################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Mon May 3 04:42:06 2021
Date Range Processed: yesterday
( 2021-May-02 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host:
h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [413:409]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy:
49.113.99.79 -> zapf.wiki:443: 1 Time(s)
60.191.125.35 -> zapf.wiki:443: 1 Time(s)
A total of 8 sites probed the server
161.35.236.158
162.62.133.40
172.105.89.161
205.185.120.206
34.123.195.66
64.227.3.111
64.227.97.195
94.102.49.193
Requests with error response codes
400 Bad Request
null: 9 Time(s)
mstshash=Administr: 6 Time(s)
/: 2 Time(s)
zapf.wiki:443: 2 Time(s)
/0bef: 1 Time(s)
/config/getuser?index=0: 1 Time(s)
/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
http://proxy.korsangazi.com:80/bc61121a819 ... ea09cea3d3.html: 1 Time(s)
404 Not Found
/robots.txt: 34 Time(s)
/reader/2016_SoSe_Konstanz_kurz.pdf%7CReader: 2 Time(s)
/wp-login.php: 2 Time(s)
/.env: 1 Time(s)
//2019/wp-includes/wlwmanifest.xml: 1 Time(s)
//2020/wp-includes/wlwmanifest.xml: 1 Time(s)
//blog/wp-includes/wlwmanifest.xml: 1 Time(s)
//cms/wp-includes/wlwmanifest.xml: 1 Time(s)
//news/wp-includes/wlwmanifest.xml: 1 Time(s)
//shop/wp-includes/wlwmanifest.xml: 1 Time(s)
//site/wp-includes/wlwmanifest.xml: 1 Time(s)
//sito/wp-includes/wlwmanifest.xml: 1 Time(s)
//test/wp-includes/wlwmanifest.xml: 1 Time(s)
//web/wp-includes/wlwmanifest.xml: 1 Time(s)
//website/wp-includes/wlwmanifest.xml: 1 Time(s)
//wordpress/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp-includes/wlwmanifest.xml: 1 Time(s)
//wp/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp1/wp-includes/wlwmanifest.xml: 1 Time(s)
//wp2/wp-includes/wlwmanifest.xml: 1 Time(s)
//xmlrpc.php?rsd: 1 Time(s)
/adminer.php/: 1 Time(s)
/download/zapfev_satzung.pdf: 1 Time(s)
/home/verein: 1 Time(s)
/home/zapf: 1 Time(s)
/install.php: 1 Time(s)
/magento_version: 1 Time(s)
/public/.env: 1 Time(s)
/resolutionen/wise15/Transparenz_in_der_Dr ... sparenz_in_der_: 1 Time(s)
/resolutionen/wise15/WissZeitVG/Stellungnahme_WiSe15_: 1 Time(s)
/resolutionen/wise17/Akkreditierung_PosPap/Pospap_: 1 Time(s)
/sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
/storage/.env: 1 Time(s)
/util/login.aspx: 1 Time(s)
/vendor/.env: 1 Time(s)
/zapf/reader/%7CTagungsreader: 1 Time(s)
/zapf/resolutionen/%7D%7Bwww.zapfev.de/zapf/resolutionen%7D: 1 Time(s)
405 Method Not Allowed
/: 1 Time(s)
499 (undefined)
/build/260ef443edb4dfd026d82e2b21a4c75c.woff: 1 Time(s)
500 Internal Server Error
/: 18 Time(s)
/robots.txt: 6 Time(s)
/dns-query?dns=KhUBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE: 3 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
//login_sid.lua: 1 Time(s)
/?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
/Autodiscover/Autodiscover.xml: 1 Time(s)
/_ignition/execute-solution: 1 Time(s)
/actuator/health: 1 Time(s)
/api/jsonws/invoke: 1 Time(s)
/bag2: 1 Time(s)
/cgi-bin/config.exp: 1 Time(s)
/console/: 1 Time(s)
/index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
/mifs/.;/services/LogService: 1 Time(s)
/owa/: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (139.59.31.173): 72 Time(s)
