################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Jun 11 04:42:07 2019 Date Range Processed: yesterday ( 2019-Jun-10 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [448:444] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 89.179.112.129 -> www.msftncsi.com:443: 3 Time(s) A total of 5 sites probed the server 134.249.141.24 176.8.91.216 5.188.210.101 61.219.11.153 66.240.205.34 Requests with error response codes 400 Bad Request null: 8 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... 9oRe_OBTIKEABNc: 4 Time(s) /socket.io/?noteId=Po3pDOXHRWK1Ub7-j3J1nA& ... Z5SQpH7aNsqABNd: 4 Time(s) /socket.io/?noteId=Tm9sggkjQnOID9EJF8-AkQ& ... 9KbP9yiZIiPABUN: 4 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... ApJxLbhfFUEABBs: 3 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... JOySI__5lWmABBt: 3 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... _MgOezndV_RABCy: 3 Time(s) /socket.io/?noteId=Tm9sggkjQnOID9EJF8-AkQ& ... 7ELG4KE_tLLABT9: 3 Time(s) www.msftncsi.com:443: 3 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... NEq-Qn1XkF4ABOq: 2 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... Xqz6kSw8NicABNe: 2 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... _guk9J8b8XKABBv: 2 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... yQricQylctTABCQ: 2 Time(s) /socket.io/?noteId=Po3pDOXHRWK1Ub7-j3J1nA& ... JKbby-EP3tMABBu: 2 Time(s) /socket.io/?noteId=Po3pDOXHRWK1Ub7-j3J1nA& ... lv1bzApmyaSABAE: 2 Time(s) /moo: 1 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... fTGfkvjYdBdABVV: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 7: 1 Time(s) mstshash=Administr: 1 Time(s) 403 Forbidden /reader/: 1 Time(s) /resolutionen/sose17/: 1 Time(s) /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s) /resolutionen/wise16/: 1 Time(s) 404 Not Found /robots.txt: 39 Time(s) /berlin/apple-touch-icon.png: 7 Time(s) /reader/1989-wi-berlin.pdf: 4 Time(s) /reader/1998-so-reader_ro98.pdf: 3 Time(s) /wp-login.php: 3 Time(s) //2015/wp-includes/wlwmanifest.xml: 2 Time(s) //2016/wp-includes/wlwmanifest.xml: 2 Time(s) //2017/wp-includes/wlwmanifest.xml: 2 Time(s) //2018/wp-includes/wlwmanifest.xml: 2 Time(s) //blog/wp-includes/wlwmanifest.xml: 2 Time(s) //cms/wp-includes/wlwmanifest.xml: 2 Time(s) //media/wp-includes/wlwmanifest.xml: 2 Time(s) //news/wp-includes/wlwmanifest.xml: 2 Time(s) //shop/wp-includes/wlwmanifest.xml: 2 Time(s) //site/wp-includes/wlwmanifest.xml: 2 Time(s) //sito/wp-includes/wlwmanifest.xml: 2 Time(s) //test/wp-includes/wlwmanifest.xml: 2 Time(s) //web/wp-includes/wlwmanifest.xml: 2 Time(s) //website/wp-includes/wlwmanifest.xml: 2 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 2 Time(s) //wp-includes/wlwmanifest.xml: 2 Time(s) //wp/wp-includes/wlwmanifest.xml: 2 Time(s) //wp1/wp-includes/wlwmanifest.xml: 2 Time(s) //wp2/wp-includes/wlwmanifest.xml: 2 Time(s) //xmlrpc.php?rsd: 2 Time(s) /sites/default/files/1987_SoSe_Aachen.pdf: 2 Time(s) /.well-known/apple-app-site-association: 1 Time(s) /admin/: 1 Time(s) /admin/content/sitetree/: 1 Time(s) /apple-app-site-association: 1 Time(s) /berlin/helfika/apple-touch-icon.png: 1 Time(s) /js/mage/cookies.js: 