################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Nov 23 04:42:04 2018 Date Range Processed: yesterday ( 2018-Nov-22 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 3:3 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 8 sites probed the server 151.80.39.150 151.80.39.166 178.128.205.147 180.97.106.39 185.53.91.40 46.235.158.196 5.196.87.19 61.219.11.151 Requests with error response codes 400 Bad Request null: 10 Time(s) /robots.txt: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) mstshash=Administr: 1 Time(s) 401 Unauthorized /oauth/token: 1 Time(s) 404 Not Found /favicon.ico: 17 Time(s) /berlin/apple-touch-icon.png: 6 Time(s) /robots.txt: 4 Time(s) /wp-login.php: 4 Time(s) /sites/default/files/2003_WiSe_Bochum.pdf: 2 Time(s) /.well-known/openpgpkey/hu/qs1j67f594iidtsyffk69drssxddqm5t: 1 Time(s) /home/verein: 1 Time(s) /home/zapf: 1 Time(s) /index.php?option=com_user&task=register: 1 Time(s) /oauth/errors?error=invalid_request&error_ ... t_id+parameter.: 1 Time(s) /user/register: 1 Time(s) /wp-content/plugins/art-picture-shop/admin ... oad/server/php/: 1 Time(s) /wp-login.php?action=register: 1 Time(s) /zapf/wiki: 1 Time(s) 499 (undefined) /build/emojify.js/dist/css/basic/emojify.min.css: 2 Time(s) /build/font-pack.2c73dce02b1eaa3a3b4e.css: 2 Time(s) /admin/registration/report/wise18/anabreise: 1 Time(s) /build/af7ae505a9eed503f8b8e6982036873e.woff2: 1 Time(s) /fonts/SourceSansPro-Regular.woff: 1 Time(s) /fonts/SourceSansPro-Semibold.woff: 1 Time(s) 500 Internal Server Error /: 6 Time(s) //libs/js/iframe.js: 1 Time(s) 502 Bad Gateway /: 27 Time(s) /robots.txt: 3 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (178.128.221.237): 30 Time(s) unknown (206.189.41.105): 30 Time(s) unknown (216.ip-51-68-122.eu): 30 Time(s) unknown (46.101.26.63): 30 Time(s) unknown (germanlegendary.net): 30 Time(s) unknown (ns203748.ovh.net): 30 Time(s) unknown (121.67.246.139): 29 Time(s) unknown (128.199.145.205): 29 Time(s) unknown (167.99.5.18): 29 Time(s) unknown (194.182.76.190): 29 Time(s) unknown (45.248.86.155): 29 Time(s) unknown (45.55.243.106): 29 Time(s) unknown (46.189.55.130): 29 Time(s) unknown (77.81.229.70): 29 Time(s) unknown (ns314239.ip-37-187-25.eu): 29 Time(s) unknown (ns3323025.ip-37-187-0.eu): 29 Time(s) unknown (ns349271.ip-91-121-110.eu): 29 Time(s) unknown (ns379769.ip-5-196-70.eu): 29 Time(s) unknown (ns505929.ip-198-27-80.net): 29 Time(s) unknown (104.131.79.34): 28 Time(s) unknown (142.93.1.20): 28 Time(s) unknown (5.ip-164-132-192.eu): 28 Time(s) unknown (5.ip-51-68-122.eu): 28 Time(s) unknown (5751a94a.skybroadband.com): 28 Time(s) unknown (84.53.201.116): 28 Time(s) unknown (104.234.223.14): 27 Time(s) unknown (219.65.51.21): 27 Time(s) unknown (81.ip-217-182-170.eu): 27 Time(s) unknown (159.65.34.82): 26 Time(s) unknown (pfsense2.ufra.edu.br): 26 Time(s) unknown (51.158.69.63): 24 Time(s) unknown (193.112.10.59): 23 Time(s) unknown (modemcable182.196-37-24.static.videotron.ca): 20 Time(s) unknown (211.100.19.212): 19 Time(s) unknown (185.250.251.49): 18 Time(s) unknown (ec2-3-0-127-90.ap-southeast-1.compute.amazonaws.com): 18 Time(s) unknown (41.230.11.21): 17 Time(s) unknown (178.153.33.3): 15 Time(s) unknown (103.ip-145-239-81.eu): 12 Time(s) unknown (86.104.220.26): 12 Time(s) unknown (167.99.130.12): 11 Time(s) unknown (v22018116437276252.nicesrv.de): 11 Time(s) unknown (177.43.249.186): 7 Time(s) root (broadband-5-228-166-5.ip.moscow.rt.ru): 