################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Jan 16 04:42:04 2019 Date Range Processed: yesterday ( 2019-Jan-15 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 6:7 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 104.248.242.46 Requests with error response codes 400 Bad Request /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) mstshash=Administr: 2 Time(s) /robots.txt: 1 Time(s) null: 1 Time(s) 404 Not Found /berlin/apple-touch-icon.png: 8 Time(s) /wp-login.php: 8 Time(s) /favicon.ico: 3 Time(s) /robots.txt: 3 Time(s) /sites/all/libraries/elfinder/elfinder.html: 3 Time(s) /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 2 Time(s) 500 Internal Server Error /: 6 Time(s) 502 Bad Gateway /: 24 Time(s) /robots.txt: 7 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (115.59.210.160): 6 Time(s) root (180.119.158.91): 6 Time(s) unknown (112.247.24.34): 6 Time(s) unknown (176.51.90.23): 6 Time(s) unknown (177.125.28.191): 6 Time(s) unknown (189.254.33.157): 3 Time(s) unknown (118-163-178-146.hinet-ip.hinet.net): 2 Time(s) unknown (124.ip-149-202-54.eu): 2 Time(s) unknown (139.59.78.70): 2 Time(s) unknown (167.99.43.65): 2 Time(s) unknown (88.214.26.49): 2 Time(s) postgres (104.211.157.50): 1 Time(s) postgres (106.13.43.242): 1 Time(s) postgres (139.59.78.70): 1 Time(s) root (104.211.157.50): 1 Time(s) root (187.51.24.194): 1 Time(s) root (188.131.141.170): 1 Time(s) root (ip-50-63-165-214.ip.secureserver.net): 1 Time(s) unknown (106.12.112.11): 1 Time(s) unknown (106.13.15.200): 1 Time(s) unknown (106.13.43.242): 1 Time(s) unknown (106.75.171.97): 1 Time(s) unknown (116.196.101.227): 1 Time(s) unknown (117.159.144.67): 1 Time(s) unknown (118.179.136.26): 1 Time(s) unknown (118.24.36.219): 1 Time(s) unknown (119.235.21.178): 1 Time(s) unknown (119.29.98.253): 1 Time(s) unknown (122.154.134.38): 1 Time(s) unknown (122.160.137.37): 1 Time(s) unknown (139.59.13.63): 1 Time(s) unknown (14.18.45.163): 1 Time(s) unknown (150.109.52.125): 1 Time(s) unknown (156.236.72.23): 1 Time(s) unknown (170.79.120.4): 1 Time(s) unknown (175.117.145.239): 1 Time(s) unknown (178.128.98.90): 1 Time(s) unknown (180.76.234.172): 1 Time(s) unknown (183.157.169.174): 1 Time(s) unknown (183.6.176.182): 1 Time(s) unknown (187.51.24.194): 1 Time(s) unknown (202.138.242.22): 1 Time(s) unknown (206.189.97.89): 1 Time(s) unknown (27.76.199.153): 1 Time(s) unknown (d1.ajeel.be): 1 Time(s) unknown (ec2-18-191-42-181.us-east-2.compute.amazonaws.com): 1 Time(s) unknown (h081217011047.dyn.cm.kabsi.at): 1 Time(s) unknown (ip-50-63-165-214.ip.secureserver.net): 1 Time(s) unknown (ip64.ip-54-36-151.eu): 1 Time(s) unknown (net-2-32-114-226.cust.vodafonedsl.it): 1 Time(s) www-data (213.149.105.12): 1 Time(s) Invalid Users: Unknown Account: 67 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 24 Miscellaneous warnings 9.597K Bytes accepted 9,827 9.597K Bytes sent via SMTP 9,827 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 2 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 2 Total 4xx Rejects 100.00% ======== ================================================== 74 Connections 34 Connections lost (inbound) 74 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 3 Time(s) root : 2 Time(s) Failed logins from: 50.63.165.214 (ip-50-63-165-214.ip.secureserver.net): 1 time 104.211.157.50: 2 times 106.13.43.242: 1 time 115.59.210.160 (hn.kd.ny.adsl): 6 times 139.59.78.70: 1 time 180.119.158.91: 6 times 187.51.24.194 (187-51-24-194.customer.tdatabrasil.net.br): 1 time 188.131.141.170: 1 time 213.149.105.12 (icgserveri1.12.crnagora.net): 1 time Illegal users from: undef: 28 times 2.32.114.226 (net-2-32-114-226.cust.vodafonedsl.it): 1 time 14.18.45.163: 1 time 18.191.42.181 (ec2-18-191-42-181.us-east-2.compute.amazonaws.com): 1 time 27.76.199.153 (localhost): 1 time 50.63.165.214 (ip-50-63-165-214.ip.secureserver.net): 1 time 54.36.151.64 (ip64.ip-54-36-151.eu): 1 time 81.217.11.47 (h081217011047.dyn.cm.kabsi.at): 1 time 88.214.26.49: 2 times 94.23.212.137 (d1.ajeel.be): 1 time 106.12.112.11: 1 time 106.13.15.200: 1 time 106.13.43.242: 1 time 106.75.171.97: 1 time 112.247.24.34: 6 times 116.196.101.227: 1 time 117.159.144.67: 1 time 118.24.36.219: 1 time 118.163.178.146 (118-163-178-146.HINET-IP.hinet.net): 2 times 118.179.136.26: 1 time 119.29.98.253: 1 time 119.235.21.178: 1 time 122.154.134.38: 1 time 122.160.137.37 (abts-north-static-037.137.160.122.airtelbroadband.in): 1 time 139.59.13.63: 1 time 139.59.78.70: 2 times 149.202.54.124 (124.ip-149-202-54.eu): 2 times 150.109.52.125: 1 time 156.236.72.23: 1 time 167.99.43.65: 2 times 170.79.120.4 (IP-170-79-120-4.static.andernettelecom.com.br): 1 time 175.117.145.239: 1 time 176.51.90.23 (b-internet.176.51.90.23.nsk.rt.ru): 6 times 177.125.28.191 (177.125.28.191.snbandalarga.com.br): 6 times 178.128.98.90: 1 time 180.76.234.172: 1 time 183.6.176.182: 1 time 183.157.169.174: 5 times 187.51.24.194 (187-51-24-194.customer.tdatabrasil.net.br): 1 time 189.254.33.157 (customer-189-254-33-157-sta.uninet-ide.com.mx): 3 times 202.138.242.22: 1 time 206.189.97.89 (192887.cloudwaysapps.com): 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################