Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 20 Dezember 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Dec 20 04:42:03 2019
        Date Range Processed: yesterday
                              ( 2019-Dec-19 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [155:156]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Requests with error response codes
    400 Bad Request
       ../../: 2 Time(s)
       mstshash=Administr: 2 Time(s)
       ../../proc/: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       7: 1 Time(s)
       G?\xC7)J\x08\xB5+^9\x16j: 1 Time(s)
    403 Forbidden
       /resolutionen/: 1 Time(s)
    404 Not Found
       /robots.txt: 58 Time(s)
       /berlin/apple-touch-icon.png: 6 Time(s)
       /home/verein: 1 Time(s)
       /plus/search.php?q=www.ymwears.cn: 1 Time(s)
       /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s)
       /resolutionen/wise12/Reso_WiSe12_Zivilgesellschaftliches: 1 Time(s)
       /search/?query=www.ymwears.cn: 1 Time(s)
       /search?q=www.ymwears.cn: 1 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
       /wp-login.php: 1 Time(s)
    500 Internal Server Error
       /: 26 Time(s)
       /.env: 1 Time(s)
       /ajax: 1 Time(s)
       /api/v1/pods: 1 Time(s)
       /cart/: 1 Time(s)
       /catalog/: 1 Time(s)
       /shop/: 1 Time(s)
       /store/: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (222.186.169.192): 47 Time(s)
       root (222.186.175.216): 47 Time(s)
       root (222.186.42.4): 36 Time(s)
       root (222.186.175.148): 30 Time(s)
       root (222.186.180.147): 30 Time(s)
       root (222.186.180.9): 30 Time(s)
       root (49.88.112.59): 30 Time(s)
       root (218.92.0.165): 24 Time(s)
       root (222.186.175.147): 24 Time(s)
       root (222.186.175.161): 24 Time(s)
       root (222.186.175.182): 24 Time(s)
       root (222.186.175.217): 24 Time(s)
       root (222.186.175.220): 24 Time(s)
       root (222.186.173.183): 23 Time(s)
       root (222.186.175.140): 23 Time(s)
       root (218.92.0.131): 22 Time(s)
       root (222.186.173.142): 22 Time(s)
       root (222.186.175.169): 22 Time(s)
       root (222.186.175.167): 21 Time(s)
       root (218.92.0.145): 20 Time(s)
       root (218.92.0.212): 18 Time(s)
       root (222.186.173.154): 18 Time(s)
       root (222.186.175.155): 18 Time(s)
       root (222.186.175.212): 18 Time(s)
       root (222.186.180.17): 18 Time(s)
       root (222.186.180.41): 18 Time(s)
       unknown (31.184.218.90): 15 Time(s)
       root (112.85.42.174): 12 Time(s)
       root (218.92.0.175): 12 Time(s)
       root (222.186.173.180): 12 Time(s)
       root (222.186.173.238): 12 Time(s)
       root (222.186.175.151): 12 Time(s)
       root (222.186.175.154): 12 Time(s)
       root (222.186.175.163): 12 Time(s)
       root (222.186.175.181): 12 Time(s)
       root (222.186.175.183): 12 Time(s)
       root (222.186.175.202): 12 Time(s)
       root (222.186.180.223): 12 Time(s)
       root (222.186.180.6): 12 Time(s)
       root (222.186.180.8): 12 Time(s)
       root (222.186.190.92): 12 Time(s)
       root (112.85.42.173): 11 Time(s)
       root (112.85.42.178): 11 Time(s)
       root (218.92.0.179): 11 Time(s)
       root (222.186.173.226): 11 Time(s)
       root (222.186.175.215): 11 Time(s)
       root (49.88.112.62): 10 Time(s)
       root (218.92.0.148): 7 Time(s)
       root (112.85.42.172): 6 Time(s)
       root (218.92.0.135): 6 Time(s)
       root (218.92.0.164): 6 Time(s)
       root (218.92.0.170): 6 Time(s)
       root (222.186.169.194): 6 Time(s)
       root (222.186.173.215): 6 Time(s)
       root (222.186.190.2): 6 Time(s)