root (116.162.54.61): 70 Time(s)
root (124.156.225.159): 70 Time(s)
root (128.199.94.218): 70 Time(s)
root (139.59.111.113): 70 Time(s)
root (45.240.88.251): 70 Time(s)
root (186.226.37.45): 69 Time(s)
root (178.128.105.7): 61 Time(s)
unknown (20.194.170.137): 48 Time(s)
root (101.32.176.44): 45 Time(s)
unknown (49.232.20.208): 44 Time(s)
unknown (81.68.70.18): 43 Time(s)
unknown (139.217.232.49): 42 Time(s)
unknown (
210-71-232-236.hinet-ip.hinet.net): 42 Time(s)
root (139.170.150.189): 40 Time(s)
unknown (119.45.43.139): 39 Time(s)
unknown (132.226.135.175): 39 Time(s)
root (180.76.104.101): 38 Time(s)
unknown (111.93.232.114): 38 Time(s)
unknown (198.23.148.137): 38 Time(s)
unknown (121.5.141.234): 37 Time(s)
root (195.114.8.241): 36 Time(s)
unknown (116.85.39.130): 36 Time(s)
unknown (200.60.92.170): 35 Time(s)
unknown (megabbq.site): 35 Time(s)
unknown (134.209.77.218): 34 Time(s)
unknown (134.209.70.76): 33 Time(s)
unknown (154.127.82.66): 33 Time(s)
unknown (143.110.184.88): 32 Time(s)
unknown (148.70.250.254): 31 Time(s)
unknown (172.81.251.217): 31 Time(s)
unknown (121.4.74.61): 29 Time(s)
unknown (190.191.70.202): 29 Time(s)
unknown (128.199.197.21): 28 Time(s)
unknown (182.61.29.182): 28 Time(s)
root (181.166.181.38): 27 Time(s)
unknown (31.32.16.198): 27 Time(s)
unknown (45.10.24.71): 27 Time(s)
root (123.207.250.132): 24 Time(s)
unknown (62.234.148.88): 24 Time(s)
root (188.166.22.79): 23 Time(s)
root (189.154.98.68): 22 Time(s)
unknown (121.4.154.134): 22 Time(s)
unknown (132.232.2.100): 22 Time(s)
unknown (159.75.126.127): 21 Time(s)
root (121.204.213.37): 20 Time(s)
root (186.67.229.154): 20 Time(s)
root (118.25.10.3): 19 Time(s)
root (128.199.22.32): 19 Time(s)
root (49.232.201.233): 19 Time(s)
root (49.233.2.204): 19 Time(s)
root (81.68.230.55): 19 Time(s)
unknown (
li83-170.members.linode.com): 19 Time(s)
root (103.43.186.10): 18 Time(s)
root (119.45.35.97): 18 Time(s)
root (139.198.122.116): 18 Time(s)
root (152.32.213.192): 18 Time(s)
root (159.203.185.151): 18 Time(s)
root (165.227.165.128): 18 Time(s)
root (212.64.69.175): 18 Time(s)
unknown (36.22.187.34): 18 Time(s)
root (190.191.70.202): 17 Time(s)
root (58.243.181.70): 17 Time(s)
root (119.45.43.139): 15 Time(s)
root (124.239.148.63): 15 Time(s)
root (125.124.182.52): 15 Time(s)
root (180.76.112.15): 15 Time(s)
root (68.183.88.166): 15 Time(s)
unknown (49.234.234.164): 15 Time(s)
root (189.15.195.125): 14 Time(s)
root (106.52.31.195): 13 Time(s)
root (106.75.141.160): 13 Time(s)
root (116.85.39.130): 13 Time(s)
root (121.5.166.139): 13 Time(s)
root (139.217.232.49): 13 Time(s)
root (150.136.85.176): 13 Time(s)
root (51.15.204.155): 13 Time(s)
root (121.5.141.234): 12 Time(s)
root (143.110.184.88): 12 Time(s)
root (81.68.143.205): 12 Time(s)
unknown (119.29.53.168): 12 Time(s)
unknown (
momicome.com): 12 Time(s)
root (45.10.24.71): 11 Time(s)
unknown (107.0.200.227): 11 Time(s)
root (121.4.74.61): 10 Time(s)
root (134.209.70.76): 10 Time(s)
root (172.81.251.217): 10 Time(s)
root (82.156.246.141): 10 Time(s)
unknown (1.15.50.218): 10 Time(s)
root (107.170.37.74): 9 Time(s)
root (132.232.2.100): 9 Time(s)
root (154.127.82.66): 9 Time(s)
