[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Montag, 16 Dezember 2019

 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Mon Dec 16 04:42:03 2019
        Date Range Processed: yesterday
                              ( 2019-Dec-15 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 

 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [194:194]

 ---------------------- fail2ban-messages End ------------------------- 

 --------------------- httpd Begin ------------------------ 

 A total of 2 sites probed the server 
    167.172.191.63
    188.166.55.116

 Requests with error response codes
    400 Bad Request
       mstshash=Administr: 7 Time(s)
       null: 2 Time(s)
       /: 1 Time(s)
       /index.php: 1 Time(s)
       /phpmyadmin/index.php: 1 Time(s)
       /robots.txt: 1 Time(s)
    404 Not Found
       /robots.txt: 53 Time(s)
       /berlin/apple-touch-icon.png: 12 Time(s)
       /magento/pub/errors/503.php: 2 Time(s)
       /magento2/pub/errors/503.php: 2 Time(s)
       /shop/pub/errors/503.php: 2 Time(s)
       /store/pub/errors/503.php: 2 Time(s)
       /wp-login.php: 2 Time(s)
       //blog/: 1 Time(s)
       /fileman/index.html: 1 Time(s)
       /protokolle/Protokoll_MV_12.11.2016.pdf: 1 Time(s)
       /reader/2016_sose_konstanz_lang.pdf: 1 Time(s)
       /resolutionen/sose14/reso_sose14_zusammenarbeitzapf-che.pdf: 1 Time(s)
       /sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s)
       /sites/default/files/Lehramtstellungnahme.pdf: 1 Time(s)
    499 (undefined)
       /favicon.png: 3 Time(s)
       /apple-touch-icon.png: 1 Time(s)
       /build/index-styles.2c73dce02b1eaa3a3b4e.css: 1 Time(s)
       /fonts/SourceCodePro-Medium.woff: 1 Time(s)
       /fonts/SourceSansPro-Regular.woff: 1 Time(s)
    500 Internal Server Error
       /: 17 Time(s)
       /admin/: 8 Time(s)
       /pub/errors/503.php: 8 Time(s)
       /MNEGES: 1 Time(s)
       /contact/6EF0B8049D8397444E0D1AA9U2DQG/markup: 1 Time(s)

