################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Sep 16 04:42:07 2019 Date Range Processed: yesterday ( 2019-Sep-15 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [396:402] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 54.36.110.42 92.119.160.72 94.102.49.190 Requests with error response codes 400 Bad Request null: 9 Time(s) mstshash=Administr: 5 Time(s) /socket.io/?noteId=91aG6QXGQrqdgFLFVwnGTg& ... 5xtd-dzFAoTAAH8: 3 Time(s) /socket.io/?noteId=91aG6QXGQrqdgFLFVwnGTg& ... KRvn4D_3E53AAI3: 3 Time(s) /: 2 Time(s) /socket.io/?noteId=8dxpYm7QThSSdg6vLrAwpA& ... 4t_K0SIXLFFAAJ_: 2 Time(s) /socket.io/?noteId=NO_WaDXmSQyP0hpZeMYwVw& ... wljYjsw8e6hAAII: 2 Time(s) ../../mnt/custom/ProductDefinition: 1 Time(s) /confirm/%s: 1 Time(s) /manager/html: 1 Time(s) /manager/text/list: 1 Time(s) /socket.io/?noteId=8dxpYm7QThSSdg6vLrAwpA& ... GfbYLqCoIgvAAKH: 1 Time(s) /socket.io/?noteId=91aG6QXGQrqdgFLFVwnGTg& ... -pKnAvgMt8gAAJH: 1 Time(s) /socket.io/?noteId=91aG6QXGQrqdgFLFVwnGTg& ... Ym-4rhvqyBGAAJS: 1 Time(s) /socket.io/?noteId=91aG6QXGQrqdgFLFVwnGTg& ... atdfPZzvSVmAAIG: 1 Time(s) /socket.io/?noteId=91aG6QXGQrqdgFLFVwnGTg& ... oDPlTO1EvIcAAJa: 1 Time(s) /socket.io/?noteId=91aG6QXGQrqdgFLFVwnGTg& ... sWpvUkeHa-qAAIv: 1 Time(s) /socket.io/?noteId=91aG6QXGQrqdgFLFVwnGTg& ... yfEVYOcwncuAAJF: 1 Time(s) 404 Not Found /robots.txt: 26 Time(s) /node: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /resolutionen/sose19/Unterschriftenkampagn ... ilklausel/Reso_: 1 Time(s) /sites/default/files/2012_WiSe_Karlsruhe.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /verein%7CZaPF: 1 Time(s) /verein/satzung/%7CSatzung: 1 Time(s) 499 (undefined) /favicon.png: 4 Time(s) /apple-touch-icon.png: 3 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 2 Time(s) /build/font-pack.2c73dce02b1eaa3a3b4e.css: 2 Time(s) /fonts/SourceCodePro-Regular.woff: 2 Time(s) /build/constant.js: 1 Time(s) /build/emojify.js/dist/images/basic/airplane.png: 1 Time(s) /build/index.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /fonts/SourceSansPro-Regular.woff: 1 Time(s) /js/mathjax-config-extra.js: 1 Time(s) /socket.io/?noteId=91aG6QXGQrqdgFLFVwnGTg& ... tj4OHeQh4vQAATB: 1 Time(s) 500 Internal Server Error /: 12 Time(s) /mysql/print.css: 2 Time(s) /robots.txt: 2 Time(s) /.well-known/security.txt: 1 Time(s) /HNAP1: 1 Time(s) /database/print.css: 1 Time(s) /evox/about: 1 Time(s) /favicon.ico: 1 Time(s) /myadmin/print.css: 1 Time(s) /nmaplowercheck1568560438: 1 Time(s) /phpMyAdmin/print.css: 1 Time(s) /phpmyadmin/print.css: 1 Time(s) /pma/print.css: 1 Time(s) /sdk: 1 Time(s) /sitemap.xml: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (191.7.152.13): 68 Time(s) unknown (secure.canadahomestayinternational.com): 63 Time(s) unknown (119.ip-51-83-76.eu): 62 Time(s) unknown (167.86.119.5): 62 Time(s) unknown (180.168.70.190): 62 Time(s) unknown (182.253.188.11): 61 Time(s) unknown (223.194.45.84): 61 Time(s) unknown (47.254.172.125): 61 Time(s) unknown (89.36.217.142): 61 Time(s) unknown (134.ip-51-75-28.eu): 60 Time(s) unknown (200.60.60.84): 59 Time(s) unknown (45.118.144.31): 57 Time(s) unknown (50.89.229.225): 57 Time(s) unknown (104.248.181.156): 56 Time(s) unknown (49.51.46.69): 56 Time(s) unknown (139.199.164.21): 54 Time(s) unknown (182.93.48.21): 53 Time(s) unknown (oc-129-150-172-40.compute.oraclecloud.com): 53 Time(s) unknown (94.250.252.160): 51 Time(s) unknown (62.216.233.132): 45 Time(s) unknown (223-197-250-72.static.imsbiz.com): 44 Time(s) unknown (106.12.134.133): 39 Time(s) unknown (ns3270404.ip-5-39-82.eu): 39 Time(s) unknown (c-69-245-220-97.hsd1.il.comcast.net): 36 Time(s) unknown (mdh-16-81.tm.net.my): 35 Time(s) unknown (103.242.13.70): 33 Time(s) unknown (ip233.ip-164-132-62.eu): 33 Time(s) unknown (106.12.13.247): 31 Time(s) unknown (163.172.67.123): 31 Time(s) unknown (e2e-38-119.e2enetworks.net.in): 31 Time(s) unknown (014198006164.ctinets.com): 30 Time(s) unknown (117.55.241.4): 25 Time(s) unknown (ns3118043.ip-51-38-57.eu): 24 Time(s) unknown (178.150.216.229): 22 Time(s) unknown (14.29.162.139): 17 Time(s) unknown (89.109.11.209): 14 Time(s) root (112.85.42.180): 10 Time(s) unknown (106.52.151.89): 9 Time(s) unknown (167.71.55.1): 9 Time(s) unknown (211.104.171.239): 8 Time(s) unknown (ns3108951.ip-54-37-254.eu): 8 Time(s) unknown (109.248.219.66): 7 Time(s) unknown (213.14.214.229): 7 Time(s) root (113.67.180.16): 6 Time(s) root (114.244.249.16): 6 Time(s) root (116.54.198.162): 6 Time(s) root (139.199.164.21): 6 Time(s) root (177.11.44.118): 6 Time(s) root (188.19.189.9): 6 Time(s) root (190.233.68.111): 6 Time(s) root (42.235.89.102): 6 Time(s) root (49.83.1.95): 6 Time(s) root (49.88.112.54): 6 Time(s) root (60.161.2.154): 6 Time(s) unknown (109-184-116-154.dynamic.mts-nn.ru): 6 Time(s) unknown (45.55.15.134): 6 Time(s) unknown (69.158.249.44): 6 Time(s) unknown (91.180.125.193): 6 Time(s) unknown (byh192.neoplus.adsl.tpnet.pl): 6 Time(s) root (119.ip-51-83-76.eu): 5 Time(s) root (182.253.188.11): 5 Time(s) root (182.93.48.21): 5 Time(s) root (191.7.152.13): 5 Time(s) root (89.36.217.142): 5 Time(s) unknown (p4fefc2bb.dip0.t-ipconnect.de): 5 Time(s) root (134.ip-51-75-28.eu): 4 Time(s) root (223.194.45.84): 4 Time(s) root (47.254.172.125): 4 Time(s) unknown (112.186.77.122): 4 Time(s) unknown (183.103.35.198): 4 Time(s) unknown (222.120.192.106): 4 Time(s) root (167.86.119.5): 3 Time(s) root (180.168.70.190): 3 Time(s) root (secure.canadahomestayinternational.com): 3 Time(s) unknown (106.12.125.27): 3 Time(s) unknown (154.65.33.198): 3 Time(s) unknown (193.32.163.182): 3 Time(s) unknown (210.217.24.254): 3 Time(s) unknown (221.156.116.51): 3 Time(s) unknown (59.25.197.142): 3 Time(s) unknown (ip-107-180-68-110.ip.secureserver.net): 3 Time(s) postgres (104.248.181.156): 2 Time(s) postgres (119.ip-51-83-76.eu): 2 Time(s) postgres (163.172.67.123): 2 Time(s) root (103.242.13.70): 2 Time(s) root (104.248.181.156): 2 Time(s) root (109.248.219.66): 2 Time(s) root (163.172.67.123): 2 Time(s) root (200.60.60.84): 2 Time(s) root (223-197-250-72.static.imsbiz.com): 2 Time(s) root (50.89.229.225): 2 Time(s) root (c-69-245-220-97.hsd1.il.comcast.net): 2 Time(s) root (ip-107-180-68-110.ip.secureserver.net): 2 Time(s) root (ns3108951.ip-54-37-254.eu): 2 Time(s) root (ns3270404.ip-5-39-82.eu): 2 Time(s) root (p4fefc2bb.dip0.t-ipconnect.de): 2 Time(s) unknown (178.124.207.30): 2 Time(s) unknown (47.154.227.108): 2 Time(s) unknown (91-167-34-221.subs.proxad.net): 2 Time(s) unknown (92.63.194.26): 2 Time(s) unknown (adsl-11.109.242.43.tellas.gr): 2 Time(s) www-data (180.168.70.190): 2 Time(s) backup (182.253.188.11): 1 Time(s) games (139.199.164.21): 1 Time(s) gnats (180.168.70.190): 1 Time(s) mail (47.254.172.125): 1 Time(s) mail (secure.canadahomestayinternational.com): 1 Time(s) mysql (106.12.134.133): 1 Time(s) mysql (223-197-250-72.static.imsbiz.com): 1 Time(s) nobody (182.253.188.11): 1 Time(s) nobody (ns3118043.ip-51-38-57.eu): 1 Time(s) opendkim (50.89.229.225): 1 Time(s) postgres (103.242.13.70): 1 Time(s) postgres (182.253.188.11): 1 Time(s) postgres (223.194.45.84): 1 Time(s) postgres (89.109.11.209): 1 Time(s) postgres (94.250.252.160): 1 Time(s) postgres (ip233.ip-164-132-62.eu): 1 Time(s) root (106.12.134.133): 1 Time(s) root (167.71.55.1): 1 Time(s) root (211.104.171.239): 1 Time(s) root (213.14.214.229): 1 Time(s) root (45.118.144.31): 1 Time(s) root (45.55.15.134): 1 Time(s) root (62.216.233.132): 1 Time(s) root (90.71.57.2): 1 Time(s) root (ip233.ip-164-132-62.eu): 1 Time(s) root (mdh-16-81.tm.net.my): 1 Time(s) root (oc-129-150-172-40.compute.oraclecloud.com): 1 Time(s) sshd (119.ip-51-83-76.eu): 1 Time(s) sshd (182.253.188.11): 1 Time(s) sshd (45.118.144.31): 1 Time(s) sshd (89.36.217.142): 1 Time(s) sshd (secure.canadahomestayinternational.com): 1 Time(s) sys (89.36.217.142): 1 Time(s) temp (182.93.48.21): 1 Time(s) temp (191.7.152.13): 1 Time(s) temp (223.194.45.84): 1 Time(s) temp (89.36.217.142): 1 Time(s) temp (ns3270404.ip-5-39-82.eu): 1 Time(s) unknown (103.250.36.113): 1 Time(s) unknown (104.248.71.7): 1 Time(s) unknown (107.173.26.170): 1 Time(s) unknown (114.233.99.99): 1 Time(s) unknown (114.31.87.54): 1 Time(s) unknown (118.121.201.83): 1 Time(s) unknown (128.199.59.42): 1 Time(s) unknown (152.136.125.210): 1 Time(s) unknown (156.195.152.99): 1 Time(s) unknown (159.ip-51-75-70.eu): 1 Time(s) unknown (165.22.4.209): 1 Time(s) unknown (177.106.31.187): 1 Time(s) unknown (181.143.72.66): 1 Time(s) unknown (188.166.228.244): 1 Time(s) unknown (211.159.174.127): 1 Time(s) unknown (215.ip-164-132-54.eu): 1 Time(s) unknown (95-105-237-69.dynamic.orange.sk): 1 Time(s) unknown (anon-42-175.vpn.ipredator.se): 1 Time(s) unknown (c-73-187-89-63.hsd1.pa.comcast.net): 1 Time(s) unknown (ip-89-103-27-45.net.upcbroadband.cz): 1 Time(s) unknown (ip-89-103-88-187.net.upcbroadband.cz): 1 Time(s) unknown (kch-106-33.tm.net.my): 1 Time(s) unknown (mail2.bergschneider.de): 1 Time(s) www-data (104.248.181.156): 1 Time(s) www-data (139.199.164.21): 1 Time(s) www-data (223.194.45.84): 1 Time(s) Invalid