################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Sep 19 04:42:11 2019 Date Range Processed: yesterday ( 2019-Sep-18 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [485:486] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 185.217.69.123 5.188.210.101 66.240.205.34 Requests with error response codes 400 Bad Request null: 7 Time(s) ../../mnt/custom/ProductDefinition: 2 Time(s) HTTP/1.1: 2 Time(s) mstshash=Administr: 2 Time(s) /: 1 Time(s) /robots.txt: 1 Time(s) http://5.188.210.101/echo.php: 1 Time(s) 404 Not Found /robots.txt: 36 Time(s) /berlin/apple-touch-icon.png: 10 Time(s) /berichte/WiSe16/www.zapfev.de/resolutione ... amt/Lehramt.pdf: 1 Time(s) /berichte/WiSe16/www.zapfev.de/resolutione ... chenrechner.pdf: 1 Time(s) /berichte/WiSe16/www.zapfev.de/resolutione ... dienfuehrer.pdf: 1 Time(s) /berichte/WiSe16/www.zapfev.de/resolutione ... ort/VG_Wort.pdf: 1 Time(s) /berichte/WiSe16/www.zapfev.de/resolutione ... professuren.pdf: 1 Time(s) /berichte/WiSe16/www.zapfev.de/resolutione ... ptompflicht.pdf: 1 Time(s) /berichte/WiSe16/www.zapfev.de/resolutione ... thikinhalte.pdf: 1 Time(s) /berichte/WiSe16/www.zapfev.de/resolutione ... tsbekundung.pdf: 1 Time(s) /berichte/WiSe16/www.zapfev.de/resolutione ... zinitiative.pdf: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/www.dpg-physik.de/dpg/gliederung/a ... papier_NaWi.pdf: 1 Time(s) /resolutionen/sose15/Netzneutralitaet_in_U ... %A4tsnetzen.pdf: 1 Time(s) /resolutionen/wise17/Akkreditierung_PosPap/Pospap_: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) 500 Internal Server Error /: 55 Time(s) /robots.txt: 2 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (139.217.87.235): 91 Time(s) unknown (host81-133-189-239.in-addr.btopenworld.com): 91 Time(s) unknown (130.61.83.71): 85 Time(s) unknown (45.192.115.20): 83 Time(s) unknown (27.50.151.183): 82 Time(s) unknown (180.76.97.86): 79 Time(s) unknown (183.63.190.186): 79 Time(s) unknown (52.130.66.246): 76 Time(s) unknown (154.118.141.90): 68 Time(s) unknown (fixed-187-188-251-219.totalplay.net): 63 Time(s) unknown (193.68.57.155): 62 Time(s) unknown (61-218-122-198.hinet-ip.hinet.net): 62 Time(s) unknown (87.ip-51-77-148.eu): 62 Time(s) unknown (vmi299026.contaboserver.net): 62 Time(s) unknown (167.99.38.73): 61 Time(s) unknown (198.57.197.123): 61 Time(s) unknown (200.11.219.206): 61 Time(s) unknown (206.189.229.112): 61 Time(s) unknown (hwsrv-521907.hostwindsdns.com): 61 Time(s) unknown (net-37-159-241-82.cust.vodafonedsl.it): 61 Time(s) unknown (128.199.159.8): 58 Time(s) unknown (129.204.47.217): 58 Time(s) unknown (61.172.238.14): 58 Time(s) unknown (123.136.161.146): 56 Time(s) unknown (120.88.185.39): 55 Time(s) unknown (237.ip-167-114-185.net): 55 Time(s) unknown (106.13.48.157): 47 Time(s) unknown (167.71.191.53): 47 Time(s) unknown (106.12.61.76): 46 Time(s) unknown (181.176.221.221): 46 Time(s) unknown (66.49.84.65.nw.nuvox.net): 46 Time(s) unknown (117.239.48.242): 45 Time(s) unknown (170.243.201.35.bc.googleusercontent.com): 41 