 ---------------------- httpd End ------------------------- 

 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (222.186.175.182): 60 Time(s)
       root (222.186.180.17): 41 Time(s)
       root (222.186.180.223): 39 Time(s)
       root (222.186.173.238): 36 Time(s)
       root (222.186.175.148): 36 Time(s)
       root (222.186.175.151): 35 Time(s)
       root (222.186.173.226): 30 Time(s)
       root (222.186.175.161): 30 Time(s)
       root (222.186.175.183): 30 Time(s)
       root (222.186.180.8): 30 Time(s)
       root (222.186.175.155): 29 Time(s)
       root (222.186.42.4): 29 Time(s)
       root (218.92.0.158): 26 Time(s)
       root (222.186.169.194): 25 Time(s)
       root (218.92.0.145): 24 Time(s)
       root (218.92.0.148): 24 Time(s)
       root (222.186.173.142): 24 Time(s)
       root (222.186.175.140): 24 Time(s)
       root (222.186.175.154): 24 Time(s)
       root (222.186.175.181): 24 Time(s)
       root (222.186.175.215): 24 Time(s)
       root (222.186.175.220): 24 Time(s)
       root (49.88.112.59): 23 Time(s)
       root (218.92.0.170): 22 Time(s)
       root (218.92.0.131): 18 Time(s)
       root (222.186.173.154): 18 Time(s)
       root (222.186.173.183): 18 Time(s)
       root (222.186.173.215): 18 Time(s)
       root (222.186.175.150): 18 Time(s)
       root (222.186.180.41): 18 Time(s)
       root (222.186.180.9): 18 Time(s)
       unknown (62-210-103-181.rev.poneytelecom.eu): 18 Time(s)
       root (218.92.0.135): 17 Time(s)
       root (112.85.42.171): 16 Time(s)
       root (49.88.112.61): 16 Time(s)
       root (218.92.0.164): 12 Time(s)
       root (218.92.0.175): 12 Time(s)
       root (218.92.0.212): 12 Time(s)
       root (222.186.175.147): 12 Time(s)
       root (222.186.175.167): 12 Time(s)
       root (222.186.175.169): 12 Time(s)
       root (222.186.175.202): 12 Time(s)
       root (222.186.175.212): 12 Time(s)
       root (222.186.180.147): 12 Time(s)
       root (222.186.180.6): 12 Time(s)
       root (49.88.112.62): 12 Time(s)
       root (49.88.112.64): 12 Time(s)
       root (218.92.0.141): 11 Time(s)
       root (222.186.175.217): 11 Time(s)
       root (222.186.190.2): 11 Time(s)
       root (49.88.112.55): 11 Time(s)
       root (112.85.42.172): 10 Time(s)
       root (218.92.0.134): 9 Time(s)
       unknown (125.17.228.202): 9 Time(s)
       root (222.186.169.192): 8 Time(s)
       root (112.85.42.180): 6 Time(s)
       root (119.207.235.159): 6 Time(s)
       root (125.17.228.202): 6 Time(s)
       root (218.92.0.155): 6 Time(s)
       root (218.92.0.165): 6 Time(s)
       root (222.186.173.180): 6 Time(s)
       root (222.186.175.163): 6 Time(s)
       root (222.186.175.216): 6 Time(s)
       root (222.186.190.92): 6 Time(s)
       root (45.168.35.126): 6 Time(s)
       root (45.95.168.105): 6 Time(s)
       root (62-210-103-181.rev.poneytelecom.eu): 6 Time(s)
       root (77.34.169.201): 6 Time(s)
       root (112.85.42.175): 5 Time(s)
       root (112.85.42.176): 5 Time(s)
       root (112.85.42.182): 5 Time(s)
       unknown (116.110.220.34): 3 Time(s)
       unknown (116.110.80.6): 3 Time(s)
       unknown (45.95.168.105): 3 Time(s)
       unknown (82-64-191-25.subs.proxad.net): 3 Time(s)
       root (218.92.0.172): 2 Time(s)
       unknown (183.87.76.57): 2 Time(s)
       unknown (227.14.0.85.dynamic.wline.res.cust.swisscom.ch): 2 Time(s)
       root (103.114.246.38): 1 Time(s)
       root (116.110.220.34): 1 Time(s)
       root (149.91.88.183): 1 Time(s)
       root (23.213-67-87.adsl-dyn.isp.belgacom.be): 1 Time(s)
       root (37.130.106.204): 1 Time(s)
       unknown (106.12.36.176): 1 Time(s)
       unknown (106.39.44.11): 1 Time(s)
       unknown (112.111.13.253): 1 Time(s)
       unknown (113.194.69.160): 1 Time(s)
       unknown (123.21.11.148): 1 Time(s)
       unknown (131.196.8.239): 1 Time(s)
       unknown (138.68.20.158): 1 Time(s)
       unknown (139.59.56.121): 1 Time(s)
       unknown (14.186.244.42): 1 Time(s)
       unknown (140.246.191.130): 1 Time(s)
       unknown (183.230.93.137): 1 Time(s)
       unknown (183.82.138.0): 1 Time(s)
       unknown (188.251.178.240): 1 Time(s)
       unknown (206.189.136.160): 1 Time(s)
       unknown (27.155.99.173): 1 Time(s)
       unknown (36.69.178.6): 1 Time(s)
       unknown (37.130.106.204): 1 Time(s)
       unknown (51.219.142.11): 1 Time(s)
       unknown (68.183.105.52): 1 Time(s)
       unknown (80.82.64.214): 1 Time(s)
       unknown (92.63.194.26): 1 Time(s)
       unknown (bfay1.pndsl.co.uk): 1 Time(s)
       unknown (ec2-3-8-32-113.eu-west-2.compute.amazonaws.com): 1 Time(s)
       unknown (ip-88-153-50-18.hsi04.unitymediagroup.de): 1 Time(s)
       unknown (my-plesk.space): 1 Time(s)
       unknown (static243-214-203.mimer.net): 1 Time(s)
    Invalid Users:
       Unknown Account: 69 Time(s)

 ---------------------- pam_unix End ------------------------- 

 --------------------- Postfix Begin ------------------------ 

        3   Miscellaneous warnings  

   12.383K  Bytes accepted                              12,680
   12.383K  Bytes sent via SMTP                         12,680
 ========   ==================================================

        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================

        5   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        5   Total 4xx Rejects                          100.00%
 ========   ==================================================

      307   Connections             
       12   Connections lost (inbound) 
      307   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           

        2   Hostname verification errors (FCRDNS) 

 ---------------------- Postfix End ------------------------- 

 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)

 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Disconnecting after too many authentication failures for user:
    root : 197 Time(s)

