[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Dec 17 04:42:03 2019 Date Range Processed: yesterday ( 2019-Dec-16 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [203:202] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 134.209.81.110 142.11.242.254 66.240.205.34 Requests with error response codes 400 Bad Request mstshash=Administr: 4 Time(s) mstshash=hello: 3 Time(s) null: 3 Time(s) /: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) /HNAP1: 1 Time(s) /nmaplowercheck1576514818: 1 Time(s) /robots.txt: 1 Time(s) /sdk: 1 Time(s) 404 Not Found /robots.txt: 50 Time(s) /protokolle/Protokoll_MV_12.11.2016.pdf: 2 Time(s) /wp-login.php: 2 Time(s) /ads.txt: 1 Time(s) /datenschutz/: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /sites/default/files/Bericht_SommerZaPF13_Jena.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /zapf/geschaeftsordnung: 1 Time(s) 499 (undefined) /favicon.png: 1 Time(s) 500 Internal Server Error /: 29 Time(s) /admin/: 4 Time(s) /pub/errors/503.php: 4 Time(s) /805ec0000000.cfg: 1 Time(s) /remote/login: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (222.186.175.181): 53 Time(s) root (222.186.175.147): 48 Time(s) root (222.186.180.6): 48 Time(s) root (222.186.173.142): 47 Time(s) root (222.186.175.140): 46 Time(s) root (222.186.175.148): 42 Time(s) root (222.186.180.8): 42 Time(s) root (222.186.180.9): 41 Time(s) root (222.186.173.183): 36 Time(s) root (222.186.175.183): 36 Time(s) root (49.88.112.59): 36 Time(s) root (222.186.180.147): 35 Time(s) root (222.186.173.226): 33 Time(s) root (222.186.190.92): 31 Time(s) root (222.186.175.161): 30 Time(s) root (222.186.175.169): 30 Time(s) root (222.186.42.4): 29 Time(s) root (49.88.112.64): 29 Time(s) root (218.92.0.212): 24 Time(s) root (222.186.173.238): 24 Time(s) root (222.186.175.150): 24 Time(s) root (222.186.175.167): 24 Time(s) root (222.186.175.215): 24 Time(s) root (222.186.175.217): 24 Time(s) root (49.88.112.62): 24 Time(s) root (218.92.0.179): 23 Time(s) root (222.186.175.151): 22 Time(s) root (222.186.175.155): 21 Time(s) root (218.92.0.131): 18 Time(s) root (218.92.0.145): 18 Time(s) root (218.92.0.148): 18 Time(s) root (218.92.0.172): 18 Time(s) root (222.186.173.180): 18 Time(s) root (222.186.175.220): 18 Time(s) root (222.186.180.17): 18 Time(s) root (222.186.180.223): 18 Time(s) root (218.92.0.164): 17 Time(s) root (112.85.42.182): 15 Time(s) root (218.92.0.155): 13 Time(s) root (49.88.112.55): 13 Time(s) root (218.92.0.135): 12 Time(s) root (218.92.0.165): 12 Time(s) root (218.92.0.170): 12 Time(s) root (218.92.0.175): 12 Time(s) root (222.186.173.154): 12 Time(s) root (222.186.175.154): 12 Time(s) root (222.186.175.182): 12 Time(s) root (222.186.175.216): 12 Time(s) root (222.186.180.41): 12 Time(s) root (61.177.172.128): 12 Time(s) root (112.85.42.174): 11 Time(s) root (222.186.175.202): 11 Time(s) root (112.85.42.180): 10 Time(s) root (222.186.175.163): 9 Time(s) root (112.85.42.172): 6 Time(s) root (112.85.42.175): 6 Time(s) root (218.92.0.141): 6 Time(s) root (222.186.169.192): 6 Time(s) root (222.186.169.194): 6 Time(s) root (222.186.175.212): 6 Time(s) root (112.85.42.173): 5 Time(s) unknown (50.49.129.247): 2 Time(s) postgres (45.67.14.153): 1 Time(s) postgres (ip202.ip-5-196-116.eu): 1 Time(s) root (218.241.146.122): 1 Time(s) root (37.139.13.105): 1 Time(s) root (90.220.55.200): 1 Time(s) root (node-5xk.pool-182-52.dynamic.totinternet.net): 1 Time(s) sshd (180.246.25.68): 1 Time(s) unknown (103.101.52.48): 1 Time(s) unknown (106.12.51.193): 1 Time(s) unknown (113.142.64.237): 1 Time(s) unknown (118-163-178-146.hinet-ip.hinet.net): 1 Time(s) unknown (128.199.242.84): 1 Time(s) unknown (130.61.89.191): 1 Time(s) unknown (156.213.93.63): 1 Time(s) unknown (157.44.247.243): 1 Time(s) unknown (159.65.54.221): 1 Time(s) unknown (159.65.81.187): 1 Time(s) unknown (182.186.35.43): 1 Time(s) unknown (188.166.229.205): 1 Time(s) unknown (193-154-34-162.adsl.highway.telekom.at): 1 Time(s) unknown (210.21.63.118): 1 Time(s) unknown (213.129.114.212): 1 Time(s) unknown (220.191.208.204): 1 Time(s) unknown (27.78.103.132): 1 Time(s) unknown (37.114.168.106): 1 Time(s) unknown (41.60.233.149): 1 Time(s) unknown (49.150.220.35.bc.googleusercontent.com): 1 Time(s) unknown (49.48.250.121): 1 Time(s) unknown (49.49.244.149): 1 Time(s) unknown (80.70.102.134): 1 Time(s) unknown (95.168.120.63): 1 Time(s) unknown (ip33.ip-198-50-159.net): 1 Time(s) unknown (ppp-94-65-111-17.home.otenet.gr): 1 Time(s) Invalid Users: Unknown Account: 28 Time(s) systemd-user: Unknown Entries: session closed for user root: 2 Time(s) session opened for user root by (uid=0): 2 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 40 Miscellaneous warnings 13.762K Bytes accepted 14,092 13.762K Bytes sent via SMTP 14,092 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 324 Connections 9 Connections lost (inbound) 324 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 224 Time(s) Failed logins from: 5.196.116.202 (ip202.ip-5-196-116.eu): 1 time 37.139.13.105: 1 time 45.67.14.153: 1 time 49.88.112.55: 13 times 49.88.112.59: 36 times 49.88.112.62: 24 times 49.88.112.64: 29 times 61.177.172.128: 12 times 90.220.55.200 (5adc37c8.bb.sky.com): 1 time 112.85.42.172: 6 times 112.85.42.173: 5 times 112.85.42.174: 11 times 112.85.42.175: 6 times 112.85.42.180: 10 times 112.85.42.182: 15 times 180.246.25.68: 1 time 182.52.30.8 (node-5xk.pool-182-52.dynamic.totinternet.net): 1 time 218.92.0.131: 18 times 218.92.0.135: 12 times 218.92.0.141: 6 times 218.92.0.145: 18 times 218.92.0.148: 18 times 218.92.0.155: 15 times 218.92.0.164: 17 times 218.92.0.165: 12 times 218.92.0.170: 12 times 218.92.0.172: 18 times 218.92.0.175: 12 times 218.92.0.179: 23 times 218.92.0.212: 24 times 218.241.146.122: 1 time 222.186.42.4: 29 times 222.186.169.192: 6 times 222.186.169.194: 6 times 222.186.173.142: 47 times 222.186.173.154: 12 times 222.186.173.180: 18 times 222.186.173.183: 36 times 222.186.173.226: 33 times 222.186.173.238: 24 times 222.186.175.140: 46 times 222.186.175.147: 48 times 222.186.175.148: 42 times 222.186.175.150: 24 times 222.186.175.151: 22 times 222.186.175.154: 12 times 222.186.175.155: 24 times 222.186.175.161: 30 times 222.186.175.163: 9 times 222.186.175.167: 24 times 222.186.175.169: 30 times 222.186.175.181: 53 times 222.186.175.182: 12 times 222.186.175.183: 36 times 222.186.175.202: 11 times 222.186.175.212: 6 times 222.186.175.215: 24 times 222.186.175.216: 12 times 222.186.175.217: 24 times 222.186.175.220: 18 times 222.186.180.6: 48 times 222.186.180.8: 42 times 222.186.180.9: 41 times 222.186.180.17: 18 times 222.186.180.41: 12 times 222.186.180.147: 35 times 222.186.180.223: 18 times 222.186.190.92: 35 times Illegal users from: undef: 16 times 27.78.103.132 (localhost): 1 time 35.220.150.49 (49.150.220.35.bc.googleusercontent.com): 1 time 37.114.168.106: 1 time 41.60.233.149: 1 time 49.48.250.121 (mx-ll-49.48.250-121.dynamic.3bb.in.th): 1 time 49.49.244.149 (mx-ll-49.49.244-149.dynamic.3bb.in.th): 1 time 50.49.129.247: 2 times 80.70.102.134: 1 time 94.65.111.17 (ppp-94-65-111-17.home.otenet.gr): 1 time 95.168.120.63 (srv-95-168-120-63.static.a1.hr): 1 time 103.101.52.48 (48.52.101.103.in-addr.arpa.semarangkota.go.id): 1 time 106.12.51.193: 1 time 113.142.64.237: 1 time 118.163.178.146 (118-163-178-146.HINET-IP.hinet.net): 1 time 128.199.242.84: 1 time 130.61.89.191: 1 time 139.162.122.110 (scan-8.security.ipip.net): 1 time 156.213.93.63 (host-156.213.63.93-static.tedata.net): 1 time 157.44.247.243: 1 time 159.65.54.221: 1 time 159.65.81.187: 1 time 182.186.35.43: 1 time 188.166.229.205: 1 time 193.154.34.162 (193-154-34-162.adsl.highway.telekom.at): 1 time 198.50.159.33 (ip33.ip-198-50-159.net): 1 time 210.21.63.118: 1 time 213.129.114.212: 1 time 220.191.208.204: 1 time Users logging in through sshd: root: 91.64.174.41 (ip5b40ae29.dynamic.kabel-deutschland.de): 2 times **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 7 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################