[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 13 Dezember 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Dec 13 04:42:03 2019
        Date Range Processed: yesterday
                              ( 2019-Dec-12 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [194:196]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    124.88.113.24 -> zapf.wiki:443: 1 Time(s)
 
 A total of 2 sites probed the server 
    167.71.2.126
    61.219.11.153
 
 Requests with error response codes
    400 Bad Request
       null: 4 Time(s)
       /: 1 Time(s)
       \xB9\xDB\x0CEN#5h[\xE4\xC5\x16\xF7wBr=\xB1: 1 Time(s)
       mstshash=Administr: 1 Time(s)
       zapf.wiki:443: 1 Time(s)
    403 Forbidden
       /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s)
    404 Not Found
       /robots.txt: 46 Time(s)
       /berlin/apple-touch-icon.png: 6 Time(s)
       /berichte/WiSe13/stapf(a)googlegroups.com: 1 Time(s)
       /datenschutz/: 1 Time(s)
       /license.php: 1 Time(s)
       /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s)
       /reader/2016_sose_konstanz_lang.pdf: 1 Time(s)
       /reader/ZiP_Zivilklausel.pdf: 1 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
    500 Internal Server Error
       /: 26 Time(s)
       /admin/: 5 Time(s)
       /pub/errors/503.php: 5 Time(s)
       /magento/: 1 Time(s)
       /magento/admin/: 1 Time(s)
       /magento/pub/errors/503.php: 1 Time(s)
       /magento2/: 1 Time(s)
       /magento2/admin/: 1 Time(s)
       /magento2/pub/errors/503.php: 1 Time(s)
       /shop/: 1 Time(s)
       /shop/admin/: 1 Time(s)
       /shop/pub/errors/503.php: 1 Time(s)
       /store/: 1 Time(s)
       /store/admin/: 1 Time(s)
       /store/pub/errors/503.php: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (222.186.175.167): 42 Time(s)
       root (49.88.112.55): 40 Time(s)
       root (222.186.175.217): 38 Time(s)
       root (222.186.175.182): 37 Time(s)
       root (222.186.173.154): 36 Time(s)
       root (222.186.175.163): 36 Time(s)
       root (222.186.175.216): 36 Time(s)
       root (222.186.175.220): 35 Time(s)
       root (49.88.112.61): 35 Time(s)
       root (218.92.0.155): 30 Time(s)
       root (222.186.175.181): 30 Time(s)
       root (222.186.180.8): 30 Time(s)
       root (222.186.190.92): 30 Time(s)
       root (218.92.0.170): 29 Time(s)
       root (222.186.175.140): 29 Time(s)
       root (218.92.0.134): 28 Time(s)
       root (218.92.0.158): 28 Time(s)
       root (222.186.180.6): 27 Time(s)
       root (218.92.0.165): 24 Time(s)
       root (222.186.169.194): 24 Time(s)
       root (222.186.173.142): 24 Time(s)
       root (222.186.173.226): 24 Time(s)
       root (222.186.175.154): 24 Time(s)
       root (222.186.180.17): 24 Time(s)
       root (218.92.0.179): 23 Time(s)
       root (222.186.175.161): 23 Time(s)
       root (222.186.190.2): 22 Time(s)
       root (218.92.0.175): 21 Time(s)
       root (222.186.173.238): 21 Time(s)
       root (222.186.173.180): 20 Time(s)
       root (218.92.0.164): 18 Time(s)
       root (218.92.0.212): 18 Time(s)
       root (222.186.175.183): 18 Time(s)
       root (222.186.175.215): 18 Time(s)
       root (222.186.180.147): 18 Time(s)
