[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Mittwoch, 11 Dezember 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Wed Dec 11 04:42:04 2019
        Date Range Processed: yesterday
                              ( 2019-Dec-10 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [214:213]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 2 sites probed the server 
    118.152.239.147
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       mstshash=Administr: 4 Time(s)
       /: 3 Time(s)
       null: 3 Time(s)
       /socket.io/?noteId=AwS&EIO=3&transport=pol ... _HXqwOy7YpIAAgS: 2 Time(s)
       /shell?busybox: 1 Time(s)
       /socket.io/?noteId=AwS&EIO=3&transport=web ... _HXqwOy7YpIAAgS: 1 Time(s)
    403 Forbidden
       /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s)
    404 Not Found
       /robots.txt: 35 Time(s)
       /shop/: 5 Time(s)
       /store/: 5 Time(s)
       /berlin/apple-touch-icon.png: 4 Time(s)
       /cart/: 4 Time(s)
       /catalog/: 4 Time(s)
       /null: 2 Time(s)
       /wp-login.php: 2 Time(s)
       /.well-known/openpgpkey/hu/qs1j67f594iidts ... qm5t?l=vorstand: 1 Time(s)
       /admin/: 1 Time(s)
       /magento/: 1 Time(s)
       /magento/admin/: 1 Time(s)
       /magento/pub/errors/503.php: 1 Time(s)
       /magento2/: 1 Time(s)
       /magento2/admin/: 1 Time(s)
       /magento2/pub/errors/503.php: 1 Time(s)
       /protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 1 Time(s)
       /protokolle/Protokoll_MV_12.11.2016.pdf: 1 Time(s)
       /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s)
       /pub/errors/503.php: 1 Time(s)
       /reader/1989-wi-berlin.pdf: 1 Time(s)
       /reader/1993-wi-reader_st93.pdf: 1 Time(s)
       /reader/1994-wi-reader_hb94.pdf: 1 Time(s)
       /reader/1995-so-reader_ha95.pdf: 1 Time(s)
       /reader/1995-wi-reader_bn95.pdf: 1 Time(s)
       /reader/2016_SoSe_Konstanz_lang.pdf%7CLangversion: 1 Time(s)
       /shop/admin/: 1 Time(s)
       /shop/pub/errors/503.php: 1 Time(s)
       /sites/default/files/2012_11_Stellungnahme_OpenAcces.pdf: 1 Time(s)
       /store/admin/: 1 Time(s)
       /store/pub/errors/503.php: 1 Time(s)
    500 Internal Server Error
       /: 163 Time(s)
       /admin/: 8 Time(s)
       /pub/errors/503.php: 8 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (222.186.175.150): 51 Time(s)
       root (222.186.173.142): 47 Time(s)
       root (222.186.190.2): 46 Time(s)
       root (222.186.42.4): 42 Time(s)
       root (222.186.169.194): 41 Time(s)
       root (222.186.180.41): 38 Time(s)
       root (222.186.175.217): 36 Time(s)
       root (222.186.180.6): 36 Time(s)
       root (49.88.112.59): 36 Time(s)
       root (218.92.0.178): 30 Time(s)
       root (222.186.173.183): 30 Time(s)
       root (222.186.173.215): 30 Time(s)
       root (222.186.175.161): 30 Time(s)
       root (222.186.180.223): 30 Time(s)
       root (49.88.112.62): 30 Time(s)
       root (49.88.112.55): 29 Time(s)
       root (218.92.0.172): 28 Time(s)
       root (218.92.0.134): 24 Time(s)
       root (218.92.0.179): 24 Time(s)
       root (222.186.175.147): 24 Time(s)
       root (222.186.175.154): 24 Time(s)
       root (222.186.175.155): 24 Time(s)
       root (222.186.175.167): 24 Time(s)
       root (222.186.175.183): 24 Time(s)
       root (222.186.175.220): 24 Time(s)
