################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Jul 14 04:42:05 2021 Date Range Processed: yesterday ( 2021-Jul-13 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [259:259] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 45.144.132.71 -> www.youtube.com:443: 1 Time(s) A total of 12 sites probed the server 103.232.53.229 205.185.115.135 209.141.41.98 209.141.50.63 34.96.130.20 45.144.132.71 5.181.235.71 64.227.97.195 64.227.99.233 66.240.205.34 76.72.172.166 84.238.24.35 Requests with error response codes 400 Bad Request null: 13 Time(s) /: 10 Time(s) /_profiler/phpinfo: 1 Time(s) /ab2g: 1 Time(s) /ab2h: 1 Time(s) /bag2: 1 Time(s) /boardDataWW.php: 1 Time(s) /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s) /vU0a: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) \x08|\x134m\x1B\xF2\xF4r\xC7\x1A\x00\x12C\ ... C0$\xC0\x14\xC0: 1 Time(s) www.youtube.com:443: 1 Time(s) 403 Forbidden /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s) 404 Not Found /robots.txt: 39 Time(s) /wp-login.php: 6 Time(s) /xmlrpc.php: 5 Time(s) /administrator/index.php: 1 Time(s) /home/verein: 1 Time(s) /home/zapf: 1 Time(s) /reader/Deutsche%20Mathematiker-Vereinigun ... Unterrichts.pdf: 1 Time(s) /resolutionen/wise17/nullergebnisse/reso_n ... sse_ws1718.pdf;: 1 Time(s) /resolutionen/wise18/reso_akkreditierungspflicht_mv/: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /stapf: 1 Time(s) /verein/vorstand/%7C: 1 Time(s) 500 Internal Server Error /: 22 Time(s) /.env: 5 Time(s) /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s) //login_sid.lua: 1 Time(s) /?XDEBUG_SESSION_START=phpstorm: 1 Time(s) /Autodiscover/Autodiscover.xml: 1 Time(s) /HNAP1/: 1 Time(s) /ReportServer: 1 Time(s) /_ignition/execute-solution: 1 Time(s) /api/jsonws/invoke: 1 Time(s) /console/: 1 Time(s) /ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s) /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s) /laravel/.env: 1 Time(s) /login: 1 Time(s) /mifs/.;/services/LogService: 1 Time(s) /nice%20ports%2C/Tri%6Eity.txt%2ebak: 1 Time(s) /owa/: 1 Time(s) /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s) /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (106.13.219.169): 70 Time(s) root (134.209.107.145): 70 Time(s) root (150.242.213.189): 70 Time(s) root (178.128.80.85): 70 Time(s) root (183.91.69.13): 70 Time(s) root (81.70.246.12): 70 Time(s) root (49.232.148.81): 69 Time(s) root (62.234.157.228): 67 Time(s) root (125.77.30.117): 58 Time(s) root (218.28.83.106): 58 Time(s) root (115.159.160.70): 56 Time(s) unknown (111.205.46.46): 53 Time(s) root (109.86.226.133): 51 Time(s) root (101.33.124.123): 50 Time(s) root (116.120.80.8): 50 Time(s) root (124.156.222.214): 50 Time(s) root (128.199.30.160): 50 Time(s) root (129.226.169.30): 50 Time(s) root (133.242.20.161): 50 Time(s) root (211.ip-51-161-32.net): 50 Time(s) root (81.68.220.63): 49 Time(s) root (112.95.225.158): 48 Time(s) root (121.5.213.241): 46 Time(s) root (189-089-221-246.static.stratus.com.br): 45 Time(s) root (197.153.47.49): 43 Time(s) root (139.198.13.109): 42 Time(s) root (36.133.112.61): 42 Time(s) root (103.215.82.159): 41 Time(s) root (dev.aws3.net): 40 Time(s) root (45.249.245.101): 37 Time(s) root (170.106.117.91): 36 Time(s) root (116.1.149.196): 35 Time(s) root (129.204.228.234): 34 Time(s) root (97.155.96.34.bc.googleusercontent.com): 31 Time(s) root (154.8.224.155): 30 Time(s) root (115.71.239.208): 29 Time(s) root (138.68.176.38): 29 Time(s) unknown (187.106.203.217): 28 Time(s) root (196.189.91.244): 25 Time(s) root (211-23-87-106.hinet-ip.hinet.net): 