       root (49.88.112.55): 6 Time(s)
       root (49.88.112.61): 6 Time(s)
       root (49.88.112.64): 6 Time(s)
       root (112.85.42.171): 5 Time(s)
       root (112.85.42.176): 5 Time(s)
       root (112.85.42.181): 5 Time(s)
       root (218.92.0.134): 5 Time(s)
       root (218.92.0.155): 5 Time(s)
       root (218.92.0.178): 5 Time(s)
       root (222.186.175.150): 3 Time(s)
       unknown (dynamic-adsl-84-221-173-74.clienti.tiscali.it): 2 Time(s)
       postgres (188.120.239.34): 1 Time(s)
       postgres (255.red-2-139-215.staticip.rima-tde.net): 1 Time(s)
       postgres (31.184.218.90): 1 Time(s)
       postgres (45.55.157.147): 1 Time(s)
       root (103.5.127.97): 1 Time(s)
       root (112.175.232.155): 1 Time(s)
       root (171.78.177.89): 1 Time(s)
       root (173.ip-51-91-102.eu): 1 Time(s)
       root (180.190.64.253): 1 Time(s)
       root (189.103.85.27): 1 Time(s)
       root (207.154.232.160): 1 Time(s)
       root (223.197.175.171): 1 Time(s)
       root (31.184.218.90): 1 Time(s)
       root (36.66.149.211): 1 Time(s)
       root (47.244.169.183): 1 Time(s)
       root (89.189.154.66.dynamic.ufanet.ru): 1 Time(s)
       unknown (104.236.131.54): 1 Time(s)
       unknown (104.236.81.204): 1 Time(s)
       unknown (113.161.71.73): 1 Time(s)
       unknown (123.17.221.196): 1 Time(s)
       unknown (123.21.199.148): 1 Time(s)
       unknown (128.199.133.249): 1 Time(s)
       unknown (14.225.3.47): 1 Time(s)
       unknown (159.89.165.127): 1 Time(s)
       unknown (177.67.83.139): 1 Time(s)
       unknown (178.79.7.4): 1 Time(s)
       unknown (180.246.25.68): 1 Time(s)
       unknown (183.82.0.15): 1 Time(s)
       unknown (186.112.214.158): 1 Time(s)
       unknown (189.108.40.2): 1 Time(s)
       unknown (190.246.45.81): 1 Time(s)
       unknown (195.39.140.129): 1 Time(s)
       unknown (206.189.166.172): 1 Time(s)
       unknown (210.212.249.228): 1 Time(s)
       unknown (211.219.80.99): 1 Time(s)
       unknown (218.146.168.239): 1 Time(s)
       unknown (221.160.100.14): 1 Time(s)
       unknown (45.55.12.248): 1 Time(s)
       unknown (45.55.42.17): 1 Time(s)
       unknown (49.244.20.114): 1 Time(s)
       unknown (5751a94a.skybroadband.com): 1 Time(s)
       unknown (94.228.27.247): 1 Time(s)
       unknown (aob6.internetdsl.tpnet.pl): 1 Time(s)
       unknown (c-76-105-96-161.hsd1.ga.comcast.net): 1 Time(s)
       unknown (ip170.ip-5-196-110.eu): 1 Time(s)
       unknown (ns388423.ip-176-31-253.eu): 1 Time(s)
       unknown (post.pramo.ru): 1 Time(s)
       unknown (ppp-94-65-111-17.home.otenet.gr): 1 Time(s)
    Invalid Users:
       Unknown Account: 49 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  
 
   13.491K  Bytes accepted                              13,815
   13.491K  Bytes sent via SMTP                         13,815
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
      294   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
      294   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      420   Connections             
      305   Connections lost (inbound) 
      420   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 165 Time(s)
 
 Failed logins from:
    2.139.215.255 (255.red-2-139-215.staticip.rima-tde.net): 1 time
    31.184.218.90: 2 times
    36.66.149.211: 1 time
    45.55.157.147: 1 time
    47.244.169.183: 1 time
    49.88.112.55: 6 times
    49.88.112.59: 30 times
    49.88.112.61: 6 times
    49.88.112.62: 12 times
    49.88.112.64: 6 times
    51.91.102.173 (173.ip-51-91-102.eu): 1 time
    89.189.154.66 (89.189.154.66.dynamic.ufanet.ru): 1 time
    103.5.127.97: 1 time
    112.85.42.171: 5 times
