04:42
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Tue Apr 30 04:42:04 2019
Date Range Processed: yesterday
( 2019-Apr-29 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [471:468]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy:
60.191.52.254 -> zapf.wiki:443: 1 Time(s)
A total of 5 sites probed the server
118.190.116.148
37.115.189.148
5.188.210.101
61.219.11.153
93.174.93.114
Requests with error response codes
400 Bad Request
null: 8 Time(s)
mstshash=Administr: 5 Time(s)
/Lists/admin.php: 1 Time(s)
/index.php?s=/index/\x09hink\x07pp/invokef ... exec&vars[1][]=: 1 Time(s)
/robots.txt: 1 Time(s)
/w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
http://5.188.210.101/echo.php: 1 Time(s)
mstshash=hello: 1 Time(s)
zapf.wiki:443: 1 Time(s)
404 Not Found
/robots.txt: 39 Time(s)
/index.php?option=com_user&task=register: 1 Time(s)
/node: 1 Time(s)
/node?page=1: 1 Time(s)
/protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s)
/resolutionen/sose15/Netzneutralitaet_in_U ... %A4tsnetzen.pdf: 1 Time(s)
/resolutionen/wise15/Gefl%C3%83%C2%BCchtet ... efluechtete.pdf: 1 Time(s)
/sites/default/files/1984_WiSe_Bonn.pdf: 1 Time(s)
/sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s)
/sites/default/files/2011_05_Stellungnahme_EQR-DQR_0.pdf: 1 Time(s)
/user: 1 Time(s)
/user/register: 1 Time(s)
/wp-login.php?action=register: 1 Time(s)
499 (undefined)
/fonts/SourceSansPro-Regular.woff: 1 Time(s)
500 Internal Server Error
/: 11 Time(s)
/admin//config.php: 2 Time(s)
/nx8j78af1b.jsp: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (201.82.44.13): 47 Time(s)
unknown (ec2-13-234-124-36.ap-south-1.compute.amazonaws.com): 47 Time(s)
unknown (119.29.72.213): 44 Time(s)
unknown (118.89.153.96): 42 Time(s)
unknown (201.20.36.4): 42 Time(s)
unknown (laubervilliers-656-1-44-191.w80-11.abo.wanadoo.fr): 42 Time(s)
unknown (31.ip-54-39-145.net): 41 Time(s)
unknown (101.230.223.158): 40 Time(s)
unknown (103.28.57.86): 39 Time(s)
unknown (106.12.17.243): 39 Time(s)
unknown (139.59.28.61): 39 Time(s)
unknown (188.131.132.70): 39 Time(s)
unknown (202.43.249.7): 39 Time(s)
unknown (27.40.23.221): 39 Time(s)
unknown (36.ip-51-83-76.eu): 39 Time(s)
unknown (68.183.233.239): 39 Time(s)
unknown (94.191.79.156): 39 Time(s)
unknown (fixed-187-188-251-219.totalplay.net): 39 Time(s)
unknown (178.128.94.38): 38 Time(s)
unknown (107.170.249.81): 36 Time(s)
unknown (106.12.215.125): 35 Time(s)
unknown (178.62.33.138): 35 Time(s)
unknown (104.236.175.127): 34 Time(s)
unknown (162.211.127.27): 34 Time(s)
unknown (134.209.230.223): 33 Time(s)
unknown (139.59.135.84): 33 Time(s)
unknown (159.65.77.254): 33 Time(s)
unknown (159.89.236.216): 33 Time(s)
unknown (192.241.159.27): 33 Time(s)
unknown (211-22-154-225.hinet-ip.hinet.net): 33 Time(s)
unknown (232.ip-5-196-7.eu): 33 Time(s)
unknown (36.89.214.234): 31 Time(s)
unknown (103.85.60.83): 30 Time(s)
unknown (114.7.170.194): 30 Time(s)
unknown (116.214.55.19): 30 Time(s)
unknown (ip156.ip-178-33-45.eu): 30 Time(s)
unknown (45.55.63.164): 21 Time(s)
unknown (111.221.241.112): 18 Time(s)
unknown (203.110.213.96): 18 Time(s)
unknown (45.237.203.100): 17 Time(s)
unknown (oc-130-162-67-47.compute.oraclecloud.com): 17 Time(s)
