################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Nov 19 04:42:04 2019 Date Range Processed: yesterday ( 2019-Nov-18 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [211:209] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 220.191.173.222 61.219.11.153 62.210.77.54 Requests with error response codes 400 Bad Request mstshash=Administr: 120 Time(s) null: 4 Time(s) /socket.io/?noteId=AwS&EIO=3&transport=pol ... YeOKARy1fZOACzF: 1 Time(s) /socket.io/?noteId=wise19_ak_nachhaltigkei ... EMcn69oMxKXACy2: 1 Time(s) 7: 1 Time(s) 404 Not Found /robots.txt: 47 Time(s) /berlin/apple-touch-icon.png: 4 Time(s) /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 4 Time(s) /protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 2 Time(s) /wp-login.php: 2 Time(s) /download/zapfev_satzung.pdf: 1 Time(s) /home/verein: 1 Time(s) /protokolle/Protokoll_MV_7.5.2016.pdf: 1 Time(s) /protokolle/Protokoll_MV_FFM_21.11.2015.pdf: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /resolutionen/sose15/Netzneutralitaet_in_U ... %A4tsnetzen.pdf: 1 Time(s) /sites/default/files/1999_SoSe_Karlsruhe.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /user/login: 1 Time(s) /user/register?destination=comment%2Freply ... %23comment-form: 1 Time(s) 499 (undefined) /fonts/SourceSansPro-Regular.woff: 1 Time(s) 500 Internal Server Error /: 16 Time(s) /robots.txt: 2 Time(s) /remote/login: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (27.70.153.187): 60 Time(s) root (222.186.175.202): 47 Time(s) root (222.186.173.142): 42 Time(s) root (222.186.175.183): 42 Time(s) root (222.186.180.17): 42 Time(s) root (222.186.180.223): 42 Time(s) root (222.186.169.194): 36 Time(s) root (222.186.180.41): 36 Time(s) unknown (112.64.170.178): 32 Time(s) unknown (1.214.241.18): 31 Time(s) unknown (152.32.130.99): 31 Time(s) unknown (oc-129-158-73-119.compute.oraclecloud.com): 31 Time(s) root (222.186.180.8): 30 Time(s) root (222.186.190.92): 30 Time(s) unknown (106.12.68.192): 30 Time(s) unknown (111.67.205.92): 30 Time(s) unknown (51.15.87.74): 30 Time(s) root (222.186.175.182): 29 Time(s) unknown (ns364702.ip-94-23-204.eu): 29 Time(s) root (222.186.175.169): 28 Time(s) unknown (159.65.183.47): 28 Time(s) unknown (128.199.38.162): 27 Time(s) unknown (132.232.226.95): 27 Time(s) unknown (182.61.23.89): 27 Time(s) unknown (h-32-16.a182.priv.bahnhof.se): 27 Time(s) unknown (106.52.121.64): 26 Time(s) unknown (244.ip-54-36-182.eu): 26 Time(s) root (222.186.169.192): 24 Time(s) root (222.186.173.180): 24 Time(s) root (222.186.173.183): 24 Time(s) root (222.186.173.238): 24 Time(s) root (222.186.175.167): 24 Time(s) root (222.186.175.212): 24 Time(s) root (222.186.180.147): 24 Time(s) root (222.186.180.6): 24 Time(s) root (222.186.190.2): 24 Time(s) unknown (182.151.7.70): 24 Time(s) unknown (36.74.75.31): 24 Time(s) root (222.186.175.148): 23 Time(s) unknown (95.170.203.226): 20 Time(s) root (222.186.175.155): 18 Time(s) root (222.186.175.161): 18 Time(s) unknown (193.112.91.90): 16 Time(s) root (182.61.23.89): 15 Time(s) root (27.70.153.187): 15 Time(s) root (112.64.170.178): 14 Time(s) unknown (104.236.226.93): 14 Time(s) root (244.ip-54-36-182.eu): 13 Time(s) root (h-32-16.a182.priv.bahnhof.se): 13 Time(s) root (106.12.68.192): 12 Time(s) root (222.186.173.154): 12 Time(s) root (222.186.175.215): 12 Time(s) root (222.186.175.220): 12 Time(s) root (222.186.180.9): 12 Time(s) root (222.186.42.4): 12 Time(s) root (36.74.75.31): 11 Time(s) root (106.52.121.64): 9 Time(s) root (111.67.205.92): 9 Time(s) root (152.32.130.99): 9 Time(s) root (193.112.91.90): 9 Time(s) root (51.15.87.74): 9 Time(s) unknown (244.ip-51-77-140.eu): 9 Time(s) root (159.65.183.47): 8 Time(s) root (ns364702.ip-94-23-204.eu): 8 Time(s) root (1.214.241.18): 7 Time(s) root (128.199.38.162): 7 Time(s) unknown (164.ip-167-114-251.eu): 7 Time(s) root (106.212.136.28): 6 Time(s) root (182.151.7.70): 6 Time(s) root (69.158.207.141): 6 Time(s) root (broadband-109-173-71-236.ip.moscow.rt.ru): 6 Time(s) root (132.232.226.95): 5 Time(s) root (95.170.203.226): 5 Time(s) root (104.236.226.93): 4 Time(s) unknown (ua-84-219-205-241.bbcust.telenor.se): 4 Time(s) backup (244.ip-54-36-182.eu): 3 Time(s) backup (36.74.75.31): 3 Time(s) root (164.ip-167-114-251.eu): 3 Time(s) root (244.ip-51-77-140.eu): 3 Time(s) unknown (218.150.220.202): 3 Time(s) backup (106.12.68.192): 2 Time(s) unknown (220.248.226.138): 2 Time(s) unknown (static-176-166-113-233.ftth.abo.bbox.fr): 2 Time(s) backup (104.236.226.93): 1 Time(s) backup (152.32.130.99): 1 Time(s) backup (159.65.183.47): 1 Time(s) backup (164.ip-167-114-251.eu): 1 Time(s) backup (182.151.7.70): 1 Time(s) backup (218.28.238.165): 1 Time(s) backup (51.15.87.74): 1 Time(s) backup (95.170.203.226): 1 Time(s) backup (ns364702.ip-94-23-204.eu): 1 Time(s) bin (112.64.170.178): 1 Time(s) bin (159.65.183.47): 1 Time(s) bin (193.112.91.90): 1 Time(s) daemon (1.214.241.18): 1 Time(s) games (182.151.7.70): 1 Time(s) lp (ns364702.ip-94-23-204.eu): 1 Time(s) mail (104.236.226.93): 1 Time(s) mail (159.65.183.47): 1 Time(s) mail (36.74.75.31): 1 Time(s) mysql (1.214.241.18): 1 Time(s) mysql (104.236.226.93): 1 Time(s) mysql (106.52.121.64): 1 Time(s) mysql (159.65.183.47): 1 Time(s) mysql (193.112.91.90): 1 Time(s) mysql (244.ip-51-77-140.eu): 1 Time(s) mysql (36.74.75.31): 1 Time(s) mysql (h-32-16.a182.priv.bahnhof.se): 1 Time(s) mysql (ns364702.ip-94-23-204.eu): 1 Time(s) news (36.74.75.31): 1 Time(s) nobody (193.112.91.90): 1 Time(s) nobody (27.70.153.187): 1 Time(s) nobody (36.74.75.31): 1 Time(s) postgres (104.236.226.93): 1 Time(s) proxy (218.28.238.165): 1 Time(s) root (182.61.176.105): 1 Time(s) root (200-133-39-24.compute.rnp.br): 1 Time(s) root (200.69.250.253): 1 Time(s) root (oc-129-158-73-119.compute.oraclecloud.com): 1 Time(s) smmsp (106.52.121.64): 1 Time(s) smmsp (152.32.130.99): 1 Time(s) smmsp (193.112.91.90): 1 Time(s) smmsp (ns364702.ip-94-23-204.eu): 1 Time(s) sshd (1.214.241.18): 1 Time(s) sshd (27.70.153.187): 1 Time(s) sync (104.236.226.93): 1 Time(s) sync (128.199.38.162): 1 Time(s) sync (182.61.23.89): 1 Time(s) sync (27.70.153.187): 1 Time(s) sync (ns364702.ip-94-23-204.eu): 1 Time(s) temp (182.61.23.89): 1 Time(s) unknown (110.53.160.58): 1 Time(s) unknown (115.205.42.55): 1 Time(s) unknown (139.255.182.121): 1 Time(s) unknown (159.203.77.51): 1 Time(s) unknown (159.65.81.187): 1 Time(s) unknown (182.61.176.105): 1 Time(s) unknown (183.81.122.176): 1 Time(s) unknown (218.28.238.165): 1 Time(s) unknown (41.87.12.73): 1 Time(s) unknown (72.142.126.27): 1 Time(s) unknown (92.63.194.26): 1 Time(s) uucp (27.70.153.187): 1 Time(s) uucp (95.170.203.226): 1 Time(s) uucp (h-32-16.a182.priv.bahnhof.se): 1 Time(s) www-data (106.52.121.64): 1 Time(s) www-data (111.67.205.92): 1 Time(s) www-data (36.74.75.31): 1 Time(s) www-data (ns364702.ip-94-23-204.eu): 1 Time(s) Invalid Users: Unknown Account: 628 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 5 Miscellaneous warnings 32.355K Bytes accepted 33,132 32.355K Bytes sent via