################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Jun 13 04:42:08 2019 Date Range Processed: yesterday ( 2019-Jun-12 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [206:208] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 5 sites probed the server 176.8.91.216 206.189.113.84 3.19.108.234 77.247.110.141 77.247.110.68 Requests with error response codes 400 Bad Request null: 6 Time(s) mstshash=Administr: 4 Time(s) /: 1 Time(s) /robots.txt: 1 Time(s) O\xF9\xCD*Tp\xCF\xDF4\xE7S\x5Ce\xC8j\x18\x ... D\xC0$\xC0(\xC0: 1 Time(s) 404 Not Found /robots.txt: 37 Time(s) /berlin/apple-touch-icon.png: 6 Time(s) /.well-known/openpgpkey/hu/qs1j67f594iidts ... qm5t?l=vorstand: 2 Time(s) /wp-login.php: 2 Time(s) /.well-known/openpgpkey/hu/1gm6knecomg4mwo ... 36?l=mitglieder: 1 Time(s) //2015/wp-includes/wlwmanifest.xml: 1 Time(s) //2016/wp-includes/wlwmanifest.xml: 1 Time(s) //2017/wp-includes/wlwmanifest.xml: 1 Time(s) //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /sites/all/modules/civicrm/packages/OpenFl ... pload_image.php: 1 Time(s) /sites/all/modules/contrib/civicrm/package ... pload_image.php: 1 Time(s) /sites/default/modules/civicrm/packages/Op ... pload_image.php: 1 Time(s) 500 Internal Server Error /: 29 Time(s) //a2billing/admin/Public/: 2 Time(s) //libs/js/iframe.js: 1 Time(s) /bonn: 1 Time(s) /html/.env: 1 Time(s) /sose19: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (181.174.81.245): 45 Time(s) unknown (111.230.140.177): 42 Time(s) unknown (178.128.21.32): 40 Time(s) unknown (188.131.153.127): 40 Time(s) unknown (190.95.82.66): 40 Time(s) unknown (46.39.28.241): 40 Time(s) unknown (62.234.103.7): 40 Time(s) unknown (180.250.18.197): 39 Time(s) unknown (211.104.172.236): 39 Time(s) unknown (106.13.4.76): 38 Time(s) unknown (139.199.113.202): 36 Time(s) unknown (192.241.201.182): 33 Time(s) unknown (206.189.198.64): 33 Time(s) unknown (179.ip-51-77-212.eu): 28 Time(s) unknown (111.230.248.125): 23 Time(s) unknown (119.1.238.156): 15 Time(s) root (181.174.81.245): 14 Time(s) unknown (123.206.13.46): 12 Time(s) unknown (223.83.155.77): 11 Time(s) unknown (cpe-67-245-146-49.nyc.res.rr.com): 10 Time(s) root (206.189.198.64): 9 Time(s) unknown (67.218.96.156): 9 Time(s) root (139.199.113.202): 8 Time(s) root (180.250.18.197): 8 Time(s) root (211.104.172.236): 8 Time(s) root (106.13.4.76): 7 Time(s) root (188.131.153.127): 7 Time(s) root (176.212.110.208): 6 Time(s) root (190.95.82.66): 6 Time(s) root (c-76-102-117-6.hsd1.ca.comcast.net): 6 Time(s) unknown (123.169.57.67): 6 Time(s) unknown (pc-194-29-74-200.cm.vtr.net): 6 Time(s) root (178.128.21.32): 5 Time(s) root (179.ip-51-77-212.eu): 5 Time(s) root (223.83.155.77): 5 Time(s) root (46.39.28.241): 5 Time(s) root (62.234.103.7): 5 Time(s) unknown (106.12.203.210): 5 Time(s) unknown (129.204.108.143): 5 Time(s) root (192.241.201.182): 4 Time(s) unknown (27.148.193.66): 4 Time(s) root (111.230.248.125): 3 Time(s) root (129.204.108.143): 3 Time(s) root (cpe-67-245-146-49.nyc.res.rr.com): 3 Time(s) root (106.12.203.210): 2 Time(s) root (111.230.140.177): 2 Time(s) root (123.206.13.46): 2 Time(s) unknown (178-116-46-206.access.telenet.be): 2 Time(s) unknown (193.32.163.89): 2 Time(s) unknown (94.red-88-24-29.staticip.rima-tde.net): 2 Time(s) unknown (95.248.186.199): 2 Time(s) unknown (h-11-243.a324.priv.bahnhof.se): 2 Time(s) daemon (192.241.201.182): 1 Time(s) games (178.128.21.32): 1 Time(s) games (180.250.18.197): 1 Time(s) gnats (190.95.82.66): 1 Time(s) gnats (211.104.172.236): 1 Time(s) irc (46.39.28.241): 1 Time(s) irc (67.218.96.156): 1 Time(s) list (139.199.113.202): 1 Time(s) mail (123.206.13.46): 1 Time(s) mail (192.241.201.182): 1 Time(s) mail (206.189.198.64): 1 Time(s) mailman (139.199.113.202): 1 Time(s) man (192.241.201.182): 1 Time(s) messagebus (123.206.13.46): 1 Time(s) mysql (107.170.231.42): 1 Time(s) mysql (179.ip-51-77-212.eu): 1 Time(s) mysql (192.241.201.182): 1 Time(s) news (179.ip-51-77-212.eu): 