################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Aug 8 04:42:04 2021 Date Range Processed: yesterday ( 2021-Aug-07 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [105:105] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 7 sites probed the server 165.22.242.53 193.56.29.48 205.185.126.200 209.141.50.63 209.141.54.8 54.159.227.112 91.132.58.102 Requests with error response codes 400 Bad Request null: 13 Time(s) /: 9 Time(s) mstshash=Administr: 3 Time(s) //admin/config.php: 1 Time(s) //recordings/index.php: 1 Time(s) //remote/fgt_lang?lang=/../../../../////// ... lvpn_websession: 1 Time(s) 403 Forbidden /resolutionen/wise17/Pruefungsunfaehigkeit/: 1 Time(s) 404 Not Found /robots.txt: 49 Time(s) /wp-login.php: 3 Time(s) /app/etc/local.xml: 2 Time(s) /xmlrpc.php: 2 Time(s) /%7C: 1 Time(s) /assets/global/plugins/jquery-file-upload/ ... ex.php?secure=1: 1 Time(s) /assets/jquery-file-upload/server/php/index.php?secure=1: 1 Time(s) /assets/plugins/jquery-file-upload/server/ ... ex.php?secure=1: 1 Time(s) /datenschutz/: 1 Time(s) /demo/downloader/index.php: 1 Time(s) /demo/errors/503.php: 1 Time(s) /demo/index.php/admin/: 1 Time(s) /demo/rss/catalog/notifystock: 1 Time(s) /demo/rss/catalog/review: 1 Time(s) /demo/rss/order/new: 1 Time(s) /dev/downloader/index.php: 1 Time(s) /dev/errors/503.php: 1 Time(s) /dev/index.php/admin/: 1 Time(s) /dev/rss/catalog/notifystock: 1 Time(s) /dev/rss/catalog/review: 1 Time(s) /dev/rss/order/new: 1 Time(s) /download/zapf_satzung.pdf: 1 Time(s) /download/zapfev_satzung.pdf: 1 Time(s) /downloader/index.php: 1 Time(s) /errors/503.php: 1 Time(s) /index.php/admin/: 1 Time(s) /magento/downloader/index.php: 1 Time(s) /magento/errors/503.php: 1 Time(s) /magento/index.php/admin/: 1 Time(s) /magento/rss/catalog/notifystock: 1 Time(s) /magento/rss/catalog/review: 1 Time(s) /magento/rss/order/new: 1 Time(s) /old/downloader/index.php: 1 Time(s) /old/errors/503.php: 1 Time(s) /old/index.php/admin/: 1 Time(s) /old/rss/catalog/notifystock: 1 Time(s) /old/rss/catalog/review: 1 Time(s) /old/rss/order/new: 1 Time(s) /phpformbuilder/plugins/jQuery-File-Upload ... ex.php?secure=1: 1 Time(s) /protokolle/Ergebnisprotokoll_MV_09.06.2017.pdf: 1 Time(s) /protokolle/Protokoll_MV_2019_01_11_Freiburg.pdf: 1 Time(s) /reader/1989-wi-berlin.pdf: 1 Time(s) /reader/1993-wi-reader_st93.pdf: 1 Time(s) /reader/1994-wi-reader_hb94.pdf: 1 Time(s) /resolutionen/sose21/fdm/fdm.pd: 1 Time(s) /resolutionen/wise15/Gefl%C3%83%C2%BCchtet ... efluechtete.pdf: 1 Time(s) /resolutionen/wise15/Transparenz_in_der_: 1 Time(s) /resolutionen/wise20/opendata/opendata.p: 1 Time(s) /rss/catalog/notifystock: 1 Time(s) /rss/catalog/review: 1 Time(s) /rss/order/new: 1 Time(s) /shop/downloader/index.php: 1 Time(s) /shop/errors/503.php: 1 Time(s) /shop/index.php/admin/: 1 Time(s) /shop/rss/catalog/notifystock: 1 Time(s) /shop/rss/catalog/review: 1 Time(s) /shop/rss/order/new: 1 Time(s) /sites/default/files/1982_WiSe_Stuttgart.pdf: 1 Time(s) /sites/default/files/1984_SoSe_Konstanz.pdf: 1 Time(s) /sites/default/files/1987_SoSe_Aachen.pdf: 1 Time(s) /sites/default/files/1992_WiSe_M%C3%BCnchen.pdf: 1 Time(s) /sites/default/files/2005_SoSe_Erlangen.pdf: 1 Time(s) /sites/default/files/2009_WiSe_M%C3%BCnchen_gescannt_low.pdf: 1 Time(s) /sites/default/files/2010-11-26%20vorgesch ... A4nderungen.