################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Dec 9 04:42:03 2019 Date Range Processed: yesterday ( 2019-Dec-08 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- dpkg status changes Begin ------------------------ Installed: docutils-common:all 0.12+dfsg-1 docutils-doc:all 0.12+dfsg-1 libpaper-utils:i386 1.1.24+nmu4 libwebp5:i386 0.4.1-1.2+b2 libwebpdemux1:i386 0.4.1-1.2+b2 libwebpmux1:i386 0.4.1-1.2+b2 python-docutils:all 0.12+dfsg-1 python-pil:i386 2.6.1-2+deb8u3 python-roman:all 2.0.0-1 sgml-base:all 1.26+nmu4 xml-core:all 0.13+nmu2 ---------------------- dpkg status changes End ------------------------- --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [255:256] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 61.219.11.153 Requests with error response codes 400 Bad Request mstshash=Administr: 8 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... Az-BIhKbGj6AAa2: 3 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... TojcxpSOhOYAAcQ: 3 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... hxA1gqXC7bpAAcG: 3 Time(s) /socket.io/?noteId=StAPF18%3ALeitfadenChat ... -veWN1QcZsKAAdf: 3 Time(s) /socket.io/?noteId=StAPF18%3ALeitfadenChat ... 8GqFf8HBF4TAAcI: 3 Time(s) /socket.io/?noteId=StAPF18%3ALeitfadenChat ... R8hcsK73FmRAAdi: 3 Time(s) /socket.io/?noteId=StAPF18%3ALeitfadenChat ... wfLHztmYJ2GAAa5: 3 Time(s) /socket.io/?noteId=StAPF18%3ASitzung03&EIO ... guCE90hbzhWAAb1: 3 Time(s) /socket.io/?noteId=StAPF18%3Anewsletter1&E ... BnrNSV3znikAAa3: 3 Time(s) /socket.io/?noteId=adressen_kt_rostock&EIO ... U5SO9JFdLspAAdh: 3 Time(s) /shell?busybox: 2 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... 3PzaLm5EZxiAAfI: 2 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... 4gw9CaXecVhAAez: 2 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... JbmXkRYuArkAAex: 2 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... lHr5wlj4t7sAAe1: 2 Time(s) /socket.io/?noteId=StAPF18%3ALeitfadenChat ... 4Tvw9UV8l8eAAcE: 2 Time(s) /socket.io/?noteId=StAPF18%3ALeitfadenChat ... TJw9mdrdP2dAAcA: 2 Time(s) /socket.io/?noteId=StAPF18%3ASitzung03&EIO ... 96spmngCAJcAAcJ: 2 Time(s) /socket.io/?noteId=StAPF18%3ASitzung03&EIO ... QAPllGwzuYMAAcR: 2 Time(s) /socket.io/?noteId=StAPF18%3ASitzung03&EIO ... SF2dqQEXxycAAa4: 2 Time(s) /socket.io/?noteId=StAPF18%3Anewsletter1&E ... YF1Ldwjj0WDAAcF: 2 Time(s) /socket.io/?noteId=adressen_kt_rostock&EIO ... BSDQb4bjHfiAAb6: 2 Time(s) null: 2 Time(s) /robots.txt: 1 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... A-pZc_4kdxSAAev: 1 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... EdG31tjD6zXAAeu: 1 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... Si1SSFJlIWyAAcD: 1 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... UaF6ynZKbMxAAa6: 1 Time(s) /socket.io/?noteId=StAPF18%3AKlausurtagung ... _hpJ3OmbOfaAAdk: 1 Time(s) /socket.io/?noteId=StAPF18%3ASitzung03&EIO ... Tj76tg7EWKSAAcC: 1 Time(s) /socket.io/?noteId=StAPF18%3ASitzung03&EIO ... _0FXKF2ihfUAAdg: 1 Time(s) /socket.io/?noteId=StAPF18%3ASitzung03&EIO ... rXFjdXLextgAAd0: 1 Time(s) /socket.io/?noteId=StAPF18%3Anewsletter1&E ... 