################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Mon Jul 29 04:42:06 2019 Date Range Processed: yesterday ( 2019-Jul-28 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [124:123] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 45.33.19.168 -> 45.79.32.208:60606: 2 Time(s) A total of 1 sites probed the server 209.159.151.134 Requests with error response codes 400 Bad Request mstshash=Administr: 4 Time(s) 45.79.32.208:60606: 2 Time(s) /: 1 Time(s) /a2billing/customer/templates/default/footer.tpl: 1 Time(s) /manager/html: 1 Time(s) /manager/text/list: 1 Time(s) /vtigercrm/vtigerservice.php: 1 Time(s) \xBB\xF7\x0F\x99\xAF\xEB\x98&\xEB\x97_[~f\ ... C0$\xC0\x14\xC0: 1 Time(s) null: 1 Time(s) 403 Forbidden /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s) 404 Not Found /robots.txt: 93 Time(s) /berlin/apple-touch-icon.png: 4 Time(s) /wp-login.php: 4 Time(s) //xmlrpc.php: 1 Time(s) /admin: 1 Time(s) /admin/: 1 Time(s) /login: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/1993-wi-reader_st93.pdf: 1 Time(s) /reader/1994-wi-reader_hb94.pdf: 1 Time(s) /reader/1995-so-reader_ha95.pdf: 1 Time(s) /reader/1995-wi-reader_bn95.pdf: 1 Time(s) /reader/1998-so-reader_ro98.pdf: 1 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf%7C: 1 Time(s) /sites/default/files/2014_SoSe_Duesseldorf.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /zapf/wiki: 1 Time(s) 500 Internal Server Error /robots.txt: 31 Time(s) /: 27 Time(s) /HNAP1/: 1 Time(s) /a2billing/customer/templates/default/footer.tpl: 1 Time(s) /vtigercrm/vtigerservice.php: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (119.29.57.186): 100 Time(s) root (134.209.105.226): 100 Time(s) root (139.59.85.89): 100 Time(s) root (202.ip-51-255-168.eu): 100 Time(s) root (152.136.141.227): 94 Time(s) root (61.50.255.248): 90 Time(s) root (157.230.115.27): 71 Time(s) unknown (103.105.98.1): 66 Time(s) root (v118-27-37-73.0jtl.static.cnode.io): 62 Time(s) root (49.69.75.201): 58 Time(s) unknown (103.74.123.83): 58 Time(s) root (119-46-97-140.static.asianet.co.th): 57 Time(s) root (61.19.23.30): 57 Time(s) root (68.183.91.25): 55 Time(s) root (45.55.84.16): 52 Time(s) unknown (164.77.188.109): 51 Time(s) root (243.ip-164-132-56.eu): 48 Time(s) root (ns330008.ip-37-59-37.eu): 48 Time(s) root (static-qvn-qvd-209252.business.bouyguestelecom.com): 48 Time(s) root (177.141.163.172): 45 Time(s) root (188.166.150.79): 45 Time(s) root (150.242.99.190): 44 Time(s) root (164.77.188.109): 44 Time(s) root (40.68.153.124): 40 Time(s) unknown (v118-27-37-73.0jtl.static.cnode.io): 40 Time(s) root (165.227.0.162): 39 Time(s) unknown (192.144.175.106): 39 Time(s) root (103.1.40.189): 38 Time(s) unknown (157.230.186.166): 38 Time(s) unknown (188.166.150.79): 38 Time(s) unknown (67.55.92.89): 38 Time(s) root (78.97.218.204): 37 Time(s) unknown (ns330008.ip-37-59-37.eu): 36 Time(s) unknown (laubervilliers-659-1-35-71.w92-154.abo.wanadoo.fr): 35 Time(s) unknown (static-qvn-qvd-209252.business.bouyguestelecom.com): 34 Time(s) unknown (167.71.201.123): 33 Time(s) unknown (103.103.181.19): 32 Time(s) unknown (45.55.84.16): 32 Time(s) unknown (150.242.99.190): 31 Time(s) unknown (185.66.69.92): 31 Time(s) root (109.116.196.174): 