[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Jun 3 04:42:07 2019 Date Range Processed: yesterday ( 2019-Jun-02 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [520:518] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 110.167.88.33 -> zapf.wiki:443: 1 Time(s) 123.145.19.97 -> zapf.wiki:443: 1 Time(s) 182.245.44.151 -> zapf.wiki:443: 1 Time(s) 59.36.132.222 -> www.baidu.com:443: 6 Time(s) A total of 3 sites probed the server 116.31.165.13 209.182.233.154 54.175.224.218 Requests with error response codes 400 Bad Request www.baidu.com:443: 6 Time(s) http://www.baidu.com/: 3 Time(s) null: 3 Time(s) zapf.wiki:443: 3 Time(s) http://123.125.114.144/: 1 Time(s) mstshash=hello: 1 Time(s) 404 Not Found /robots.txt: 34 Time(s) /berlin/apple-touch-icon.png: 5 Time(s) /reader/1989-wi-berlin.pdf: 2 Time(s) /wp-login.php: 2 Time(s) /berlin/orientierung/apple-touch-icon.png: 1 Time(s) /home/zapf: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/1993-so-reader_do93.pdf: 1 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s) /sites/default/files/2012_11_Stellungnahme_OpenAcces.pdf: 1 Time(s) /zapf/geschaeftsordnung: 1 Time(s) 500 Internal Server Error /: 3 Time(s) /admin//config.php: 1 Time(s) /app/.env: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (119.235.24.244): 96 Time(s) unknown (106.12.16.140): 74 Time(s) unknown (112.21.188.186): 64 Time(s) unknown (41.72.219.102): 62 Time(s) unknown (103.76.21.181): 61 Time(s) unknown (162.243.253.67): 61 Time(s) unknown (180.76.138.48): 55 Time(s) unknown (139.59.228.147): 52 Time(s) unknown (183.80.133.166): 51 Time(s) unknown (103.255.44.176): 50 Time(s) unknown (138.197.98.251): 50 Time(s) unknown (74.208.252.136): 50 Time(s) unknown (172.ip-54-37-138.eu): 49 Time(s) unknown (138.219.192.98): 48 Time(s) unknown (140.143.17.156): 45 Time(s) unknown (204.48.31.143): 45 Time(s) unknown (90.74.53.130): 45 Time(s) unknown (159.89.162.203): 44 Time(s) unknown (36.89.114.66): 44 Time(s) unknown (bpsociety.co.uk): 44 Time(s) unknown (ns381755.ovh.net): 44 Time(s) unknown (113.ip-51-38-51.eu): 42 Time(s) unknown (invoice.mountainashe.com): 39 Time(s) unknown (118.24.5.163): 34 Time(s) unknown (212.64.59.94): 34 Time(s) unknown (36.92.3.219): 34 Time(s) unknown (198.199.69.22): 33 Time(s) unknown (224.ip-51-83-77.eu): 33 Time(s) unknown (181.52.251.209): 32 Time(s) unknown (59-125-247-227.hinet-ip.hinet.net): 32 Time(s) unknown (123.206.44.110): 31 Time(s) unknown (157.ip-51-77-195.eu): 30 Time(s) unknown (mbl-109-32-106.dsl.net.pk): 30 Time(s) unknown (0526dfee.dsl.pool.telekom.hu): 27 Time(s) unknown (138.68.105.10): 27 Time(s) unknown (161.246.35.41): 27 Time(s) unknown (62.ip-145-239-82.eu): 27 Time(s) unknown (103.74.192.166): 25 Time(s) unknown (118.89.40.174): 23 Time(s) unknown (oc-141-144-120-236.compute.oraclecloud.com): 22 Time(s) unknown (122.192.51.202): 21 Time(s) unknown (142.93.85.35): 21 Time(s) unknown (563b87b4.dsl.pool.telekom.hu): 