       root (222.186.180.17): 24 Time(s)
       root (222.186.180.8): 24 Time(s)
       root (218.92.0.148): 23 Time(s)
       root (222.186.175.202): 23 Time(s)
       root (112.85.42.182): 21 Time(s)
       root (218.92.0.170): 20 Time(s)
       root (222.186.173.154): 20 Time(s)
       root (218.92.0.131): 18 Time(s)
       root (218.92.0.135): 18 Time(s)
       root (218.92.0.145): 18 Time(s)
       root (218.92.0.175): 18 Time(s)
       root (218.92.0.212): 18 Time(s)
       root (222.186.169.192): 18 Time(s)
       root (222.186.173.180): 18 Time(s)
       root (222.186.173.238): 18 Time(s)
       root (222.186.175.140): 18 Time(s)
       root (222.186.175.163): 18 Time(s)
       root (222.186.175.169): 18 Time(s)
       root (222.186.175.181): 18 Time(s)
       root (222.186.175.182): 18 Time(s)
       root (49.88.112.64): 18 Time(s)
       root (49.88.112.61): 17 Time(s)
       root (112.85.42.180): 15 Time(s)
       root (112.85.42.172): 12 Time(s)
       root (218.92.0.158): 12 Time(s)
       root (218.92.0.164): 12 Time(s)
       root (222.186.175.212): 12 Time(s)
       root (222.186.175.216): 12 Time(s)
       root (222.186.180.9): 12 Time(s)
       root (222.186.190.92): 12 Time(s)
       root (61.177.172.128): 12 Time(s)
       root (218.92.0.165): 11 Time(s)
       root (222.186.175.215): 11 Time(s)
       root (112.85.42.176): 10 Time(s)
       root (218.92.0.141): 10 Time(s)
       root (218.92.0.155): 7 Time(s)
       root (112.85.42.178): 6 Time(s)
       root (222.186.173.226): 6 Time(s)
       root (222.186.175.148): 6 Time(s)
       root (222.186.175.151): 6 Time(s)
       root (222.186.180.147): 6 Time(s)
       root (112.85.42.174): 5 Time(s)
       root (112.85.42.175): 5 Time(s)
       root (119.207.235.159): 2 Time(s)
       root (210.213.148.169): 2 Time(s)
       root (90.220.55.200): 2 Time(s)
       unknown (189.102.255.242): 2 Time(s)
       unknown (201.28.8.163): 2 Time(s)
       daemon (40.124.4.131): 1 Time(s)
       games (207.154.232.160): 1 Time(s)
       postgres (dsl-emcali-200.29.112.240.emcali.net.co): 1 Time(s)
       postgres (vps2.gerin.us): 1 Time(s)
       root (117.225.32.110): 1 Time(s)
       root (159.89.165.127): 1 Time(s)
       root (45.67.14.153): 1 Time(s)
       root (47.23.130.246): 1 Time(s)
       root (66.70.188.12): 1 Time(s)
       root (ns388423.ip-176-31-253.eu): 1 Time(s)
       temp (212.164.228.99): 1 Time(s)
       unknown (103.101.52.48): 1 Time(s)
       unknown (103.118.77.46): 1 Time(s)
       unknown (104.236.246.16): 1 Time(s)
       unknown (106.51.230.190): 1 Time(s)
       unknown (112.140.185.64): 1 Time(s)
       unknown (112.175.114.111): 1 Time(s)
       unknown (112.220.24.131): 1 Time(s)
       unknown (113.160.178.148): 1 Time(s)
       unknown (119.42.175.200): 1 Time(s)
       unknown (121.190.197.205): 1 Time(s)
       unknown (125.160.113.78): 1 Time(s)
       unknown (13.70.7.172): 1 Time(s)
       unknown (132.145.18.157): 1 Time(s)
       unknown (139.59.14.210): 1 Time(s)
       unknown (139.59.180.53): 1 Time(s)
       unknown (139.59.79.56): 1 Time(s)
       unknown (139.99.197.50): 1 Time(s)
       unknown (14.186.245.199): 1 Time(s)
       unknown (14.225.3.47): 1 Time(s)
       unknown (14.234.44.228): 1 Time(s)
       unknown (14.255.45.157): 1 Time(s)
       unknown (142.93.39.29): 1 Time(s)