30 Time(s) root (165.22.21.221): 29 Time(s) root (182.61.136.23): 29 Time(s) root (185.66.69.92): 28 Time(s) root (212.64.39.109): 28 Time(s) unknown (178.128.15.116): 27 Time(s) unknown (200.165.49.202): 27 Time(s) root (104.131.7.48): 26 Time(s) root (67.55.92.89): 25 Time(s) unknown (68.183.91.25): 25 Time(s) root (218.201.24.10): 24 Time(s) unknown (157.230.115.27): 23 Time(s) unknown (103.1.40.189): 19 Time(s) unknown (103.63.109.74): 18 Time(s) root (103.74.123.83): 16 Time(s) unknown (49.69.75.201): 16 Time(s) unknown (109.116.196.174): 15 Time(s) unknown (243.ip-164-132-56.eu): 15 Time(s) root (192.144.175.106): 14 Time(s) unknown (69.230.132.67): 14 Time(s) unknown (119-46-97-140.static.asianet.co.th): 13 Time(s) root (117.156.119.39): 12 Time(s) root (191.ip-51-77-221.eu): 12 Time(s) root (123.206.76.184): 11 Time(s) root (laubervilliers-659-1-35-71.w92-154.abo.wanadoo.fr): 10 Time(s) unknown (40.68.153.124): 10 Time(s) unknown (165.227.0.162): 9 Time(s) unknown (152.136.141.227): 8 Time(s) root (103.105.98.1): 7 Time(s) unknown (177.141.163.172): 7 Time(s) unknown (78.97.218.204): 7 Time(s) root (167.71.201.123): 6 Time(s) root (218.92.0.174): 6 Time(s) root (218.92.0.186): 6 Time(s) root (178.128.15.116): 4 Time(s) root (189-19-213-121.dsl.telesp.net.br): 3 Time(s) root (221.162.255.70): 3 Time(s) unknown (119.29.57.186): 3 Time(s) unknown (61.19.23.30): 3 Time(s) unknown (92.63.194.26): 3 Time(s) unknown (ip94.ip-178-32-10.eu): 3 Time(s) root (103.63.109.74): 2 Time(s) root (167.99.3.40): 2 Time(s) root (195.24.207.252): 2 Time(s) root (200.165.49.202): 2 Time(s) root (216.211.250.8): 2 Time(s) root (217.61.20.160): 2 Time(s) root (27.223.7.1): 2 Time(s) root (69.230.132.67): 2 Time(s) unknown (112.16.196.104.bc.googleusercontent.com): 2 Time(s) unknown (121.142.111.106): 2 Time(s) unknown (139.59.85.89): 2 Time(s) unknown (27.223.7.1): 2 Time(s) unknown (36.89.209.22): 2 Time(s) unknown (40.124.4.131): 2 Time(s) games (157.230.110.11): 1 Time(s) nobody (157.230.110.11): 1 Time(s) postgres (128.199.255.146): 1 Time(s) postgres (server.herojus.lt): 1 Time(s) root (103.85.10.99): 1 Time(s) root (104.248.255.118): 1 Time(s) root (105.223.194.35.bc.googleusercontent.com): 1 Time(s) root (112.85.42.180): 1 Time(s) root (114-32-218-77.hinet-ip.hinet.net): 1 Time(s) root (118.175.58.12): 1 Time(s) root (120.92.104.116): 1 Time(s) root (121.142.111.106): 1 Time(s) root (124.158.5.112): 1 Time(s) root (125.212.254.144): 1 Time(s) root (128.199.136.129): 1 Time(s) root (129.28.191.33): 1 Time(s) root (132.232.198.170): 1 Time(s) root (132.255.29.228): 1 Time(s) root (139.59.9.58): 1 Time(s) root (142.93.101.13): 1 Time(s) root (152.136.125.210): 1 Time(s) root (157.230.186.166): 1 Time(s) root (159.65.151.216): 1 Time(s) root (159.65.7.56): 1 Time(s) root (159.89.165.127): 1 Time(s) root (174.138.56.93): 1 Time(s) root (178.254.147.219): 1 Time(s) root (185.81.96.80): 1 Time(s) root (190.119.190.122): 1 Time(s) root (190.166.252.202): 1 Time(s) root (190.40.45.178): 1 Time(s) root (2.ip-51-68-141.eu): 1 Time(s) root (20.ip-46-105-30.eu): 1 Time(s) root (200.84.177.9): 1 Time(s) root (203.160.91.226): 1 Time(s) root (206.189.65.11): 1 Time(s) root (246.148.203.35.bc.googleusercontent.com): 1 Time(s) root (37.156.146.43): 1 Time(s) root (49.88.112.57): 1 Time(s) root (59.167.178.41): 1 Time(s) root (61.183.35.44): 1 Time(s) root (68.183.133.21): 1 Time(s) root (69.17.158.101): 1 Time(s) root (76.ip-37-59-104.eu): 1 Time(s) root (81.74.229.246): 1 Time(s) root (82.ip-176-31-162.eu): 1 Time(s) root (93-61-134-60.ip146.fastwebnet.it): 1 Time(s) root (abi-hosting.onsite.hosting.co.za): 1 Time(s) root (b2b-37-24-118-239.unitymedia.biz): 1 Time(s) root (c-68-57-86-37.hsd1.tn.comcast.net): 1 Time(s) root (francesco.ru): 1 Time(s) root (mail.socialyze.asia): 1 Time(s) root (ns333800.ip-37-187-127.eu): 1 Time(s) root (oc-129-150-112-159.compute.oraclecloud.com): 1 Time(s) root (postur.emax.is): 1 Time(s) root (static-201-244-36-148.static.etb.net.co): 1 Time(s) root (tor-exit1-readme.dfri.se): 1 Time(s) unknown (103.94.130.4): 1 Time(s) unknown (104.236.81.204): 1 Time(s) unknown (121.190.197.205): 1 Time(s) unknown (122.32.139.169): 1 Time(s) unknown (123.214.186.186): 1 Time(s) unknown (128.199.100.253): 1 Time(s) unknown (128.199.133.249): 1 Time(s) unknown (13.ip-51-75-247.eu): 1 Time(s) unknown (134.209.105.226): 1 Time(s) unknown (141.pool85-50-116.dynamic.orange.es): 1 Time(s) unknown (142.93.101.13): 1 Time(s) unknown (159.65.149.131): 1 Time(s) unknown (159.65.236.58): 1 Time(s) unknown (165.22.21.221): 1 Time(s) unknown (174.138.56.93): 1 Time(s) unknown (178-153-190-109.dsl.ovh.fr): 1 Time(s) unknown (178.128.3.152): 1 Time(s) unknown (178.128.79.169): 1 Time(s) unknown (182.52.224.33): 1 Time(s) unknown (182.61.136.23): 1 Time(s) unknown (188.226.250.187): 1 Time(s) unknown (193.32.163.182): 1 Time(s) unknown (201.49.110.210): 1 Time(s) unknown (202.ip-51-255-168.eu): 1 Time(s) unknown (206.189.166.172): 1 Time(s) unknown (206.189.94.158): 1 Time(s) unknown (218.201.24.10): 1 Time(s) unknown (61.50.255.248): 1 Time(s) unknown (61.72.254.71): 1 Time(s) unknown (76.ip-37-59-104.eu): 1 Time(s) unknown (94.51.75.234): 1 Time(s) unknown (host-105-235-116-254.afnet.net): 1 Time(s) unknown (oc-129-150-112-159.compute.oraclecloud.com): 1 Time(s) unknown (ool-8e366592.static.optonline.net): 1 Time(s) unknown (server.herojus.lt): 1 Time(s) unknown (wsip-72-215-255-135.lf.br.cox.net): 1 Time(s) uucp (150.242.99.190): 1 Time(s) Invalid Users: Unknown Account: 945 Time(s) systemd-user: Unknown Entries: session closed for user root: 2 Time(s) session opened for user root by (uid=0): 2 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 4 Miscellaneous warnings 23.019K Bytes accepted 23,571 23.019K Bytes sent via SMTP 23,571 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 8 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 8 Total 4xx Rejects 100.00% ======== ================================================== 709 Connections 698 Connections lost (inbound) 709 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 2 Time(s) Failed logins from: 5.23.79.3 (postur.emax.is): 1 time 27.223.7.1: 2 times 35.194.223.105 (105.223.194.35.bc.googleusercontent.com): 1 time 35.203.148.246 (246.148.203.35.bc.googleusercontent.com): 1 time 37.24.118.239 (b2b-37-24-118-239.unitymedia.biz): 1 time 37.59.37.69 (ns330008.ip-37-59-37.eu): 48 times 