################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Fri Jul 19 04:42:08 2019 Date Range Processed: yesterday ( 2019-Jul-18 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [239:239] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 61.219.11.153 Requests with error response codes 400 Bad Request /socket.io/?noteId=ECINREjwRCaiLzxNLVrhxg& ... idaqR-bG3n3AAKH: 3 Time(s) null: 2 Time(s) /: 1 Time(s) /shell?busybox: 1 Time(s) mstshash=Administr: 1 Time(s) 404 Not Found /robots.txt: 45 Time(s) /http://zapfev.de/: 2 Time(s) /adminer-4.2.5.php: 1 Time(s) /adminer-4.3.0.php: 1 Time(s) /adminer-4.3.1.php: 1 Time(s) /adminer-4.4.0.php: 1 Time(s) /adminer-4.5.0.php: 1 Time(s) /adminer-4.6.0.php: 1 Time(s) /adminer-4.6.1.php: 1 Time(s) /adminer-4.6.2.php: 1 Time(s) /berlin/orientierung/apple-touch-icon.png: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/Sammlung_aller_Resolutionen.pdf: 1 Time(s) /reader/SoSe13_AK_MatheVorkurs.pdf: 1 Time(s) /reader/SoSe14_AK_Kommentierte_Studienordnungen.pdf: 1 Time(s) /reader/SoSe14_AK_Pr%C3%BCfungssystem_Sammlung.pdf: 1 Time(s) /reader/SoSe14_AK_Zivilklausel.pdf: 1 Time(s) /reader/SoSe15_AK_Studienf%C3%BChrer.pdf: 1 Time(s) /reader/WiSe12_AK_Schule-Studium.pdf: 1 Time(s) /reader/WiSe14_AK_GO_und_Satzungs%C3%A4nderung.pdf: 1 Time(s) /reader/ZiP_Zivilklausel.pdf: 1 Time(s) /sites/default/files/2010_WiSe_Berlin.pdf: 1 Time(s) /sites/default/files/Positionspapier_WiSe1 ... s_Studieren.pdf: 1 Time(s) /syofipctodmovze.html: 1 Time(s) 500 Internal Server Error /robots.txt: 52 Time(s) /: 14 Time(s) /HNAP1/: 4 Time(s) /admin//config.php: 1 Time(s) /dialplan.xml: 1 Time(s) /pv/000000000000.cfg: 1 Time(s) /pv/y000000000000.cfg: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (104.248.150.152): 227 Time(s) unknown (132.232.40.86): 186 Time(s) unknown (139.198.120.96): 186 Time(s) unknown (147.ip-51-38-176.eu): 135 Time(s) unknown (223.71.139.97): 132 Time(s) unknown (spl29-1-88-121-68-131.fbx.proxad.net): 120 Time(s) unknown (119.28.50.163): 115 Time(s) unknown (183.109.79.252): 114 Time(s) unknown (191.232.50.24): 113 Time(s) unknown (lneuilly-657-1-19-128.w90-63.abo.wanadoo.fr): 110 Time(s) unknown (181.123.9.130): 100 Time(s) unknown (186.153.0.171): 100 Time(s) unknown (64.202.187.152): 90 Time(s) unknown (eeh162.internetdsl.tpnet.pl): 87 Time(s) unknown (154.120.242.70): 80 Time(s) unknown (mktg.zero7eleven.com): 76 Time(s) unknown (167.99.234.170): 74 Time(s) unknown (67.ip-37-187-54.eu): 73 Time(s) unknown (196.46.36.144): 48 Time(s) unknown (142.4.204.122): 41 Time(s) unknown (197.ip-51-38-134.eu): 36 Time(s) root (104.248.150.152): 17 Time(s) root (132.232.40.86): 15 Time(s) root (139.198.120.96): 15 Time(s) root (223.71.139.97): 14 Time(s) unknown (212.64.39.109): 14 Time(s) root (183.109.79.252): 13 Time(s) unknown (186.201.214.162): 13 Time(s) root (64.202.187.152): 12 Time(s) root (147.ip-51-38-176.eu): 11 Time(s) root (181.123.9.130): 11 Time(s) root (186.153.0.171): 10 Time(s) root (mktg.zero7eleven.com): 10 Time(s) root (119.28.50.163): 9 Time(s) root (191.232.50.24): 9 Time(s) root (eeh162.internetdsl.tpnet.pl): 