    112.85.42.172: 6 times
    112.85.42.173: 11 times
    112.85.42.174: 12 times
    112.85.42.176: 5 times
    112.85.42.178: 11 times
    112.85.42.181: 5 times
    112.175.232.155: 1 time
    171.78.177.89 (abts-tn-dynamic-89.177.78.171.airtelbroadband.in): 1 time
    180.190.64.253: 1 time
    188.120.239.34 (fanam-cinema.fvds.ru): 1 time
    189.103.85.27 (bd67551b.virtua.com.br): 1 time
    207.154.232.160: 1 time
    218.92.0.131: 22 times
    218.92.0.134: 5 times
    218.92.0.135: 6 times
    218.92.0.145: 24 times
    218.92.0.148: 7 times
    218.92.0.155: 5 times
    218.92.0.164: 6 times
    218.92.0.165: 24 times
    218.92.0.170: 6 times
    218.92.0.175: 12 times
    218.92.0.178: 5 times
    218.92.0.179: 11 times
    218.92.0.212: 18 times
    222.186.42.4: 36 times
    222.186.169.192: 47 times
    222.186.169.194: 6 times
    222.186.173.142: 24 times
    222.186.173.154: 18 times
    222.186.173.180: 12 times
    222.186.173.183: 23 times
    222.186.173.215: 6 times
    222.186.173.226: 11 times
    222.186.173.238: 12 times
    222.186.175.140: 23 times
    222.186.175.147: 24 times
    222.186.175.148: 30 times
    222.186.175.150: 6 times
    222.186.175.151: 12 times
    222.186.175.154: 12 times
    222.186.175.155: 18 times
    222.186.175.161: 24 times
    222.186.175.163: 12 times
    222.186.175.167: 23 times
    222.186.175.169: 22 times
    222.186.175.181: 12 times
    222.186.175.182: 24 times
    222.186.175.183: 12 times
    222.186.175.202: 12 times
    222.186.175.212: 18 times
    222.186.175.215: 11 times
    222.186.175.216: 47 times
    222.186.175.217: 24 times
    222.186.175.220: 24 times
    222.186.180.6: 12 times
    222.186.180.8: 12 times
    222.186.180.9: 30 times
    222.186.180.17: 18 times
    222.186.180.41: 18 times
    222.186.180.147: 30 times
    222.186.180.223: 12 times
    222.186.190.2: 6 times
    222.186.190.92: 12 times
    223.197.175.171 (223-197-175-171.static.imsbiz.com): 1 time
 
 Illegal users from:
    undef: 25 times
    5.196.110.170 (ip170.ip-5-196-110.eu): 1 time
    14.225.3.47: 1 time
    31.184.218.90: 15 times
    45.55.12.248 (hostmaster.vitalconnectionuniversity.com): 1 time
    45.55.42.17: 1 time
    49.244.20.114 (114-adsl.ntc.net.np): 1 time
    76.105.96.161 (c-76-105-96-161.hsd1.ga.comcast.net): 1 time
    83.17.109.6 (aob6.internetdsl.tpnet.pl): 1 time
    84.221.173.74 (dynamic-adsl-84-221-173-74.clienti.tiscali.it): 2 times
    87.81.169.74 (5751a94a.skybroadband.com): 1 time
    91.242.161.167 (post.pramo.ru): 1 time
    94.65.111.17 (ppp-94-65-111-17.home.otenet.gr): 1 time
    94.228.27.247 (94.228.27.247): 1 time
    104.236.81.204: 1 time
    104.236.131.54: 1 time
    113.161.71.73 (static.vnpt.vn): 1 time
    123.17.221.196 (static.vnpt.vn): 1 time
    123.21.199.148: 1 time
    128.199.133.249 (152717.cloudwaysapps.com): 1 time
    159.89.165.127: 1 time
    176.31.253.204 (ns388423.ip-176-31-253.eu): 1 time
    177.67.83.139: 1 time
    178.79.7.4: 1 time
    180.246.25.68: 1 time
    183.82.0.15 (broadband.actcorp.in): 1 time
    186.112.214.158: 1 time
    189.108.40.2 (189-108-40-2.customer.tdatabrasil.net.br): 1 time
    190.246.45.81 (81-45-246-190.fibertel.com.ar): 1 time
    195.39.140.129: 1 time
    206.189.166.172: 1 time
    210.212.249.228: 1 time
    211.219.80.99: 1 time
    218.146.168.239 (wymm91.com): 1 time
    221.160.100.14: 1 time
 
 **Unmatched Entries**
 error: Received disconnect from 141.98.10.39: 2: Handshake failed [preauth] : 1 time(s)
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 6 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016