unknown (d199-74-67-83.try.wideopenwest.com): 15 Time(s)
unknown (c-174-58-247-12.hsd1.fl.comcast.net): 12 Time(s)
unknown (wp.eckinox.net): 12 Time(s)
unknown (jon84-1-78-229-41-247.fbx.proxad.net): 7 Time(s)
root (58.121.126.93): 6 Time(s)
root (58.135.224.36): 6 Time(s)
unknown (105.142.broadband15.iol.cz): 6 Time(s)
unknown (115.159.30.108): 6 Time(s)
unknown (118.25.128.19): 6 Time(s)
unknown (119.29.75.165): 6 Time(s)
unknown (i53878352.versanet.de): 6 Time(s)
unknown (bzq-218-141-8.cablep.bezeqint.net): 5 Time(s)
unknown (132.ip-51-77-192.eu): 4 Time(s)
unknown (61.39.60.178.static.reverse-mundo-r.com): 4 Time(s)
backup (103.28.57.86): 3 Time(s)
unknown (59.49.38.210): 3 Time(s)
unknown (pariurix.tech): 3 Time(s)
mysql (104.236.175.127): 2 Time(s)
postgres (203.110.213.96): 2 Time(s)
postgres (36.89.214.234): 2 Time(s)
root (pariurix.tech): 2 Time(s)
unknown (121.8.154.178): 2 Time(s)
unknown (138.197.72.48): 2 Time(s)
unknown (142.93.177.246): 2 Time(s)
unknown (159.224.194.240): 2 Time(s)
unknown (193.32.163.89): 2 Time(s)
unknown (cpe-70-120-180-176.elp.res.rr.com): 2 Time(s)
unknown (s17783852.onlinehome-server.info): 2 Time(s)
backup (106.12.17.243): 1 Time(s)
backup (116.214.55.19): 1 Time(s)
backup (139.59.135.84): 1 Time(s)
backup (36.ip-51-83-76.eu): 1 Time(s)
bind (139.59.28.61): 1 Time(s)
bind (94.191.79.156): 1 Time(s)
gnats (188.131.132.70): 1 Time(s)
gnats (laubervilliers-656-1-44-191.w80-11.abo.wanadoo.fr): 1 Time(s)
irc (190.145.100.109): 1 Time(s)
lp (104.236.175.127): 1 Time(s)
mailman (139.59.135.84): 1 Time(s)
mailman (mail.mcxinfoline.com): 1 Time(s)
mysql (202.43.249.7): 1 Time(s)
mysql (211-22-154-225.hinet-ip.hinet.net): 1 Time(s)
mysql (31.ip-54-39-145.net): 1 Time(s)
mysql (94.191.79.156): 1 Time(s)
nobody (128.199.100.253): 1 Time(s)
postgres (101.230.223.158): 1 Time(s)
postgres (106.12.17.243): 1 Time(s)
postgres (114.7.170.194): 1 Time(s)
postgres (116.214.55.19): 1 Time(s)
postgres (118.25.128.19): 1 Time(s)
postgres (134.209.230.223): 1 Time(s)
postgres (139.59.135.84): 1 Time(s)
postgres (159.65.77.254): 1 Time(s)
postgres (159.89.236.216): 1 Time(s)
postgres (178.128.94.38): 1 Time(s)
postgres (188.131.132.70): 1 Time(s)
postgres (192.241.159.27): 1 Time(s)
postgres (31.ip-54-39-145.net): 1 Time(s)
postgres (wp.eckinox.net): 1 Time(s)
proxy (138.68.20.158): 1 Time(s)
proxy (159.65.77.254): 1 Time(s)
proxy (ip156.ip-178-33-45.eu): 1 Time(s)
root (1.6.92.157): 1 Time(s)
root (121.165.33.239): 1 Time(s)
root (138.0.212.239): 1 Time(s)
root (190.129.0.147): 1 Time(s)
root (2.ip-51-68-141.eu): 1 Time(s)
root (206.189.137.113): 1 Time(s)
root (210.212.249.228): 1 Time(s)
root (36.89.236.195): 1 Time(s)
root (46.101.101.66): 1 Time(s)
root (58.206.100.88): 1 Time(s)
root (59.150.236.245): 1 Time(s)
root (c-24-5-207-11.hsd1.ca.comcast.net): 1 Time(s)
root (sanbelmuebles.net): 1 Time(s)
sync (124.232.153.72): 1 Time(s)
sys (61.160.99.75): 1 Time(s)
sys (ip156.ip-178-33-45.eu): 1 Time(s)
temp (114.7.170.194): 1 Time(s)
temp (119.29.72.213): 1 Time(s)
temp (188.131.132.70): 1 Time(s)
temp (ec2-13-234-124-36.ap-south-1.compute.amazonaws.com): 1 Time(s)
temp (laubervilliers-656-1-44-191.w80-11.abo.wanadoo.fr): 1 Time(s)
unknown (103.23.100.217): 1 Time(s)