SMTP 33,132 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 31 Connections 25 Connections lost (inbound) 31 Disconnections 1 Removed from queue 1 Sent via SMTP 3 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 123 Time(s) Failed logins from: 1.214.241.18: 10 times 27.70.153.187 (localhost): 19 times 36.74.75.31: 19 times 51.15.87.74 (74-87-15-51.rev.cloud.scaleway.com): 10 times 51.77.140.244 (244.ip-51-77-140.eu): 4 times 54.36.182.244 (244.ip-54-36-182.eu): 16 times 69.158.207.141: 6 times 94.23.204.136 (ns364702.ip-94-23-204.eu): 14 times 95.170.203.226: 7 times 104.236.226.93: 9 times 106.12.68.192: 14 times 106.52.121.64: 12 times 106.212.136.28: 6 times 109.173.71.236 (broadband-109-173-71-236.ip.moscow.rt.ru): 6 times 111.67.205.92: 10 times 112.64.170.178: 15 times 128.199.38.162: 8 times 129.158.73.119 (oc-129-158-73-119.compute.oraclecloud.com): 1 time 132.232.226.95: 5 times 152.32.130.99: 11 times 155.4.32.16 (h-32-16.A182.priv.bahnhof.se): 15 times 159.65.183.47: 12 times 167.114.251.164 (164.ip-167-114-251.eu): 4 times 182.61.23.89: 17 times 182.61.176.105: 1 time 182.151.7.70: 8 times 193.112.91.90: 13 times 200.69.250.253 (customer-static-250-253.iplannetworks.net): 1 time 200.133.39.24 (200-133-39-24.compute.rnp.br): 1 time 218.28.238.165 (pc0.zz.ha.cn): 2 times 222.186.42.4: 12 times 222.186.169.192: 24 times 222.186.169.194: 36 times 222.186.173.142: 42 times 222.186.173.154: 12 times 222.186.173.180: 24 times 222.186.173.183: 24 times 222.186.173.238: 24 times 222.186.175.148: 24 times 222.186.175.155: 18 times 222.186.175.161: 18 times 222.186.175.167: 24 times 222.186.175.169: 30 times 222.186.175.182: 30 times 222.186.175.183: 42 times 222.186.175.202: 47 times 222.186.175.212: 24 times 222.186.175.215: 12 times 222.186.175.220: 12 times 222.186.180.6: 24 times 222.186.180.8: 30 times 222.186.180.9: 12 times 222.186.180.17: 42 times 222.186.180.41: 36 times 222.186.180.147: 24 times 222.186.180.223: 42 times 222.186.190.2: 24 times 222.186.190.92: 30 times Illegal users from: undef: 472 times 1.214.241.18: 31 times 27.70.153.187 (localhost): 60 times 36.74.75.31: 24 times 41.87.12.73: 1 time 51.15.87.74 (74-87-15-51.rev.cloud.scaleway.com): 30 times 51.77.140.244 (244.ip-51-77-140.eu): 9 times 54.36.182.244 (244.ip-54-36-182.eu): 26 times 72.142.126.27 (unallocated-static.rogers.com): 1 time 84.219.205.241 (ua-84-219-205-241.bbcust.telenor.se): 4 times 92.63.194.26: 1 time 94.23.204.136 (ns364702.ip-94-23-204.eu): 29 times 95.170.203.226: 20 times 104.236.226.93: 14 times 106.12.68.192: 30 times 106.52.121.64: 26 times 110.53.160.58: 1 time 111.67.205.92: 30 times 112.64.170.178: 32 times 115.205.42.55: 1 time 128.199.38.162: 27 times 129.158.73.119 (oc-129-158-73-119.compute.oraclecloud.com): 31 times 132.232.226.95: 27 times 139.162.122.110 (scan-8.security.ipip.net): 1 time 139.255.182.121 (ln-static-139-255-182-121.link.net.id): 1 time 152.32.130.99: 31 times 155.4.32.16 (h-32-16.A182.priv.bahnhof.se): 27 times 159.65.81.187: 1 time 159.65.183.47: 28 times 159.203.77.51: 1 time 167.114.251.164 (164.ip-167-114-251.eu): 7 times 176.166.113.233 (static-176-166-113-233.ftth.abo.bbox.fr): 2 times 182.61.23.89: 27 times 182.61.176.105: 1 time 182.151.7.70: 24 times 183.81.122.176: 1 time 193.112.91.90: 16 times 218.28.238.165 (pc0.zz.ha.cn): 1 time 218.150.220.202: 3 times 220.248.226.138: 2 times **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 10 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################