root (159.75.126.127): 9 Time(s)
unknown (152.200.143.218): 9 Time(s)
unknown (167.99.77.94): 9 Time(s)
unknown (45.146.165.151): 9 Time(s)
root (132.226.135.175): 8 Time(s)
root (104.131.41.109): 7 Time(s)
root (121.4.154.134): 7 Time(s)
root (134.209.77.218): 7 Time(s)
root (182.61.29.182): 7 Time(s)
unknown (14.63.220.150): 7 Time(s)
root (128.199.197.21): 6 Time(s)
root (148.70.250.254): 6 Time(s)
root (
70f220112da1.cpe.westmancom.com): 6 Time(s)
root (
li83-170.members.linode.com): 6 Time(s)
unknown (101.32.48.90): 6 Time(s)
unknown (
slot0.fianinc.com): 6 Time(s)
root (118.24.107.179): 5 Time(s)
root (152.136.224.227): 5 Time(s)
root (45.146.165.151): 4 Time(s)
unknown (200.73.133.32): 4 Time(s)
postgres (132.226.135.175): 3 Time(s)
postgres (20.194.170.137): 3 Time(s)
root (200.60.92.170): 3 Time(s)
root (49.232.20.208): 3 Time(s)
root (49.234.234.164): 3 Time(s)
unknown (121.5.75.161): 3 Time(s)
mysql (
210-71-232-236.hinet-ip.hinet.net): 2 Time(s)
postgres (139.217.232.49): 2 Time(s)
postgres (14.63.220.150): 2 Time(s)
postgres (81.68.70.18): 2 Time(s)
postgres (megabbq.site): 2 Time(s)
root (167.99.77.94): 2 Time(s)
root (20.194.170.137): 2 Time(s)
root (42.193.107.150): 2 Time(s)
root (43.226.155.16): 2 Time(s)
root (45.135.232.165): 2 Time(s)
temp (megabbq.site): 2 Time(s)
unknown (106.13.94.193): 2 Time(s)
unknown (121.186.193.6): 2 Time(s)
unknown (42.193.107.150): 2 Time(s)
unknown (ppp046177071138.access.hol.gr): 2 Time(s)
www-data (200.60.92.170): 2 Time(s)
backup (119.45.43.139): 1 Time(s)
mysql (111.93.232.114): 1 Time(s)
mysql (116.85.39.130): 1 Time(s)
mysql (119.29.53.168): 1 Time(s)
mysql (128.199.197.21): 1 Time(s)
mysql (143.110.184.88): 1 Time(s)
mysql (148.70.250.254): 1 Time(s)
mysql (172.81.251.217): 1 Time(s)
mysql (45.10.24.71): 1 Time(s)
mysql (62.234.148.88): 1 Time(s)
mysql (81.68.70.18): 1 Time(s)
mysql (
li83-170.members.linode.com): 1 Time(s)
news (139.217.232.49): 1 Time(s)
news (172.81.251.217): 1 Time(s)
openproject (45.10.24.71): 1 Time(s)
postgres (107.0.200.227): 1 Time(s)
postgres (121.4.154.134): 1 Time(s)
postgres (121.4.74.61): 1 Time(s)
postgres (128.199.197.21): 1 Time(s)
postgres (134.209.70.76): 1 Time(s)
postgres (152.200.143.218): 1 Time(s)
postgres (159.75.126.127): 1 Time(s)
postgres (172.81.251.217): 1 Time(s)
postgres (200.60.92.170): 1 Time(s)
postgres (31.32.16.198): 1 Time(s)
postgres (49.232.20.208): 1 Time(s)
postgres (62.234.148.88): 1 Time(s)
root (1.15.50.218): 1 Time(s)
root (116.204.160.115): 1 Time(s)
root (125.60.148.184): 1 Time(s)
root (145-241-126-200.fibertel.com.ar): 1 Time(s)
root (152.200.143.218): 1 Time(s)
root (159.75.2.130): 1 Time(s)
root (185.220.102.243): 1 Time(s)
root (200.73.133.32): 1 Time(s)
root (208.91.105.82): 1 Time(s)
root (23.129.64.237): 1 Time(s)
root (61.51.95.194): 1 Time(s)
root (81.68.244.219): 1 Time(s)
root (81.68.70.18): 1 Time(s)
root (
momicome.com): 1 Time(s)
root (p5dcb4fc8.dip0.t-ipconnect.de): 1 Time(s)
root (p5dcb5b67.dip0.t-ipconnect.de): 1 Time(s)
temp (20.194.170.137): 1 Time(s)
temp (81.68.70.18): 1 Time(s)
unknown (115.236.67.42): 1 Time(s)
unknown (139.59.31.173): 1 Time(s)
unknown (152.136.112.24): 1 Time(s)
