################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Jun 8 04:42:09 2019 Date Range Processed: yesterday ( 2019-Jun-07 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [323:325] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 60.191.52.254 -> zapf.wiki:443: 1 Time(s) A total of 2 sites probed the server 172.104.242.173 212.83.145.9 Requests with error response codes 400 Bad Request /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... sWVeNC_E9zHAAJU: 4 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... 7TBvJRIesqpAAMJ: 3 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... F2TUaaiCacKAAME: 3 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... RWyKNBao9KEAAMC: 3 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... TziawgDbyPUAAP_: 3 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... dIpWA9S52q0AAJ0: 3 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... gYNIE7k11KWAAK8: 3 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... hoOsXKoW_cvAAKI: 3 Time(s) null: 3 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... Hy_M926TwNDAALe: 2 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... NB65osXP8koAALE: 2 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... 0u-NjLAQ1_fAAMX: 1 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... 2udbg6JlaovAAKz: 1 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... 3mj_rCFB6uRAALz: 1 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... 5RaQ_2Fs6tAAAJo: 1 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... IR8dbLv-QqJAAMI: 1 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... IWphfWUCWa0AALv: 1 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... kW0WNXpMv9YAAJx: 1 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... xZAbqupLmXaAANZ: 1 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... xolOB5t-PEZAAIr: 1 Time(s) /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... yUsZGC1ruRJAALD: 1 Time(s) mstshash=Administr: 1 Time(s) zapf.wiki:443: 1 Time(s) 404 Not Found /robots.txt: 24 Time(s) /berlin/apple-touch-icon.png: 4 Time(s) /wp-login.php: 4 Time(s) /.well-known/openpgpkey/hu/qs1j67f594iidts ... qm5t?l=vorstand: 1 Time(s) /admin/: 1 Time(s) /downloader/: 1 Time(s) /reader/2016_sose_konstanz_lang.pdf: 1 Time(s) /rss/catalog/notifystock/: 1 Time(s) /rss/order/new/: 1 Time(s) /test/wp-login.php: 1 Time(s) 408 Request Timeout /socket.io/?noteId=T_MtX5F2RvSubPCBWtXT7Q& ... 5RaQ_2Fs6tAAAJo: 1 Time(s) 499 (undefined) /favicon.png: 2 Time(s) /build/constant.js: 1 Time(s) /fonts/SourceSansPro-Regular.woff: 1 Time(s) /js/mathjax-config-extra.js: 1 Time(s) /reader/2005-so-reader_er05.pdf: 1 Time(s) 500 Internal Server Error /: 37 Time(s) //libs/js/iframe.js: 2 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (128.199.231.40): 74 Time(s) unknown (151.236.193.195): 54 Time(s) unknown (45.55.188.133): 51 Time(s) unknown (t2.4geek.com.au): 51 Time(s) unknown (115.95.178.174): 50 Time(s) unknown (118.24.151.172): 50 Time(s) unknown (167.99.15.245): 50 Time(s) unknown (87.ip-142-44-247.net): 50 Time(s) unknown (103.97.5.44): 49 Time(s) unknown (181.48.29.35): 48 Time(s) unknown (202.21.115.69): 48 Time(s) unknown (213.ip-79-137-82.eu): 45 Time(s) unknown (115.47.160.32): 44 Time(s) unknown (108-220-102-219.lightspeed.snantx.sbcglobal.net): 42 Time(s) unknown (193.194.77.194): 42 Time(s) unknown (221.204.11.179): 42 Time(s) unknown (139.199.14.8): 40 Time(s) unknown (119.27.170.64): 39 Time(s) unknown (200.216.30.74): 37 Time(s) unknown (106.13.4.244): 35 Time(s) unknown (192.99.216.184): 32 Time(s) unknown (106.12.24.108): 23 Time(s) unknown (114.ip-92-222-92.eu): 15 Time(s) unknown (122.165.149.75): 12 Time(s) unknown (ppp91-122-14-178.pppoe.avangarddsl.ru): 12 Time(s) unknown (111.203.152.87): 9 Time(s) unknown (cpe-72-130-92-145.hawaii.res.rr.com): 9 Time(s) unknown (83.218.169.89): 8 Time(s) unknown (93.51.247.178): 8 Time(s) root (211.24.85.18): 6 Time(s) root (27.152.112.98): 6 Time(s) root (c-73-65-133-36.hsd1.ut.comcast.net): 6 Time(s) unknown (171.ip-151-80-234.eu): 6 Time(s) unknown (41.208.222.165): 6 Time(s) unknown (79.25.190.97): 6 Time(s) backup (103.97.5.44): 2 Time(s) postfix (108-220-102-219.lightspeed.snantx.sbcglobal.net): 2 Time(s) unknown (1.232.77.181): 2 Time(s) unknown (186.104.209.251): 2 Time(s) backup (106.12.24.108): 1 Time(s) backup (115.95.178.174): 1 Time(s) backup (119.27.170.64): 1 Time(s) backup (167.99.15.245): 1 Time(s) backup (202.21.115.69): 1 Time(s) backup (t2.4geek.com.au): 1 Time(s) games (103.97.5.44): 1 Time(s) games (202.21.115.69): 1 Time(s) irc (181.48.29.35): 1 Time(s) irc (193.194.77.194): 1 Time(s) list (108-220-102-219.lightspeed.snantx.sbcglobal.net): 1 Time(s) list (114.ip-92-222-92.eu): 1 Time(s) list (151.236.193.195): 1 Time(s) list (181.48.29.35): 1 Time(s) list (93.51.247.178): 1 Time(s) mail (128.199.231.40): 1 Time(s) mail (139.199.14.8): 1 Time(s) mailman (151.236.193.195): 1 Time(s) mailman (181.48.29.35): 1 Time(s) mailman (45.55.188.133): 1 Time(s) man (181.48.29.35): 1 Time(s) mysql (151.236.193.195): 1 Time(s) mysql (221.204.11.179): 1 Time(s) mysql (87.ip-142-44-247.net): 1 Time(s) news (115.95.178.174): 1 Time(s) news (128.199.231.40): 1 Time(s) news (202.21.115.69): 1 Time(s) news (cpe-72-130-92-145.hawaii.res.rr.com): 1 Time(s) nobody (87.ip-142-44-247.net): 1 Time(s) postfix (181.48.29.35): 1 Time(s) postgres (111.203.152.87): 1 Time(s) postgres (185.244.25.105): 1 Time(s) postgres (87.ip-142-44-247.net): 1 Time(s) proxy (119.27.170.64): 1 Time(s) root (218.92.0.182): 1 Time(s) root (58.242.82.10): 1 Time(s) sshd (108-220-102-219.lightspeed.snantx.sbcglobal.net): 1 Time(s) sshd (118.24.151.172): 1 Time(s) sync (87.ip-142-44-247.net): 1 Time(s) sys (200.216.30.74): 1 Time(s) temp (108-220-102-219.lightspeed.snantx.sbcglobal.net): 1 Time(s) temp (122.165.149.75): 1 Time(s) temp (128.199.231.40): 1 Time(s) temp (202.21.115.69): 1 Time(s) temp (ppp91-122-14-178.pppoe.avangarddsl.ru): 1 Time(s) unknown (106.13.118.41): 1 Time(s) unknown (113.173.118.45): 1 Time(s) unknown (131-72-201-84.rev.talklink.com.br): 1 Time(s) unknown (142.93.101.13): 1 Time(s) unknown (182.61.177.66): 1 Time(s) unknown (188.16.110.221): 1 Time(s) unknown (37.10.112.66): 1 Time(s) unknown (gnp154.internetdsl.tpnet.pl): 1 Time(s) unknown (lfbn-ren-1-499-8.w2-10.abo.wanadoo.fr): 1 Time(s) www-data (114.ip-92-222-92.eu): 1 Time(s) www-data (cpe-72-130-92-145.hawaii.res.rr.com): 1 Time(s) Invalid Users: Unknown Account: 1104 Time(s) systemd-user: Unknown Entries: session opened for user root by (uid=0): 2 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 6 Miscellaneous warnings 11.745K Bytes accepted 12,027 11.745K Bytes sent via SMTP 12,027 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 486 Connections 483 Connections lost (inbound) 486 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 3 Time(s) Failed logins from: 27.152.112.98 (98.112.152.27.broad.xm.fj.dynamic.163data.com.cn): 6 times 45.55.188.133: 1 time 58.242.82.10: 2 times 72.130.92.145 (cpe-72-130-92-145.hawaii.res.rr.com): 2 times 73.65.133.36 (c-73-65-133-36.hsd1.ut.comcast.net): 6 times 91.122.14.178 (ppp91-122-14-178.pppoe.avangarddsl.ru): 1 time 92.222.92.114 (114.ip-92-222-92.eu): 2 times 93.51.247.178 (srvmail.smartmoda.com): 1 time 103.97.5.44: 3 times 106.12.24.108: 1 time 108.220.102.219 (108-220-102-219.lightspeed.snantx.sbcglobal.net): 5 times 111.203.152.87: 1 time 115.95.178.174: 2 times 118.24.151.172: 1 time 119.27.170.64: 2 times 122.165.149.75 (abts-tn-static-075.149.165.122.airtelbroadband.in): 1 time 128.199.231.40: 3 times 139.199.14.8: 1 time 142.44.247.87 (87.ip-142-44-247.net): 4 times 142.93.122.185 (t2.4geek.com.au): 1 time 151.236.193.195: 3 times 167.99.15.245 (ubuntu.server): 1 time 181.48.29.35: 5 times 185.244.25.105 (Dedi08.customers.kvsolutions.nl): 1 time 193.194.77.194: 1 time 200.216.30.74: 1 time 202.21.115.69: 4 times 211.24.85.18 (cgw-211-24-85-18.bbrtl.time.net.my): 6 times 218.92.0.182: 3 times 221.204.11.179 (179.11.204.221.adsl-pool.sx.cn): 1 time Illegal users from: undef: 839 times 1.232.77.181: 2 times 2.10.87.8 (lfbn-ren-1-499-8.w2-10.abo.wanadoo.fr): 1 time 37.10.112.66: 1 time 41.208.222.165 (broadlink-41-208-222-165.broadlink.net): 6 times 45.55.188.133: 51 times 72.130.92.145 (cpe-72-130-92-145.hawaii.res.rr.com): 9 times 79.25.190.97: 6 times 79.137.82.213 (213.ip-79-137-82.eu): 45 times 83.3.93.154 (gnp154.internetdsl.tpnet.pl): 1 time 83.218.169.89 (im-169-89.mynet.at): 8 times 91.122.14.178 (ppp91-122-14-178.pppoe.avangarddsl.ru): 12 times 92.222.92.114 (114.ip-92-222-92.eu): 15 times 93.51.247.178 (srvmail.smartmoda.com): 8 times 103.97.5.44: 49 times 106.12.24.108: 23 times 106.13.4.244: 35 times 106.13.118.41: 1 time 108.220.102.219 (108-220-102-219.lightspeed.snantx.sbcglobal.net): 42 times 111.203.152.87: 9 times 113.173.118.45 (static.vnpt.vn): 1 time 115.47.160.32: 44 times 115.95.178.174: 50 times 118.24.151.172: 50 times 119.27.170.64: 39 times 122.165.149.75 (abts-tn-static-075.149.165.122.airtelbroadband.in): 12 times 128.199.231.40: 74 times 131.72.201.84 (131-72-201-84.rev.talklink.com.br): 5 times 139.199.14.8: 40 times 142.44.247.87 (87.ip-142-44-247.net): 50 times 142.93.101.13: 1 time 142.93.122.185 (t2.4geek.com.au): 51 times 151.80.234.171 (171.ip-151-80-234.eu): 6 times 151.236.193.195: 54 times 167.99.15.245 (ubuntu.server): 50 times 181.48.29.35: 48 times 182.61.177.66: 1 time 186.104.209.251 (186-104-209-251.fibra.movistar.cl): 2 times 188.16.110.221: 1 time 192.99.216.184: 32 times 193.194.77.194: 42 times 200.216.30.74: 37 times 202.21.115.69: 48 times 221.204.11.179 (179.11.204.221.adsl-pool.sx.cn): 42 times Users logging in through sshd: root: 131.220.249.225 (eduroam-249-225.wlan.uni-bonn.de): 2 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################