9 Time(s) root (lneuilly-657-1-19-128.w90-63.abo.wanadoo.fr): 8 Time(s) root (167.99.234.170): 6 Time(s) root (185.220.101.20): 6 Time(s) root (185.220.101.24): 6 Time(s) root (185.220.101.45): 6 Time(s) root (185.220.102.4): 6 Time(s) root (185.248.160.21): 6 Time(s) root (188.214.104.146): 6 Time(s) root (192.42.116.16): 6 Time(s) root (218.92.0.157): 6 Time(s) root (218.92.0.181): 6 Time(s) root (67.ip-37-187-54.eu): 6 Time(s) root (91.226.14.109): 6 Time(s) root (chomsky.torservers.net): 6 Time(s) root (marcuse-1.nos-oignons.net): 6 Time(s) root (ogopogo.relay.coldhak.com): 6 Time(s) root (slc-exit.privateinternetaccess.com): 6 Time(s) root (tor-exit4-readme.dfri.se): 6 Time(s) root (tor.laquadrature.net): 6 Time(s) unknown (66.6.23.93.rev.sfr.net): 6 Time(s) unknown (68-190-118-232.dhcp.mdsn.wi.charter.com): 6 Time(s) root (154.120.242.70): 5 Time(s) root (spl29-1-88-121-68-131.fbx.proxad.net): 5 Time(s) root (142.4.204.122): 4 Time(s) root (196.46.36.144): 4 Time(s) root (197.ip-51-38-134.eu): 4 Time(s) unknown (133-175-89-149.west.fdn.vectant.ne.jp): 4 Time(s) unknown (business-212-48-244-29.business.broadband.hu): 4 Time(s) postgres (132.232.40.86): 3 Time(s) postgres (183.109.79.252): 3 Time(s) postgres (223.71.139.97): 3 Time(s) root (212.64.39.109): 3 Time(s) root (57.red-79-157-240.dynamicip.rima-tde.net): 3 Time(s) unknown (151.51.245.48): 3 Time(s) unknown (185.220.101.46): 3 Time(s) unknown (188.166.72.240): 3 Time(s) unknown (223.27.234.253): 3 Time(s) unknown (38.133.200.42): 3 Time(s) unknown (57.red-79-157-240.dynamicip.rima-tde.net): 3 Time(s) unknown (59.8.177.80): 3 Time(s) unknown (angband.teaparty.net): 3 Time(s) backup (139.198.120.96): 2 Time(s) mysql (132.232.40.86): 2 Time(s) mysql (139.198.120.96): 2 Time(s) mysql (186.153.0.171): 2 Time(s) mysql (spl29-1-88-121-68-131.fbx.proxad.net): 2 Time(s) postgres (119.28.50.163): 2 Time(s) postgres (139.198.120.96): 2 Time(s) postgres (186.153.0.171): 2 Time(s) postgres (lneuilly-657-1-19-128.w90-63.abo.wanadoo.fr): 2 Time(s) root (61.72.254.71): 2 Time(s) unknown (115.254.63.52): 2 Time(s) unknown (121.140.179.171): 2 Time(s) unknown (13.ip-51-75-247.eu): 2 Time(s) unknown (176.31.208.193): 2 Time(s) unknown (178.124.205.60): 2 Time(s) unknown (206.189.197.48): 2 Time(s) unknown (82-64-140-9.subs.proxad.net): 2 Time(s) unknown (dsl-208-102-113-11.fuse.net): 2 Time(s) unknown (tor-exit.critical.cat): 2 Time(s) www-data (104.248.150.152): 2 Time(s) backup (191.232.50.24): 1 Time(s) backup (223.71.139.97): 1 Time(s) backup (mktg.zero7eleven.com): 1 Time(s) bin (64.202.187.152): 1 Time(s) irc (139.198.120.96): 1 Time(s) mail (183.109.79.252): 1 Time(s) man (104.248.150.152): 1 Time(s) mysql (104.248.150.152): 1 Time(s) mysql (183.109.79.252): 1 Time(s) mysql (67.ip-37-187-54.eu): 1 Time(s) mysql (business-212-48-244-29.business.broadband.hu): 1 Time(s) mysql (eeh162.internetdsl.tpnet.pl): 1 Time(s) mysql (mktg.zero7eleven.com): 1 Time(s) openproject (167.99.234.170): 1 Time(s) postfix (181.123.9.130): 1 Time(s) postgres (104.248.150.152): 1 Time(s) postgres (142.4.204.122): 1 Time(s) postgres (196.46.36.144): 1 Time(s) postgres (206.189.131.213): 1 Time(s) postgres (64.202.187.152): 1 Time(s) postgres (eeh162.internetdsl.tpnet.pl): 1 Time(s) proxy (142.4.204.122): 1 Time(s) proxy (159.203.77.51): 1 Time(s) root (118.200.199.43): 1 Time(s) root (138.197.105.79): 1 Time(s) root (165.22.251.129): 1 Time(s) root (202.186.165.63): 1 Time(s) root (206.189.88.75): 1 Time(s) root (66.6.23.93.rev.sfr.net): 1 Time(s) root (angband.teaparty.net): 1 Time(s) root (cryptolend.io): 1 Time(s) root (host86-168-153-121.range86-168.btcentralplus.com): 1 Time(s) root (ip-104-238-81-58.ip.secureserver.net): 1 Time(s) root (oc-129-150-112-159.compute.oraclecloud.com): 1 Time(s) root (phoolandevi.tor-exit.calyxinstitute.org): 1 Time(s) temp (147.ip-51-38-176.eu): 1 Time(s) unknown (103.245.72.15): 1 Time(s) unknown (118.100.3.21): 1 Time(s) unknown (118.200.199.43): 1 Time(s) unknown (119.196.83.18): 1 Time(s) unknown (123.20.162.138): 1 Time(s) unknown (124.116.156.131): 1 Time(s) unknown (128.199.242.84): 1 Time(s) unknown (159.65.148.241): 1 Time(s) unknown (159.65.7.56): 1 Time(s) unknown (159.65.81.187): 1 Time(s) unknown (165.22.251.129): 1 Time(s) unknown (174.138.56.93): 1 Time(s) unknown (178-116-159-202.access.telenet.be): 1 Time(s) unknown (178.128.156.144): 1 Time(s) unknown (182.61.160.15): 1 Time(s) unknown (182.74.53.250): 1 Time(s) unknown (185.220.101.67): 1 Time(s) unknown (188.166.237.191): 1 Time(s) unknown (190.145.136.186): 1 Time(s) unknown (193.112.19.168): 1 Time(s) unknown (193.112.46.99): 1 Time(s) unknown (193.32.163.182): 1 Time(s) unknown (195.56.253.49): 1 Time(s) unknown (197.97.228.205): 1 Time(s) unknown (202.130.82.67): 1 Time(s) unknown (203.106.141.81): 1 Time(s) unknown (206.189.88.75): 1 Time(s) unknown (209.97.187.108): 1 Time(s) unknown (215.ip-51-255-174.eu): 1 Time(s) unknown (223.83.152.207): 1 Time(s) unknown (41.72.19.1): 1 Time(s) unknown (46.101.1.198): 1 Time(s) unknown (46.101.27.6): 1 Time(s) unknown (74.208.27.191): 1 Time(s) unknown (cpe-124-178-233-118.static.vic.bigpond.net.au): 1 Time(s) unknown (ip-104-238-116-94.ip.secureserver.net): 1 Time(s) unknown (n119236144006.netvigator.com): 1 Time(s) unknown (ns207822.ip-94-23-215.eu): 1 Time(s) unknown (ns388423.ip-176-31-253.eu): 1 Time(s) unknown (oc-129-150-112-159.compute.oraclecloud.com): 1 Time(s) unknown (phoolandevi.tor-exit.calyxinstitute.org): 1 Time(s) www-data (119.28.50.163): 1 Time(s) www-data (132.232.40.86): 1 Time(s) www-data (154.120.242.70): 1 Time(s) www-data (167.99.234.170): 1 Time(s) www-data (183.109.79.252): 1 Time(s) www-data (223.71.139.97): 1 Time(s) www-data (mktg.zero7eleven.com): 1 Time(s) Invalid Users: Unknown Account: 2379 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 9 Miscellaneous warnings 20.705K Bytes accepted 21,202 20.705K Bytes sent via SMTP 21,202 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 455 Connections 85 Connections lost (inbound) 455 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Timeouts (inbound) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 16 Time(s) Failed logins from: 37.187.54.67 (67.ip-37-187-54.eu): 7 times 51.38.134.197 (197.ip-51-38-134.eu): 4 times 51.38.176.147 (147.ip-51-38-176.eu): 12 times 61.72.254.71: 2 times 64.202.187.152 (ip-64-202-187-152.secureserver.net): 14 times 77.247.181.162 (chomsky.torservers.net): 6 times 79.157.240.57 (57.red-79-157-240.dynamicip.rima-tde.net): 3 times 83.14.215.162 (eeh162.internetdsl.tpnet.pl): 11 times 86.168.153.121 (host86-168-153-121.range86-168.btcentralplus.com): 1 time 88.121.68.131 (spl29-1-88-121-68-131.fbx.proxad.net): 7 times 90.63.254.128 (lneuilly-657-1-19-128.w90-63.abo.wanadoo.fr): 10 times 91.226.14.109: 6 times 93.23.6.66 (66.6.23.93.rev.sfr.net): 1 time 104.238.81.58 (ip-104-238-81-58.ip.secureserver.net): 1 time 104.248.150.152: 22 times 118.200.199.43 (bb118-200-199-43.singnet.com.sg): 1 time 119.28.50.163: 12 times 129.150.112.159 (oc-129-150-112-159.compute.oraclecloud.com): 1 time 132.232.40.86: 21 times 138.197.105.79: 1 time 139.198.120.96: 22 times 142.4.204.122: 6 times 154.120.242.70 (154.120.242.70.liquidtelecom.net): 6 times 159.203.77.51: 1 time 162.247.74.216 (phoolandevi.tor-exit.calyxinstitute.org): 4 times 165.22.251.129: 1 time 167.99.234.170: 8 times 171.25.193.78 (tor-exit4-readme.dfri.se): 6 times 173.244.209.5 (slc-exit.privateinternetaccess.com): 6 times 178.17.171.102 (angband.teaparty.net): 1 time 178.20.55.16 (marcuse-1.nos-oignons.net): 6 times 181.123.9.130 (pool-130-9-123-181.telecel.com.py): 12 times 183.109.79.252: 19 times 185.34.33.2 (tor.laquadrature.net): 6 times 185.220.101.20: 6 times 185.220.101.24: 6 times 185.220.101.45: 6 times 185.220.102.4: 6 times 185.248.160.21: 6 times 186.153.0.171 (host171.186-153-0.telecom.net.ar): 14 times 188.214.104.146 (api.squired.ro): 6 times 191.232.50.24: 10 times 192.42.116.16 (tor-exit.hartvoorinternetvrijheid.nl): 6 times 192.160.102.170 (ogopogo.relay.coldhak.com): 6 times 192.241.167.200 (mktg.zero7eleven.com): 13 times 196.46.36.144: 5 times 202.186.165.63: 1 time 206.189.35.65 (cryptolend.io): 1 time 206.189.88.75: 1 time 206.189.131.213: 1 time 212.48.244.29 (business-212-48-244-29.business.broadband.hu): 1 time 212.64.39.109: 3 times 218.92.0.157: 6 times 218.92.0.181: 6 times 223.71.139.97: 19 times Illegal users from: undef: 1455 times 37.187.54.67 (67.ip-37-187-54.eu): 73 times 38.133.200.42: 3 times 41.72.19.1: 1 time 46.101.1.198: 1 time 46.101.27.6: 1 time 46.182.106.190 (tor-exit.critical.cat): 5 times 51.38.134.197 (197.ip-51-38-134.eu): 36 times 51.38.176.147 (147.ip-51-38-176.eu): 135 times 51.75.247.13 (13.ip-51-75-247.eu): 2 times 51.255.174.215 (215.ip-51-255-174.eu): 1 time 59.8.177.80: 3 times 64.202.187.152 (ip-64-202-187-152.secureserver.net): 90 times 68.190.118.232 (68-190-118-232.dhcp.mdsn.wi.charter.com): 6 times 74.208.27.191: 1 time 79.157.240.57 (57.red-79-157-240.dynamicip.rima-tde.net): 3 times 82.64.140.9 (82-64-140-9.subs.proxad.net): 2 times 83.14.215.162 (eeh162.internetdsl.tpnet.pl): 87 times 88.121.68.131 (spl29-1-88-121-68-131.fbx.proxad.net): 120 times 90.63.254.128 (lneuilly-657-1-19-128.w90-63.abo.wanadoo.fr): 110 times 93.23.6.66 (66.6.23.93.rev.sfr.net): 6 times 94.23.215.158 (ns207822.ip-94-23-215.eu): 1 time 103.245.72.15: 1 time 104.238.116.94 (ip-104-238-116-94.ip.secureserver.net): 1 time 104.248.150.152: 227 times 115.254.63.52: 2 times 118.100.3.21: 1 time 118.200.199.43 (bb118-200-199-43.singnet.com.sg): 1 time 119.28.50.163: 115 times 119.196.83.18: 1 time 119.236.144.6 (n119236144006.netvigator.com): 1 time 121.140.179.171: 2 times 123.20.162.138: 1 time 124.116.156.131: 1 time 124.178.233.118 (cpe-124-178-233-118.static.vic.bigpond.net.au): 1 time 128.199.242.84: 1 time 129.150.112.159 (oc-129-150-112-159.compute.oraclecloud.com): 1 time 132.232.40.86: 186 times 133.175.89.149 (133-175-89-149.west.fdn.vectant.ne.jp): 4 times 139.198.120.96: 186 times 142.4.204.122: 41 times 151.51.245.48 (adsl-ull-48-245.51-151.wind.it): 3 times 154.120.242.70 (154.120.242.70.liquidtelecom.net): 80 times 159.65.7.56: 1 time 159.65.81.187: 1 time 159.65.148.241: 1 time 162.247.74.216 (phoolandevi.tor-exit.calyxinstitute.org): 1 time 165.22.251.129: 1 time 167.99.234.170: 74 times 174.138.56.93: 1 time 176.31.208.193 (tor-exit1.netnik.xyz): 5 times 176.31.253.204 (ns388423.ip-176-31-253.eu): 1 time 178.17.171.102 (angband.teaparty.net): 3 times 178.116.159.202 (178-116-159-202.access.telenet.be): 1 time 178.124.205.60 (178.124.205.60.pppoe.vitebsk.by): 2 times 178.128.156.144: 1 time 181.123.9.130 (pool-130-9-123-181.telecel.com.py): 100 times 182.61.160.15: 1 time 182.74.53.250: 1 time 183.109.79.252: 114 times 185.220.101.46: 3 times 185.220.101.67: 1 time 186.153.0.171 (host171.186-153-0.telecom.net.ar): 100 times 186.201.214.162 (186-201-214-162.customer.tdatabrasil.net.br): 13 times 188.166.72.240: 3 times 188.166.237.191: 1 time 190.145.136.186: 1 time 191.232.50.24: 113 times 192.241.167.200 (mktg.zero7eleven.com): 76 times 193.32.163.182 (hosting-by.cloud-home.me): 1 time 193.112.19.168: 1 time 193.112.46.99: 1 time 195.56.253.49: 1 time 196.46.36.144: 48 times 197.97.228.205: 1 time 202.130.82.67: 1 time 203.106.141.81: 1 time 206.189.88.75: 1 time 206.189.197.48: 2 times 208.102.113.11 (dsl-208-102-113-11.fuse.net): 2 times 209.97.187.108: 1 time 212.48.244.29 (business-212-48-244-29.business.broadband.hu): 4 times 212.64.39.109: 14 times 223.27.234.253: 3 times 223.71.139.97: 132 times 223.83.152.207: 1 time **Unmatched Entries** fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,twofish-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 2 time(s) Disconnecting: Change of username or service not allowed: (Administrator,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (guest,ssh-connection) -> (mother,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (666666,ssh-connection) -> (888888,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (666666,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (888888,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (admin1,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (mother,ssh-connection) -> (root,ssh-connection) [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (admin1,ssh-connection) -> (admin,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################