unknown (185.220.102.246): 1 Time(s)
unknown (188.214.104.146): 1 Time(s)
unknown (202.137.20.53): 1 Time(s)
unknown (23.129.64.203): 1 Time(s)
unknown (45.135.232.165): 1 Time(s)
unknown (45.153.160.130): 1 Time(s)
unknown (45.153.160.132): 1 Time(s)
unknown (45.153.160.135): 1 Time(s)
unknown (45.153.160.2): 1 Time(s)
unknown (49.232.198.139): 1 Time(s)
unknown (49.234.58.18): 1 Time(s)
unknown (68.183.144.104): 1 Time(s)
www-data (20.194.170.137): 1 Time(s)
www-data (200.73.133.32): 1 Time(s)
Invalid Users:
Unknown Account: 1140 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
5 Miscellaneous warnings
51.201K Bytes accepted 52,430
51.201K Bytes sent via SMTP 52,430
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
3 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
3 Total 4xx Rejects 100.00%
======== ==================================================
491 Connections
132 Connections lost (inbound)
491 Disconnections
1 Removed from queue
1 Sent via SMTP
49 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End
-------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 1 Time(s)
Failed logins from:
1.15.50.218: 1 time
14.63.220.150: 2 times
20.194.170.137: 7 times
23.129.64.237: 1 time
24.245.227.211 (
70f220112da1.cpe.westmancom.com): 6 times
31.32.16.198: 1 time
42.193.107.150: 2 times
43.226.155.16: 7 times
45.10.24.71 (
45-10-24-71.beststandard2net.com): 13 times
45.135.232.165: 2 times
45.146.165.151: 4 times
45.240.88.251: 70 times
49.232.20.208: 4 times
49.232.201.233: 19 times
49.233.2.204: 19 times
49.234.234.164: 3 times
51.15.204.155 (155-204-15-51.instances.scw.cloud): 13 times
58.243.181.70: 17 times
61.51.95.194: 1 time
62.234.148.88: 2 times
68.183.88.166: 15 times
74.207.241.170 (
li83-170.members.linode.com): 7 times
81.68.70.18: 5 times
81.68.143.205: 12 times
81.68.230.55: 19 times
81.68.244.219: 1 time
82.156.246.141: 10 times
93.203.79.200 (p5dcb4fc8.dip0.t-ipconnect.de): 1 time
93.203.91.103 (p5dcb5b67.dip0.t-ipconnect.de): 1 time
101.32.176.44: 45 times
103.43.186.10: 17 times
104.131.41.109: 7 times
106.52.31.195: 13 times
106.75.141.160: 13 times
107.0.200.227 (
smtp.nationaltubesupply.com): 1 time
107.170.37.74: 9 times
111.93.232.114 (static-114.232.93.111-tataidc.co.in): 1 time
116.85.39.130: 14 times
116.162.54.61: 70 times
116.204.160.115: 1 time
118.24.107.179: 5 times
118.25.10.3: 19 times
119.29.53.168: 1 time
119.45.35.97: 18 times
119.45.43.139: 16 times
121.4.74.61: 11 times
121.4.154.134: 8 times
121.5.141.234: 12 times
121.5.166.139: 13 times
121.204.213.37: 20 times
123.207.250.132: 24 times
124.156.225.159: 70 times
124.239.148.63: 15 times
125.60.148.184: 1 time
125.124.182.52: 15 times
128.199.22.32: 19 times
128.199.94.218: 70 times
128.199.197.21: 8 times
132.226.135.175: 11 times
132.232.2.100: 9 times
133.167.125.193 (
momicome.com): 1 time
134.209.70.76: 11 times
134.209.77.218: 7 times
139.59.31.173: 72 times
139.59.111.113: 70 times
139.170.150.189: 40 times
139.198.122.116: 18 times
139.217.232.49: 16 times
143.110.184.88: 13 times
148.70.250.254: 7 times
150.136.85.176: 13 times
152.32.213.192: 18 times
152.136.224.227: 5 times
152.200.143.218: 2 times
