################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Jun 25 04:42:07 2019 Date Range Processed: yesterday ( 2019-Jun-24 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [143:139] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 2 sites probed the server 176.58.124.134 5.188.210.101 Requests with error response codes 400 Bad Request /socket.io/?noteId=XdKJnzV3SqS8tRhprzFWYA& ... UwSiSzGbrPaABor: 3 Time(s) null: 3 Time(s) /socket.io/?noteId=DIzhC6WlQjOaN7HGcnVJlw& ... 0ixB_IQNHiIABm2: 2 Time(s) /socket.io/?noteId=DIzhC6WlQjOaN7HGcnVJlw& ... QWvM6zAyuW3ABk_: 2 Time(s) /socket.io/?noteId=DIzhC6WlQjOaN7HGcnVJlw& ... Y6i8Q14prqRABk3: 2 Time(s) /socket.io/?noteId=bp9hE2swRPGQzl3QTwIibg& ... 3EJmNuHNKu4ABk5: 2 Time(s) /socket.io/?noteId=bp9hE2swRPGQzl3QTwIibg& ... sAzQVSLHNgOABm3: 2 Time(s) mstshash=Test: 2 Time(s) /moo: 1 Time(s) /robots.txt: 1 Time(s) /socket.io/?noteId=XdKJnzV3SqS8tRhprzFWYA& ... CnghLm3YvOFABlj: 1 Time(s) /socket.io/?noteId=XdKJnzV3SqS8tRhprzFWYA& ... FAqLMupUn5RABlP: 1 Time(s) /socket.io/?noteId=XdKJnzV3SqS8tRhprzFWYA& ... LPXSA81U6tfABoj: 1 Time(s) 404 Not Found /robots.txt: 30 Time(s) /berlin/apple-touch-icon.png: 4 Time(s) /modules/plupload/examples/upload.php: 2 Time(s) /sites/all/libraries/_plupload/examples/upload.php: 2 Time(s) /sites/zapfev.de/libraries/plupload/examples/upload.php: 2 Time(s) /nnrggbdsc.html: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s) /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 1 Time(s) /sites/default/libraries/plupload/examples/upload.php: 1 Time(s) /wp-login.php: 1 Time(s) /zapf/geschaeftsordnung: 1 Time(s) 499 (undefined) /fonts/SourceSansPro-Regular.woff: 1 Time(s) /socket.io/?noteId=DIzhC6WlQjOaN7HGcnVJlw& ... 0ixB_IQNHiIABm2: 1 Time(s) /socket.io/?noteId=DIzhC6WlQjOaN7HGcnVJlw& ... P0ZFExVeZ7nABm4: 1 Time(s) /socket.io/?noteId=DIzhC6WlQjOaN7HGcnVJlw& ... QWvM6zAyuW3ABk_: 1 Time(s) /socket.io/?noteId=DIzhC6WlQjOaN7HGcnVJlw& ... Y6i8Q14prqRABk3: 1 Time(s) /socket.io/?noteId=bp9hE2swRPGQzl3QTwIibg& ... 3EJmNuHNKu4ABk5: 1 Time(s) /socket.io/?noteId=bp9hE2swRPGQzl3QTwIibg& ... sAzQVSLHNgOABm3: 1 Time(s) /socket.io/?noteId=bp9hE2swRPGQzl3QTwIibg& ... zFOgwZQE_VyABm5: 1 Time(s) 500 Internal Server Error /: 9 Time(s) /downloader/index.php: 3 Time(s) /errors/503.php: 3 Time(s) /index.php/admin/: 3 Time(s) /api/v1/pod: 1 Time(s) /index.html: 1 Time(s) /site/.env: 1 Time(s) /web/.env: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (host81-130-234-235.in-addr.btopenworld.com): 17 Time(s) unknown (111-254-13-40.dynamic-ip.hinet.net): 15 Time(s) unknown (62.234.8.41): 14 Time(s) unknown (102.130.112.87): 12 Time(s) unknown (125.ip-217-182-74.eu): 12 Time(s) unknown (139.198.121.56): 12 Time(s) unknown (142.93.47.74): 12 Time(s) unknown (148.70.3.199): 12 Time(s) unknown (159.65.171.113): 12 Time(s) unknown (162.243.158.185): 12 Time(s) unknown (180.179.227.201): 12 Time(s) unknown (180.218.96.194): 12 Time(s) unknown (192.99.216.184): 12 Time(s) unknown (197.251.207.20): 12 Time(s) unknown (45.ip-51-38-113.eu): 12 Time(s) unknown (bfay1.pndsl.co.uk): 12 Time(s) unknown (cpe-75-80-193-222.hawaii.res.rr.com): 12 Time(s) unknown (oc-129-158-74-141.compute.oraclecloud.com): 12 