1 Time(s) /manager/: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/1993-so-reader_do93.pdf: 1 Time(s) /reader/1993-wi-reader_st93.pdf: 1 Time(s) /reader/1994-wi-reader_hb94.pdf: 1 Time(s) /reader/1995-so-reader_ha95.pdf: 1 Time(s) /reader/1995-wi-reader_bn95.pdf: 1 Time(s) /reader/https//zapf.wiki/User:Kuschelb%C3%A4r9000: 1 Time(s) /resolutionen/wise15/WissZeitVG/Stellungnahme_WiSe15_Wiss-: 1 Time(s) /resolutionen/wise18/PosPap: 1 Time(s) /simpla/: 1 Time(s) /sites/default/files/2011_: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /sites/default/files/Lehramtstellungnahme.pdf: 1 Time(s) /verein/mitgliederver-: 1 Time(s) /vjtekqkzyjjiino.html: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 4 Time(s) /fonts/SourceSansPro-Regular.woff: 3 Time(s) /build/af7ae505a9eed503f8b8e6982036873e.woff2: 2 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 2 Time(s) /fonts/SourceCodePro-Regular.woff: 2 Time(s) /fonts/SourceSansPro-Italic.woff: 2 Time(s) /build/260ef443edb4dfd026d82e2b21a4c75c.woff: 1 Time(s) /build/font-pack.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /favicon.png: 1 Time(s) /fonts/SourceSansPro-Semibold.woff: 1 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... XwfTP7BX8KfABRS: 1 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... fTGfkvjYdBdABVV: 1 Time(s) /socket.io/?noteId=AB_cxXdmTwqNt43U9JpIaA& ... yQricQylctTABCQ: 1 Time(s) /socket.io/?noteId=_rv4VAWPSn6clUimmGBjFg& ... lling&t=Mj13W3W: 1 Time(s) 500 Internal Server Error /: 17 Time(s) /HNAP1/: 1 Time(s) /admin/images/cal_date_over.gif: 1 Time(s) /admin/login.php: 1 Time(s) /fckeditor/editor/filemanager/connectors/p ... .php?Type=Media: 1 Time(s) /robots.txt: 1 Time(s) /templates/system/css/system.css: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (182.73.47.154): 82 Time(s) unknown (60.29.31.98): 48 Time(s) unknown (114.118.17.7): 44 Time(s) unknown (118.89.33.81): 43 Time(s) unknown (181.40.76.162): 43 Time(s) unknown (201.174.182.159): 43 Time(s) unknown (106.12.196.28): 42 Time(s) unknown (106.75.21.242): 42 Time(s) unknown (218.68.6.114): 42 Time(s) unknown (netmania.co.kr): 41 Time(s) unknown (113.203.237.86): 40 Time(s) unknown (139.199.14.127): 39 Time(s) unknown (178-164-208-177.pool.digikabel.hu): 39 Time(s) unknown (178.128.23.41): 39 Time(s) unknown (ip3.ip-213-32-12.eu): 38 Time(s) unknown (185.188.218.6): 37 Time(s) unknown (140.143.130.52): 36 Time(s) unknown (112.139.195.35.bc.googleusercontent.com): 35 Time(s) unknown (132.145.43.119): 35 Time(s) unknown (156.ip-51-68-46.eu): 35 Time(s) unknown (188.125.102.60): 35 Time(s) unknown (ns3262586.ip-5-39-77.eu): 35 Time(s) unknown (drangob.plus.com): 34 Time(s) unknown (144-155-255-130.dynamic.t-mont.net.pl): 33 Time(s) unknown (185.207.232.232): 33 Time(s) unknown (118.89.167.160): 32 Time(s) unknown (190.19.211.247): 32 Time(s) unknown (104.236.72.187): 31 Time(s) unknown (203.110.166.51): 31 Time(s) unknown (203.129.219.198): 31 Time(s) unknown (59.108.46.18): 24 Time(s) unknown (122.176.84.97): 22 Time(s) unknown (27.147.169.73): 22 Time(s) unknown (cable-85.28.83.23.coditel.net): 19 Time(s) unknown (168.194.160.165): 17 Time(s) unknown (cpe-70-95-41-75.san.res.rr.com): 17 Time(s) unknown (139.199.112.85): 15 Time(s) root (139.199.14.127): 14 Time(s) unknown (104.248.157.6): 14 Time(s) unknown (111.230.21.80): 13 Time(s) unknown (116.107.236.37): 12 Time(s) root (114.118.17.7): 11 Time(s) root (144-155-255-130.dynamic.t-mont.net.pl): 10 Time(s) root (104.236.72.187): 9 Time(s) root (188.125.102.60): 9 Time(s) unknown (176.214.23.109.rev.sfr.net): 9 Time(s) root (185.207.232.232): 8 Time(s) root (ns3262586.ip-5-39-77.eu): 8 Time(s) unknown (177.229.195.104): 8 Time(s) root (112.139.195.35.bc.googleusercontent.com): 7 Time(s) root (118.89.167.160): 7 Time(s) root (139.199.112.85): 7 Time(s) root (178.128.23.41): 7 Time(s) root (27.147.169.73): 7 Time(s) root (59.108.46.18): 7 Time(s) unknown (1.109.60.10): 7 Time(s) root (106.12.196.28): 6 Time(s) root (113.203.237.86): 6 Time(s) root (114.236.206.151): 6 Time(s) root (132.145.43.119): 6 Time(s) root (156.ip-51-68-46.eu): 6 Time(s) root (200.52.14.26): 6 Time(s) root (drangob.plus.com): 6 Time(s) unknown (188.114.13.189): 6 Time(s) unknown (58.229.208.187): 6 Time(s) root (140.143.130.52): 5 Time(s) root (168.194.160.165): 5 Time(s) root (182.73.47.154): 5 Time(s) root (ip3.ip-213-32-12.eu): 5 Time(s) unknown (95.58.194.141): 5 Time(s) root (122.176.84.97): 4 Time(s) unknown (net-31-27-229-125.cust.vodafonedsl.it): 4 Time(s) root (111.230.21.80): 3 Time(s) root (118.89.33.81): 3 Time(s) root (203.110.166.51): 3 Time(s) unknown (106.13.87.73): 3 Time(s) unknown (118.24.108.205): 3 Time(s) unknown (123-51-146-85.ftth.glasoperator.nl): 3 Time(s) postfix (104.236.72.187): 2 Time(s) root (60.29.31.98): 2 Time(s) root (net-31-27-229-125.cust.vodafonedsl.it): 2 Time(s) root (netmania.co.kr): 2 Time(s) unknown (193.32.163.89): 2 Time(s) unknown (87.114.157.11): 2 Time(s) unknown (aup83-1-78-195-178-119.fbx.proxad.net): 2 Time(s) unknown (mer60-1-82-245-177-183.fbx.proxad.net): 2 Time(s) unknown (ppp91-122-14-178.pppoe.avangarddsl.ru): 2 Time(s) backup (182.73.47.154): 1 Time(s) backup (190.19.211.247): 1 Time(s) daemon (188.125.102.60): 1 Time(s) games (112.139.195.35.bc.googleusercontent.com): 1 Time(s) games (114.118.17.7): 1 Time(s) games (185.207.232.232): 1 Time(s) games (ip3.ip-213-32-12.eu): 1 Time(s) games (ns3262586.ip-5-39-77.eu): 1 Time(s) irc (106.75.21.242): 1 Time(s) irc (118.24.108.205): 1 Time(s) irc (140.143.130.52): 1 Time(s) irc (168.194.160.165): 1 Time(s) irc (181.40.76.162): 1 Time(s) list (106.75.21.242): 1 Time(s) list (114.118.17.7): 1 Time(s) list (181.40.76.162): 1 Time(s) lp (182.73.47.154): 1 Time(s) mail (168.194.160.165): 1 Time(s) mailman (218.68.6.114): 1 Time(s) mailman (netmania.co.kr): 1 Time(s) man (140.143.130.52): 1 Time(s) man (203.129.219.198): 1 Time(s) man (drangob.plus.com): 1 Time(s) mysql (188.125.102.60): 1 Time(s) news (ip3.ip-213-32-12.eu): 1 Time(s) postfix (178.128.23.41): 1 Time(s) postfix (201.174.182.159): 1 Time(s) postgres (116.107.236.37): 1 Time(s) postgres (host81-142-80-97.in-addr.btopenworld.com): 1 Time(s) postgres (ns3262586.ip-5-39-77.eu): 1 Time(s) proxy (104.236.72.187): 1 Time(s) proxy (168.194.160.165): 1 Time(s) proxy (203.129.219.198): 1 Time(s) proxy (218.68.6.114): 1 Time(s) proxy (60.29.31.98): 1 Time(s) root (177.1.39.183): 1 Time(s) root (202.88.241.107): 1 Time(s) root (206.189.166.172): 1 Time(s) root (218.92.0.156): 1 Time(s) root (218.92.0.160): 1 Time(s) root (218.92.0.181): 1 Time(s) sshd (113.203.237.86): 1 Time(s) sshd (132.145.43.119): 1 Time(s) sshd (190.19.211.247): 1 Time(s) sshd (27.147.169.73): 1 Time(s) sync (118.89.167.160): 1 Time(s) sync (144-155-255-130.dynamic.t-mont.net.pl): 1 Time(s) sync (185.207.232.232): 1 Time(s) sync (ns3262586.ip-5-39-77.eu): 1 Time(s) temp (113.203.237.86): 1 Time(s) temp (114.118.17.7): 1 Time(s) temp (139.199.112.85): 1 Time(s) temp (203.110.166.51): 1 Time(s) temp (59.108.46.18): 1 Time(s) unknown (177.1.39.183): 1 Time(s) unknown (218.59.128.26): 1 Time(s) unknown (223.17.237.138): 1 Time(s) unknown (45.67.14.148): 1 Time(s) unknown (60.241.23.58): 1 Time(s) unknown (91.183.237.118): 1 Time(s) unknown (lpointe-a-pitre-656-1-33-41.w81-248.abo.wanadoo.fr): 1 Time(s) unknown (nz192l218.bb122100.ctm.net): 1 Time(s) uucp (188.125.102.60): 1 Time(s) www-data (59.108.46.18): 1 Time(s) www-data (drangob.plus.com): 1 Time(s) Invalid Users: Unknown Account: 1418 Time(s) systemd-user: Unknown Entries: session closed for user root: 2 Time(s) session opened for user root by (uid=0): 2 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 9 Miscellaneous warnings 16.762K Bytes accepted 17,164 16.762K Bytes sent via SMTP 17,164 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 5 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 5 Total 4xx Rejects 100.00% ======== ================================================== 176 Connections 166 Connections lost (inbound) 176 Disconnections 1 Removed from queue 1 Sent via SMTP 3 SMTP dialog errors 8 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 2 Time(s) Failed logins from: 5.39.77.117 (ns3262586.ip-5-39-77.eu): 11 times 27.147.169.73: 8 times 31.27.229.125 (net-31-27-229-125.cust.vodafonedsl.it): 2 times 35.195.139.112 (112.139.195.35.bc.googleusercontent.com): 8 times 51.68.46.156 (156.ip-51-68-46.eu): 6 times 59.108.46.18: 9 times 60.29.31.98 (no-data): 3 times 80.229.16.54 (drangob.plus.com): 8 times 81.142.80.97 (host81-142-80-97.in-addr.btopenworld.com): 1 time 104.236.72.187: 12 times 106.12.196.28: 6 times 106.75.21.242: 2 times 111.230.21.80: 3 times 113.203.237.86: 8 times 114.118.17.7: 14 times 114.236.206.151: 6 times 116.107.236.37 (dynamic-ip-adsl.viettel.vn): 1 time 118.24.108.205: 1 time 118.89.33.81: 3 times 118.89.167.160: 8 times 122.176.84.97 (abts-north-static-097.84.176.122.airtelbroadband.in): 4 times 130.255.155.144 (144-155-255-130.dynamic.t-mont.net.pl): 11 times 132.145.43.119: 7 times 139.199.14.127: 14 times 139.199.112.85: 8 times 140.143.130.52: 7 times 168.194.160.165 (165.160.194.168.rfc6598.dynamic.copelfibra.com.br): 8 times 177.1.39.183: 3 times 178.128.23.41: 8 times 181.40.76.162 (pool-162-76-40-181.telecel.com.py): 2 times 182.73.47.154 (mail.zeluxled.com): 7 times 185.207.232.232: 10 times 188.125.102.60: 12 times 190.19.211.247 (247-211-19-190.fibertel.com.ar): 2 times 200.52.14.26 (dedint-200-52-14-26.mtyxl.static.axtel.net): 6 times 