21 Time(s) unknown (hsi-kbw-091-089-097-195.hsi2.kabelbw.de): 15 Time(s) unknown (70.89.88.3): 14 Time(s) unknown (27.147.56.152): 13 Time(s) unknown (104.236.175.127): 11 Time(s) unknown (14.215.46.94): 11 Time(s) unknown (81.174.39.116): 9 Time(s) unknown (111.230.73.133): 8 Time(s) root (180.117.118.28): 6 Time(s) root (218.92.0.174): 6 Time(s) root (27.214.225.47): 6 Time(s) root (5.140.243.229): 6 Time(s) unknown (222.223.203.104): 6 Time(s) unknown (42.5.35.75): 6 Time(s) unknown (197.135.6.41): 5 Time(s) unknown (197.46.125.202): 5 Time(s) unknown (200.164.82.26): 5 Time(s) unknown (pool-108-30-0-18.nycmny.fios.verizon.net): 5 Time(s) unknown (106.13.127.37): 4 Time(s) unknown (197.45.155.12): 4 Time(s) backup (invoice.mountainashe.com): 2 Time(s) games (113.ip-51-38-51.eu): 2 Time(s) mysql (mbl-109-32-106.dsl.net.pk): 2 Time(s) news (119.235.24.244): 2 Time(s) postgres (140.143.17.156): 2 Time(s) temp (140.143.17.156): 2 Time(s) unknown (129.211.116.170): 2 Time(s) unknown (138.68.171.54): 2 Time(s) unknown (176.206.128.95): 2 Time(s) unknown (186.104.207.53): 2 Time(s) unknown (194.179.101.6): 2 Time(s) unknown (79.53.125.202): 2 Time(s) backup (106.12.16.140): 1 Time(s) backup (140.143.17.156): 1 Time(s) backup (198.199.69.22): 1 Time(s) backup (200.164.82.26): 1 Time(s) backup (36.89.114.66): 1 Time(s) backup (74.208.252.136): 1 Time(s) backup (ns381755.ovh.net): 1 Time(s) daemon (157.ip-51-77-195.eu): 1 Time(s) games (0526dfee.dsl.pool.telekom.hu): 1 Time(s) games (204.48.31.143): 1 Time(s) games (invoice.mountainashe.com): 1 Time(s) gnats (138.197.98.251): 1 Time(s) irc (138.68.105.10): 1 Time(s) irc (172.ip-54-37-138.eu): 1 Time(s) irc (204.48.31.143): 1 Time(s) list (106.12.16.140): 1 Time(s) list (138.197.98.251): 1 Time(s) list (224.ip-51-83-77.eu): 1 Time(s) list (41.72.219.102): 1 Time(s) lp (112.21.188.186): 1 Time(s) mailman (103.255.44.176): 1 Time(s) mailman (113.ip-51-38-51.eu): 1 Time(s) mailman (159.89.162.203): 1 Time(s) mailman (204.48.31.143): 1 Time(s) mailman (563b87b4.dsl.pool.telekom.hu): 1 Time(s) man (119.235.24.244): 1 Time(s) man (138.197.98.251): 1 Time(s) man (161.246.35.41): 1 Time(s) man (224.ip-51-83-77.eu): 1 Time(s) man (59-125-247-227.hinet-ip.hinet.net): 1 Time(s) mysql (103.255.44.176): 1 Time(s) mysql (103.74.192.166): 1 Time(s) mysql (161.246.35.41): 1 Time(s) mysql (172.ip-54-37-138.eu): 1 Time(s) mysql (183.80.133.166): 1 Time(s) news (27.147.56.152): 1 Time(s) news (36.92.3.219): 1 Time(s) news (62.ip-145-239-82.eu): 1 Time(s) news (invoice.mountainashe.com): 1 Time(s) nobody (159.89.162.203): 1 Time(s) nobody (161.246.35.41): 1 Time(s) nobody (172.ip-54-37-138.eu): 1 Time(s) nobody (181.52.251.209): 1 Time(s) nobody (59-125-247-227.hinet-ip.hinet.net): 1 Time(s) postfix (41.72.219.102): 1 Time(s) postgres (157.ip-51-77-195.eu): 1 Time(s) postgres (563b87b4.dsl.pool.telekom.hu): 1 Time(s) postgres (70.89.88.3): 1 Time(s) postgres (74.208.252.136): 1 Time(s) proxy (138.219.192.98): 1 Time(s) proxy (204.48.31.143): 1 Time(s) smmsp (106.13.127.37): 1 Time(s) smmsp (162.243.253.67): 1 Time(s) smmsp (70.89.88.3): 1 Time(s) sshd (oc-141-144-120-236.compute.oraclecloud.com): 1 Time(s) sync (119.235.24.244): 1 Time(s) sync (138.219.192.98): 1 Time(s) sync (159.89.162.203): 1 Time(s) sync (162.243.253.67): 1 Time(s) sync (563b87b4.dsl.pool.telekom.hu): 1 Time(s) temp (139.59.228.147): 1 Time(s) temp (142.93.85.35): 1 Time(s) temp (invoice.mountainashe.com): 1 Time(s) unknown (104-0-142-113.lightspeed.austtx.sbcglobal.net): 1 Time(s) unknown (14.161.16.77): 1 Time(s) unknown (14.172.58.247): 1 Time(s) unknown (181.59.115.203): 1 Time(s) unknown (193.32.163.89): 1 Time(s) unknown (223.17.237.138): 1 Time(s) unknown (74.208.239.79): 1 Time(s) unknown (82.62.117.253): 1 Time(s) unknown (94.177.241.160): 1 Time(s) unknown (megabbq.biz.ua): 1 Time(s) unknown (ns207822.ip-94-23-215.eu): 1 Time(s) uucp (112.21.188.186): 1 Time(s) uucp (162.243.253.67): 1 Time(s) Invalid Users: Unknown Account: 1923 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 5 Miscellaneous warnings 13.827K Bytes accepted 14,159 13.827K Bytes sent via SMTP 14,159 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 175 Connections 147 Connections lost (inbound) 175 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 2 Time(s) root : 4 Time(s) Failed logins from: 5.38.223.238 (0526DFEE.dsl.pool.telekom.hu): 1 time 5.140.243.229: 6 times 27.147.56.152: 1 time 27.214.225.47: 6 times 36.89.114.66: 1 time 36.92.3.219: 1 time 41.72.219.102 (41.72.219.102.liquidtelecom.net): 2 times 46.105.96.145 (ns381755.ovh.net): 1 time 51.38.51.113 (113.ip-51-38-51.eu): 3 times 51.77.195.157 (157.ip-51-77-195.eu): 2 times 51.83.77.224 (224.ip-51-83-77.eu): 2 times 54.37.138.172 (172.ip-54-37-138.eu): 3 times 59.125.247.227 (59-125-247-227.HINET-IP.hinet.net): 2 times 70.89.88.3: 2 times 74.208.252.136: 2 times 86.59.135.180 (563B87B4.dsl.pool.telekom.hu): 3 times 103.74.192.166: 1 time 103.255.44.176: 2 times 106.12.16.140: 2 times 106.13.127.37: 1 time 112.21.188.186: 2 times 119.235.24.244: 4 times 124.109.32.106 (mbl-109-32-106.dsl.net.pk): 2 times 138.68.105.10 (website.alzeinsoft.com): 1 time 138.197.98.251: 3 times 138.219.192.98 (98-192-219.138.brasilnett.com.br): 2 times 139.59.228.147: 1 time 140.143.17.156: 5 times 141.144.120.236 (oc-141-144-120-236.compute.oraclecloud.com): 1 time 142.93.85.35: 1 time 145.239.82.62 (62.ip-145-239-82.eu): 1 time 159.89.162.203: 3 times 161.246.35.41: 3 times 162.243.253.67: 3 times 163.172.42.50 (invoice.mountainashe.com): 5 times 180.117.118.28: 6 times 181.52.251.209 (static-ip-181520251209.cable.net.co): 1 time 183.80.133.166: 1 time 198.199.69.22: 1 time 200.164.82.26: 1 time 204.48.31.143: 4 times 218.92.0.174: 6 times Illegal users from: undef: 1308 times 5.38.223.238 (0526DFEE.dsl.pool.telekom.hu): 27 times 14.161.16.77 (static.vnpt.vn): 1 time 14.172.58.247 (static.vnpt.vn): 1 time 14.215.46.94: 11 times 27.147.56.152: 13 times 36.89.114.66: 44 times 36.92.3.219: 34 times 41.72.219.102 (41.72.219.102.liquidtelecom.net): 62 times 42.5.35.75: 6 times 46.105.96.145 (ns381755.ovh.net): 44 times 51.38.51.113 (113.ip-51-38-51.eu): 42 times 51.77.195.157 (157.ip-51-77-195.eu): 30 times 51.83.77.224 (224.ip-51-83-77.eu): 33 times 54.37.138.172 (172.ip-54-37-138.eu): 49 times 59.125.247.227 (59-125-247-227.HINET-IP.hinet.net): 32 times 68.183.36.92 (megabbq.biz.ua): 1 time 70.89.88.3: 14 times 74.208.239.79: 1 time 74.208.252.136: 50 times 79.53.125.202 (host202-125-dynamic.53-79-r.retail.telecomitalia.it): 2 times 81.174.39.116 (www.imyhome.me): 9 times 82.62.117.253 (host253-117-static.62-82-b.business.telecomitalia.it): 1 time 86.59.135.180 (563B87B4.dsl.pool.telekom.hu): 21 times 90.74.53.130 (130.pool90-74-53.dynamic.orange.es): 45 times 91.89.97.195 (HSI-KBW-091-089-097-195.hsi2.kabelbw.de): 15 times 94.23.215.158 (ns207822.ip-94-23-215.eu): 1 time 94.177.241.160 (host160-241-177-94.static.arubacloud.fr): 1 time 103.74.192.166: 25 times 103.76.21.181: 61 times 103.255.44.176: 50 times 104.0.142.113 (104-0-142-113.lightspeed.austtx.sbcglobal.net): 1 time 104.236.175.127: 11 times 106.12.16.140: 74 times 106.13.127.37: 4 times 108.30.0.18 (pool-108-30-0-18.nycmny.fios.verizon.net): 5 times 111.230.73.133: 8 times 112.21.188.186: 64 times 118.24.5.163: 34 times 118.89.40.174: 23 times 119.235.24.244: 96 times 122.192.51.202: 21 times 123.206.44.110: 31 times 124.109.32.106 (mbl-109-32-106.dsl.net.pk): 30 times 129.211.116.170: 2 times 138.68.105.10 (website.alzeinsoft.com): 27 times 138.68.171.54: 2 times 138.68.185.126 (bpsociety.co.uk): 44 times 138.197.98.251: 50 times 138.219.192.98 (98-192-219.138.brasilnett.com.br): 48 times 139.59.228.147: 52 times 140.143.17.156: 45 times 141.144.120.236 (oc-141-144-120-236.compute.oraclecloud.com): 22 times 142.93.85.35: 21 times 145.239.82.62 (62.ip-145-239-82.eu): 27 times 159.89.162.203: 44 times 161.246.35.41: 27 times 162.243.253.67: 61 times 163.172.42.50 (invoice.mountainashe.com): 39 times 176.206.128.95: 2 times 180.76.138.48: 55 times 181.52.251.209 (static-ip-181520251209.cable.net.co): 32 times 181.59.115.203 (dynamic-ip-18159115203.cable.net.co): 1 time 183.80.133.166: 51 times 186.104.207.53 (186-104-207-53.fibra.movistar.cl): 2 times 193.32.163.89 (srv.eqaltech.su): 1 time 194.179.101.6 (6.red-194-179-101.customer.static.ccgg.telefonica.net): 2 times 197.45.155.12 (host-197.45.155.12.tedata.net): 4 times 197.46.125.202 (host-197.46.125.202.tedata.net): 5 times 197.135.6.41: 5 times 198.199.69.22: 33 times 200.164.82.26: 5 times 204.48.31.143: 45 times 212.64.59.94: 34 times 222.223.203.104 (104.203.223.222.broad.sj.he.dynamic.163data.com.cn): 6 times 223.17.237.138 (138-237-17-223-on-nets.com): 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################