unknown (104.236.77.96): 1 Time(s)
unknown (104.236.81.204): 1 Time(s)
unknown (110.77.216.167): 1 Time(s)
unknown (113.131.139.141): 1 Time(s)
unknown (121.123.15.117): 1 Time(s)
unknown (121.165.33.239): 1 Time(s)
unknown (124.158.5.112): 1 Time(s)
unknown (128.199.182.235): 1 Time(s)
unknown (128.199.242.84): 1 Time(s)
unknown (134.175.200.70): 1 Time(s)
unknown (138.68.171.54): 1 Time(s)
unknown (139.59.14.210): 1 Time(s)
unknown (139.59.180.53): 1 Time(s)
unknown (139.59.78.70): 1 Time(s)
unknown (139.59.92.10): 1 Time(s)
unknown (142.93.208.158): 1 Time(s)
unknown (142.93.39.29): 1 Time(s)
unknown (157.230.33.120): 1 Time(s)
unknown (159.65.135.55): 1 Time(s)
unknown (167.99.8.158): 1 Time(s)
unknown (177.82.102.121.dy.bbexcite.jp): 1 Time(s)
unknown (178.62.8.222): 1 Time(s)
unknown (182.23.18.197): 1 Time(s)
unknown (183.134.74.117): 1 Time(s)
unknown (197.48.172.245): 1 Time(s)
unknown (2.ip-51-68-141.eu): 1 Time(s)
unknown (20.ip-46-105-30.eu): 1 Time(s)
unknown (202.83.43.89): 1 Time(s)
unknown (206.189.134.83): 1 Time(s)
unknown (206.189.166.172): 1 Time(s)
unknown (206.189.197.48): 1 Time(s)
unknown (206.189.202.198): 1 Time(s)
unknown (211.25.10.194): 1 Time(s)
unknown (213.242.102.166): 1 Time(s)
unknown (24.150.0.93.rev.sfr.net): 1 Time(s)
unknown (45.119.80.95): 1 Time(s)
unknown (45.252.249.148): 1 Time(s)
unknown (49.51.241.95): 1 Time(s)
unknown (52.187.254.134): 1 Time(s)
unknown (59.61.206.221): 1 Time(s)
unknown (61.163.196.137): 1 Time(s)
unknown (68.183.191.99): 1 Time(s)
unknown (78-70-12-192-no301.tbcn.telia.com): 1 Time(s)
unknown (96.239.59.131): 1 Time(s)
unknown (dc109.1fo.fr): 1 Time(s)
unknown (fixed-187-190-235-98.totalplay.net): 1 Time(s)
unknown (host-92-27-60-240.static.as13285.net): 1 Time(s)
unknown (host213-123-190-234.in-addr.btopenworld.com): 1 Time(s)
unknown (ip-104-238-116-19.ip.secureserver.net): 1 Time(s)
unknown (ip-132-148-129-180.ip.secureserver.net): 1 Time(s)
unknown (ip-176-199-255-112.hsi06.unitymediagroup.de): 1 Time(s)
unknown (ip170.ip-5-196-110.eu): 1 Time(s)
unknown (klatenkab.go.id): 1 Time(s)
unknown (nkym.com.ph): 1 Time(s)
unknown (ns3090088.ip-145-239-245.eu): 1 Time(s)
unknown (planetahost.ru): 1 Time(s)
unknown (static62133140119.ostnet.pl): 1 Time(s)
unknown (vps2.gerin.us): 1 Time(s)
www-data (116.214.55.19): 1 Time(s)
www-data (178.128.94.38): 1 Time(s)
www-data (201.82.44.13): 1 Time(s)
Invalid Users:
Unknown Account: 1588 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
1 Miscellaneous warnings
32.855K Bytes accepted 33,644
32.855K Bytes sent via SMTP 33,644
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
1 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
1 Total 4xx Rejects 100.00%
======== ==================================================
111 Connections
85 Connections lost (inbound)
111 Disconnections
1 Removed from queue
1 Sent via SMTP
4 SMTP dialog errors
1 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End
-------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
invalid : 2 Time(s)
root : 2 Time(s)
Failed logins from:
1.6.92.157: 1 time
13.234.124.36 (ec2-13-234-124-36.ap-south-1.compute.amazonaws.com): 1 time
24.5.207.11 (c-24-5-207-11.hsd1.ca.comcast.net): 1 time
36.89.214.234: 2 times