1 Time(s) nobody (123.206.13.46): 1 Time(s) postgres (188.131.153.127): 1 Time(s) postgres (46.39.28.241): 1 Time(s) postgres (cpe-67-245-146-49.nyc.res.rr.com): 1 Time(s) proxy (190.95.82.66): 1 Time(s) root (112.85.42.172): 1 Time(s) root (218.92.0.161): 1 Time(s) root (218.92.0.164): 1 Time(s) root (218.92.0.185): 1 Time(s) root (67.218.96.156): 1 Time(s) root (vmi259246.contaboserver.net): 1 Time(s) smmsp (27.148.193.66): 1 Time(s) sync (111.230.140.177): 1 Time(s) sync (178.128.21.32): 1 Time(s) sync (27.148.193.66): 1 Time(s) unknown (123.16.230.197): 1 Time(s) unknown (139.59.14.210): 1 Time(s) unknown (14.186.223.16): 1 Time(s) unknown (182.50.120.226): 1 Time(s) unknown (185.208.64.6): 1 Time(s) unknown (2.ip-51-68-141.eu): 1 Time(s) unknown (68.183.161.60): 1 Time(s) unknown (74.208.239.79): 1 Time(s) unknown (cpe-174-101-80-233.columbus.res.rr.com): 1 Time(s) unknown (static.24.110.9.176.clients.your-server.de): 1 Time(s) uucp (179.ip-51-77-212.eu): 1 Time(s) Invalid Users: Unknown Account: 659 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 17 Miscellaneous warnings 16.870K Bytes accepted 17,275 16.870K Bytes sent via SMTP 17,275 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 289 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 289 Total 4xx Rejects 100.00% ======== ================================================== 462 Connections 458 Connections lost (inbound) 462 Disconnections 1 Removed from queue 1 Sent via SMTP 9 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 2 Time(s) root : 2 Time(s) Failed logins from: 27.148.193.66: 2 times 46.39.28.241 (ipoe-241-28-39-46.danpro.ru): 7 times 51.77.212.179 (179.ip-51-77-212.eu): 8 times 62.234.103.7: 5 times 67.218.96.156: 2 times 67.245.146.49 (cpe-67-245-146-49.nyc.res.rr.com): 4 times 76.102.117.6 (c-76-102-117-6.hsd1.ca.comcast.net): 6 times 106.12.203.210: 2 times 106.13.4.76: 7 times 107.170.231.42: 1 time 111.230.140.177: 3 times 111.230.248.125: 3 times 112.85.42.172: 3 times 123.206.13.46: 5 times 129.204.108.143: 3 times 139.199.113.202: 10 times 167.86.88.143 (vmi259246.contaboserver.net): 1 time 176.212.110.208 (176x212x110x208.dynamic.bryansk.ertelecom.ru): 6 times 178.128.21.32: 7 times 180.250.18.197: 9 times 181.174.81.245: 14 times 188.131.153.127: 8 times 190.95.82.66: 8 times 192.241.201.182: 8 times 206.189.198.64: 10 times 211.104.172.236: 9 times 218.92.0.161: 2 times 218.92.0.164: 3 times 218.92.0.185: 2 times 223.83.155.77: 5 times Illegal users from: undef: 546 times 14.186.223.16 (static.vnpt.vn): 1 time 27.148.193.66: 4 times 46.39.28.241 (ipoe-241-28-39-46.danpro.ru): 40 times 46.59.11.243 (h-11-243.A324.priv.bahnhof.se): 2 times 51.68.141.2 (2.ip-51-68-141.eu): 1 time 51.77.212.179 (179.ip-51-77-212.eu): 28 times 62.234.103.7: 40 times 67.218.96.156: 9 times 67.245.146.49 (cpe-67-245-146-49.nyc.res.rr.com): 10 times 68.183.161.60: 1 time 74.208.239.79: 1 time 88.24.29.94 (94.red-88-24-29.staticip.rima-tde.net): 2 times 95.248.186.199 (host199-186-dynamic.248-95-r.retail.telecomitalia.it): 2 times 106.12.203.210: 5 times 106.13.4.76: 38 times 111.230.140.177: 42 times 111.230.248.125: 23 times 119.1.238.156: 15 times 123.16.230.197 (static.vnpt.vn): 1 time 123.169.57.67: 6 times 123.206.13.46: 12 times 129.204.108.143: 5 times 139.59.14.210: 1 time 139.199.113.202: 36 times 174.101.80.233 (cpe-174-101-80-233.columbus.res.rr.com): 1 time 176.9.110.24 (static.24.110.9.176.clients.your-server.de): 1 time 178.116.46.206 (178-116-46-206.access.telenet.be): 2 times 178.128.21.32: 40 times 180.250.18.197: 39 times 181.174.81.245: 45 times 182.50.120.226: 1 time 185.208.64.6: 1 time 188.131.153.127: 40 times 190.95.82.66: 40 times 192.241.201.182: 33 times 193.32.163.89 (srv.eqaltech.su): 2 times 200.74.29.194 (pc-194-29-74-200.cm.vtr.net): 6 times 206.189.198.64: 33 times 211.104.172.236: 39 times 223.83.155.77: 11 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################