[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 11 Oktober 2019

 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Oct 11 04:42:07 2019
        Date Range Processed: yesterday
                              ( 2019-Oct-10 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 

 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [300:300]

 ---------------------- fail2ban-messages End ------------------------- 

 --------------------- httpd Begin ------------------------ 

 A total of 5 sites probed the server 
    167.99.187.122
    172.104.242.173
    183.129.160.229
    5.188.210.101
    80.82.77.139

 Requests with error response codes
    400 Bad Request
       null: 11 Time(s)
       mstshash=Administr: 8 Time(s)
       /: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
    404 Not Found
       /robots.txt: 35 Time(s)
       /berlin/apple-touch-icon.png: 8 Time(s)
       /sites/default/files/1995_SoSe_Hannover.pdf: 1 Time(s)
       /wp-login.php: 1 Time(s)
       /zapf/geschaeftsordnung: 1 Time(s)
    500 Internal Server Error
       /: 14 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /robots.txt: 1 Time(s)
       /sitemap.xml: 1 Time(s)
       /srcheck/10/10/2019-004228/81.169.150.252/_/: 1 Time(s)
       /srcheck/10/10/2019-081434/81.169.150.252/_/: 1 Time(s)

 ---------------------- httpd End ------------------------- 

 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (106.13.189.240): 100 Time(s)
       root (118.25.64.218): 100 Time(s)
       root (103.1.153.103): 98 Time(s)
       root (219.129.32.1): 98 Time(s)
       root (165.227.16.222): 97 Time(s)
       root (106.12.93.12): 90 Time(s)
       root (14.116.253.142): 87 Time(s)
       root (67.55.92.88): 86 Time(s)
       root (118.69.32.167): 82 Time(s)
       root (13.76.212.16): 80 Time(s)
       root (118.25.99.101): 77 Time(s)
       root (36.108.170.241): 77 Time(s)
       unknown (151.84.222.52): 74 Time(s)
       root (107.172.30.143): 73 Time(s)
       root (118.24.5.135): 73 Time(s)
       root (67.55.92.90): 73 Time(s)
       unknown (119.235.24.244): 66 Time(s)
       root (103.28.57.86): 65 Time(s)
       root (95.85.60.251): 65 Time(s)
       root (106.13.140.138): 63 Time(s)
       root (58.87.92.153): 63 Time(s)
       unknown (115.238.236.74): 63 Time(s)
       root (111.230.248.125): 62 Time(s)
       root (103.48.232.123): 61 Time(s)
       unknown (29.0.237.35.bc.googleusercontent.com): 61 Time(s)
       root (134.175.29.208): 60 Time(s)
       root (168.232.163.250): 59 Time(s)
       root (203.230.6.175): 59 Time(s)
       root (94.191.41.77): 59 Time(s)
       root (111.ip-144-217-242.net): 56 Time(s)
       root (181.49.254.230): 54 Time(s)
       root (80.85.70.20): 53 Time(s)
       unknown (180.76.176.174): 53 Time(s)
       root (27.254.90.106): 50 Time(s)
       root (175.ip-92-222-77.eu): 49 Time(s)
       unknown (200.107.236.169): 47 Time(s)
       root (58.47.177.160): 45 Time(s)
       root (211.94.143.34): 43 Time(s)
       unknown (91.211.246.250): 42 Time(s)
       root (23.94.133.77): 40 Time(s)
       unknown (185.111.218.131): 40 Time(s)