25 Time(s) unknown (150.158.153.128): 25 Time(s) root (119.45.202.179): 24 Time(s) unknown (rostermatch.xponex.com): 23 Time(s) unknown (106.75.230.60): 22 Time(s) unknown (112.196.76.140): 22 Time(s) unknown (103.254.198.67): 21 Time(s) unknown (175.126.73.115): 21 Time(s) unknown (106.13.40.23): 20 Time(s) unknown (115.159.214.208): 20 Time(s) unknown (121.5.18.138): 20 Time(s) unknown (200.107.160.198): 20 Time(s) unknown (222.128.46.1): 20 Time(s) unknown (45.232.75.253): 20 Time(s) unknown (85.191.214.236): 20 Time(s) unknown (41.225.17.53): 19 Time(s) unknown (81.69.251.177): 19 Time(s) unknown (88.157.229.58): 19 Time(s) unknown (v133-130-110-249.a039.g.tyo1.static.cnode.io): 19 Time(s) root (128.199.193.246): 18 Time(s) unknown (103.24.179.79): 18 Time(s) unknown (120.201.0.230): 18 Time(s) unknown (139.186.134.129): 18 Time(s) unknown (161.109.203.35.bc.googleusercontent.com): 18 Time(s) unknown (8.208.79.226): 18 Time(s) unknown (r179-27-60-34.static.adinet.com.uy): 18 Time(s) root (122.192.87.150): 17 Time(s) root (net-31-27-35-138.cust.vodafonedsl.it): 16 Time(s) unknown (1.13.1.56): 15 Time(s) unknown (118.89.108.152): 15 Time(s) root (222.128.46.1): 14 Time(s) unknown (d38-138.icpnet.pl): 14 Time(s) unknown (139.155.182.156): 13 Time(s) unknown (42.194.146.74): 12 Time(s) root (111.67.204.220): 11 Time(s) unknown (45.146.166.111): 11 Time(s) root (111.205.46.46): 10 Time(s) root (111.67.205.111): 10 Time(s) root (d38-138.icpnet.pl): 10 Time(s) unknown (141.98.10.203): 9 Time(s) unknown (205.185.125.109): 9 Time(s) unknown (66.98.45.242): 9 Time(s) root (115.159.214.208): 8 Time(s) root (175.126.73.115): 8 Time(s) root (r179-27-60-34.static.adinet.com.uy): 8 Time(s) root (103.24.179.79): 7 Time(s) root (121.5.18.138): 7 Time(s) root (41.225.17.53): 7 Time(s) root (41.226.25.4): 7 Time(s) root (45.232.75.253): 7 Time(s) root (v133-130-110-249.a039.g.tyo1.static.cnode.io): 7 Time(s) root (139.155.182.156): 6 Time(s) root (88.157.229.58): 6 Time(s) root (rostermatch.xponex.com): 6 Time(s) root (112.196.76.140): 5 Time(s) root (81.69.251.177): 5 Time(s) root (85.191.214.236): 5 Time(s) unknown (195.133.40.104): 5 Time(s) unknown (92.36.168.113): 5 Time(s) postgres (111.205.46.46): 4 Time(s) root (061093240018.static.ctinets.com): 4 Time(s) root (1.13.1.56): 4 Time(s) root (103.254.198.67): 4 Time(s) root (103.92.120.116): 4 Time(s) root (120.201.0.230): 4 Time(s) root (139.186.134.129): 4 Time(s) root (150.158.153.128): 4 Time(s) unknown (104.225.236.41.16clouds.com): 4 Time(s) root (106.13.40.23): 3 Time(s) root (118.89.108.152): 3 Time(s) root (157.245.100.31): 3 Time(s) root (181.214.243.18): 3 Time(s) root (187.106.203.217): 3 Time(s) root (200.107.160.198): 3 Time(s) root (42.194.146.74): 3 Time(s) unknown (103.123.25.80): 3 Time(s) unknown (141.98.10.179): 3 Time(s) unknown (141.98.10.29): 3 Time(s) unknown (205.185.127.25): 3 Time(s) unknown (45.135.232.165): 3 Time(s) unknown (45.146.165.72): 3 Time(s) mysql (111.205.46.46): 2 Time(s) postgres (106.75.230.60): 2 Time(s) postgres (112.196.76.140): 2 Time(s) postgres (81.69.251.177): 2 Time(s) root (103.123.25.80): 2 Time(s) root (104.225.236.41.16clouds.com): 2 Time(s) root (45.146.166.111): 2 Time(s) root (8.208.79.226): 2 Time(s) root (81.161.63.253): 2 Time(s) root (92.36.168.113): 2 Time(s) unknown (107-131-14-238.lightspeed.irvnca.sbcglobal.net): 2 Time(s) unknown (210.211.116.80): 2 Time(s) unknown (81.68.220.63): 2 Time(s) unknown (ec2-18-221-104-12.us-east-2.compute.amazonaws.com): 2 Time(s) backup (104.225.236.41.16clouds.com): 1 Time(s) backup (115.159.214.208): 