36.89.236.195: 1 time
46.101.101.66: 1 time
51.68.141.2 (2.ip-51-68-141.eu): 1 time
51.83.76.36 (36.ip-51-83-76.eu): 1 time
54.39.145.31 (31.ip-54-39-145.net): 2 times
58.121.126.93: 6 times
58.135.224.36: 6 times
58.206.100.88: 1 time
59.150.236.245: 1 time
61.160.99.75: 1 time
80.11.236.191 (laubervilliers-656-1-44-191.w80-11.abo.wanadoo.fr): 2 times
94.191.79.156: 2 times
101.230.223.158: 1 time
103.28.57.86: 3 times
104.236.175.127: 3 times
106.12.17.243: 2 times
114.7.170.194 (114-7-170-194.resources.indosat.com): 2 times
116.214.55.19 (user.nova.net.cn): 3 times
118.25.128.19: 1 time
119.29.72.213: 1 time
121.165.33.239: 1 time
124.232.153.72: 1 time
128.199.100.253: 1 time
134.209.230.223: 1 time
138.0.212.239: 1 time
138.68.20.158: 1 time
138.197.151.248 (wp.eckinox.net): 1 time
138.197.184.140 (pariurix.tech): 2 times
139.59.28.61: 1 time
139.59.135.84: 3 times
142.93.216.172 (mail.mcxinfoline.com): 1 time
159.65.77.254: 2 times
159.89.236.216: 1 time
178.33.45.156 (ip156.ip-178-33-45.eu): 2 times
178.128.94.38: 2 times
188.131.132.70: 3 times
190.129.0.147: 1 time
190.140.171.186 (sanbelmuebles.net): 1 time
190.145.100.109: 1 time
192.241.159.27: 1 time
201.82.44.13 (c9522c0d.virtua.com.br): 1 time
202.43.249.7 (7.249.43.202.rdns.wow.net.id): 1 time
203.110.213.96: 2 times
206.189.137.113: 1 time
210.212.249.228: 1 time
211.22.154.225 (211-22-154-225.HINET-IP.hinet.net): 1 time
Illegal users from:
undef: 1052 times
5.196.7.232 (232.ip-5-196-7.eu): 33 times
5.196.110.170 (ip170.ip-5-196-110.eu): 1 time
13.234.124.36 (ec2-13-234-124-36.ap-south-1.compute.amazonaws.com): 47 times
27.40.23.221: 39 times
36.89.214.234: 31 times
45.55.63.164: 21 times
45.119.80.95: 1 time
45.237.203.100 (ip-45-237-203-100.audicomwifi.com.br): 17 times
45.252.249.148: 1 time
46.105.30.20 (20.ip-46-105-30.eu): 1 time
49.51.241.95: 1 time
51.68.141.2 (2.ip-51-68-141.eu): 1 time
51.77.192.132 (132.ip-51-77-192.eu): 4 times
51.83.76.36 (36.ip-51-83-76.eu): 39 times
52.187.254.134: 1 time
54.39.145.31 (31.ip-54-39-145.net): 41 times
59.49.38.210 (210.38.49.59.broad.ty.sx.dynamic.163data.com.cn): 3 times
59.61.206.221: 1 time
61.163.196.137 (hn.ly.kd.adsl): 1 time
62.133.140.119 (static62133140119.ostnet.pl): 1 time
62.173.149.176 (planetahost.ru): 1 time
68.183.191.99: 1 time
68.183.233.239: 39 times
70.120.180.176 (cpe-70-120-180-176.elp.res.rr.com): 2 times
74.199.83.67 (d199-74-67-83.try.wideopenwest.com): 15 times
78.70.12.192 (78-70-12-192-no301.tbcn.telia.com): 1 time
78.229.41.247 (jon84-1-78-229-41-247.fbx.proxad.net): 7 times
80.11.236.191 (laubervilliers-656-1-44-191.w80-11.abo.wanadoo.fr): 42 times
81.218.141.8 (bzq-218-141-8.cablep.bezeqint.net): 5 times
82.165.35.17 (s17783852.onlinehome-server.info): 2 times
83.135.131.82 (i53878352.versanet.de): 6 times
90.182.142.105 (105.142.broadband15.iol.cz): 6 times
92.27.60.240 (host-92-27-60-240.static.as13285.net): 1 time
93.0.150.24 (24.150.0.93.rev.sfr.net): 1 time
94.191.79.156: 39 times
96.239.59.131 (static-96-239-59-131.nycmny.fios.verizon.net): 1 time
101.230.223.158: 40 times
103.23.100.217 (217.subnet-103.23.100.host.unnes.ac.id): 1 time
103.28.57.86: 39 times
103.85.60.83 (ip-103-85-60-83.moratelindo.net.id): 30 times