       unknown (202.230.143.53): 40 Time(s)
       unknown (80.211.16.26): 39 Time(s)
       unknown (103.48.232.123): 38 Time(s)
       root (27.254.130.69): 37 Time(s)
       root (185.111.218.131): 36 Time(s)
       unknown (210.120.63.89): 36 Time(s)
       root (180.76.176.174): 35 Time(s)
       root (ns3055979.ip-193-70-8.eu): 35 Time(s)
       unknown (211.94.143.34): 35 Time(s)
       unknown (45.55.224.209): 35 Time(s)
       root (91.211.246.250): 34 Time(s)
       root (182.73.123.118): 32 Time(s)
       unknown (114.67.98.243): 31 Time(s)
       unknown (106.13.8.112): 30 Time(s)
       unknown (134.175.29.208): 30 Time(s)
       unknown (111.ip-144-217-242.net): 28 Time(s)
       unknown (186.153.138.2): 28 Time(s)
       unknown (94.191.41.77): 28 Time(s)
       unknown (175.ip-92-222-77.eu): 27 Time(s)
       unknown (111.43.70.254): 26 Time(s)
       root (186.153.138.2): 25 Time(s)
       root (200.107.236.169): 25 Time(s)
       unknown (106.12.74.238): 25 Time(s)
       unknown (95.85.60.251): 25 Time(s)
       root (106.13.8.112): 24 Time(s)
       unknown (111.230.248.125): 24 Time(s)
       unknown (80.85.70.20): 24 Time(s)
       unknown (103.28.57.86): 23 Time(s)
       unknown (27.254.130.69): 23 Time(s)
       root (114.67.98.243): 22 Time(s)
       unknown (106.13.140.138): 22 Time(s)
       unknown (118.25.99.101): 22 Time(s)
       root (57-160-94-138.turbonetburitis.com.br): 21 Time(s)
       unknown (23.94.133.77): 21 Time(s)
       unknown (13.76.212.16): 20 Time(s)
       root (45.55.224.209): 19 Time(s)
       unknown (110.249.254.66): 18 Time(s)
       unknown (ns3055979.ip-193-70-8.eu): 18 Time(s)
       root (49.235.226.43): 17 Time(s)
       root (85.132.100.24): 17 Time(s)
       root (101.68.70.14): 16 Time(s)
       unknown (173.239.37.159): 16 Time(s)
       root (111.43.70.254): 13 Time(s)
       root (112.85.42.177): 12 Time(s)
       unknown (182.73.123.118): 12 Time(s)
       unknown (118.24.5.135): 11 Time(s)
       unknown (67.55.92.88): 11 Time(s)
       root (151.84.222.52): 10 Time(s)
       unknown (118.24.121.240): 10 Time(s)
       unknown (58.87.92.153): 10 Time(s)
       root (1.71.129.49): 9 Time(s)
       unknown (107.172.30.143): 9 Time(s)
       unknown (182.61.175.71): 9 Time(s)
       unknown (14.116.253.142): 8 Time(s)
       unknown (200.107.236.161): 8 Time(s)
       unknown (57-160-94-138.turbonetburitis.com.br): 8 Time(s)
       root (106.12.80.204): 7 Time(s)
       root (112.85.42.171): 6 Time(s)
       root (112.85.42.178): 6 Time(s)
       root (200.107.236.161): 6 Time(s)
       root (27.210.143.2): 6 Time(s)
       root (64.85.228.52): 6 Time(s)
       root (broadband-188-32-207-197.ip.moscow.rt.ru): 6 Time(s)
       root (c-73-71-231-134.hsd1.ca.comcast.net): 6 Time(s)
       root (host-cotesma-163-170.smandes.com.ar): 6 Time(s)
       unknown (106.12.93.12): 6 Time(s)
       unknown (122.176.120.160): 6 Time(s)
       unknown (58.47.177.160): 6 Time(s)
       unknown (59.108.143.83): 6 Time(s)
       unknown (85.132.100.24): 6 Time(s)
       root (115.238.236.74): 5 Time(s)
       root (182.61.175.71): 5 Time(s)
