################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Sep 6 04:42:07 2019 Date Range Processed: yesterday ( 2019-Sep-05 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [459:459] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 60.191.52.254 -> zapf.wiki:443: 1 Time(s) A total of 3 sites probed the server 163.172.106.112 176.8.90.196 66.240.205.34 Requests with error response codes 400 Bad Request ../../mnt/custom/ProductDefinition: 20 Time(s) null: 7 Time(s) mstshash=Administr: 4 Time(s) /: 2 Time(s) /setup.cgi?next_file=netgear.cfg&todo=sysc ... ntsetting.htm=1: 1 Time(s) http://110.249.212.46/testget?q=23333&port=443: 1 Time(s) zapf.wiki:443: 1 Time(s) 403 Forbidden /resolutionen/sose17/: 1 Time(s) /resolutionen/wise16/: 1 Time(s) 404 Not Found /robots.txt: 34 Time(s) /wp-login.php: 3 Time(s) /berlin/apple-touch-icon.png: 2 Time(s) /reader%2F1994-wi-reader_hb94.pdf: 2 Time(s) /reader/1994-wi-reader_hb94.pdf: 2 Time(s) /berichte/SoSe15/stapf(a)googlegroups.com: 1 Time(s) /berichte/SoSe16/www.zapfev.de: 1 Time(s) /berichte/SoSe16/zapf.pfsr.de: 1 Time(s) /berichte/WiSe16/stapf(a)zapf.in: 1 Time(s) /neuigkeiten/2010-11-30_Pressemitteilung-ZaPF-Berlin: 1 Time(s) /reader/2016_sose_konstanz_lang.pdf: 1 Time(s) /reader/commit/09360d9fceaee264132be600f2762d7b2827fd01: 1 Time(s) /reader/commit/82b5625412a9488dc60b801646d3cc89c9316610: 1 Time(s) /reader/commit/bc29b23744db65c1ce152b44c6d6b27a7e79fd5f: 1 Time(s) /reader/commit/da0fd0463ced8baff84cce5549ee7c76a5e7ca05: 1 Time(s) /reader/commit/f296a13ca2c01c535b80f726f1d0e62f3620d14e: 1 Time(s) /reader/www.zapfev.de/resolutionen: 1 Time(s) /reader/zapfit(a)lists.spline.inf.fu-berlin.de: 1 Time(s) /sites/default/files/2007_WiSe_Bielefeld.pdf: 1 Time(s) /sites/default/files/2008_WiSe_Aachen.pdf: 1 Time(s) /sites/default/files/2009_SoSe_G%C3%B6ttingen.pdf: 1 Time(s) /sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s) /sites/default/files/2009_WiSe_M%C3%BCnchen_gescannt_low.pdf: 1 Time(s) /verein/mitgliederver-: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 1 Time(s) /favicon.png: 1 Time(s) 500 Internal Server Error /robots.txt: 21 Time(s) /: 18 Time(s) /remote/login: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (58.87.75.178): 124 Time(s) unknown (189.112.109.188): 122 Time(s) unknown (111.198.54.173): 114 Time(s) unknown (mx.frigorifer.ro): 111 Time(s) unknown (146.185.181.64): 106 Time(s) unknown (157.230.18.195): 106 Time(s) unknown (125.161.137.111): 105 Time(s) unknown (46.101.26.63): 104 Time(s) unknown (178.128.55.49): 103 Time(s) unknown (106.75.91.43): 99 Time(s) unknown (ip91.ip-147-135-156.eu): 98 Time(s) unknown (134.175.153.238): 95 Time(s) unknown (103.124.89.205): 93 Time(s) unknown (165.22.63.29): 89 Time(s) unknown (mail.ec.or.ug): 88 Time(s) unknown (181.28.94.205): 86 Time(s) unknown (52.169.136.28): 86 Time(s) unknown (45.80.64.246): 85 Time(s) unknown (181.120.246.83): 83 Time(s) unknown (parkview-101-106.tm.net.my): 82 Time(s) unknown (host81-142-80-97.in-addr.btopenworld.com): 70 Time(s) unknown (189.7.25.34): 58 Time(s) unknown (190.9.130.159): 41 Time(s) unknown (139.59.95.216): 34 Time(s) unknown (210.209.72.243): 33 Time(s) unknown (43.231.61.147): 33 Time(s) unknown (ip17.ip-51-254-57.eu): 27 Time(s) unknown (118.68.105.223): 26 Time(s) unknown (140.143.59.171): 23 Time(s) unknown (157.245.103.66): 21 Time(s) unknown (226.201.155.104.bc.googleusercontent.com): 21 Time(s) unknown (host81-130-234-235.in-addr.btopenworld.com): 18 Time(s) unknown (118.24.23.100): 17 Time(s) unknown (104.248.148.34): 14 Time(s) unknown (140.143.22.200): 14 Time(s) unknown (202.65.151.31): 14 Time(s) unknown (118.24.82.164): 13 Time(s) unknown (27.254.130.69): 13 Time(s) root (118.68.105.223): 12 Time(s) root (49.88.112.57): 12 Time(s) postgres (103.124.89.205): 7 Time(s) root (112.85.42.179): 6 Time(s) root (113.122.170.94): 6 Time(s) root (218.92.0.184): 6 Time(s) root (27.190.123.142): 6 Time(s) root (49.88.112.54): 6 Time(s) unknown (115.213.135.244): 6 Time(s) postgres (181.120.246.83): 5 Time(s) unknown (62.234.105.16): 5 Time(s) postgres (157.230.18.195): 4 Time(s) postgres (mail.ec.or.ug): 4 Time(s) postgres (mx.frigorifer.ro): 4 Time(s) root (125.161.137.111): 4 Time(s) root (139.59.95.216): 4 Time(s) root (146.185.181.64): 4 Time(s) root (46.101.26.63): 4 Time(s) unknown (193.32.163.182): 4 Time(s) unknown (96-1-72-4-staticipwest.wireless.telus.com): 4 Time(s) postgres (111.198.54.173): 3 Time(s) postgres (165.22.63.29): 3 Time(s) postgres (ip91.ip-147-135-156.eu): 3 Time(s) postgres (parkview-101-106.tm.net.my): 3 Time(s) root (111.198.54.173): 3 Time(s) root (140.143.59.171): 3 Time(s) root (189.7.25.34): 3 Time(s) unknown (117.0.35.153): 3 Time(s) unknown (118.184.216.161): 3 Time(s) www-data (mail.ec.or.ug): 3 Time(s) mysql (111.198.54.173): 2 Time(s) mysql (146.185.181.64): 2 Time(s) mysql (157.230.18.195): 2 Time(s) mysql (ip91.ip-147-135-156.eu): 2 Time(s) mysql (mail.ec.or.ug): 2 Time(s) postgres (125.161.137.111): 2 Time(s) postgres (178.128.55.49): 2 Time(s) postgres (43.231.61.147): 2 Time(s) postgres (46.101.26.63): 2 Time(s) postgres (52.169.136.28): 2 Time(s) root (118.24.23.100): 2 Time(s) root (157.230.18.195): 2 Time(s) root (181.120.246.83): 2 Time(s) root (27.254.130.69): 2 Time(s) root (45.80.64.246): 2 Time(s) root (52.169.136.28): 2 Time(s) root (parkview-101-106.tm.net.my): 2 Time(s) temp (189.7.25.34): 2 Time(s) temp (45.80.64.246): 2 Time(s) temp (52.169.136.28): 2 Time(s) unknown (124.176.144.22): 2 Time(s) unknown (183.236.132.241): 2 Time(s) unknown (ca783-1-78-198-69-64.fbx.proxad.net): 2 Time(s) www-data (111.198.54.173): 2 Time(s) www-data (ip91.ip-147-135-156.eu): 2 Time(s) www-data (mx.frigorifer.ro): 2 Time(s) backup (139.59.95.216): 1 Time(s) mysql (104.248.148.34): 1 Time(s) mysql (106.75.91.43): 1 Time(s) mysql (118.68.105.223): 1 Time(s) mysql (125.161.137.111): 1 Time(s) mysql (134.175.153.238): 1 Time(s) mysql (181.28.94.205): 1 Time(s) mysql (189.112.109.188): 1 Time(s) mysql (190.9.130.159): 1 Time(s) mysql (210.209.72.243): 1 Time(s) mysql (43.231.61.147): 1 Time(s) mysql (46.101.26.63): 1 Time(s) mysql (52.169.136.28): 1 Time(s) mysql (host81-142-80-97.in-addr.btopenworld.com): 1 Time(s) mysql (ip17.ip-51-254-57.eu): 1 Time(s) postgres (106.75.91.43): 1 Time(s) postgres (118.24.23.100): 1 Time(s) postgres (134.175.153.238): 1 Time(s) postgres (139.59.95.216): 1 Time(s) postgres (146.185.181.64): 1 Time(s) postgres (181.28.94.205): 1 Time(s) postgres (189.112.109.188): 1 Time(s) postgres (189.7.25.34): 1 Time(s) postgres (58.87.75.178): 1 Time(s) postgres (host81-142-80-97.in-addr.btopenworld.com): 1 Time(s) postgres (ip17.ip-51-254-57.eu): 1 Time(s) root (103.124.89.205): 1 Time(s) root (106.75.91.43): 1 Time(s) root (121.157.82.218): 1 Time(s) root (134.175.153.238): 1 Time(s) root (140.143.22.200): 1 Time(s) root (157.230.103.135): 1 Time(s) root (157.245.103.66): 1 Time(s) root (165.22.63.29): 1 Time(s) root (178.128.55.49): 1 Time(s) root (181.28.94.205): 1 Time(s) root (190.9.130.159): 1 Time(s) root (58.250.174.70): 1 Time(s) root (host81-130-234-235.in-addr.btopenworld.com): 1 Time(s) root (host81-142-80-97.in-addr.btopenworld.com): 1 Time(s) root (ip17.ip-51-254-57.eu): 1 Time(s) root (ip91.ip-147-135-156.eu): 1 Time(s) root (mail.ec.or.ug): 1 Time(s) sync (139.59.95.216): 1 Time(s) temp (103.124.89.205): 1 Time(s) temp (104.248.148.34): 1 Time(s) temp (111.198.54.173): 1 Time(s) temp (181.120.246.83): 1 Time(s) temp (210.209.72.243): 1 Time(s) temp (43.231.61.147): 1 Time(s) temp (46.101.26.63): 1 Time(s) unknown (113.ip-51-68-215.eu): 1 Time(s) unknown (115.94.141.62): 1 Time(s) unknown (118.24.99.163): 1 Time(s) unknown (121.126.161.117): 1 Time(s) unknown (138.197.152.113): 1 Time(s) unknown (138.197.78.121): 1 Time(s) unknown (159.89.38.114): 1 Time(s) unknown (183.103.35.194): 1 Time(s) unknown (197.48.112.115): 1 Time(s) unknown (2.ip-54-39-147.net): 1 Time(s) unknown (219.129.94.241): 1 Time(s) unknown (37.114.151.49): 1 Time(s) unknown (58.250.174.70): 1 Time(s) unknown (92.63.194.26): 1 Time(s) unknown (blog.jungleland.co.id): 1 Time(s) unknown (c-76-126-84-98.hsd1.ca.comcast.net): 1 Time(s) www-data (125.161.137.111): 1 Time(s) www-data (157.230.18.195): 1 Time(s) www-data (165.22.63.29): 1 Time(s) www-data (181.120.246.83): 1 Time(s) Invalid Users: Unknown Account: 2516 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 19 Miscellaneous warnings 21.802K Bytes accepted 22,325 21.802K Bytes sent via SMTP 22,325 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 247 Connections 26 Connections lost (inbound) 247 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 7 Time(s) Failed logins from: 27.190.123.142: 6 times 27.254.130.69: 2 times 43.231.61.147 (static-147-61-231-43.ebonenet.com): 4 times 45.80.64.246: 4 times 46.101.26.63 (107537-81967.cloudwaysapps.com): 8 times 49.88.112.54: 6 times 49.88.112.57: 12 times 51.254.57.17 (ip17.ip-51-254-57.eu): 3 times 52.169.136.28: 7 times 58.87.75.178: 1 time 58.250.174.70: 1 time 81.130.234.235 (host81-130-234-235.in-addr.btopenworld.com): 1 time 81.142.80.97 (host81-142-80-97.in-addr.btopenworld.com): 3 times 86.34.182.50 (mx.frigorifer.ro): 6 times 103.124.89.205: 9 times 104.248.148.34: 2 times 106.75.91.43: 3 times 111.198.54.173: 11 times 112.85.42.179: 6 times 113.122.170.94: 6 times 118.24.23.100: 3 times 118.68.105.223: 13 times 121.157.82.218: 1 time 125.161.137.111 (111.subnet125-161-137.speedy.telkom.net.id): 8 times 134.175.153.238: 3 times 139.59.95.216: 7 times 140.143.22.200: 1 time 140.143.59.171: 3 times 