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /staging/downloader/index.php: 1 Time(s) /staging/errors/503.php: 1 Time(s) /staging/index.php/admin/: 1 Time(s) /staging/rss/catalog/notifystock: 1 Time(s) /staging/rss/catalog/review: 1 Time(s) /staging/rss/order/new: 1 Time(s) /store/downloader/index.php: 1 Time(s) /store/errors/503.php: 1 Time(s) /store/index.php/admin/: 1 Time(s) /store/rss/catalog/notifystock: 1 Time(s) /store/rss/catalog/review: 1 Time(s) /store/rss/order/new: 1 Time(s) /test/downloader/index.php: 1 Time(s) /test/errors/503.php: 1 Time(s) /test/index.php/admin/: 1 Time(s) /test/rss/catalog/notifystock: 1 Time(s) /test/rss/catalog/review: 1 Time(s) /test/rss/order/new: 1 Time(s) /verein/vorstand/%7C: 1 Time(s) /wp/: 1 Time(s) /zapf/geschaeftsordnung: 1 Time(s) 500 Internal Server Error /: 106 Time(s) /downloader/index.php: 15 Time(s) /errors/503.php: 15 Time(s) /index.php/admin/: 15 Time(s) /rss/catalog/notifystock: 15 Time(s) /rss/catalog/review: 15 Time(s) /rss/order/new: 15 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s) /robots.txt: 2 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) /.env: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /GponForm/diag_Form?style/: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /actuator/health: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /console/: 1 Time(s) /favicon.ico: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /owa/auth/logon.aspx: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (101.34.3.241): 188 Time(s) root (121.4.15.213): 70 Time(s) root (139.198.28.131): 70 Time(s) root (139.59.186.178): 70 Time(s) root (175.118.152.100): 70 Time(s) root (177.22.86.180): 70 Time(s) root (186.122.149.6): 70 Time(s) root (49.156.53.40): 70 Time(s) root (42.192.79.7): 67 Time(s) root (81.69.19.140): 64 Time(s) root (1.117.104.178): 63 Time(s) root (49.234.218.171): 62 Time(s) root (49.235.68.144): 62 Time(s) root (128.14.231.68): 51 Time(s) root (104.131.91.148): 50 Time(s) root (106.254.246.210): 50 Time(s) root (144.34.186.40.16clouds.com): 50 Time(s) root (ns399667.ip-37-59-37.eu): 50 Time(s) root (212.64.38.8): 49 Time(s) root (85.132.67.226): 49 Time(s) root (138.197.129.38): 47 Time(s) root (193.112.24.94): 46 Time(s) root (187.234.29.160): 44 Time(s) root (101.32.14.126): 40 Time(s) root (165.22.120.146): 40 Time(s) root (8.209.73.223): 40 Time(s) root (58.246.71.26): 38 Time(s) root (vmi205198.contaboserver.net): 35 Time(s) root (192.144.216.116): 31 Time(s) root (111.229.116.169): 30 Time(s) root (1.15.102.234): 29 Time(s) root (118.195.166.161): 29 Time(s) unknown (178.128.19.209): 21 Time(s) unknown (178.62.102.99): 21 Time(s) unknown (159.75.2.58): 20 Time(s) unknown (197.156.248.157): 20 Time(s) unknown (49.234.209.4): 19 Time(s) unknown (139.59.242.180): 18 Time(s) unknown (36.134.73.71): 18 Time(s) unknown (92.50.249.166): 18 Time(s) unknown (116-59-25-201.emome-ip.hinet.net): 17 Time(s) unknown (122.14.222.202): 17 Time(s) unknown (167.99.137.75): 15 Time(s) root (183.192.28.60): 13 Time(s) unknown (45.146.166.50): 11 Time(s) root (122.14.222.202): 9 Time(s) root (116-59-25-201.emome-ip.hinet.net): 8 Time(s) root (139.59.242.180): 8 Time(s) root (159.75.2.58): 8 Time(s) unknown (118.195.166.161): 7 Time(s) root (197.156.248.157): 6 Time(s) root (202.78.233.27): 6 Time(s) root (92.50.249.166): 6 Time(s) unknown (141.98.10.125): 6 Time(s) unknown (141.98.10.203): 6 Time(s) unknown (192.144.216.116): 6 Time(s) unknown (205.185.125.109): 6 Time(s) unknown (205.185.127.25): 6 Time(s) root (49.234.209.4): 5 Time(s) root (178.62.102.99): 4 Time(s) unknown (141.98.10.56): 4 Time(s) root (167.99.137.75): 3 Time(s) root (178.128.19.209): 3 Time(s) unknown (104.244.72.8): 3 Time(s) unknown (104.244.75.95): 3 Time(s) unknown (37.0.11.249): 3 Time(s) postgres (139.59.242.180): 2 Time(s) postgres (92.50.249.166): 2 Time(s) root (104.244.74.89): 2 Time(s) unknown (104.244.74.89): 2 Time(s) unknown (116.43.244.112): 2 Time(s) unknown (185.234.57.175): 2 Time(s) unknown (199.195.248.154): 2 Time(s) mysql (104.244.72.8): 1 Time(s) mysql (104.244.75.95): 1 Time(s) mysql (92.50.249.166): 1 Time(s) postgres (178.128.19.209): 1 Time(s) postgres (36.134.73.71): 1 Time(s) root (138.68.75.113): 1 Time(s) root (152.136.17.25): 1 Time(s) root (185.247.225.55): 1 Time(s) root (36.134.73.71): 1 Time(s) root (45.146.166.50): 1 Time(s) root (45.153.160.136): 1 Time(s) root (51.15.195.193): 1 Time(s) root (94.13.10.7): 1 Time(s) root (94.97.239.40): 1 Time(s) temp (122.14.222.202): 1 Time(s) unknown (103-231-228-244.bd-networks.com): 1 Time(s) unknown (124.156.153.16): 1 Time(s) unknown (181.57.159.34): 1 Time(s) unknown (192.81.218.93): 1 Time(s) unknown (203.170.129.155): 1 Time(s) unknown (206.253.161.75): 1 Time(s) unknown (27.123.219.34): 1 Time(s) unknown (62-210-201-139.rev.poneytelecom.eu): 1 Time(s) unknown (docker.jtl-software.de): 1 Time(s) Invalid Users: Unknown Account: 282 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 24.082K Bytes accepted 24,660 24.082K Bytes sent via SMTP 24,660 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 260 Connections 40 Connections lost (inbound) 260 Disconnections 1 Removed from queue 1 Sent via SMTP 4 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.15.102.234: 29 times 1.117.104.178: 63 times 8.209.73.223: 40 times 36.134.73.71: 2 times 37.59.37.201 (ns399667.ip-37-59-37.eu): 50 times 42.192.79.7: 67 times 45.146.166.50: 1 time 45.153.160.136: 1 time 49.156.53.40: 70 times 49.234.209.4: 5 times 49.234.218.171: 62 times 49.235.68.144: 62 times 51.15.195.193 (193-195-15-51.instances.scw.cloud): 1 time 58.246.71.26: 38 times 81.69.19.140: 64 times 85.132.67.226 (novco.com): 49 times 92.50.249.166: 9 times 94.13.10.7 (5e0d0a07.bb.sky.com): 1 time 94.97.239.40: 1 time 101.32.14.126: 40 times 101.34.3.241: 188 times 104.131.91.148: 50 times 104.244.72.8: 1 time 104.244.74.89: 2 times 104.244.75.95 (lux01.0x6761.ga): 1 time 106.254.246.210: 50 times 111.229.116.169: 30 times 116.59.25.201 (116-59-25-201.emome-ip.hinet.net): 8 times 118.195.166.161: 29 times 121.4.15.213: 70 times 122.14.222.202: 10 times 128.14.231.68: 51 times 138.68.75.113: 1 time 138.197.129.38: 47 times 139.59.186.178: 70 times 139.59.242.180: 10 times 139.198.28.131: 70 times 144.34.186.40 (144.34.186.40.16clouds.com): 50 times 152.136.17.25: 1 time 159.75.2.58: 8 times 165.22.120.146: 40 times 167.99.137.75: 3 times 175.118.152.100: 70 times 177.22.86.180 (177-22-86-180.triway.net.br): 70 times 178.62.102.99: 4 times 178.128.19.209: 4 times 183.192.28.60 (.): 13 times 185.247.225.55: 1 time 186.122.149.6 (host6.186-122-149.telmex.net.ar): 70 times 187.234.29.160 (dsl-187-234-29-160-dyn.prod-infinitum.com.mx): 44 times 192.144.216.116: 31 times 193.112.24.94: 46 times 197.156.248.157: 6 times 202.78.233.27 (node-202-78-233-27.alliancebroadband.in): 6 times 207.180.204.193 (vmi205198.contaboserver.net): 35 times 212.64.38.8: 49 times Illegal users from: undef: 164 times 27.123.219.34 (27.123.219.34.homesystemsnet.com): 1 time 31.172.91.250 (docker.jtl-software.de): 1 time 36.134.73.71: 18 times 37.0.11.249: 3 times 45.146.166.50: 11 times 49.234.209.4: 19 times 62.210.201.139 (62-210-201-139.rev.poneytelecom.eu): 1 time 65.49.20.67 (scan-18.shadowserver.org): 1 time 92.50.249.166: 18 times 103.231.228.244 (103-231-228-244.bd-networks.com): 1 time 104.244.72.8: 3 times 104.244.74.89: 2 times 104.244.75.95 (lux01.0x6761.ga): 3 times 116.43.244.112: 2 times 116.59.25.201 (116-59-25-201.emome-ip.hinet.net): 17 times 118.195.166.161: 7 times 122.14.222.202: 17 times 124.156.153.16: 1 time 139.59.242.180: 18 times 141.98.10.56: 4 times 141.98.10.125: 6 times 141.98.10.203: 6 times 159.75.2.58: 20 times 167.99.137.75: 15 times 178.62.102.99: 21 times 178.128.19.209: 21 times 181.57.159.34 (static-ip-1815715934.cable.net.co): 1 time 185.234.57.175: 2 times 192.81.218.93: 1 time 192.144.216.116: 6 times 197.156.248.157: 20 times 199.195.248.154: 2 times 203.170.129.155: 1 time 205.185.125.109: 6 times 205.185.127.25 (serveroperations.com): 6 times 206.253.161.75: 1 time **Unmatched Entries** fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 54 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop33257p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################