37.59.104.76 (76.ip-37-59-104.eu): 1 time 37.156.146.43: 1 time 37.187.127.201 (ns333800.ip-37-187-127.eu): 1 time 40.68.153.124: 40 times 45.55.84.16: 52 times 46.101.163.220 (server.herojus.lt): 1 time 46.105.30.20 (20.ip-46-105-30.eu): 1 time 49.69.75.201: 58 times 49.88.112.57: 3 times 51.68.141.2 (2.ip-51-68-141.eu): 1 time 51.77.221.191 (191.ip-51-77-221.eu): 12 times 51.255.168.202 (202.ip-51-255-168.eu): 100 times 59.167.178.41: 1 time 61.19.23.30: 57 times 61.50.255.248: 90 times 61.183.35.44: 1 time 67.55.92.89: 25 times 68.57.86.37 (c-68-57-86-37.hsd1.tn.comcast.net): 1 time 68.183.91.25: 55 times 68.183.133.21: 1 time 69.17.158.101: 1 time 69.230.132.67: 2 times 78.97.218.204: 37 times 81.74.229.246: 1 time 89.90.209.252 (static-qvn-qvd-209252.business.bouyguestelecom.com): 48 times 89.108.84.80 (francesco.ru): 1 time 92.154.54.71 (laubervilliers-659-1-35-71.w92-154.abo.wanadoo.fr): 10 times 93.61.134.60 (93-61-134-60.ip146.fastwebnet.it): 1 time 103.1.40.189: 38 times 103.57.210.12 (mail.socialyze.asia): 1 time 103.63.109.74 (static.cmcti.vn): 2 times 103.74.123.83 (sv123083.bkns.vn): 16 times 103.85.10.99: 1 time 103.105.98.1 (ipv4-ip1-98-105-103.apik.co.id): 7 times 104.131.7.48 (dharmatala.net): 26 times 104.248.255.118: 1 time 109.116.196.174: 30 times 112.85.42.180: 3 times 114.32.218.77 (114-32-218-77.HINET-IP.hinet.net): 1 time 117.156.119.39: 12 times 118.27.37.73 (v118-27-37-73.0jtl.static.cnode.io): 62 times 118.175.58.12 (118-175-58-12.adsl.totbb.net): 1 time 119.29.57.186: 100 times 119.46.97.140 (119-46-97-140.static.asianet.co.th): 57 times 120.92.104.116: 1 time 121.142.111.106: 1 time 123.206.76.184: 11 times 124.158.5.112: 1 time 125.212.254.144: 1 time 128.199.136.129: 1 time 128.199.255.146: 1 time 129.28.191.33: 1 time 129.150.112.159 (oc-129-150-112-159.compute.oraclecloud.com): 1 time 132.232.198.170: 1 time 132.255.29.228 (132-255-29-228.informac.com.br): 1 time 134.209.105.226: 100 times 139.59.9.58: 1 time 139.59.85.89 (187125.cloudwaysapps.com): 100 times 142.93.101.13: 1 time 150.242.99.190: 45 times 152.136.125.210: 1 time 152.136.141.227: 94 times 157.230.110.11: 2 times 157.230.115.27: 71 times 157.230.186.166: 1 time 159.65.7.56: 1 time 159.65.151.216: 1 time 159.89.165.127: 1 time 164.77.188.109: 44 times 164.132.56.243 (243.ip-164-132-56.eu): 48 times 165.22.21.221: 29 times 165.227.0.162: 39 times 167.71.201.123: 6 times 167.99.3.40: 2 times 171.25.193.77 (tor-exit1-readme.dfri.se): 1 time 174.138.56.93: 1 time 176.31.162.82 (82.ip-176-31-162.eu): 1 time 177.141.163.172 (b18da3ac.virtua.com.br): 45 times 178.128.15.116: 4 times 178.254.147.219 (free-147-219.mediaworksit.net): 1 time 182.61.136.23: 29 times 185.66.69.92: 28 times 185.81.96.80: 1 time 188.166.150.79: 45 times 189.19.213.121 (189-19-213-121.dsl.telesp.net.br): 3 times 190.40.45.178: 1 time 190.119.190.122: 1 time 190.166.252.202 (mail.solidaridad.gov.do): 1 time 192.144.175.106: 14 times 195.24.207.252 (conac.camnet.cm): 2 times 196.35.41.86 (abi-hosting.onsite.hosting.co.za): 1 time 200.84.177.9 (200.84.177-9.dyn.dsl.cantv.net): 1 time 200.165.49.202: 2 times 201.244.36.148 (static-201-244-36-148.static.etb.net.co): 1 time 203.160.91.226: 1 time 206.189.65.11: 