       unknown (145.249.105.204): 1 Time(s)
       unknown (162.ip-54-37-205.eu): 1 Time(s)
       unknown (165.22.103.237): 1 Time(s)
       unknown (167.99.75.174): 1 Time(s)
       unknown (171.213.12.251): 1 Time(s)
       unknown (173.ip-51-91-102.eu): 1 Time(s)
       unknown (175.193.50.185): 1 Time(s)
       unknown (175.29.184.154): 1 Time(s)
       unknown (178.128.81.125): 1 Time(s)
       unknown (183.82.0.15): 1 Time(s)
       unknown (185.41.41.70): 1 Time(s)
       unknown (190.85.203.254): 1 Time(s)
       unknown (191.239.253.188): 1 Time(s)
       unknown (197.51.57.197): 1 Time(s)
       unknown (198.211.123.183): 1 Time(s)
       unknown (200.173.187.35.bc.googleusercontent.com): 1 Time(s)
       unknown (202.29.39.1): 1 Time(s)
       unknown (202.88.241.107): 1 Time(s)
       unknown (206.189.132.204): 1 Time(s)
       unknown (206.189.137.113): 1 Time(s)
       unknown (206.189.166.172): 1 Time(s)
       unknown (210.21.63.118): 1 Time(s)
       unknown (211.110.140.200): 1 Time(s)
       unknown (212.220.105.94): 1 Time(s)
       unknown (220.167.100.60): 1 Time(s)
       unknown (221.120.222.69): 1 Time(s)
       unknown (221.160.100.14): 1 Time(s)
       unknown (223.197.175.171): 1 Time(s)
       unknown (255.red-2-139-215.staticip.rima-tde.net): 1 Time(s)
       unknown (36.66.149.211): 1 Time(s)
       unknown (37.139.13.105): 1 Time(s)
       unknown (37.139.9.23): 1 Time(s)
       unknown (41.41.172.50): 1 Time(s)
       unknown (42.116.255.216): 1 Time(s)
       unknown (43.229.89.124): 1 Time(s)
       unknown (45.117.83.36): 1 Time(s)
       unknown (45.55.157.147): 1 Time(s)
       unknown (49.204.83.2): 1 Time(s)
       unknown (5.11.37.63): 1 Time(s)
       unknown (54.ip-51-68-230.eu): 1 Time(s)
       unknown (54.ip-54-39-21.net): 1 Time(s)
       unknown (58.65.159.124): 1 Time(s)
       unknown (61.177.139.213): 1 Time(s)
       unknown (71.227.197.35.bc.googleusercontent.com): 1 Time(s)
       unknown (78.187.133.26): 1 Time(s)
       unknown (78.90.67.126): 1 Time(s)
       unknown (81-174-8-105.v4.ngi.it): 1 Time(s)
       unknown (81.12.159.146): 1 Time(s)
       unknown (89.189.154.66.dynamic.ufanet.ru): 1 Time(s)
       unknown (92.63.194.26): 1 Time(s)
       unknown (93.84.86.69): 1 Time(s)
       unknown (c-67-181-98-151.hsd1.ca.comcast.net): 1 Time(s)
       unknown (c399.cloud.wiroos.net): 1 Time(s)
       unknown (din-177-129-42-13.conceitosinformatica.com.br): 1 Time(s)
       unknown (ec2-13-228-107-58.ap-southeast-1.compute.amazonaws.com): 1 Time(s)
       unknown (host217-35-75-193.in-addr.btopenworld.com): 1 Time(s)
       unknown (ip-104-238-116-19.ip.secureserver.net): 1 Time(s)
       unknown (ip-132-148-129-180.ip.secureserver.net): 1 Time(s)
       unknown (kch-106-33.tm.net.my): 1 Time(s)
       unknown (mail6.keltron.in): 1 Time(s)
       unknown (ppp91-122-191-82.pppoe.avangarddsl.ru): 1 Time(s)
       www-data (static.234.23.9.5.clients.your-server.de): 1 Time(s)
    Invalid Users:
       Unknown Account: 87 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        6   Miscellaneous warnings  
 
   12.509K  Bytes accepted                              12,809
   12.509K  Bytes sent via SMTP                         12,809