Time(s) unknown (228.ip-51-75-17.eu): 39 Time(s) unknown (garage.neezzmail.com): 39 Time(s) unknown (178.128.200.69): 36 Time(s) unknown (68.183.104.230): 33 Time(s) unknown (112.217.225.61): 29 Time(s) unknown (165.255.134.97): 26 Time(s) unknown (142.93.240.79): 25 Time(s) unknown (182.71.188.10): 24 Time(s) unknown (123.207.79.126): 20 Time(s) unknown (129.28.196.92): 18 Time(s) unknown (106.52.24.64): 16 Time(s) unknown (14.18.234.98): 13 Time(s) root (180.76.97.86): 8 Time(s) root (52.130.66.246): 7 Time(s) root (112.85.42.171): 6 Time(s) root (112.85.42.173): 6 Time(s) root (112.85.42.180): 6 Time(s) root (116.8.103.26): 6 Time(s) root (122.139.17.74): 6 Time(s) root (14.18.234.98): 6 Time(s) root (163.142.69.8): 6 Time(s) root (183.157.168.4): 6 Time(s) root (218.92.0.182): 6 Time(s) root (218.92.0.193): 6 Time(s) root (218.92.0.212): 6 Time(s) root (42.239.102.176): 6 Time(s) root (49.69.49.66): 6 Time(s) root (5.141.177.180): 6 Time(s) root (58.23.109.250): 6 Time(s) unknown (211.159.152.252): 6 Time(s) unknown (49.69.216.85): 6 Time(s) unknown (ns3077451.ip-188-165-242.eu): 6 Time(s) root (165.255.134.97): 5 Time(s) unknown (106.12.211.247): 5 Time(s) unknown (pla93-3-82-240-11-249.fbx.proxad.net): 5 Time(s) root (123.136.161.146): 4 Time(s) unknown (178.128.201.224): 4 Time(s) unknown (193.32.163.182): 4 Time(s) unknown (84.93.153.9): 4 Time(s) root (120.88.185.39): 3 Time(s) root (139.217.87.235): 3 Time(s) root (142.93.240.79): 3 Time(s) root (167.71.191.53): 3 Time(s) root (181.176.221.221): 3 Time(s) root (237.ip-167-114-185.net): 3 Time(s) root (87.ip-51-77-148.eu): 3 Time(s) root (host81-133-189-239.in-addr.btopenworld.com): 3 Time(s) unknown (117.0.35.153): 3 Time(s) unknown (119.196.83.14): 3 Time(s) unknown (176-168-157-23.abo.bbox.fr): 3 Time(s) unknown (81.30.212.14.static.ufanet.ru): 3 Time(s) man (27.50.151.183): 2 Time(s) postgres (139.217.87.235): 2 Time(s) postgres (167.71.191.53): 2 Time(s) postgres (host81-133-189-239.in-addr.btopenworld.com): 2 Time(s) root (106.13.48.157): 2 Time(s) root (117.239.48.242): 2 Time(s) root (128.199.159.8): 2 Time(s) root (129.204.47.217): 2 Time(s) root (183.63.190.186): 2 Time(s) root (206.189.229.112): 2 Time(s) root (27.50.151.183): 2 Time(s) root (45.192.115.20): 2 Time(s) root (66.49.84.65.nw.nuvox.net): 2 Time(s) root (68.183.104.230): 2 Time(s) root (garage.neezzmail.com): 2 Time(s) unknown (77.47.126.238.dynamic.cablesurf.de): 2 Time(s) unknown (87-61-232-98-dynamic.dk.customer.tdc.net): 2 Time(s) unknown (92.63.194.26): 2 Time(s) unknown (h-57-191.a183.priv.bahnhof.se): 2 Time(s) backup (139.217.87.235): 1 Time(s) bin (66.49.84.65.nw.nuvox.net): 1 Time(s) daemon (200.11.219.206): 1 Time(s) daemon (206.189.229.112): 1 Time(s) games (123.136.161.146): 1 Time(s) games (45.192.115.20): 1 Time(s) jan (106.13.48.157): 1 Time(s) list (106.13.48.157): 1 Time(s) list (123.207.79.126): 1 Time(s) list (61-218-122-198.hinet-ip.hinet.net): 1 Time(s) mail (106.13.48.157): 1 Time(s) mail (134.175.31.105): 1 Time(s) mail (host81-133-189-239.in-addr.btopenworld.com): 1 Time(s) memcache (ti0020a400-2140.bb.online.no): 1 Time(s) mysql (106.52.24.64): 1 Time(s) mysql (123.207.79.126): 1 Time(s) mysql (129.204.47.217): 1 Time(s) mysql (129.28.196.92): 1 Time(s) mysql (139.217.87.235): 1 Time(s) mysql (154.118.141.90): 1 Time(s) mysql (206.189.229.112): 1 Time(s) mysql (237.ip-167-114-185.net): 1 Time(s) mysql (45.192.115.20): 1 Time(s) news (183.63.190.186): 1 Time(s) postgres (178.128.200.69): 1 Time(s) postgres (180.76.97.86): 1 Time(s) postgres (193.68.57.155): 1 Time(s) postgres (206.189.229.112): 1 Time(s) postgres (52.130.66.246): 1 Time(s) postgres (61-218-122-198.hinet-ip.hinet.net): 1 Time(s) postgres (61.172.238.14): 1 Time(s) postgres (87.ip-51-77-148.eu): 1 Time(s) postgres (hwsrv-521907.hostwindsdns.com): 1 Time(s) postgres (net-37-159-241-82.cust.vodafonedsl.it): 1 Time(s) proxy (167.71.191.53): 1 Time(s) proxy (27.50.151.183): 1 Time(s) root (106.12.211.247): 1 Time(s) root (106.12.61.76): 1 Time(s) root (106.52.24.64): 1 Time(s) root (112.217.225.61): 1 Time(s) root (122.242.37.149): 1 Time(s) root (123.207.79.126): 1 Time(s) root (129.28.196.92): 1 Time(s) root (130.61.83.71): 1 Time(s) root (154.118.141.90): 1 Time(s) root (167.99.38.73): 1 Time(s) root (170.243.201.35.bc.googleusercontent.com): 1 Time(s) root (178.128.200.69): 1 Time(s) root (182.71.188.10): 1 Time(s) root (193.68.57.155): 1 Time(s) root (200.11.219.206): 1 Time(s) root (211.159.152.252): 1 Time(s) root (228.ip-51-75-17.eu): 1 Time(s) root (61.172.238.14): 1 Time(s) root (61.183.35.44): 1 Time(s) root (67.148.176.77): 1 Time(s) root (net-37-159-241-82.cust.vodafonedsl.it): 1 Time(s) root (rrcs-108-176-0-2.nyc.biz.rr.com): 1 Time(s) root (vmi299026.contaboserver.net): 1 Time(s) smmsp (167.71.191.53): 1 Time(s) sshd (139.217.87.235): 1 Time(s) sshd (178.128.200.69): 1 Time(s) sshd (181.176.221.221): 1 Time(s) sshd (host81-133-189-239.in-addr.btopenworld.com): 1 Time(s) sshd (net-37-159-241-82.cust.vodafonedsl.it): 1 Time(s) temp (139.217.87.235): 1 Time(s) temp (180.76.97.86): 1 Time(s) temp (206.189.229.112): 1 Time(s) temp (45.192.115.20): 1 Time(s) temp (52.130.66.246): 1 Time(s) temp (87.ip-51-77-148.eu): 1 Time(s) temp (host81-133-189-239.in-addr.btopenworld.com): 1 Time(s) unknown (104.248.41.37): 1 Time(s) unknown (117.ip-158-69-210.net): 1 Time(s) unknown (138.197.176.130): 1 Time(s) unknown (14.177.128.189): 1 Time(s) unknown (159.65.248.54): 1 Time(s) unknown (196.44.191.3): 1 Time(s) unknown (232.red-80-24-34.staticip.rima-tde.net): 1 Time(s) unknown (27-33-63-224.static.tpgi.com.au): 1 Time(s) unknown (45.180.149.94): 1 Time(s) unknown (58.219.249.218): 1 Time(s) unknown (61.183.35.44): 1 Time(s) unknown (62.110.66.66): 1 Time(s) unknown (64.87.199.77.rev.sfr.net): 1 Time(s) unknown (67.148.176.77): 1 Time(s) unknown (99-36-10-163.lightspeed.milwwi.sbcglobal.net): 1 Time(s) unknown (firewallgoa.unichemlabs.com): 1 Time(s) unknown (host81-151-49-86.range81-151.btcentralplus.com): 1 Time(s) unknown (ool-addccea2.static.optonline.net): 