1 Time(s) mysql (187.106.203.217): 1 Time(s) postgres (115.159.214.208): 1 Time(s) postgres (118.89.108.152): 1 Time(s) postgres (139.155.182.156): 1 Time(s) postgres (41.225.17.53): 1 Time(s) postgres (d38-138.icpnet.pl): 1 Time(s) proxy (d38-138.icpnet.pl): 1 Time(s) root (1.14.183.243): 1 Time(s) root (101.32.116.215): 1 Time(s) root (103.205.5.176): 1 Time(s) root (106.75.230.60): 1 Time(s) root (114.7.162.198): 1 Time(s) root (122.114.189.89): 1 Time(s) root (124.160.83.138): 1 Time(s) root (138.94.162.75): 1 Time(s) root (156.250.12.30): 1 Time(s) root (167.99.96.114): 1 Time(s) root (170.81.132.255): 1 Time(s) root (180.250.124.227): 1 Time(s) root (185.220.102.243): 1 Time(s) root (185.65.134.175): 1 Time(s) root (196.44.182.183): 1 Time(s) root (198.144.121.93): 1 Time(s) root (209.127.17.242): 1 Time(s) root (209.pool80-102-214.dynamic.orange.es): 1 Time(s) root (45.119.83.114): 1 Time(s) root (66.98.45.242): 1 Time(s) root (81.161.63.100): 1 Time(s) unknown (103.92.120.116): 1 Time(s) unknown (170.245.200.100): 1 Time(s) unknown (186.234.249.196): 1 Time(s) unknown (202.170.57.253): 1 Time(s) unknown (218.28.83.106): 1 Time(s) unknown (45.146.166.238): 1 Time(s) unknown (49.235.84.72): 1 Time(s) www-data (121.5.18.138): 1 Time(s) www-data (85.191.214.236): 1 Time(s) Invalid Users: Unknown Account: 693 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 16.312K Bytes accepted 16,704 16.312K Bytes sent via SMTP 16,704 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 8 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 8 Total 4xx Rejects 100.00% ======== ================================================== 835 Connections 710 Connections lost (inbound) 835 Disconnections 1 Removed from queue 1 Sent via SMTP 49 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 1.13.1.56: 4 times 1.14.183.243: 1 time 8.208.79.226: 2 times 31.27.35.138 (net-31-27-35-138.cust.vodafonedsl.it): 16 times 34.96.155.97 (97.155.96.34.bc.googleusercontent.com): 31 times 36.133.112.61: 42 times 41.225.17.53: 8 times 41.226.25.4: 7 times 42.194.146.74: 3 times 45.119.83.114: 1 time 45.146.166.111: 2 times 45.232.75.253: 7 times 45.249.245.101: 37 times 49.232.148.81: 69 times 51.161.32.211 (211.ip-51-161-32.net): 50 times 61.93.240.18 (061093240018.static.ctinets.com): 4 times 62.234.157.228: 67 times 66.23.233.93 (rostermatch.xponex.com): 6 times 66.98.45.242 (242.45.98.66.f.static.claro.net.do): 1 time 77.65.38.138 (d38-138.icpnet.pl): 12 times 80.102.214.209 (209.pool80-102-214.dynamic.orange.es): 1 time 81.68.220.63: 49 times 81.69.251.177: 7 times 81.70.246.12: 70 times 81.161.63.100: 1 time 81.161.63.253: 2 times 85.191.214.236: 6 times 88.157.229.58 (a88-157-229-58.static.cpe.netcabo.pt): 6 times 92.36.168.113: 2 times 101.32.116.215: 1 time 101.33.124.123: 50 times 103.24.179.79: 7 times 103.92.120.116: 4 times 103.123.25.80 (host-103-123-25-80.pky.kalteng.go.id): 2 times 103.205.5.176: 1 time 103.215.82.159: 41 times 103.254.198.67: 4 times 104.225.236.41 (104.225.236.41.16clouds.com): 3 times 106.13.40.23: 3 times 106.13.219.169: 70 times 106.75.230.60: 3 times 109.86.226.133 (133.226.86.109.triolan.net): 51 times 111.67.204.220: 11 times 111.67.205.111: 10 times 111.205.46.46: 16 times 112.95.225.158: 48 times 112.196.76.140: 7 times 114.7.162.198 (114-7-162-198.resources.indosat.com): 1 time 115.71.239.208: 29 times 115.159.160.70: 56 times 115.159.214.208: 10 times 116.1.149.196: 35 times 116.120.80.8: 50 times 118.89.108.152: 4 times 119.45.202.179: 24 times 120.201.0.230: 4 times 121.5.18.138: 8 times 121.5.213.241: 46 times 