       root (202.230.143.53): 5 Time(s)
       unknown (88.190.16.176): 5 Time(s)
       unknown (static.5.170.194.213.ibercom.com): 5 Time(s)
       root (119.235.24.244): 4 Time(s)
       root (197.248.16.118): 4 Time(s)
       root (210.120.63.89): 4 Time(s)
       unknown (193.32.163.182): 4 Time(s)
       root (222.127.86.135): 3 Time(s)
       unknown (112.186.77.98): 3 Time(s)
       unknown (165.227.16.222): 3 Time(s)
       unknown (183.103.35.198): 3 Time(s)
       unknown (58.250.79.7): 3 Time(s)
       unknown (mail.gempaya.com): 3 Time(s)
       root (29.0.237.35.bc.googleusercontent.com): 2 Time(s)
       root (80.211.16.26): 2 Time(s)
       unknown (218.150.220.234): 2 Time(s)
       unknown (220.92.16.102): 2 Time(s)
       unknown (221.162.255.66): 2 Time(s)
       unknown (47.196.166.25): 2 Time(s)
       unknown (92.63.194.26): 2 Time(s)
       unknown (aqk190.neoplus.adsl.tpnet.pl): 2 Time(s)
       unknown (rrcs-108-176-0-2.nyc.biz.rr.com): 2 Time(s)
       bin (salonatcom.com): 1 Time(s)
       daemon (110.249.254.66): 1 Time(s)
       daemon (salonatcom.com): 1 Time(s)
       games (dsl-208-102-113-11.fuse.net): 1 Time(s)
       gnats (callisto.ucc.ie): 1 Time(s)
       mysql (58.250.79.7): 1 Time(s)
       postgres (151.84.222.52): 1 Time(s)
       root (117.139.166.203): 1 Time(s)
       root (117.232.127.50): 1 Time(s)
       root (118.187.31.11): 1 Time(s)
       root (123.114.108.108): 1 Time(s)
       root (124.243.198.190): 1 Time(s)
       root (196.32.194.90): 1 Time(s)
       root (206.189.136.160): 1 Time(s)
       root (218.150.220.234): 1 Time(s)
       root (220.92.16.102): 1 Time(s)
       root (ip-132-148-129-180.ip.secureserver.net): 1 Time(s)
       root (mvx-187-111-23-14.mundivox.com): 1 Time(s)
       root (ns3045583.ip-46-105-122.eu): 1 Time(s)
       root (ns388423.ip-176-31-253.eu): 1 Time(s)
       temp (2.152.192.52.dyn.user.ono.com): 1 Time(s)
       temp (rrcs-108-176-0-2.nyc.biz.rr.com): 1 Time(s)
       unknown (104.248.115.231): 1 Time(s)
       unknown (112.169.255.1): 1 Time(s)
       unknown (118.69.32.167): 1 Time(s)
       unknown (122.154.134.38): 1 Time(s)
       unknown (123.214.186.186): 1 Time(s)
       unknown (130.ip-142-4-203.net): 1 Time(s)
       unknown (156.199.249.27): 1 Time(s)
       unknown (190.216.92.10): 1 Time(s)
       unknown (202.88.241.107): 1 Time(s)
       unknown (206.189.166.172): 1 Time(s)
       unknown (207.154.232.160): 1 Time(s)
       unknown (213.135.230.147): 1 Time(s)
       unknown (221.176.177.194): 1 Time(s)
       unknown (36.99.41.137): 1 Time(s)
       unknown (37.139.21.75): 1 Time(s)
       unknown (39.118.158.229): 1 Time(s)
       unknown (41.216.174.102): 1 Time(s)
       unknown (43.242.125.185): 1 Time(s)
       unknown (crushdigital.co.uk): 1 Time(s)
       unknown (ip94.ip-178-32-10.eu): 1 Time(s)
       unknown (ool-addccea2.static.optonline.net): 1 Time(s)
       unknown (server.herojus.lt): 1 Time(s)
       unknown (v133-130-107-88.a036.g.tyo1.static.cnode.io): 1 Time(s)
       unknown (wetech.digital): 1 Time(s)
    Invalid Users:
       Unknown Account: 1375 Time(s)