154.127.82.66: 9 times
159.75.2.130: 1 time
159.75.126.127: 10 times
159.203.185.151: 18 times
165.227.165.128: 18 times
167.99.77.94: 2 times
172.81.251.217: 13 times
174.138.14.187 (megabbq.site): 4 times
178.128.105.7: 61 times
180.76.104.101: 38 times
180.76.112.15: 15 times
181.166.181.38 (38-181-166-181.fibertel.com.ar): 27 times
182.61.29.182: 7 times
185.220.102.243 (
185-220-102-243.torservers.net): 1 time
186.67.229.154: 20 times
186.226.37.45 (186-226-37-45.interline.net.br): 69 times
188.166.22.79: 23 times
189.15.195.125 (189-015-195-125.xd-dynamic.algarnetsuper.com.br): 14 times
189.154.98.68 (dsl-189-154-98-68-dyn.prod-infinitum.com.mx): 22 times
190.191.70.202 (202-70-191-190.cab.prima.net.ar): 17 times
195.114.8.241: 36 times
200.60.92.170: 6 times
200.73.133.32 (32.133.73.200.cab.prima.net.ar): 2 times
200.126.241.145 (145-241-126-200.fibertel.com.ar): 1 time
208.91.105.82: 1 time
210.71.232.236 (
210-71-232-236.HINET-IP.hinet.net): 2 times
212.64.69.175: 18 times
Illegal users from:
undef: 455 times
1.15.50.218: 10 times
14.63.220.150: 7 times
20.194.170.137: 48 times
23.129.64.203: 1 time
31.32.16.198: 27 times
36.22.187.34: 18 times
42.193.107.150: 2 times
45.10.24.71 (
45-10-24-71.beststandard2net.com): 27 times
45.135.232.165: 1 time
45.146.165.151: 9 times
45.153.160.2: 1 time
45.153.160.130: 1 time
45.153.160.132: 1 time
45.153.160.135: 1 time
46.177.71.138 (ppp046177071138.access.hol.gr): 2 times
49.232.20.208: 44 times
49.232.198.139: 1 time
49.234.58.18: 1 time
49.234.234.164: 15 times
62.234.148.88: 24 times
68.183.144.104: 1 time
74.207.241.170 (
li83-170.members.linode.com): 19 times
81.68.70.18: 43 times
101.32.48.90: 6 times
106.13.94.193: 2 times
107.0.200.227 (
smtp.nationaltubesupply.com): 11 times
111.93.232.114 (static-114.232.93.111-tataidc.co.in): 38 times
115.236.67.42: 1 time
116.85.39.130: 36 times
119.29.53.168: 12 times
119.45.43.139: 39 times
121.4.74.61: 29 times
121.4.154.134: 22 times
121.5.75.161: 3 times
121.5.141.234: 37 times
121.186.193.6: 2 times
128.199.197.21: 28 times
132.226.135.175: 39 times
132.232.2.100: 22 times
133.167.125.193 (
momicome.com): 12 times
134.209.70.76: 33 times
134.209.77.218: 34 times
139.59.31.173: 1 time
139.217.232.49: 42 times
143.110.184.88: 32 times
148.70.250.254: 31 times
152.136.112.24: 1 time
152.200.143.218: 9 times
154.127.82.66: 33 times
159.75.126.127: 21 times
167.99.77.94: 9 times
172.81.251.217: 31 times
174.138.14.187 (megabbq.site): 35 times
182.61.29.182: 28 times
185.220.102.246 (
185-220-102-246.torservers.net): 1 time
188.214.104.146 (api.squired.ro): 1 time
190.191.70.202 (202-70-191-190.cab.prima.net.ar): 29 times
198.23.148.137 (
198-23-148-137-host.colocrossing.com): 38 times
200.60.92.170: 35 times
200.73.133.32 (32.133.73.200.cab.prima.net.ar): 4 times
202.137.20.53 (ln-static-202-137-20-53.link.net.id): 1 time
203.159.80.12 (
slot0.fianinc.com): 6 times
210.71.232.236 (
210-71-232-236.HINET-IP.hinet.net): 42 times
**Unmatched Entries**
fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 53 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop47755p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################