1 Time(s) unknown (static-100-37-253-46.nycmny.fios.verizon.net): 1 Time(s) uucp (66.49.84.65.nw.nuvox.net): 1 Time(s) uuidd (228.ip-51-75-17.eu): 1 Time(s) www-data (165.255.134.97): 1 Time(s) www-data (200.11.219.206): 1 Time(s) www-data (61.172.238.14): 1 Time(s) Invalid Users: Unknown Account: 2473 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 4 Miscellaneous warnings 21.818K Bytes accepted 22,342 21.818K Bytes sent via SMTP 22,342 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 57 Connections 2 Connections lost (inbound) 57 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 14 Time(s) Failed logins from: 5.135.135.116 (garage.neezzmail.com): 2 times 5.141.177.180: 6 times 14.18.234.98: 6 times 27.50.151.183: 5 times 35.201.243.170 (170.243.201.35.bc.googleusercontent.com): 1 time 37.159.241.82 (net-37-159-241-82.cust.vodafonedsl.it): 3 times 42.239.102.176 (hn.kd.ny.adsl): 6 times 45.192.115.20: 5 times 49.69.49.66: 6 times 51.75.17.228 (228.ip-51-75-17.eu): 2 times 51.77.148.87 (87.ip-51-77-148.eu): 5 times 52.130.66.246: 9 times 58.23.109.250: 6 times 61.172.238.14: 3 times 61.183.35.44: 1 time 61.218.122.198 (61-218-122-198.HINET-IP.hinet.net): 2 times 66.49.84.65 (66.49.84.65.nw.nuvox.net): 4 times 67.148.176.77 (67-148-176-77.kuwaikahanu.org): 2 times 68.183.104.230: 2 times 81.133.189.239 (host81-133-189-239.in-addr.btopenworld.com): 8 times 85.167.58.102 (ti0020a400-2140.bb.online.no): 1 time 104.168.246.59 (hwsrv-521907.hostwindsdns.com): 1 time 106.12.61.76: 1 time 106.12.211.247: 1 time 106.13.48.157: 5 times 106.52.24.64: 2 times 108.176.0.2 (rrcs-108-176-0-2.nyc.biz.rr.com): 1 time 112.85.42.171: 6 times 112.85.42.173: 6 times 112.85.42.180: 6 times 112.217.225.61: 1 time 116.8.103.26: 6 times 117.239.48.242: 2 times 120.88.185.39: 3 times 122.139.17.74 (74.17.139.122.adsl-pool.jlccptt.net.cn): 6 times 122.242.37.149: 4 times 123.136.161.146: 5 times 123.207.79.126: 3 times 128.199.159.8: 2 times 129.28.196.92: 2 times 129.204.47.217: 3 times 130.61.83.71: 1 time 134.175.31.105: 1 time 139.217.87.235: 9 times 142.93.240.79: 3 times 154.118.141.90: 2 times 163.142.69.8: 6 times 164.68.103.149 (vmi299026.contaboserver.net): 1 time 165.255.134.97 (165-255-134-97.ip.adsl.co.za): 6 times 167.71.191.53: 7 times 167.99.38.73: 1 time 167.114.185.237 (237.ip-167-114-185.net): 4 times 178.128.200.69: 3 times 180.76.97.86: 10 times 181.176.221.221: 4 times 182.71.188.10 (nsg-static-010.188.71.182.airtel.in): 1 time 183.63.190.186: 3 times 183.157.168.4: 6 times 193.68.57.155: 2 times 200.11.219.206 (200-11-219-206.estatic.cantv.net): 3 times 206.189.229.112: 6 times 211.159.152.252: 1 time 218.92.0.182: 6 times 218.92.0.193: 6 times 218.92.0.212: 6 times Illegal users from: undef: 1738 times 5.135.135.116 (garage.neezzmail.com): 39 times 14.18.234.98: 13 times 14.177.128.189 (static.vnpt.vn): 1 time 27.33.63.224 (27-33-63-224.static.tpgi.com.au): 1 time 27.50.151.183: 82 times 35.201.243.170 (170.243.201.35.bc.googleusercontent.com): 41 times 