Users: Unknown Account: 1799 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 8 Miscellaneous warnings 17.416K Bytes accepted 17,834 17.416K Bytes sent via SMTP 17,834 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 4 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 4 Total 4xx Rejects 100.00% ======== ================================================== 78 Connections 4 Connections lost (inbound) 78 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 3 Time(s) root : 11 Time(s) Failed logins from: 5.39.82.197 (ns3270404.ip-5-39-82.eu): 3 times 42.235.89.102 (hn.kd.ny.adsl): 6 times 45.55.15.134: 1 time 45.118.144.31: 2 times 47.254.172.125: 5 times 49.83.1.95: 6 times 49.88.112.54: 6 times 50.89.229.225: 3 times 51.38.57.78 (ns3118043.ip-51-38-57.eu): 1 time 51.75.28.134 (134.ip-51-75-28.eu): 4 times 51.83.76.119 (119.ip-51-83-76.eu): 8 times 54.37.254.57 (ns3108951.ip-54-37-254.eu): 2 times 60.161.2.154: 6 times 62.216.233.132: 1 time 69.245.220.97 (c-69-245-220-97.hsd1.il.comcast.net): 2 times 79.239.194.187 (p4FEFC2BB.dip0.t-ipconnect.de): 2 times 89.36.217.142 (host142-217-36-89.serverdedicati.aruba.it): 8 times 89.109.11.209 (89-109-11-209.static.mts-nn.ru): 1 time 90.71.57.2 (2.pool90-71-57.dynamic.orange.es): 1 time 94.250.252.160 (vmandrch.fvds.ru): 1 time 103.242.13.70: 3 times 104.248.181.156: 5 times 106.12.134.133: 2 times 107.180.68.110 (ip-107-180-68-110.ip.secureserver.net): 2 times 109.248.219.66: 2 times 112.85.42.180: 12 times 113.67.180.16: 6 times 114.244.249.16: 6 times 116.54.198.162: 6 times 129.150.172.40 (oc-129-150-172-40.compute.oraclecloud.com): 1 time 138.197.131.249 (secure.canadahomestayinternational.com): 5 times 139.199.164.21: 8 times 163.172.67.123 (163-172-67-123.rev.poneytelecom.eu): 4 times 164.132.62.233 (ip233.ip-164-132-62.eu): 2 times 167.71.55.1: 1 time 167.86.119.5 (Flyingcraft.com): 3 times 177.11.44.118 (177-11-44-118.virt.com.br): 6 times 180.168.70.190: 6 times 182.93.48.21 (n18293z48l21.static.ctmip.net): 6 times 182.253.188.11: 9 times 188.19.189.9: 6 times 190.233.68.111: 6 times 191.7.152.13: 6 times 200.60.60.84: 2 times 211.104.171.239: 1 time 213.14.214.229 (host-213-14-214-229.reverse.superonline.net): 1 time 219.92.16.81 (mdh-16-81.tm.net.my): 1 time 223.194.45.84: 7 times 223.197.250.72 (223-197-250-72.static.imsbiz.com): 3 times Illegal users from: undef: 1307 times 5.39.82.197 (ns3270404.ip-5-39-82.eu): 39 times 14.29.162.139: 17 times 14.198.6.164 (014198006164.ctinets.com): 30 times 45.55.15.134: 6 times 45.118.144.31: 57 times 46.246.42.175 (anon-42-175.vpn.ipredator.se): 1 time 47.154.227.108: 2 times 47.254.172.125: 61 times 49.51.46.69: 56 times 50.89.229.225: 57 times 51.38.57.78 (ns3118043.ip-51-38-57.eu): 24 times 51.75.28.134 (134.ip-51-75-28.eu): 60 times 51.75.70.159 (159.ip-51-75-70.eu): 1 time 51.83.76.119 (119.ip-51-83-76.eu): 62 times 54.37.254.57 (ns3108951.ip-54-37-254.eu): 8 times 59.25.197.142: 3 times 62.216.233.132: 45 times 69.158.249.44: 6 times 69.245.220.97 (c-69-245-220-97.hsd1.il.comcast.net): 36 times 73.187.89.63 (c-73-187-89-63.hsd1.pa.comcast.net): 1 time 79.239.194.187 (p4FEFC2BB.dip0.t-ipconnect.de): 5 times 82.149.162.78 (mail2.bergschneider.de): 1 time 83.30.27.192 (byh192.neoplus.adsl.tpnet.pl): 6 times 89.36.217.142 (host142-217-36-89.serverdedicati.aruba.it): 61 times 89.103.27.45 (ip-89-103-27-45.net.upcbroadband.cz): 1 time 89.103.88.187 (ip-89-103-88-187.net.upcbroadband.cz): 1 time 89.109.11.209 (89-109-11-209.static.mts-nn.ru): 14 times 91.167.34.221 (91-167-34-221.subs.proxad.net): 2 times 91.180.125.193 (193.125-180-91.adsl-dyn.isp.belgacom.be): 6 times 92.63.194.26: 2 times 94.250.252.160 (vmandrch.fvds.ru): 51 times 95.105.237.69 (95-105-237-69.dynamic.orange.sk): 1 time 101.53.141.119 (e2e-38-119.e2enetworks.net.in): 31 times 103.242.13.70: 33 times 103.250.36.113: 1 time 104.248.71.7: 1 time 104.248.181.156: 56 times 106.12.13.247: 31 times 106.12.125.27: 3 times 106.12.134.133: 39 times 106.52.151.89: 9 times 107.173.26.170 (107-173-26-170-host.colocrossing.com): 1 time 107.180.68.110 (ip-107-180-68-110.ip.secureserver.net): 3 times 109.184.116.154 (109-184-116-154.dynamic.mts-nn.ru): 6 times 109.242.43.11 (adsl-11.109.242.43.tellas.gr): 2 times 109.248.219.66: 7 times 112.186.77.122: 4 times 114.31.87.54: 1 time 114.233.99.99: 5 times 117.55.241.4: 25 times 118.121.201.83: 1 time 128.199.59.42: 1 time 129.150.172.40 (oc-129-150-172-40.compute.oraclecloud.com): 53 times 138.197.131.249 (secure.canadahomestayinternational.com): 63 times 139.162.122.110 (scan-8.security.ipip.net): 1 time 139.199.164.21: 54 times 152.136.125.210: 1 time 154.65.33.198: 3 times 156.195.152.99 (host-156.195.99.152-static.tedata.net): 1 time 163.172.67.123 (163-172-67-123.rev.poneytelecom.eu): 31 times 164.132.54.215 (215.ip-164-132-54.eu): 1 time 164.132.62.233 (ip233.ip-164-132-62.eu): 33 times 165.22.4.209: 1 time 167.71.55.1: 9 times 167.86.119.5 (Flyingcraft.com): 62 times 177.106.31.187 (177-106-031-187.xd-dynamic.algarnetsuper.com.br): 1 time 178.124.207.30: 2 times 178.150.216.229 (229.216.150.178.triolan.net): 22 times 180.168.70.190: 62 times 181.143.72.66 (static-181-143-72-66.une.net.co): 1 time 182.93.48.21 (n18293z48l21.static.ctmip.net): 53 times 182.253.188.11: 61 times 183.103.35.198: 4 times 185.43.209.173 (host173-209-43-185.static.arubacloud.com): 7 times 188.166.228.244: 1 time 191.7.152.13: 68 times 193.32.163.182 (hosting-by.cloud-home.me): 3 times 200.60.60.84: 59 times 210.217.24.254: 3 times 211.104.171.239: 8 times 211.159.174.127: 1 time 213.14.214.229 (host-213-14-214-229.reverse.superonline.net): 7 times 219.92.16.81 (mdh-16-81.tm.net.my): 35 times 219.93.106.33 (kch-106-33.tm.net.my): 1 time 221.156.116.51: 3 times 222.120.192.106: 4 times 223.194.45.84: 61 times 223.197.250.72 (223-197-250-72.static.imsbiz.com): 44 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 3 time(s) fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 9 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################