6 Time(s) root (broadband-5-228-239-21.ip.moscow.rt.ru): 6 Time(s) root (broadband-95-84-193-126.ip.moscow.rt.ru): 6 Time(s) unknown (60.ip-51-38-82.eu): 6 Time(s) unknown (82.200.226.226.dial.online.kz): 6 Time(s) unknown (178.128.65.102): 5 Time(s) unknown (202.112.113.220): 4 Time(s) unknown (pk-appstore.zte.ptcl.net): 3 Time(s) unknown (pk-dl.zte.ptcl.net): 3 Time(s) unknown (pk-release.zte.ptcl.net): 3 Time(s) bin (5.ip-164-132-192.eu): 2 Time(s) bin (5.ip-51-68-122.eu): 2 Time(s) postgres (81.ip-217-182-170.eu): 2 Time(s) root (219.65.51.21): 2 Time(s) unknown (159.89.104.243): 2 Time(s) unknown (238.29.11.37.dynamic.jazztel.es): 2 Time(s) unknown (51.15.213.235): 2 Time(s) unknown (78-22-133-126.access.telenet.be): 2 Time(s) unknown (lfbn-1-3814-133.w86-229.abo.wanadoo.fr): 2 Time(s) unknown (lfbn-tou-1-252-151.w86-201.abo.wanadoo.fr): 2 Time(s) backup (142.93.1.20): 1 Time(s) backup (219.65.51.21): 1 Time(s) backup (pfsense2.ufra.edu.br): 1 Time(s) bin (211.100.19.212): 1 Time(s) bin (5751a94a.skybroadband.com): 1 Time(s) daemon (121.67.246.139): 1 Time(s) games (5751a94a.skybroadband.com): 1 Time(s) man (178.128.65.102): 1 Time(s) man (82.200.226.226.dial.online.kz): 1 Time(s) mysql (159.65.34.82): 1 Time(s) mysql (193.112.10.59): 1 Time(s) mysql (77.81.229.70): 1 Time(s) mysql (ns379769.ip-5-196-70.eu): 1 Time(s) mysql (pfsense2.ufra.edu.br): 1 Time(s) nobody (142.93.1.20): 1 Time(s) nobody (81.ip-217-182-170.eu): 1 Time(s) postgres (104.131.79.34): 1 Time(s) postgres (104.234.223.14): 1 Time(s) postgres (159.65.34.82): 1 Time(s) postgres (167.99.5.18): 1 Time(s) postgres (185.250.251.49): 1 Time(s) postgres (202.112.113.220): 1 Time(s) postgres (41.230.11.21): 1 Time(s) postgres (46.189.55.130): 1 Time(s) postgres (84.53.201.116): 1 Time(s) postgres (modemcable182.196-37-24.static.videotron.ca): 1 Time(s) postgres (ns3323025.ip-37-187-0.eu): 1 Time(s) postgres (ns505929.ip-198-27-80.net): 1 Time(s) root (159.65.34.82): 1 Time(s) root (193.169.252.228): 1 Time(s) root (217.61.59.142): 1 Time(s) root (41.230.11.21): 1 Time(s) root (ns3016508.ip-51-254-47.eu): 1 Time(s) root (ns314239.ip-37-187-25.eu): 1 Time(s) root (ns349271.ip-91-121-110.eu): 1 Time(s) unknown (159.226.20.83): 1 Time(s) unknown (197.51.65.165): 1 Time(s) unknown (5.188.10.76): 1 Time(s) unknown (pk-app.zte.ptcl.net): 1 Time(s) unknown (pk-appstore-gw.zte.ptcl.net): 1 Time(s) unknown (pk-cam.zte.ptcl.net): 1 Time(s) www-data (211.100.19.212): 1 Time(s) www-data (45.248.86.155): 1 Time(s) Invalid Users: Unknown Account: 1113 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 14 Miscellaneous warnings 33.712K Bytes accepted 34,521 33.712K Bytes sent via SMTP 34,521 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 323 Connections 2 Connections lost (inbound) 323 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 3 Time(s) Failed logins from: 5.196.70.107 (ns379769.ip-5-196-70.eu): 1 time 5.228.166.5 (broadband-5-228-166-5.ip.moscow.rt.ru): 6 times 5.228.239.21 (broadband-5-228-239-21.ip.moscow.rt.ru): 6 times 24.37.196.182 (modemcable182.196-37-24.static.videotron.ca): 1 time 37.187.0.20 (ns3323025.ip-37-187-0.eu): 1 time 37.187.25.138 (ns314239.ip-37-187-25.eu): 1 time 41.230.11.21: 2 times 45.248.86.155: 1 time 46.189.55.130: 1 time 51.68.122.5 (5.ip-51-68-122.eu): 2 times 51.254.47.198 (ns3016508.ip-51-254-47.eu): 1 time 77.81.229.70 (host70-229-81-77.serverdedicati.aruba.it): 1 time 82.200.226.226 (82.200.226.226.dial.online.kz): 1 time 84.53.201.116 (zonecenter.ru): 1 time 87.81.169.74 (5751a94a.skybroadband.com): 2 times 91.121.110.50 (ns349271.ip-91-121-110.eu): 1 time 95.84.193.126 (broadband-95-84-193-126.ip.moscow.rt.ru): 6 times 104.131.79.34: 1 time 104.234.223.14: 1 time 121.67.246.139: 1 time 142.93.1.20: 2 times 159.65.34.82: 3 times 164.132.192.5 (5.ip-164-132-192.eu): 2 times 167.99.5.18 (technous.localiton.mx): 1 time 178.128.65.102: 1 time 185.250.251.49: 1 time 193.112.10.59: 1 time 193.169.252.228: 1 time 198.27.80.211 (ns505929.ip-198-27-80.net): 1 time 200.129.150.3 (pfsense2.ufra.edu.br): 2 times 202.112.113.220: 1 time 211.100.19.212: 2 times 217.61.59.142 (host142-59-61-217.serverdedicati.aruba.it): 1 time 217.182.170.81 (81.ip-217-182-170.eu): 3 times 219.65.51.21 (219.65.51.21.static-chennai.vsnl.net.in): 3 times Illegal users from: undef: 611 times 3.0.127.90 (ec2-3-0-127-90.ap-southeast-1.compute.amazonaws.com): 18 times 5.188.10.76: 1 time 5.196.70.107 (ns379769.ip-5-196-70.eu): 29 times 24.37.196.182 (modemcable182.196-37-24.static.videotron.ca): 20 times 37.11.29.238 (238.29.11.37.dynamic.jazztel.es): 2 times 37.187.0.20 (ns3323025.ip-37-187-0.eu): 29 times 37.187.25.138 (ns314239.ip-37-187-25.eu): 29 times 41.230.11.21: 17 times 45.55.243.106: 29 times 45.248.86.155: 29 times 46.101.26.63 (107537-81967.cloudwaysapps.com): 30 times 46.189.55.130: 29 times 51.15.213.235 (235-213-15-51.rev.cloud.scaleway.com): 2 times 51.38.82.60 (60.ip-51-38-82.eu): 6 times 51.68.122.5 (5.ip-51-68-122.eu): 28 times 51.68.122.216 (216.ip-51-68-122.eu): 30 times 51.158.69.63 (63-69-158-51.rev.cloud.scaleway.com): 24 times 77.81.229.70 (host70-229-81-77.serverdedicati.aruba.it): 29 times 78.22.133.126 (78-22-133-126.access.telenet.be): 2 times 82.200.226.226 (82.200.226.226.dial.online.kz): 6 times 84.53.201.116 (zonecenter.ru): 28 times 86.104.220.26 (ohoy.freepodog.com): 12 times 86.201.95.151 (lfbn-tou-1-252-151.w86-201.abo.wanadoo.fr): 2 times 86.229.75.133 (lfbn-1-3814-133.w86-229.abo.wanadoo.fr): 2 times 87.81.169.74 (5751a94a.skybroadband.com): 28 times 91.121.110.50 (ns349271.ip-91-121-110.eu): 29 times 94.23.0.13 (ns203748.ovh.net): 30 times 104.131.79.34: 28 times 104.234.223.14: 27 times 121.67.246.139: 29 times 128.199.145.205: 29 times 142.93.1.20: 28 times 145.239.81.103 (103.ip-145-239-81.eu): 12 times 159.65.34.82: 26 times 159.89.104.243 (166473.cloudwaysapps.com): 2 times 159.226.20.83: 1 time 164.132.192.5 (5.ip-164-132-192.eu): 28 times 167.99.5.18 (technous.localiton.mx): 29 times 167.99.130.12: 11 times 177.43.249.186 (177.43.249.186.static.gvt.net.br): 7 times 178.128.65.102: 5 times 178.128.221.237: 30 times 178.153.33.3: 15 times 182.176.43.233 (pk-app.zte.ptcl.net): 12 times 185.250.251.49: 18 times 188.68.40.67 (v22018116437276252.nicesrv.de): 11 times 193.112.10.59: 23 times 194.182.76.190 (host190-76-182-194.serverdedicati.aruba.it): 29 times 195.110.43.120 (germanlegendary.net): 30 times 197.51.65.165 (host-197.51.65.165.tedata.net): 1 time 198.27.80.211 (ns505929.ip-198-27-80.net): 29 times 200.129.150.3 (pfsense2.ufra.edu.br): 26 times 202.112.113.220: 4 times 206.189.41.105: 30 times 211.100.19.212: 19 times 217.182.170.81 (81.ip-217-182-170.eu): 27 times 219.65.51.21 (219.65.51.21.static-chennai.vsnl.net.in): 27 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 240G 161G 60% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################