[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Feb 19 04:42:04 2019 Date Range Processed: yesterday ( 2019-Feb-18 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 10:10 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 2 sites probed the server 46.119.126.222 46.29.167.33 Requests with error response codes 400 Bad Request null: 3 Time(s) /css/font-awesome.min.css: 1 Time(s) /css/font-merriweather.css: 1 Time(s) /css/highlight/default.css: 1 Time(s) /css/style.css: 1 Time(s) /vtigercrm/vtigerservice.php: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 404 Not Found /robots.txt: 38 Time(s) /favicon.ico: 6 Time(s) /wp-login.php: 4 Time(s) /.well-known/apple-app-site-association: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) /apple-app-site-association: 1 Time(s) /berlin/apple-touch-icon.png: 1 Time(s) /download/zapfev_satzung.pdf: 1 Time(s) /user/login?destination=comment%2Freply%2F33%23comment-form: 1 Time(s) 499 (undefined) /reader/1984_wsBonn_Wi84.pdf: 1 Time(s) 500 Internal Server Error /: 5 Time(s) /vtigercrm/vtigerservice.php: 1 Time(s) 502 Bad Gateway /: 24 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (220-132-76-189.hinet-ip.hinet.net): 6 Time(s) root (24.219.214.75): 6 Time(s) root (45.247.182.92): 6 Time(s) unknown (120.4.217.4): 6 Time(s) unknown (182.116.235.113): 6 Time(s) unknown (222.138.55.249): 6 Time(s) unknown (42.228.201.111): 6 Time(s) unknown (79-126-35-61.dynamic.mts-nn.ru): 6 Time(s) unknown (privat-bank.bcn.es.colt.net): 6 Time(s) root (fl1-122-130-191-220.tky.mesh.ad.jp): 3 Time(s) root (c-67f2e655.242-3-64736c10.bbcust.telenor.se): 2 Time(s) unknown (138.red-79-150-176.dynamicip.rima-tde.net): 2 Time(s) nobody (62.94.13.91): 1 Time(s) root (185.244.25.105): 1 Time(s) root (198-143-167-83.reverse.alphalink.fr): 1 Time(s) root (46.29.109.34): 1 Time(s) root (77.172.113.242): 1 Time(s) root (data-131-6.cgates.lt): 1 Time(s) root (ip-100-35.sn2.clouditalia.com): 1 Time(s) root (tornocontata1.sef.uv.es): 1 Time(s) unknown (100.red-80-25-203.staticip.rima-tde.net): 1 Time(s) unknown (113.172.255.46): 1 Time(s) unknown (17.189.8.109.rev.sfr.net): 1 Time(s) unknown (176-136-163-246.abo.bbox.fr): 1 Time(s) unknown (177.92.47.142): 1 Time(s) unknown (198-143-167-83.reverse.alphalink.fr): 1 Time(s) unknown (62.94.13.91): 1 Time(s) unknown (75-145-115-227-colorado.hfc.comcastbusiness.net): 1 Time(s) unknown (78-134-6-82.v4.ngi.it): 1 Time(s) unknown (85-218-46-45.dclient.lsne.ch): 1 Time(s) unknown (88.214.26.49): 1 Time(s) unknown (91.126.48.215): 1 Time(s) unknown (91.219.253.183): 1 Time(s) unknown (94-137-113-66.customers.ownit.se): 1 Time(s) unknown (data-131-6.cgates.lt): 1 Time(s) unknown (i16-les01-ntr-212-195-107-174.sfr.lns.abo.bbox.fr): 1 Time(s) unknown (ip-109-140.sn2.clouditalia.com): 1 Time(s) unknown (p578451ff.dip0.t-ipconnect.de): 1 Time(s) unknown (p5b2792b6.dip0.t-ipconnect.de): 1 Time(s) unknown (port-83-236-233-205.static.qsc.de): 1 Time(s) unknown (ssv10-2-88-161-146-100.fbx.proxad.net): 1 Time(s) unknown (static-176-159-254-175.ftth.abo.bbox.fr): 1 Time(s) Invalid Users: Unknown Account: 60 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 14 Miscellaneous warnings 7.272K Bytes accepted 7,447 7.272K Bytes sent via SMTP 7,447 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 557 Connections 31 Connections lost (inbound) 557 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 6 Time(s) root : 3 Time(s) Failed logins from: 5.20.131.6 (data-131-6.cgates.lt): 1 time 24.219.214.75: 6 times 45.247.182.92: 6 times 46.29.109.34: 1 time 62.94.13.91: 1 time 77.172.113.242 (static.kpn.net): 1 time 83.167.143.198 (198-143-167-83.reverse.alphalink.fr): 1 time 83.211.100.35 (ip-100-35.sn2.clouditalia.com): 1 time 85.230.242.103 (c-67f2e655.242-3-64736c10.bbcust.telenor.se): 2 times 122.130.191.220 (FL1-122-130-191-220.tky.mesh.ad.jp): 9 times 147.156.215.69 (tornocontata1.sef.uv.es): 1 time 185.244.25.105 (Dedi08.customers.kvsolutions.nl): 1 time 220.132.76.189 (220-132-76-189.HINET-IP.hinet.net): 6 times Illegal users from: undef: 11 times 5.20.131.6 (data-131-6.cgates.lt): 1 time 42.228.201.111 (hn.kd.ny.adsl): 6 times 62.94.13.91: 1 time 75.145.115.227 (75-145-115-227-Colorado.hfc.comcastbusiness.net): 1 time 78.134.6.82 (78-134-6-82.v4.ngi.it): 1 time 79.126.35.61 (79-126-35-61.dynamic.mts-nn.ru): 6 times 79.150.176.138 (138.red-79-150-176.dynamicip.rima-tde.net): 2 times 80.25.203.100 (100.red-80-25-203.staticip.rima-tde.net): 1 time 83.167.143.198 (198-143-167-83.reverse.alphalink.fr): 1 time 83.211.109.140 (ip-109-140.sn2.clouditalia.com): 1 time 83.236.233.205 (port-83-236-233-205.static.qsc.de): 1 time 85.218.46.45 (85-218-46-45.dclient.lsne.ch): 1 time 87.132.81.255 (p578451FF.dip0.t-ipconnect.de): 1 time 88.161.146.100 (ssv10-2-88-161-146-100.fbx.proxad.net): 1 time 88.214.26.49 (hostby.fcloud.biz): 1 time 91.39.146.182 (p5B2792B6.dip0.t-ipconnect.de): 1 time 91.126.48.215 (cli-5b7e30d7.wholesale.adamo.es): 1 time 91.219.253.183: 1 time 94.137.113.66 (94-137-113-66.customers.ownit.se): 1 time 109.8.189.17 (17.189.8.109.rev.sfr.net): 1 time 113.172.255.46 (static.vnpt.vn): 1 time 120.4.217.4: 6 times 176.136.163.246 (176-136-163-246.abo.bbox.fr): 1 time 176.159.254.175 (static-176-159-254-175.ftth.abo.bbox.fr): 1 time 177.92.47.142 (142.47.92.177.dynamic.copel.net): 1 time 182.116.235.113 (hn.kd.ny.adsl): 6 times 212.195.107.174 (i16-les01-ntr-212-195-107-174.sfr.lns.abo.bbox.fr): 1 time 213.229.148.214 (Privat-Bank.bcn.es.colt.net): 6 times 222.138.55.249 (hn.kd.ny.adsl): 6 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################