Time(s) unknown (oc-130-162-68-214.compute.oraclecloud.com): 12 Time(s) unknown (106.12.74.123): 11 Time(s) unknown (125-227-164-62.hinet-ip.hinet.net): 11 Time(s) unknown (165.227.46.221): 11 Time(s) unknown (197.51.239.102): 11 Time(s) unknown (41.ip-51-255-35.eu): 11 Time(s) unknown (218.88.20.223): 10 Time(s) unknown (104.254.246.212): 9 Time(s) unknown (137.ip-54-37-232.eu): 9 Time(s) unknown (159.203.179.230): 9 Time(s) unknown (183.101.216.229): 9 Time(s) unknown (188.166.70.245): 9 Time(s) unknown (200.60.60.84): 9 Time(s) unknown (67.ip-137-74-175.eu): 9 Time(s) unknown (95.49.117.91.dynamic.reverse-mundo-r.com): 9 Time(s) unknown (123.red-95-123-135.staticip.rima-tde.net): 8 Time(s) unknown (118.25.128.19): 7 Time(s) unknown (45.5.164.90): 7 Time(s) root (111.224.137.220): 6 Time(s) root (218.92.0.212): 6 Time(s) unknown (185.117.74.70): 6 Time(s) unknown (bl8-48-10.dsl.telepac.pt): 6 Time(s) unknown (168.194.163.66): 4 Time(s) unknown (180.76.108.110): 4 Time(s) unknown (cpe-74-141-211-210.kya.res.rr.com): 4 Time(s) unknown (103.65.195.107): 3 Time(s) unknown (118.69.128.22): 3 Time(s) unknown (123.20.225.230): 3 Time(s) unknown (130.61.108.56): 3 Time(s) unknown (168.194.140.130): 3 Time(s) unknown (190.9.130.159): 3 Time(s) unknown (208.103.229.87): 3 Time(s) unknown (36.37.124.51): 3 Time(s) unknown (41.82.208.179): 3 Time(s) unknown (mail.mayem.com.tr): 3 Time(s) root (111-254-13-40.dynamic-ip.hinet.net): 2 Time(s) unknown (180.250.108.133): 2 Time(s) unknown (mo110-163-131-78.fix.mopera.net): 2 Time(s) bin (oc-129-158-74-141.compute.oraclecloud.com): 1 Time(s) bind (45.ip-51-38-113.eu): 1 Time(s) list (197.51.239.102): 1 Time(s) mail (111-254-13-40.dynamic-ip.hinet.net): 1 Time(s) mysql (200.60.60.84): 1 Time(s) root (118-163-193-82.hinet-ip.hinet.net): 1 Time(s) root (142.93.47.74): 1 Time(s) root (165.227.46.221): 1 Time(s) root (218.88.20.223): 1 Time(s) root (218.92.0.175): 1 Time(s) root (41.ip-51-255-35.eu): 1 Time(s) root (45.ip-51-38-113.eu): 1 Time(s) root (58.242.82.11): 1 Time(s) root (58.242.82.6): 1 Time(s) root (62.234.8.41): 1 Time(s) root (67.ip-137-74-175.eu): 1 Time(s) root (bfay1.pndsl.co.uk): 1 Time(s) root (host81-130-234-235.in-addr.btopenworld.com): 1 Time(s) unknown (106.13.39.154): 1 Time(s) unknown (156.195.189.184): 1 Time(s) unknown (183.82.121.34): 1 Time(s) unknown (193.32.163.182): 1 Time(s) unknown (197.50.129.58): 1 Time(s) unknown (217.165.204.6): 1 Time(s) unknown (31.162.53.202): 1 Time(s) unknown (51.255.208.71): 1 Time(s) unknown (62.234.62.191): 1 Time(s) unknown (lputeaux-657-1-142-172.w193-248.abo.wanadoo.fr): 1 Time(s) www-data (197.51.239.102): 1 Time(s) Invalid Users: Unknown Account: 465 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 41 Miscellaneous warnings 10.854K Bytes accepted 11,114 10.854K Bytes sent via SMTP 11,114 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 239 Connections 228 Connections lost (inbound) 239 Disconnections 1 Removed from queue 1 Sent via SMTP 2 SMTP dialog errors 11 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 51.38.113.45 (45.ip-51-38-113.eu): 2 times 51.255.35.41 (41.ip-51-255-35.eu): 1 time 58.242.82.6: 2 times 58.242.82.11: 3 times 62.234.8.41: 