146.185.181.64: 7 times 147.135.156.91 (ip91.ip-147-135-156.eu): 8 times 154.72.195.154 (mail.ec.or.ug): 10 times 157.230.18.195: 9 times 157.230.103.135: 1 time 157.245.103.66: 1 time 165.22.63.29: 5 times 178.128.55.49: 3 times 181.28.94.205 (205-94-28-181.fibertel.com.ar): 3 times 181.120.246.83 (pool-83-246-120-181.telecel.com.py): 9 times 189.7.25.34 (bfbd1e22.virtua.com.br): 6 times 189.112.109.188 (189-112-109-188.static.ctbctelecom.com.br): 2 times 190.9.130.159: 2 times 202.188.101.106 (parkview-101-106.tm.net.my): 5 times 210.209.72.243: 2 times 218.92.0.184: 6 times Illegal users from: undef: 636 times 27.254.130.69: 13 times 37.114.151.49: 1 time 43.231.61.147 (static-147-61-231-43.ebonenet.com): 33 times 45.80.64.246: 85 times 46.101.26.63 (107537-81967.cloudwaysapps.com): 104 times 51.68.215.113 (113.ip-51-68-215.eu): 1 time 51.254.57.17 (ip17.ip-51-254-57.eu): 27 times 52.169.136.28: 86 times 54.39.147.2 (2.ip-54-39-147.net): 1 time 58.87.75.178: 124 times 58.250.174.70: 1 time 62.234.105.16: 5 times 76.126.84.98 (c-76-126-84-98.hsd1.ca.comcast.net): 1 time 78.198.69.64 (ca783-1-78-198-69-64.fbx.proxad.net): 2 times 81.130.234.235 (host81-130-234-235.in-addr.btopenworld.com): 18 times 81.142.80.97 (host81-142-80-97.in-addr.btopenworld.com): 70 times 86.34.182.50 (mx.frigorifer.ro): 111 times 92.63.194.26: 1 time 96.1.72.4 (96-1-72-4-staticipwest.wireless.telus.com): 4 times 103.124.89.205: 93 times 104.155.201.226 (226.201.155.104.bc.googleusercontent.com): 21 times 104.248.148.34: 14 times 106.75.91.43: 99 times 111.198.54.173: 114 times 115.94.141.62: 1 time 115.213.135.244: 6 times 117.0.35.153: 3 times 118.24.23.100: 17 times 118.24.82.164: 13 times 118.24.99.163: 1 time 118.68.105.223: 26 times 118.184.216.161 (h118-184-216-161.pubyun.com): 3 times 121.126.161.117: 1 time 124.176.144.22 (cpe-124-176-144-22.vb02.vic.asp.telstra.net): 2 times 125.161.137.111 (111.subnet125-161-137.speedy.telkom.net.id): 105 times 134.175.153.238: 95 times 138.197.78.121: 1 time 138.197.152.113: 1 time 139.59.95.216: 34 times 139.59.249.255 (blog.jungleland.co.id): 1 time 140.143.22.200: 14 times 140.143.59.171: 23 times 146.185.181.64: 106 times 147.135.156.91 (ip91.ip-147-135-156.eu): 98 times 154.72.195.154 (mail.ec.or.ug): 88 times 157.230.18.195: 106 times 157.245.103.66: 21 times 159.89.38.114: 1 time 165.22.63.29: 89 times 178.128.55.49: 103 times 181.28.94.205 (205-94-28-181.fibertel.com.ar): 86 times 181.120.246.83 (pool-83-246-120-181.telecel.com.py): 83 times 183.103.35.194: 1 time 183.236.132.241: 2 times 189.7.25.34 (bfbd1e22.virtua.com.br): 58 times 189.112.109.188 (189-112-109-188.static.ctbctelecom.com.br): 122 times 190.9.130.159: 41 times 193.32.163.182 (hosting-by.cloud-home.me): 4 times 197.48.112.115 (host-197.48.112.115.tedata.net): 1 time 202.65.151.31 (static-202-65-151-31.ctrls.in): 14 times 202.188.101.106 (parkview-101-106.tm.net.my): 82 times 210.209.72.243: 33 times 219.129.94.241 (241.94.129.219.broad.sg.gd.dynamic.163data.com.cn): 1 time **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 3 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 4 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################