 ---------------------- pam_unix End ------------------------- 

 --------------------- Postfix Begin ------------------------ 

        9   Miscellaneous warnings  

   19.247K  Bytes accepted                              19,709
   19.247K  Bytes sent via SMTP                         19,709
 ========   ==================================================

        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================

       73   Connections             
       64   Connections lost (inbound) 
       73   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           

        1   Hostname verification errors (FCRDNS) 

 ---------------------- Postfix End ------------------------- 

 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)

 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Disconnecting after too many authentication failures for user:
    invalid : 1 Time(s)
    root : 9 Time(s)

 Failed logins from:
    1.71.129.49: 9 times
    2.152.192.52 (2.152.192.52.dyn.user.ono.com): 1 time
    13.76.212.16: 80 times
    14.116.253.142: 87 times
    23.94.133.77 (23-94-133-77-host.colocrossing.com): 40 times
    27.210.143.2: 6 times
    27.254.90.106: 50 times
    27.254.130.69: 37 times
    35.237.0.29 (29.0.237.35.bc.googleusercontent.com): 2 times
    36.108.170.241: 77 times
    45.55.224.209: 19 times
    46.105.122.62 (ns3045583.ip-46-105-122.eu): 1 time
    49.235.226.43: 17 times
    58.47.177.160: 45 times
    58.87.92.153: 63 times
    58.250.79.7: 1 time
    64.85.228.52: 6 times
    67.55.92.88: 86 times
    67.55.92.90: 73 times
    73.71.231.134 (c-73-71-231-134.hsd1.ca.comcast.net): 6 times
    80.85.70.20 (fairplay.playbest.de): 53 times
    80.211.16.26 (host26-16-211-80.serverdedicati.aruba.it): 2 times
    85.132.100.24: 17 times
    91.211.246.250: 34 times
    92.222.77.175 (175.ip-92-222-77.eu): 49 times
    94.191.41.77: 59 times
    95.85.60.251: 65 times
    101.68.70.14: 16 times
    103.1.153.103: 98 times
    103.28.57.86: 65 times
    103.48.232.123: 61 times
    106.12.80.204: 7 times
    106.12.93.12: 90 times
    106.13.8.112: 24 times
    106.13.140.138: 63 times
    106.13.189.240: 100 times
    107.172.30.143 (107-172-30-143-host.colocrossing.com): 73 times
    108.176.0.2 (rrcs-108-176-0-2.nyc.biz.rr.com): 1 time
    110.249.254.66: 1 time
    111.43.70.254: 13 times
    111.230.248.125: 62 times
    112.85.42.171: 6 times
    112.85.42.177: 12 times
    112.85.42.178: 6 times
    114.67.98.243: 22 times
    115.238.236.74: 5 times
    117.139.166.203: 1 time
    117.232.127.50: 1 time
    118.24.5.135: 73 times
    118.25.64.218: 100 times
    118.25.99.101: 77 times
    118.69.32.167: 82 times
    118.187.31.11: 1 time
    119.235.24.244: 4 times
    123.114.108.108: 1 time
    124.243.198.190: 1 time
    132.148.129.180 (ip-132-148-129-180.ip.secureserver.net): 1 time
    134.175.29.208: 60 times
    138.94.160.57 (57-160-94-138.turbonetburitis.com.br): 21 times
    139.59.151.149 (salonatcom.com): 2 times
    143.239.130.113 (callisto.ucc.ie): 1 time
    144.217.242.111 (111.ip-144-217-242.net): 56 times
    151.84.222.52: 11 times
    165.227.16.222: 97 times
    168.232.163.250: 59 times
    176.31.253.204 (ns388423.ip-176-31-253.eu): 1 time
    180.76.176.174: 35 times
    181.49.254.230: 54 times
    182.61.175.71: 5 times
    182.73.123.118: 32 times
    185.111.218.131: 36 times
    186.153.138.2 (host2.186-153-138.telecom.net.ar): 25 times
    187.111.23.14 (mvx-187-111-23-14.mundivox.com): 1 time
    188.32.207.197 (broadband-188-32-207-197.ip.moscow.rt.ru): 6 times
    193.70.8.163 (ns3055979.ip-193-70-8.eu): 35 times
    196.32.194.90: 1 time
    197.248.16.118 (197-248-16-118.safaricombusiness.co.ke): 4 times
    200.107.236.161 (rango236publica161.reytelhn.net): 6 times
    200.107.236.169 (rango236publica169.reytelhn.net): 25 times
    201.220.163.170 (host-cotesma-163-170.smandes.com.ar): 6 times
    202.230.143.53: 5 times
    203.230.6.175: 59 times
    206.189.136.160: 1 time
    208.102.113.11 (dsl-208-102-113-11.fuse.net): 1 time
    210.120.63.89: 4 times
    211.94.143.34: 43 times
    218.150.220.234: 1 time
    219.129.32.1: 98 times
    220.92.16.102: 1 time
    222.127.86.135: 3 times