37.159.241.82 (net-37-159-241-82.cust.vodafonedsl.it): 61 times 45.180.149.94 (45.180.149.94.dynamic.movtelecom.net.br): 1 time 45.192.115.20: 83 times 49.69.216.85: 6 times 51.75.17.228 (228.ip-51-75-17.eu): 39 times 51.77.148.87 (87.ip-51-77-148.eu): 62 times 52.130.66.246: 76 times 58.219.249.218: 5 times 61.172.238.14: 58 times 61.183.35.44: 1 time 61.218.122.198 (61-218-122-198.HINET-IP.hinet.net): 62 times 62.110.66.66: 1 time 66.49.84.65 (66.49.84.65.nw.nuvox.net): 46 times 67.148.176.77 (67-148-176-77.kuwaikahanu.org): 4 times 68.183.104.230: 33 times 77.47.126.238 (77.47.126.238.dynamic.cablesurf.de): 2 times 77.199.87.64 (64.87.199.77.rev.sfr.net): 1 time 79.136.57.191 (h-57-191.A183.priv.bahnhof.se): 2 times 80.24.34.232 (232.red-80-24-34.staticip.rima-tde.net): 1 time 81.30.212.14 (81.30.212.14.static.ufanet.ru): 3 times 81.133.189.239 (host81-133-189-239.in-addr.btopenworld.com): 91 times 81.151.49.86 (host81-151-49-86.range81-151.btcentralplus.com): 1 time 82.240.11.249 (pla93-3-82-240-11-249.fbx.proxad.net): 5 times 84.93.153.9 (84.93.153.9.plusnet.pte-ag1.dyn.plus.net): 4 times 87.61.232.98 (87-61-232-98-dynamic.dk.customer.tdc.net): 2 times 92.63.194.26: 2 times 99.36.10.163 (99-36-10-163.lightspeed.milwwi.sbcglobal.net): 1 time 100.37.253.46 (static-100-37-253-46.nycmny.fios.verizon.net): 1 time 104.168.246.59 (hwsrv-521907.hostwindsdns.com): 61 times 104.248.41.37: 1 time 106.12.61.76: 46 times 106.12.211.247: 5 times 106.13.48.157: 47 times 106.52.24.64: 16 times 112.217.225.61: 29 times 117.0.35.153: 3 times 117.239.48.242: 45 times 119.196.83.14: 3 times 120.88.185.39: 55 times 123.136.161.146: 56 times 123.207.79.126: 20 times 124.30.44.214 (firewallgoa.unichemlabs.com): 1 time 128.199.159.8: 58 times 129.28.196.92: 18 times 129.204.47.217: 58 times 130.61.83.71: 85 times 138.197.176.130: 1 time 139.217.87.235: 91 times 142.93.240.79: 25 times 154.118.141.90: 68 times 158.69.210.117 (117.ip-158-69-210.net): 1 time 159.65.248.54: 1 time 164.68.103.149 (vmi299026.contaboserver.net): 62 times 165.255.134.97 (165-255-134-97.ip.adsl.co.za): 26 times 167.71.191.53: 47 times 167.99.38.73: 61 times 167.114.185.237 (237.ip-167-114-185.net): 55 times 173.220.206.162 (ool-addccea2.static.optonline.net): 1 time 176.168.157.23 (176-168-157-23.abo.bbox.fr): 3 times 178.128.200.69: 36 times 178.128.201.224: 4 times 180.76.97.86: 79 times 181.176.221.221: 46 times 182.71.188.10 (nsg-static-010.188.71.182.airtel.in): 24 times 183.63.190.186: 79 times 187.188.251.219 (fixed-187-188-251-219.totalplay.net): 63 times 188.165.242.200 (ns3077451.ip-188-165-242.eu): 6 times 193.32.163.182 (hosting-by.cloud-home.me): 4 times 193.68.57.155: 62 times 196.44.191.3 (s35931.broadband.yoafrica.com): 1 time 198.57.197.123 (server.the-mbsgroup.com): 61 times 200.11.219.206 (200-11-219-206.estatic.cantv.net): 61 times 206.189.229.112: 61 times 211.159.152.252: 6 times **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 3 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################