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        3   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        3   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       29   Connections             
       20   Connections lost (inbound) 
       29   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        5   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 241 Time(s)
 
 Failed logins from:
    5.9.23.234 (static.234.23.9.5.clients.your-server.de): 1 time
    40.124.4.131: 1 time
    45.67.14.153: 1 time
    47.23.130.246 (ool-2f1782f6.static.optonline.net): 1 time
    49.88.112.55: 29 times
    49.88.112.59: 36 times
    49.88.112.61: 17 times
    49.88.112.62: 30 times
    49.88.112.64: 18 times
    61.177.172.128: 12 times
    66.70.188.12 (vps.villagersgroup.com): 1 time
    90.220.55.200 (5adc37c8.bb.sky.com): 2 times
    112.85.42.172: 12 times
    112.85.42.174: 5 times
    112.85.42.175: 5 times
    112.85.42.176: 10 times
    112.85.42.178: 6 times
    112.85.42.180: 15 times
    112.85.42.182: 21 times
    117.225.32.110: 1 time
    119.207.235.159: 2 times
    159.89.165.127: 1 time
    167.114.113.173 (vps2.gerin.us): 1 time
    176.31.253.204 (ns388423.ip-176-31-253.eu): 1 time
    200.29.112.240 (dsl-emcali-200.29.112.240.emcali.net.co): 1 time
    207.154.232.160: 1 time
    210.213.148.169 (210.213.148.169.static.pldt.net): 2 times
    212.164.228.99 (b-internet.212.164.228.99.nsk.rt.ru): 1 time
    218.92.0.131: 18 times
    218.92.0.134: 24 times
    218.92.0.135: 18 times
    218.92.0.141: 10 times
    218.92.0.145: 18 times
    218.92.0.148: 23 times
    218.92.0.155: 12 times
    218.92.0.158: 12 times
    218.92.0.164: 12 times
    218.92.0.165: 11 times
    218.92.0.170: 20 times
    218.92.0.172: 28 times
    218.92.0.175: 18 times
    218.92.0.178: 30 times
    218.92.0.179: 24 times
    218.92.0.212: 18 times
    222.186.42.4: 42 times
    222.186.169.192: 18 times
    222.186.169.194: 41 times
    222.186.173.142: 47 times
    222.186.173.154: 24 times
    222.186.173.180: 18 times
    222.186.173.183: 30 times
    222.186.173.215: 30 times
    222.186.173.226: 6 times
    222.186.173.238: 18 times
    222.186.175.140: 18 times
    222.186.175.147: 24 times
    222.186.175.148: 6 times
    222.186.175.150: 51 times
    222.186.175.151: 6 times
    222.186.175.154: 24 times
    222.186.175.155: 24 times
    222.186.175.161: 30 times
    222.186.175.163: 18 times
    222.186.175.167: 24 times
    222.186.175.169: 18 times
    222.186.175.181: 18 times
    222.186.175.182: 18 times
    222.186.175.183: 24 times
    222.186.175.202: 23 times
    222.186.175.212: 12 times
    222.186.175.215: 11 times
    222.186.175.216: 12 times
    222.186.175.217: 36 times
    222.186.175.220: 24 times
    222.186.180.6: 36 times
    222.186.180.8: 24 times
    222.186.180.9: 12 times
    222.186.180.17: 24 times
    222.186.180.41: 41 times
    222.186.180.147: 6 times
    222.186.180.223: 30 times
    222.186.190.2: 46 times
    222.186.190.92: 12 times
 
 Illegal users from:
    undef: 50 times
    2.139.215.255 (255.red-2-139-215.staticip.rima-tde.net): 1 time
    5.11.37.63: 1 time
    13.70.7.172: 1 time
    13.228.107.58 (ec2-13-228-107-58.ap-southeast-1.compute.amazonaws.com): 1 time
    14.186.245.199 (static.vnpt.vn): 1 time
    14.225.3.47: 1 time
    14.234.44.228 (static.vnpt.vn): 1 time
    14.255.45.157 (static.vnpt.vn): 1 time