 Illegal users from:
    undef: 1083 times
    13.76.212.16: 20 times
    14.116.253.142: 8 times
    23.94.133.77 (23-94-133-77-host.colocrossing.com): 21 times
    27.254.130.69: 23 times
    35.237.0.29 (29.0.237.35.bc.googleusercontent.com): 61 times
    36.99.41.137: 1 time
    37.139.21.75: 1 time
    39.118.158.229: 5 times
    41.216.174.102: 1 time
    43.242.125.185 (static-43-242-125-185.ctrls.in): 1 time
    45.55.224.209: 35 times
    46.101.27.6 (wetech.digital): 1 time
    46.101.88.10 (crushdigital.co.uk): 1 time
    46.101.163.220 (server.herojus.lt): 1 time
    47.196.166.25: 2 times
    58.47.177.160: 6 times
    58.87.92.153: 10 times
    58.250.79.7: 3 times
    59.108.143.83: 6 times
    67.55.92.88: 11 times
    80.85.70.20 (fairplay.playbest.de): 24 times
    80.211.16.26 (host26-16-211-80.serverdedicati.aruba.it): 39 times
    83.26.170.190 (aqk190.neoplus.adsl.tpnet.pl): 2 times
    85.132.100.24: 6 times
    88.190.16.176 (mil75-8-88-190-16-176.fbxo.proxad.net): 5 times
    91.211.246.250: 42 times
    92.63.194.26: 2 times
    92.222.77.175 (175.ip-92-222-77.eu): 27 times
    94.191.41.77: 28 times
    95.85.60.251: 25 times
    103.28.57.86: 23 times
    103.48.232.123: 38 times
    104.248.115.231: 1 time
    106.12.74.238: 25 times
    106.12.93.12: 6 times
    106.13.8.112: 30 times
    106.13.140.138: 22 times
    107.172.30.143 (107-172-30-143-host.colocrossing.com): 9 times
    108.176.0.2 (rrcs-108-176-0-2.nyc.biz.rr.com): 2 times
    110.249.254.66: 18 times
    111.43.70.254: 26 times
    111.230.248.125: 24 times
    112.169.255.1: 1 time
    112.186.77.98: 3 times
    114.67.98.243: 31 times
    115.238.236.74: 63 times
    118.24.5.135: 11 times
    118.24.121.240: 10 times
    118.25.99.101: 22 times
    118.69.32.167: 1 time
    119.235.24.244: 66 times
    122.154.134.38: 1 time
    122.176.120.160 (abts-north-static-160.120.176.122.airtelbroadband.in): 6 times
    123.214.186.186: 1 time
    133.130.107.88 (v133-130-107-88.a036.g.tyo1.static.cnode.io): 1 time
    134.175.29.208: 30 times
    137.74.131.224 (mail.gempaya.com): 3 times
    138.94.160.57 (57-160-94-138.turbonetburitis.com.br): 8 times
    139.162.122.110 (scan-8.security.ipip.net): 1 time
    142.4.203.130 (130.ip-142-4-203.net): 1 time
    144.217.242.111 (111.ip-144-217-242.net): 28 times
    151.84.222.52: 74 times
    156.199.249.27 (host-156.199.27.249-static.tedata.net): 1 time
    165.227.16.222: 3 times
    173.220.206.162 (ool-addccea2.static.optonline.net): 1 time
    173.239.37.159: 16 times
    178.32.10.94 (ip94.ip-178-32-10.eu): 1 time
    180.76.176.174: 53 times
    182.61.175.71: 9 times
    182.73.123.118: 12 times
    183.103.35.198: 3 times
    185.111.218.131: 40 times
    186.153.138.2 (host2.186-153-138.telecom.net.ar): 28 times
    190.216.92.10: 1 time
    193.32.163.182 (hosting-by.cloud-home.me): 4 times
    193.70.8.163 (ns3055979.ip-193-70-8.eu): 18 times
    200.107.236.161 (rango236publica161.reytelhn.net): 8 times
    200.107.236.169 (rango236publica169.reytelhn.net): 47 times
    202.88.241.107 (107.241.88.202.asianet.co.in): 1 time
    202.230.143.53: 40 times
    206.189.166.172: 1 time
    207.154.232.160: 1 time
    210.120.63.89: 36 times
    211.94.143.34: 35 times
    213.135.230.147 (ip-213-135-230-147.static.luxdsl.pt.lu): 1 time
    213.194.170.5 (static.5.170.194.213.ibercom.com): 5 times
    218.150.220.234: 2 times
    220.92.16.102: 2 times
    221.162.255.66: 2 times
    221.176.177.194: 1 time

 **Unmatched Entries**
 fatal: Unable to negotiate a key exchange method [preauth] : 1 time(s)
 Bad packet length 2715869341. [preauth] : 1 time(s)
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 3 time(s)
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 6 time(s)
 Disconnecting: Packet corrupt [preauth] : 1 time(s)

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End ######################### 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)