1fefIQgxpEpAAbZ: 1 Time(s) /socket.io/?noteId=StAPF18%3Anewsletter1&E ... DL8TZDYYIruAAdP: 1 Time(s) /socket.io/?noteId=StAPF18%3Anewsletter1&E ... lyKKSL0ir_NAAbU: 1 Time(s) /socket.io/?noteId=adressen_kt_rostock&EIO ... Yz4h3PLvr32AAbi: 1 Time(s) /socket.io/?noteId=adressen_kt_rostock&EIO ... t5lKhUYGfhQAAbE: 1 Time(s) /socket.io/?noteId=adressen_kt_rostock&EIO ... tejh1pdD4KXAAcH: 1 Time(s) 404 Not Found /robots.txt: 28 Time(s) /berlin/apple-touch-icon.png: 12 Time(s) /resolutionen/wise19/akkreditierungsrichtl ... richtlinien.pdf: 3 Time(s) /resolutionen/wise19/fff/fridays_for_future.pdf: 3 Time(s) /wp-login.php: 3 Time(s) /protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 2 Time(s) /protokolle/Protokoll_MV_12.11.2016.pdf: 2 Time(s) /resolutionen/wise19/mrvo/MRVO_kommentar.pdf: 2 Time(s) /resolutionen/wise19/prufungsbescheinigung ... ptompflicht.pdf: 2 Time(s) /resolutionen/wise19/semesterzeiten/semesterzeiten.pdf: 2 Time(s) /resolutionen/wise19/studienreform/studienreform.pdf: 2 Time(s) /.ftpconfig: 1 Time(s) /.remote-sync.json: 1 Time(s) /.vscode/ftp-sync.json: 1 Time(s) /.vscode/sftp.json: 1 Time(s) /deployment-config.json: 1 Time(s) /ftpsync.settings: 1 Time(s) /protokolle/Protokoll_MV_FFM_21.11.2015.pdf: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/1989-wi-berlin.pdf: 1 Time(s) /reader/2016_sose_konstanz_lang.pdf: 1 Time(s) /resolutionen/wise19/bibliotheken/bibliotheken.pdf: 1 Time(s) /resolutionen/wise19/lernraume/Lernr%C3%A4ume.pdf: 1 Time(s) /sftp-config.json: 1 Time(s) /zapf/berichte/ausgestaltung-studiengaenge ... _zapf-sose-2010: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 6 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 4 Time(s) /build/font-pack.2c73dce02b1eaa3a3b4e.css: 3 Time(s) /build/af7ae505a9eed503f8b8e6982036873e.woff2: 2 Time(s) /build/260ef443edb4dfd026d82e2b21a4c75c.woff: 1 Time(s) /favicon.png: 1 Time(s) /fonts/SourceSansPro-Italic.woff: 1 Time(s) /fonts/SourceSansPro-Regular.woff: 1 Time(s) /socket.io/?noteId=StAPF18%3ALeitfadenChat ... mNf-oGJ5brWAAXn: 1 Time(s) /socket.io/?noteId=StAPF18%3Anewsletter1&E ... vvYiBvKk3IkAAde: 1 Time(s) 500 Internal Server Error /: 4 Time(s) /robots.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (222.186.173.183): 54 Time(s) root (222.186.173.238): 54 Time(s) root (222.186.180.17): 48 Time(s) root (222.186.180.223): 48 Time(s) root (222.186.175.217): 42 Time(s) root (222.186.180.6): 42 Time(s) root (218.92.0.179): 41 Time(s) root (222.186.175.161): 41 Time(s) root (222.186.175.151): 40 Time(s) root (218.92.0.131): 38 Time(s) root (218.92.0.170): 36 Time(s) root (222.186.175.181): 36 Time(s) root (222.186.175.182): 36 Time(s) root (222.186.180.41): 36 Time(s) root (218.92.0.145): 35 Time(s) root (218.92.0.158): 35 Time(s) root (222.186.169.194): 35 Time(s) root (222.186.169.192): 30 Time(s) root (222.186.175.147): 30 Time(s) root (222.186.175.216): 30 Time(s) root (222.186.175.220): 30 Time(s) root (222.186.180.8): 30 Time(s) root (222.186.190.92): 30 Time(s) root (218.92.0.176): 29 Time(s) root (218.92.0.135): 28 Time(s) root (222.186.190.2): 28 Time(s) root (218.92.0.148): 24 Time(s) root (218.92.0.175): 24 Time(s) root (218.92.0.212): 24 Time(s) root (222.186.173.142): 24 Time(s) root (222.186.175.155): 24 Time(s) root (222.186.180.9): 24 Time(s) root (222.186.42.4): 24 Time(s) root (218.92.0.182): 23 Time(s) root (222.186.173.226): 23 Time(s) root (222.186.175.140): 23 Time(s) root (222.186.175.169): 23 Time(s) root (222.186.175.150): 22 Time(s) root (112.85.42.174): 18 Time(s) root (218.92.0.134): 18 Time(s) root (218.92.0.139): 18 Time(s) root (218.92.0.155): 18 Time(s) root (218.92.0.178): 18 Time(s) root (222.186.173.180): 18 Time(s) root (222.186.175.148): 18 Time(s) root (222.186.175.202): 18 Time(s) root (49.88.112.55): 18 Time(s) root (49.88.112.58): 18 Time(s) root (112.85.42.171): 17 Time(s) root (222.186.175.163): 17 Time(s) root (218.92.0.164): 12 Time(s) root (218.92.0.193): 12 Time(s) root (222.186.175.154): 12 Time(s) root (222.186.175.183): 12 Time(s) root (222.186.180.147): 12 Time(s) root (112.85.42.173): 11 Time(s) unknown (69.158.207.141): 11 Time(s) root (222.186.175.167): 10 Time(s) root (112.85.42.181): 6 Time(s) root (112.85.42.182): 6 Time(s) root (222.186.173.154): 6 Time(s) root (222.186.175.212): 6 Time(s) root (222.186.175.215): 6 Time(s) root (61.177.172.128): 6 Time(s) root (69.158.207.141): 6 Time(s) root (res-eli56193d.ppp.twt.it): 6 Time(s) root (112.85.42.175): 5 Time(s) root (112.85.42.176): 5 Time(s) root (112.85.42.177): 5 Time(s) root (112.85.42.178): 5 Time(s) root (112.85.42.180): 5 Time(s) root (218.92.0.140): 5 Time(s) root (218.92.0.181): 5 Time(s) root (222.186.173.215): 5 Time(s) unknown (171.251.22.179): 5 Time(s) unknown (171.247.103.127): 3 Time(s) mysql (69.158.207.141): 2 Time(s) root (168.61.46.19): 2 Time(s) unknown (103.143.156.193): 2 Time(s) unknown (168.61.46.19): 2 Time(s) unknown (s559456f9.adsl.online.nl): 2 Time(s) bin (51.68.90.168): 1 Time(s) daemon (51.68.90.168): 1 Time(s) root (119.160.119.82): 1 Time(s) root (120.220.15.5): 1 Time(s) root (123.147.250.51): 1 Time(s) root (125.160.113.3): 1 Time(s) root (188.250.223.156): 1 Time(s) root (27.69.242.187): 1 Time(s) root (90.220.55.200): 1 Time(s) unknown (123.21.192.169): 1 Time(s) unknown (125.161.105.243): 1 Time(s) unknown (145.249.105.204): 1 Time(s) unknown (197.47.39.67): 1 Time(s) unknown (197.52.125.60): 1 Time(s) unknown (212.164.228.99): 1 Time(s) unknown (219.141.190.195): 1 Time(s) unknown (219.143.144.130): 1 Time(s) unknown (221.239.86.19): 1 Time(s) unknown (27.69.242.187): 1 Time(s) unknown (41.234.150.96): 1 Time(s) unknown (41.36.37.171): 1 Time(s) unknown (49.145.97.126): 1 Time(s) unknown (51.68.90.168): 1 Time(s) unknown (81.213.250.242): 1 Time(s) unknown (94.158.37.74): 1 Time(s) Invalid Users: Unknown Account: 41 Time(s) systemd-user: Unknown Entries: session closed for user root: 4 Time(s) session opened for user root by (uid=0): 4 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 16.472K Bytes accepted 16,867 16.472K Bytes sent via SMTP 16,867 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 294 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 294 Total 4xx Rejects 100.00% ======== ================================================== 318 Connections 316 Connections lost (inbound) 318 Disconnections 1 Removed from queue 1 Sent via SMTP 8 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 273 Time(s) Failed logins from: 27.69.242.187 (localhost): 1 time 49.88.112.55: 18 times 49.88.112.58: 18 times 51.68.90.168 (ip-51-68-90.eu): 2 times 61.177.172.128: 6 times 69.158.207.141: 8 times 90.220.55.200 (5adc37c8.bb.sky.com): 1 time 112.85.42.171: 17 times 112.85.42.173: 11 times 112.85.42.174: 22 times 112.85.42.175: 5 times 112.85.42.176: 5 times 112.85.42.177: 5 times 112.85.42.178: 5 times 112.85.42.180: 5 times 112.85.42.181: 6 times 112.85.42.182: 6 times 119.160.119.82 (host-82-net-119-160-119.mobilinkinfinity.net.pk): 1 time 120.220.15.5: 1 time 123.147.250.51: 1 time 125.160.113.3 (3.subnet125-160-113.speedy.telkom.net.id): 1 time 168.61.46.19: 2 times 188.250.223.156 (bl24-223-156.dsl.telepac.pt): 1 time 217.61.172.238 (res-eli56193d.ppp.twt.it): 6 times 218.92.0.131: 42 times 218.92.0.134: 18 times 218.92.0.135: 28 times 218.92.0.139: 18 times 218.92.0.140: 5 times 218.92.0.145: 35 times 218.92.0.148: 24 times 218.92.0.155: 18 times 218.92.0.158: 35 times 218.92.0.164: 12 times 218.92.0.170: 36 times 218.92.0.175: 24 times 218.92.0.176: 29 times 218.92.0.178: 18 times 218.92.0.179: 41 times 218.92.0.181: 5 times 218.92.0.182: 23 times 218.92.0.193: 12 times 218.92.0.212: 24 times 222.186.42.4: 24 times 222.186.169.192: 30 times 222.186.169.194: 35 times 222.186.173.142: 24 times 222.186.173.154: 6 times 222.186.173.180: 18 times 222.186.173.183: 54 times 222.186.173.215: 5 times 222.186.173.226: 23 times 222.186.173.238: 54 times 222.186.175.140: 23 times 222.186.175.147: 30 times 222.186.175.148: 18 times 222.186.175.150: 22 times 222.186.175.151: 40 times 222.186.175.154: 12 times 222.186.175.155: 24 times 222.186.175.161: 41 times 222.186.175.163: 17 times 222.186.175.167: 12 times 222.186.175.169: 23 times 222.186.175.181: 36 times 222.186.175.182: 36 times 222.186.175.183: 12 times 222.186.175.202: 18 times 222.186.175.212: 6 times 222.186.175.215: 6 times 222.186.175.216: 30 times 222.186.175.217: 42 times 222.186.175.220: 30 times 222.186.180.6: 42 times 222.186.180.8: 30 times 222.186.180.9: 24 times 222.186.180.17: 48 times 222.186.180.41: 36 times 222.186.180.147: 12 times 222.186.180.223: 48 times 222.186.190.2: 29 times 222.186.190.92: 30 times Illegal users from: undef: 25 times 27.69.242.187 (localhost): 1 time 41.36.37.171 (host-41.36.37.171.tedata.net): 1 time 41.234.150.96 (host-41.234.150.96.tedata.net): 1 time 49.145.97.126 (dsl.49.145.97.126.pldt.net): 1 time 51.68.90.168 (ip-51-68-90.eu): 1 time 69.158.207.141: 11 times 81.213.250.242 (81.213.250.242.dynamic.ttnet.com.tr): 1 time 85.148.86.249 (s559456f9.adsl.online.nl): 2 times 94.158.37.74 (host74-37-158-94.lds.net.ua): 1 time 103.143.156.193: 2 times 123.21.192.169: 1 time 125.161.105.243 (243.subnet125-161-105.speedy.telkom.net.id): 1 time 145.249.105.204: 1 time 168.61.46.19: 2 times 171.247.103.127 (dynamic-ip-adsl.viettel.vn): 3 times 171.251.22.179 (dynamic-adsl.viettel.vn): 5 times 197.47.39.67 (host-197.47.39.67.tedata.net): 1 time 197.52.125.60 (host-197.52.125.60.tedata.net): 1 time 212.164.228.99 (b-internet.212.164.228.99.nsk.rt.ru): 1 time 219.141.190.195: 1 time 219.143.144.130 (130.144.143.219.broad.bj.bj.dynamic.163data.com.cn): 1 time 221.239.86.19 (19.86.239.221.broad.tj.tj.dynamic.163data.com.cn): 1 time Users logging in through sshd: root: 139.30.223.84: 4 times 139.30.219.133: 2 times **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 3 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################