1 time 80.229.253.212 (bfay1.pndsl.co.uk): 1 time 81.130.234.235 (host81-130-234-235.in-addr.btopenworld.com): 1 time 111.224.137.220: 6 times 111.254.13.40 (111-254-13-40.dynamic-ip.hinet.net): 3 times 118.163.193.82 (118-163-193-82.HINET-IP.hinet.net): 1 time 129.158.74.141 (oc-129-158-74-141.compute.oraclecloud.com): 1 time 137.74.175.67 (67.ip-137-74-175.eu): 1 time 142.93.47.74: 1 time 165.227.46.221: 1 time 197.51.239.102 (host-197.51.239.102.tedata.net): 2 times 200.60.60.84: 1 time 218.88.20.223 (223.20.88.218.broad.cd.sc.dynamic.163data.com.cn): 1 time 218.92.0.175: 2 times 218.92.0.212: 6 times Illegal users from: undef: 364 times 31.162.53.202: 1 time 36.37.124.51: 3 times 41.82.208.179: 3 times 45.5.164.90: 7 times 51.38.113.45 (45.ip-51-38-113.eu): 12 times 51.255.35.41 (41.ip-51-255-35.eu): 11 times 51.255.208.71 (f191arais.scanfeat.org): 1 time 54.37.232.137 (137.ip-54-37-232.eu): 9 times 62.234.8.41: 14 times 62.234.62.191: 1 time 74.141.211.210 (cpe-74-141-211-210.kya.res.rr.com): 4 times 75.80.193.222 (cpe-75-80-193-222.hawaii.res.rr.com): 12 times 78.186.184.231 (mail.mayem.com.tr): 3 times 80.229.253.212 (bfay1.pndsl.co.uk): 12 times 81.130.234.235 (host81-130-234-235.in-addr.btopenworld.com): 17 times 85.241.48.10 (bl8-48-10.dsl.telepac.pt): 6 times 91.117.49.95 (95.49.117.91.dynamic.reverse-mundo-r.com): 9 times 95.123.135.123 (123.red-95-123-135.staticip.rima-tde.net): 8 times 102.130.112.87: 12 times 103.65.195.107: 3 times 104.254.246.212: 9 times 106.12.74.123: 11 times 106.13.39.154: 1 time 110.163.131.78 (mo110-163-131-78.fix.mopera.net): 2 times 111.254.13.40 (111-254-13-40.dynamic-ip.hinet.net): 15 times 118.25.128.19: 7 times 118.69.128.22: 3 times 123.20.225.230: 3 times 125.227.164.62 (125-227-164-62.HINET-IP.hinet.net): 11 times 129.158.74.141 (oc-129-158-74-141.compute.oraclecloud.com): 12 times 130.61.108.56: 3 times 130.162.68.214 (oc-130-162-68-214.compute.oraclecloud.com): 12 times 137.74.175.67 (67.ip-137-74-175.eu): 9 times 139.198.121.56: 12 times 142.93.47.74: 12 times 148.70.3.199: 12 times 156.195.189.184 (host-156.195.184.189-static.tedata.net): 1 time 159.65.171.113: 12 times 159.203.179.230: 9 times 162.243.158.185: 12 times 165.227.46.221: 11 times 168.194.140.130: 3 times 168.194.163.66 (66.163.194.168.rfc6598.dynamic.copelfibra.com.br): 4 times 180.76.108.110: 4 times 180.179.227.201: 12 times 180.218.96.194 (180-218-96-194.dynamic.twmbroadband.net): 12 times 180.250.108.133: 2 times 183.82.121.34 (broadband.actcorp.in): 1 time 183.101.216.229: 9 times 185.117.74.70 (dedi46883-4.hostsailor.com): 6 times 188.166.70.245: 9 times 190.9.130.159: 3 times 192.99.216.184: 12 times 193.32.163.182 (hosting-by.cloud-home.me): 1 time 193.248.201.172 (lputeaux-657-1-142-172.w193-248.abo.wanadoo.fr): 1 time 197.50.129.58 (host-197.50.129.58.tedata.net): 1 time 197.51.239.102 (host-197.51.239.102.tedata.net): 11 times 197.251.207.20: 12 times 200.60.60.84: 9 times 208.103.229.87 (208-103-229-87.eastlink.ca): 3 times 217.165.204.6: 1 time 217.182.74.125 (125.ip-217-182-74.eu): 12 times 218.88.20.223 (223.20.88.218.broad.cd.sc.dynamic.163data.com.cn): 10 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################