       root (49.88.112.62): 18 Time(s)
       root (49.88.112.64): 18 Time(s)
       root (218.92.0.148): 17 Time(s)
       root (61.177.172.128): 17 Time(s)
       root (218.92.0.145): 16 Time(s)
       root (222.186.180.9): 16 Time(s)
       root (112.85.42.172): 15 Time(s)
       root (218.92.0.172): 13 Time(s)
       root (218.92.0.135): 12 Time(s)
       root (222.186.173.183): 12 Time(s)
       root (222.186.175.155): 12 Time(s)
       root (222.186.175.169): 12 Time(s)
       root (222.186.180.223): 12 Time(s)
       root (112.85.42.178): 11 Time(s)
       root (222.186.175.147): 11 Time(s)
       unknown (125.17.228.202): 11 Time(s)
       root (218.92.0.131): 8 Time(s)
       root (222.186.180.41): 7 Time(s)
       root (125.17.228.202): 6 Time(s)
       root (170.80.226.77): 6 Time(s)
       root (218.92.0.178): 6 Time(s)
       root (222.186.173.215): 6 Time(s)
       root (222.186.175.151): 6 Time(s)
       root (222.186.175.202): 6 Time(s)
       root (222.186.175.212): 6 Time(s)
       root (49.88.112.59): 6 Time(s)
       root (112.85.42.173): 5 Time(s)
       root (112.85.42.176): 5 Time(s)
       root (112.85.42.181): 5 Time(s)
       root (112.85.42.182): 5 Time(s)
       root (222.186.42.4): 5 Time(s)
       unknown (116.110.220.34): 5 Time(s)
       unknown (116.110.220.28): 4 Time(s)
       mysql (125.17.228.202): 2 Time(s)
       unknown (151.29.20.243): 2 Time(s)
       unknown (184.63.136.217): 2 Time(s)
       unknown (3.126.133.77.rev.sfr.net): 2 Time(s)
       unknown (r167-60-107-95.dialup.adsl.anteldata.net.uy): 2 Time(s)
       nobody (111.231.68.195): 1 Time(s)
       postgres (130.61.89.191): 1 Time(s)
       postgres (145.249.105.204): 1 Time(s)
       root (103.98.63.99): 1 Time(s)
       root (116.110.220.34): 1 Time(s)
       root (150.107.204.193): 1 Time(s)
       root (156.196.94.132): 1 Time(s)
       root (180.246.148.107): 1 Time(s)
       root (188.251.178.240): 1 Time(s)
       root (190.148.39.244): 1 Time(s)
       root (200.69.250.253): 1 Time(s)
       root (45.224.98.130): 1 Time(s)
       root (82-64-138-80.subs.proxad.net): 1 Time(s)
       unknown (1.192.129.17): 1 Time(s)
       unknown (104.236.81.204): 1 Time(s)
       unknown (113.105.119.88): 1 Time(s)
       unknown (113.172.60.171): 1 Time(s)
       unknown (119.123.58.75): 1 Time(s)
       unknown (139.199.168.18): 1 Time(s)
       unknown (14.116.187.107): 1 Time(s)
       unknown (157.39.186.96): 1 Time(s)
       unknown (188.166.216.84): 1 Time(s)
       unknown (191-215-81-140.user3p.veloxzone.com.br): 1 Time(s)
       unknown (197.51.174.102): 1 Time(s)
       unknown (217.11.176.158): 1 Time(s)
       unknown (45.55.42.17): 1 Time(s)
       unknown (58.22.99.135): 1 Time(s)
       unknown (77-105-74-146.lpok.fi): 1 Time(s)
       unknown (92.63.194.26): 1 Time(s)
       unknown (aob6.internetdsl.tpnet.pl): 1 Time(s)
       unknown (b2b-37-24-236-114.unitymedia.biz): 1 Time(s)
       unknown (p57846ce8.dip0.t-ipconnect.de): 1 Time(s)
       unknown (wgpon-38114-38.wateen.net): 1 Time(s)
    Invalid Users:
       Unknown Account: 48 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        2   Miscellaneous warnings  
 
