 time
    164.132.207.231 (ns3075598.ip-164-132-207.eu): 3 times
    167.114.98.169 (169.ip-167-114-98.net): 23 times
    167.114.157.86 (ns513151.ip-167-114-157.net): 21 times
    176.31.253.204 (ns388423.ip-176-31-253.eu): 2 times
    178.33.216.209: 2 times
    178.128.59.109: 19 times
    178.238.230.212 (vmi264252.contaboserver.net): 27 times
    185.25.48.194: 13 times
    185.88.197.15 (not-updated.castle-it.net): 3 times
    192.99.19.77 (ns563195.ip-192-99-19.net): 9 times
    193.32.163.182 (hosting-by.cloud-home.me): 3 times
    193.201.224.232: 6 times
    200.70.56.204 (host204.advance.com.ar): 2 times
    200.98.1.189 (200-98-1-189.tlf.dialuol.com.br): 3 times
    202.119.81.229: 16 times
    206.189.132.204: 1 time
    212.96.235.122 (host-212.96.235.122.tvksmp.pl): 1 time
    213.120.170.33 (host213-120-170-33.in-addr.btopenworld.com): 6 times
    218.4.169.82 (mail.innoventbio.com): 4 times
 
 **Unmatched Entries**
 error: Received disconnect from 81.47.160.157: 3: com.jcraft.jsch.JSchException: Auth
fail [preauth] : 8 time(s)
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 3 time(s)
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 2 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)