103.108.187.5 (klatenkab.go.id): 1 time
104.236.77.96: 1 time
104.236.81.204: 1 time
104.236.175.127: 34 times
104.238.116.19 (ip-104-238-116-19.ip.secureserver.net): 1 time
106.12.17.243: 39 times
106.12.215.125: 35 times
107.170.249.81: 36 times
110.77.216.167: 1 time
111.221.241.112: 18 times
113.131.139.141: 1 time
114.7.170.194 (114-7-170-194.resources.indosat.com): 30 times
115.159.30.108: 6 times
116.214.55.19 (user.nova.net.cn): 30 times
118.25.128.19: 6 times
118.89.153.96: 42 times
119.29.72.213: 44 times
119.29.75.165: 6 times
121.8.154.178: 2 times
121.102.82.177 (177.82.102.121.dy.bbexcite.jp): 1 time
121.123.15.117: 1 time
121.165.33.239: 1 time
122.55.19.115 (nkym.com.ph): 1 time
124.158.5.112: 1 time
128.199.182.235: 1 time
128.199.242.84: 1 time
130.162.67.47 (oc-130-162-67-47.compute.oraclecloud.com): 17 times
132.148.129.180 (ip-132-148-129-180.ip.secureserver.net): 1 time
134.175.200.70: 1 time
134.209.230.223: 33 times
138.68.171.54: 1 time
138.197.72.48 (closed-purtiersales.com): 2 times
138.197.151.248 (wp.eckinox.net): 12 times
138.197.184.140 (pariurix.tech): 3 times
139.59.14.210: 1 time
139.59.28.61: 39 times
139.59.78.70: 1 time
139.59.92.10: 1 time
139.59.135.84: 33 times
139.59.180.53: 1 time
139.162.122.110 (scan-8.security.ipip.net): 1 time
142.93.39.29: 1 time
142.93.177.246: 2 times
142.93.208.158: 1 time
145.239.245.114 (ns3090088.ip-145-239-245.eu): 1 time
157.230.33.120: 1 time
159.65.77.254: 33 times
159.65.135.55: 1 time
159.89.236.216: 33 times
159.224.194.240 (240.194.224.159.triolan.net): 2 times
162.211.127.27: 34 times
167.99.8.158: 1 time
167.114.113.173 (vps2.gerin.us): 1 time
174.58.247.12 (c-174-58-247-12.hsd1.fl.comcast.net): 12 times
176.31.69.109 (dc109.1fo.fr): 1 time
176.199.255.112 (ip-176-199-255-112.hsi06.unitymediagroup.de): 1 time
178.33.45.156 (ip156.ip-178-33-45.eu): 30 times
178.60.39.61 (61.39.60.178.static.reverse-mundo-r.com): 4 times
178.62.8.222: 1 time
178.62.33.138: 35 times
178.128.94.38: 38 times
182.23.18.197: 1 time
183.134.74.117: 1 time
187.188.251.219 (fixed-187-188-251-219.totalplay.net): 39 times
187.190.235.98 (fixed-187-190-235-98.totalplay.net): 1 time
188.131.132.70: 39 times
192.241.159.27: 33 times
193.32.163.89: 2 times
197.48.172.245 (host-197.48.172.245.tedata.net): 1 time
201.20.36.4 (static.201.20.36.4.datacenter1.com.br): 42 times
201.82.44.13 (c9522c0d.virtua.com.br): 47 times
202.43.249.7 (7.249.43.202.rdns.wow.net.id): 39 times
202.83.43.89 (89.43.83.202.asianet.co.in): 1 time
203.110.213.96: 18 times
206.189.134.83: 1 time
206.189.166.172: 1 time
206.189.197.48: 1 time
206.189.202.198: 1 time
211.22.154.225 (211-22-154-225.HINET-IP.hinet.net): 33 times
211.25.10.194: 1 time
213.123.190.234 (host213-123-190-234.in-addr.btopenworld.com): 1 time
213.242.102.166: 1 time
**Unmatched Entries**
fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 6 time(s)
Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 2 time(s)
fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 67 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/vzfs 400G 241G 160G 61% /
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
2364
days inactive
2364
days old
0 comments
1 participants
participants (1)
-
root@zapf.in