 Failed logins from:
    37.130.106.204: 1 time
    45.95.168.105 (maxko-hosting.com): 6 times
    45.168.35.126: 6 times
    49.88.112.55: 11 times
    49.88.112.59: 23 times
    49.88.112.61: 16 times
    49.88.112.62: 12 times
    49.88.112.64: 12 times
    62.210.103.181 (62-210-103-181.rev.poneytelecom.eu): 6 times
    77.34.169.201: 6 times
    87.67.213.23 (23.213-67-87.adsl-dyn.isp.belgacom.be): 1 time
    103.114.246.38: 1 time
    112.85.42.171: 16 times
    112.85.42.172: 10 times
    112.85.42.175: 5 times
    112.85.42.176: 5 times
    112.85.42.180: 6 times
    112.85.42.182: 5 times
    116.110.220.34: 1 time
    119.207.235.159: 6 times
    125.17.228.202: 6 times
    149.91.88.183 (183.88.91.149.ipv4.netrix.fr): 1 time
    218.92.0.131: 18 times
    218.92.0.134: 9 times
    218.92.0.135: 17 times
    218.92.0.141: 11 times
    218.92.0.145: 24 times
    218.92.0.148: 24 times
    218.92.0.155: 6 times
    218.92.0.158: 29 times
    218.92.0.164: 12 times
    218.92.0.165: 6 times
    218.92.0.170: 22 times
    218.92.0.172: 2 times
    218.92.0.175: 12 times
    218.92.0.212: 12 times
    222.186.42.4: 29 times
    222.186.169.192: 12 times
    222.186.169.194: 29 times
    222.186.173.142: 24 times
    222.186.173.154: 18 times
    222.186.173.180: 6 times
    222.186.173.183: 18 times
    222.186.173.215: 18 times
    222.186.173.226: 30 times
    222.186.173.238: 36 times
    222.186.175.140: 24 times
    222.186.175.147: 12 times
    222.186.175.148: 36 times
    222.186.175.150: 18 times
    222.186.175.151: 35 times
    222.186.175.154: 24 times
    222.186.175.155: 29 times
    222.186.175.161: 30 times
    222.186.175.163: 6 times
    222.186.175.167: 12 times
    222.186.175.169: 12 times
    222.186.175.181: 24 times
    222.186.175.182: 60 times
    222.186.175.183: 30 times
    222.186.175.202: 12 times
    222.186.175.212: 12 times
    222.186.175.215: 24 times
    222.186.175.216: 6 times
    222.186.175.217: 11 times
    222.186.175.220: 24 times
    222.186.180.6: 12 times
    222.186.180.8: 30 times
    222.186.180.9: 18 times
    222.186.180.17: 41 times
    222.186.180.41: 18 times
    222.186.180.147: 12 times
    222.186.180.223: 42 times
    222.186.190.2: 11 times
    222.186.190.92: 6 times

 Illegal users from:
    undef: 35 times
    3.8.32.113 (ec2-3-8-32-113.eu-west-2.compute.amazonaws.com): 1 time
    14.186.244.42 (static.vnpt.vn): 1 time
    27.155.99.173: 1 time
    36.69.178.6: 1 time
    37.130.106.204: 1 time
    45.95.168.105 (maxko-hosting.com): 3 times
    51.219.142.11: 1 time
    62.210.103.181 (62-210-103-181.rev.poneytelecom.eu): 18 times
    68.183.105.52: 1 time
    80.82.64.214 (no-reverse-dns-configured.com): 1 time
    80.229.253.212 (bfay1.pndsl.co.uk): 1 time
    82.64.191.25 (82-64-191-25.subs.proxad.net): 3 times
    83.243.214.203 (static243-214-203.mimer.net): 1 time
    85.0.14.227 (227.14.0.85.dynamic.wline.res.cust.swisscom.ch): 2 times
    88.153.50.18 (ip-88-153-50-18.hsi04.unitymediagroup.de): 1 time
    92.63.194.26: 1 time
    106.12.36.176: 1 time
    106.39.44.11: 1 time
    112.111.13.253: 1 time
    113.194.69.160 (160.69.194.113.adsl-pool.jx.chinaunicom.com): 1 time
    116.110.80.6: 3 times
    116.110.220.34: 3 times
    123.21.11.148: 1 time
    125.17.228.202: 9 times
    131.196.8.239: 1 time
    138.68.20.158: 1 time
    139.59.56.121: 1 time
    140.246.191.130: 1 time
    183.82.138.0 (broadband.actcorp.in): 1 time
    183.87.76.57 (57-76-87-183.mysipl.com): 2 times
    183.230.93.137: 1 time
    188.40.253.25 (my-plesk.space): 1 time
    188.251.178.240: 1 time
    206.189.136.160: 1 time

 **Unmatched Entries**
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 4 time(s)
 Protocol major versions differ for 45.33.70.146: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
vs. SSH-1.5-Nmap-SSH1-Hostkey : 1 time(s)

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End ######################### 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)