1 time 212.64.39.109: 28 times 216.211.250.8 (mta-0-1d-cd-d0-63-ea.mta.norwoodlight.com): 2 times 217.61.20.160 (host160-20-61-217.static.arubacloud.com): 2 times 218.92.0.174: 6 times 218.92.0.186: 6 times 218.201.24.10: 24 times 221.162.255.70: 3 times Illegal users from: undef: 882 times 27.223.7.1: 2 times 36.89.209.22: 2 times 37.59.37.69 (ns330008.ip-37-59-37.eu): 36 times 37.59.104.76 (76.ip-37-59-104.eu): 1 time 40.68.153.124: 10 times 40.124.4.131: 2 times 45.55.84.16: 32 times 46.101.163.220 (server.herojus.lt): 1 time 49.69.75.201: 16 times 51.75.247.13 (13.ip-51-75-247.eu): 1 time 51.255.168.202 (202.ip-51-255-168.eu): 1 time 61.19.23.30: 3 times 61.50.255.248: 1 time 61.72.254.71: 1 time 67.55.92.89: 38 times 68.183.91.25: 25 times 69.230.132.67: 14 times 72.215.255.135 (wsip-72-215-255-135.lf.br.cox.net): 1 time 78.97.218.204: 7 times 85.50.116.141 (141.pool85-50-116.dynamic.orange.es): 1 time 89.90.209.252 (static-qvn-qvd-209252.business.bouyguestelecom.com): 34 times 92.63.194.26: 3 times 92.154.54.71 (laubervilliers-659-1-35-71.w92-154.abo.wanadoo.fr): 35 times 94.51.75.234: 1 time 103.1.40.189: 19 times 103.63.109.74 (static.cmcti.vn): 18 times 103.74.123.83 (sv123083.bkns.vn): 58 times 103.94.130.4: 1 time 103.103.181.19: 32 times 103.105.98.1 (ipv4-ip1-98-105-103.apik.co.id): 66 times 104.196.16.112 (112.16.196.104.bc.googleusercontent.com): 2 times 104.236.81.204: 1 time 105.235.116.254 (host-105-235-116-254.afnet.net): 1 time 109.116.196.174: 15 times 109.190.153.178 (178-153-190-109.dsl.ovh.fr): 1 time 118.27.37.73 (v118-27-37-73.0jtl.static.cnode.io): 40 times 119.29.57.186: 3 times 119.46.97.140 (119-46-97-140.static.asianet.co.th): 13 times 121.142.111.106: 2 times 121.190.197.205: 1 time 122.32.139.169: 1 time 123.214.186.186: 1 time 128.199.100.253: 1 time 128.199.133.249 (152717.cloudwaysapps.com): 1 time 129.150.112.159 (oc-129-150-112-159.compute.oraclecloud.com): 1 time 134.209.105.226: 1 time 139.59.85.89 (187125.cloudwaysapps.com): 2 times 142.54.101.146 (ool-8e366592.static.optonline.net): 1 time 142.93.101.13: 1 time 150.242.99.190: 31 times 152.136.141.227: 8 times 157.230.115.27: 23 times 157.230.186.166: 38 times 159.65.149.131 (187449.cloudwaysapps.com): 1 time 159.65.236.58: 1 time 164.77.188.109: 51 times 164.132.56.243 (243.ip-164-132-56.eu): 15 times 165.22.21.221: 1 time 165.227.0.162: 9 times 167.71.201.123: 33 times 174.138.56.93: 1 time 177.141.163.172 (b18da3ac.virtua.com.br): 7 times 178.32.10.94 (ip94.ip-178-32-10.eu): 3 times 178.128.3.152: 1 time 178.128.15.116: 27 times 178.128.79.169: 1 time 182.52.224.33 (node-189t.pool-182-52.dynamic.totinternet.net): 1 time 182.61.136.23: 1 time 185.66.69.92: 31 times 188.166.150.79: 38 times 188.226.250.187: 1 time 192.144.175.106: 39 times 193.32.163.182 (hosting-by.cloud-home.me): 1 time 200.165.49.202: 27 times 201.49.110.210 (static-201-49-110-210.optitel.net.br): 1 time 206.189.94.158: 1 time 206.189.166.172: 1 time 218.201.24.10: 1 time Users logging in through sshd: root: 192.52.1.66 (eduroam-192-52-1-66.mobile.uni-freiburg.de): 1 time 192.52.1.200 (eduroam-192-52-1-200.mobile.uni-freiburg.de): 1 time ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################