    35.187.173.200 (200.173.187.35.bc.googleusercontent.com): 1 time
    35.197.227.71 (71.227.197.35.bc.googleusercontent.com): 1 time
    36.66.149.211: 1 time
    37.139.9.23: 1 time
    37.139.13.105: 1 time
    41.41.172.50 (host-41.41.172.50.tedata.net): 1 time
    42.116.255.216: 1 time
    43.229.89.124: 1 time
    45.55.157.147: 1 time
    45.117.83.36: 1 time
    49.204.83.2 (broadband.actcorp.in): 1 time
    51.68.230.54 (54.ip-51-68-230.eu): 1 time
    51.91.102.173 (173.ip-51-91-102.eu): 1 time
    54.37.205.162 (162.ip-54-37-205.eu): 1 time
    54.39.21.54 (54.ip-54-39-21.net): 1 time
    58.65.159.124 (124.159.65.58.static.dsl.net.pk): 1 time
    61.177.139.213: 1 time
    67.181.98.151 (c-67-181-98-151.hsd1.ca.comcast.net): 1 time
    78.90.67.126: 1 time
    78.187.133.26 (78.187.133.26.dynamic.ttnet.com.tr): 1 time
    81.12.159.146: 1 time
    81.174.8.105 (81-174-8-105.v4.ngi.it): 1 time
    89.189.154.66 (89.189.154.66.dynamic.ufanet.ru): 1 time
    91.122.191.82 (ppp91-122-191-82.pppoe.avangarddsl.ru): 1 time
    92.63.194.26: 1 time
    93.84.86.69 (static14.byfly.gomel.by): 1 time
    103.10.168.8 (mail6.keltron.in): 1 time
    103.101.52.48 (48.52.101.103.in-addr.arpa.semarangkota.go.id): 1 time
    103.118.77.46: 1 time
    104.236.246.16: 1 time
    104.238.116.19 (ip-104-238-116-19.ip.secureserver.net): 1 time
    106.51.230.190 (broadband.actcorp.in): 1 time
    112.140.185.64: 1 time
    112.175.114.111: 1 time
    112.220.24.131: 1 time
    113.160.178.148 (static.vnpt.vn): 1 time
    119.42.175.200: 1 time
    121.190.197.205: 1 time
    125.160.113.78 (78.subnet125-160-113.speedy.telkom.net.id): 1 time
    132.145.18.157: 1 time
    132.148.129.180 (ip-132-148-129-180.ip.secureserver.net): 1 time
    139.59.14.210: 1 time
    139.59.79.56: 1 time
    139.59.180.53: 1 time
    139.99.197.50 (50.ip-139-99-197.eu): 1 time
    142.93.39.29: 1 time
    145.249.105.204: 1 time
    149.56.103.116 (c399.cloud.wiroos.net): 1 time
    165.22.103.237: 1 time
    167.99.75.174: 1 time
    171.213.12.251: 1 time
    175.29.184.154: 1 time
    175.193.50.185: 1 time
    177.129.42.13 (din-177-129-42-13.conceitosinformatica.com.br): 1 time
    178.128.81.125: 1 time
    183.82.0.15 (broadband.actcorp.in): 1 time
    185.41.41.70: 1 time
    189.102.255.242 (bd66fff2.virtua.com.br): 2 times
    190.85.203.254: 1 time
    191.239.253.188: 1 time
    197.51.57.197 (host-197.51.57.197.tedata.net): 1 time
    198.211.123.183: 1 time
    201.28.8.163 (201-28-8-163.customer.tdatabrasil.net.br): 2 times
    202.29.39.1: 1 time
    202.88.241.107 (107.241.88.202.asianet.co.in): 1 time
    206.189.132.204: 1 time
    206.189.137.113: 1 time
    206.189.166.172: 1 time
    210.21.63.118: 1 time
    211.110.140.200: 1 time
    212.220.105.94: 1 time
    217.35.75.193 (host217-35-75-193.in-addr.btopenworld.com): 1 time
    219.93.106.33 (kch-106-33.tm.net.my): 1 time
    220.167.100.60 (60.100.167.220.dial.dy.sc.dynamic.163data.com.cn): 1 time
    221.120.222.69 (lhr63.pie.net.pk): 1 time
    221.160.100.14: 1 time
    223.197.175.171 (223-197-175-171.static.imsbiz.com): 1 time
 
 **Unmatched Entries**
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 7 time(s)
 error: Received disconnect from 141.98.10.39: 2: Handshake failed [preauth] : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)