201.174.182.159 (201-174-182-159.transtelco.net): 1 time 202.88.241.107 (107.241.88.202.asianet.co.in): 1 time 203.110.166.51: 4 times 203.129.219.198: 2 times 206.189.166.172: 1 time 213.32.12.3 (ip3.ip-213-32-12.eu): 7 times 218.68.6.114: 2 times 218.92.0.156: 3 times 218.92.0.160: 1 time 218.92.0.181: 2 times 220.118.0.221 (netmania.co.kr): 3 times Illegal users from: undef: 977 times 1.109.60.10: 7 times 5.39.77.117 (ns3262586.ip-5-39-77.eu): 35 times 27.147.169.73: 22 times 31.27.229.125 (net-31-27-229-125.cust.vodafonedsl.it): 4 times 35.195.139.112 (112.139.195.35.bc.googleusercontent.com): 35 times 45.67.14.148: 1 time 51.68.46.156 (156.ip-51-68-46.eu): 35 times 58.229.208.187: 6 times 59.108.46.18: 24 times 60.29.31.98 (no-data): 48 times 60.241.23.58 (avramidesfamily.com): 1 time 70.95.41.75 (cpe-70-95-41-75.san.res.rr.com): 17 times 78.195.178.119 (aup83-1-78-195-178-119.fbx.proxad.net): 2 times 80.229.16.54 (drangob.plus.com): 34 times 81.248.24.41 (lpointe-a-pitre-656-1-33-41.w81-248.abo.wanadoo.fr): 1 time 82.245.177.183 (mer60-1-82-245-177-183.fbx.proxad.net): 2 times 85.28.83.23 (cable-85.28.83.23.coditel.net): 19 times 85.146.51.123 (123-51-146-85.ftth.glasoperator.nl): 3 times 87.114.157.11: 2 times 91.122.14.178 (ppp91-122-14-178.pppoe.avangarddsl.ru): 2 times 91.183.237.118 (118.237-183-91.adsl-static.isp.belgacom.be): 1 time 95.58.194.141 (95.58.194.141.megaline.telecom.kz): 5 times 104.236.72.187: 31 times 104.248.157.6: 14 times 106.12.196.28: 42 times 106.13.87.73: 3 times 106.75.21.242: 42 times 109.23.214.176 (176.214.23.109.rev.sfr.net): 9 times 111.230.21.80: 13 times 113.203.237.86: 40 times 114.118.17.7: 44 times 116.107.236.37 (dynamic-ip-adsl.viettel.vn): 12 times 118.24.108.205: 3 times 118.89.33.81: 43 times 118.89.167.160: 32 times 122.100.192.218 (nz192l218.bb122100.ctm.net): 1 time 122.176.84.97 (abts-north-static-097.84.176.122.airtelbroadband.in): 22 times 130.255.155.144 (144-155-255-130.dynamic.t-mont.net.pl): 33 times 132.145.43.119: 35 times 139.162.122.110 (scan-8.security.ipip.net): 1 time 139.199.14.127: 39 times 139.199.112.85: 15 times 140.143.130.52: 36 times 168.194.160.165 (165.160.194.168.rfc6598.dynamic.copelfibra.com.br): 17 times 177.1.39.183: 2 times 177.229.195.104 (customer-MOR-195-104.megared.net.mx): 8 times 178.128.23.41: 39 times 178.164.208.177 (178-164-208-177.pool.digikabel.hu): 39 times 181.40.76.162 (pool-162-76-40-181.telecel.com.py): 43 times 182.73.47.154 (mail.zeluxled.com): 82 times 185.188.218.6: 37 times 185.207.232.232: 33 times 188.114.13.189 (189.13.114.188.donpac.ru): 6 times 188.125.102.60: 35 times 190.19.211.247 (247-211-19-190.fibertel.com.ar): 32 times 193.32.163.89 (srv.eqaltech.su): 2 times 201.174.182.159 (201-174-182-159.transtelco.net): 43 times 203.110.166.51: 31 times 203.129.219.198: 31 times 213.32.12.3 (ip3.ip-213-32-12.eu): 38 times 218.59.128.26: 1 time 218.68.6.114: 42 times 220.118.0.221 (netmania.co.kr): 41 times 223.17.237.138 (138-237-17-223-on-nets.com): 1 time Users logging in through sshd: root: 131.220.249.232 (eduroam-249-232.wlan.uni-bonn.de): 2 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################