   18.092K  Bytes accepted                              18,526
   18.092K  Bytes sent via SMTP                         18,526
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        3   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        3   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
        9   Connections             
        4   Connections lost (inbound) 
        9   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 209 Time(s)
 
 Failed logins from:
    45.224.98.130: 1 time
    49.88.112.55: 40 times
    49.88.112.59: 6 times
    49.88.112.61: 36 times
    49.88.112.62: 18 times
    49.88.112.64: 18 times
    61.177.172.128: 17 times
    82.64.138.80 (82-64-138-80.subs.proxad.net): 1 time
    103.98.63.99: 1 time
    111.231.68.195: 1 time
    112.85.42.172: 15 times
    112.85.42.173: 5 times
    112.85.42.176: 5 times
    112.85.42.178: 11 times
    112.85.42.181: 5 times
    112.85.42.182: 5 times
    116.110.220.34: 1 time
    125.17.228.202: 8 times
    130.61.89.191: 1 time
    145.249.105.204: 1 time
    150.107.204.193: 1 time
    156.196.94.132 (host-156.196.132.94-static.tedata.net): 1 time
    170.80.226.77: 6 times
    180.246.148.107: 1 time
    188.251.178.240: 1 time
    190.148.39.244 (244.39.148.190.static.intelnet.net.gt): 1 time
    200.69.250.253 (customer-static-250-253.iplannetworks.net): 1 time
    218.92.0.131: 12 times
    218.92.0.134: 28 times
    218.92.0.135: 12 times
    218.92.0.145: 16 times
    218.92.0.148: 17 times
    218.92.0.155: 30 times
    218.92.0.158: 28 times
    218.92.0.164: 19 times
    218.92.0.165: 24 times
    218.92.0.170: 29 times
    218.92.0.172: 14 times
    218.92.0.175: 21 times
    218.92.0.178: 6 times
    218.92.0.179: 23 times
    218.92.0.212: 18 times
    222.186.42.4: 5 times
    222.186.169.194: 24 times
    222.186.173.142: 24 times
    222.186.173.154: 36 times
    222.186.173.180: 23 times
    222.186.173.183: 12 times
    222.186.173.215: 6 times
    222.186.173.226: 24 times
    222.186.173.238: 24 times
    222.186.175.140: 29 times
    222.186.175.147: 11 times
    222.186.175.151: 6 times
    222.186.175.154: 24 times
    222.186.175.155: 12 times
    222.186.175.161: 23 times
    222.186.175.163: 36 times
    222.186.175.167: 42 times
    222.186.175.169: 12 times
    222.186.175.181: 30 times
    222.186.175.182: 40 times
    222.186.175.183: 18 times
    222.186.175.202: 6 times
    222.186.175.212: 6 times
    222.186.175.215: 18 times
    222.186.175.216: 36 times
    222.186.175.217: 42 times
    222.186.175.220: 36 times
    222.186.180.6: 27 times
    222.186.180.8: 30 times
    222.186.180.9: 18 times
    222.186.180.17: 24 times
    222.186.180.41: 8 times
    222.186.180.147: 18 times
    222.186.180.223: 12 times
    222.186.190.2: 22 times
    222.186.190.92: 30 times
 
 Illegal users from:
    undef: 32 times
    1.192.129.17: 1 time
    14.116.187.107: 1 time
    37.24.236.114 (b2b-37-24-236-114.unitymedia.biz): 1 time
    45.55.42.17: 1 time
    58.22.99.135: 1 time
    77.105.74.146 (77-105-74-146.lpok.fi): 1 time
    77.133.126.3 (3.126.133.77.rev.sfr.net): 2 times
    83.17.109.6 (aob6.internetdsl.tpnet.pl): 1 time
    87.132.108.232 (p57846CE8.dip0.t-ipconnect.de): 1 time
    92.63.194.26: 1 time
    104.236.81.204: 1 time
    110.38.114.38 (WGPON-38114-38.wateen.net): 1 time
    113.105.119.88: 1 time
    113.172.60.171 (static.vnpt.vn): 1 time
    116.110.220.28: 4 times
    116.110.220.34: 5 times
    119.123.58.75: 1 time
    125.17.228.202: 11 times
    139.199.168.18: 1 time
    151.29.20.243 (ppp-243-20.29-151.wind.it): 2 times
    157.39.186.96: 1 time
    167.60.107.95 (r167-60-107-95.dialup.adsl.anteldata.net.uy): 2 times
    184.63.136.217: 2 times
    188.166.216.84: 1 time
    191.215.81.140 (191-215-81-140.user3p.veloxzone.com.br): 1 time
    197.51.174.102 (host-197.51.174.102.tedata.net): 1 time
    217.11.176.158: 1 time
 
 **Unmatched Entries**
 error: Received disconnect from 141.98.10.39: 2: Handshake failed [preauth] : 1 time(s)
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 4 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)