122.114.189.89: 1 time 122.192.87.150: 17 times 124.156.222.214: 50 times 124.160.83.138: 1 time 125.77.30.117: 58 times 128.199.30.160: 50 times 128.199.193.246: 18 times 129.204.228.234: 34 times 129.226.169.30: 50 times 133.130.110.249 (v133-130-110-249.a039.g.tyo1.static.cnode.io): 7 times 133.242.20.161: 50 times 134.209.107.145: 70 times 138.68.176.38: 29 times 138.94.162.75: 1 time 138.197.100.108 (dev.aws3.net): 40 times 139.155.182.156: 7 times 139.186.134.129: 4 times 139.198.13.109: 42 times 150.158.153.128: 4 times 150.242.213.189: 70 times 154.8.224.155: 30 times 156.250.12.30: 1 time 157.245.100.31: 3 times 167.99.96.114: 1 time 170.81.132.255: 1 time 170.106.117.91: 36 times 175.126.73.115: 8 times 178.128.80.85: 70 times 179.27.60.34 (r179-27-60-34.static.adinet.com.uy): 8 times 180.250.124.227: 1 time 181.214.243.18: 3 times 183.91.69.13: 70 times 185.65.134.175: 1 time 185.220.102.243 (185-220-102-243.torservers.net): 1 time 187.106.203.217 (bb6acbd9.virtua.com.br): 4 times 189.89.221.246 (189-089-221-246.static.stratus.com.br): 45 times 196.44.182.183 (183-182-44-196.broadband.yoafrica.com): 1 time 196.189.91.244: 25 times 197.153.47.49: 43 times 198.144.121.93: 1 time 200.107.160.198 (mail.fia.usmp.edu.pe): 3 times 209.127.17.242: 1 time 211.23.87.106 (211-23-87-106.HINET-IP.hinet.net): 25 times 218.28.83.106 (pc0.zz.ha.cn): 58 times 222.128.46.1: 14 times Illegal users from: undef: 393 times 1.13.1.56: 15 times 8.208.79.226: 18 times 18.221.104.12 (ec2-18-221-104-12.us-east-2.compute.amazonaws.com): 2 times 35.203.109.161 (161.109.203.35.bc.googleusercontent.com): 18 times 41.225.17.53: 19 times 42.194.146.74: 12 times 45.135.232.165: 3 times 45.146.165.72: 3 times 45.146.166.111: 11 times 45.146.166.238: 1 time 45.232.75.253: 20 times 49.235.84.72: 1 time 65.49.20.66 (scan-17.shadowserver.org): 1 time 66.23.233.93 (rostermatch.xponex.com): 23 times 66.98.45.242 (242.45.98.66.f.static.claro.net.do): 9 times 77.65.38.138 (d38-138.icpnet.pl): 14 times 81.68.220.63: 2 times 81.69.251.177: 19 times 85.191.214.236: 20 times 88.157.229.58 (a88-157-229-58.static.cpe.netcabo.pt): 19 times 92.36.168.113: 5 times 103.24.179.79: 18 times 103.92.120.116: 1 time 103.123.25.80 (host-103-123-25-80.pky.kalteng.go.id): 3 times 103.254.198.67: 21 times 104.225.236.41 (104.225.236.41.16clouds.com): 4 times 106.13.40.23: 20 times 106.75.230.60: 22 times 107.131.14.238 (107-131-14-238.lightspeed.irvnca.sbcglobal.net): 2 times 111.205.46.46: 53 times 112.196.76.140: 22 times 115.159.214.208: 20 times 118.89.108.152: 15 times 120.201.0.230: 18 times 121.5.18.138: 20 times 133.130.110.249 (v133-130-110-249.a039.g.tyo1.static.cnode.io): 19 times 139.155.182.156: 13 times 139.186.134.129: 18 times 141.98.10.29: 3 times 141.98.10.179 (er.includeswitche.com): 3 times 141.98.10.203: 9 times 150.158.153.128: 25 times 170.245.200.100 (170-245-200-100.redesiminternet.com.br): 1 time 175.126.73.115: 21 times 179.27.60.34 (r179-27-60-34.static.adinet.com.uy): 18 times 186.234.249.196: 1 time 187.106.203.217 (bb6acbd9.virtua.com.br): 28 times 195.133.40.104: 5 times 200.107.160.198 (mail.fia.usmp.edu.pe): 20 times 202.170.57.253: 1 time 205.185.125.109: 9 times 205.185.127.25 (serveroperations.com): 3 times 210.211.116.80: 2 times 218.28.83.106 (pc0.zz.ha.cn): 1 time 222.128.46.1: 20 times **Unmatched Entries** fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 4 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/ploop23974p1 394G 242G 132G 65% / none 4.0G 0 4.0G 0% /dev ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################