Logwatch for h2361197.stratoserver.net (Linux)

Freitag, 12 Juli 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Fri Jul 12 04:42:07 2019
        Date Range Processed: yesterday
                              ( 2019-Jul-11 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [109:107]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 8 sites probed the server 
    104.238.111.193
    134.209.200.179
    171.34.176.142
    185.137.233.224
    185.137.233.225
    192.99.15.141
    61.219.11.153
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       null: 10 Time(s)
       http://110.249.212.46/testget?q=23333&port=80: 3 Time(s)
       /webadmin/script?command=|busybox: 1 Time(s)
    403 Forbidden
       /resolutionen/: 1 Time(s)
    404 Not Found
       /robots.txt: 32 Time(s)
       /berlin/apple-touch-icon.png: 11 Time(s)
       /verein/satzung/%7CSatzung: 3 Time(s)
       /admin/: 1 Time(s)
       /berlin/helfika/apple-touch-icon.png: 1 Time(s)
       /reader/2016_SoSe_Konstanz_lang.pdf%7CLangversion: 1 Time(s)
       /reader/2016_sose_konstanz_lang.pdf: 1 Time(s)
       /resolutionen/wise12/Reso_WiSe12_Zivilgesellschaftliches: 1 Time(s)
       /sites/default/files/2005_SoSe_Erlangen.pdf: 1 Time(s)
       /sites/default/files/2014_SoSe_Duesseldorf.pdf: 1 Time(s)
    500 Internal Server Error
       /robots.txt: 8 Time(s)
       /: 5 Time(s)
       /berlin: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (103.109.53.3): 19 Time(s)
       unknown (115-186-156-164.nayatel.pk): 19 Time(s)
       unknown (mail.ustv.com.tw): 19 Time(s)
       unknown (182.162.143.236): 18 Time(s)
       unknown (1.71.139.238): 17 Time(s)
       unknown (170-226-144-85.ftth.glasoperator.nl): 17 Time(s)
       unknown (190.85.234.215): 17 Time(s)
       unknown (93-61-134-60.ip146.fastwebnet.it): 17 Time(s)
       unknown (p5b1721f6.dip0.t-ipconnect.de): 17 Time(s)
       unknown (106.12.212.187): 16 Time(s)
       unknown (117.3.69.194): 16 Time(s)
       unknown (139.59.46.243): 16 Time(s)
       unknown (190.180.161.143): 16 Time(s)
       unknown (203.195.243.146): 16 Time(s)
       unknown (138.197.103.160): 15 Time(s)
       unknown (138.197.147.233): 15 Time(s)
       unknown (140.143.228.67): 15 Time(s)
       unknown (142.93.85.35): 15 Time(s)
       unknown (187.115.128.212): 15 Time(s)
       unknown (243.ip-37-59-99.eu): 15 Time(s)
       unknown (61.148.194.162): 15 Time(s)
       unknown (ip75.ip-54-37-44.eu): 15 Time(s)
       unknown (noobs.at.lamers.zone): 15 Time(s)
       unknown (165.227.122.251): 14 Time(s)
       unknown (178.128.183.90): 14 Time(s)
       unknown (205.214.200.190): 14 Time(s)
       unknown (212.140.166.211): 14 Time(s)
       unknown (222.108.131.117): 14 Time(s)
       unknown (27.254.206.238): 14 Time(s)
       unknown (107.170.124.97): 13 Time(s)
       unknown (192.3.177.213): 13 Time(s)
       unknown (82.117.245.189): 13 Time(s)
       unknown (186.96.101.91): 10 Time(s)
       unknown (57.red-79-157-240.dynamicip.rima-tde.net): 10 Time(s)
       unknown (120.132.53.137): 9 Time(s)
       root (116.54.192.234): 6 Time(s)
       unknown (117.66.243.77): 6 Time(s)
       unknown (134.175.141.166): 6 Time(s)
       unknown (146.185.157.31): 6 Time(s)
       unknown (148.255.187.188): 6 Time(s)
       unknown (191.184.203.71): 6 Time(s)
       unknown (93.51.29.92): 6 Time(s)
       unknown (host81-133-189-239.in-addr.btopenworld.com): 6 Time(s)
       unknown (119.204.246.89): 5 Time(s)
       unknown (14.ip-144-217-4.net): 5 Time(s)
       unknown (157.230.175.122): 5 Time(s)
       unknown (181.65.208.167): 5 Time(s)
       unknown (192.241.211.215): 5 Time(s)
       unknown (200.146.232.97): 5 Time(s)
       unknown (210.120.112.18): 5 Time(s)
       unknown (41.82.254.90): 5 Time(s)
       unknown (58.215.121.36): 5 Time(s)
       unknown (81.46.224.37): 5 Time(s)
       unknown (c-73-15-91-251.hsd1.ca.comcast.net): 5 Time(s)
       unknown (ip235.ip-51-79-129.net): 5 Time(s)
       unknown (114.242.245.251): 4 Time(s)
       unknown (123.206.190.82): 4 Time(s)
       unknown (123.206.6.57): 4 Time(s)
       unknown (188.173.80.134): 4 Time(s)
       unknown (218.149.106.172): 4 Time(s)
       unknown (46.164.155.9): 4 Time(s)
       unknown (55.ip-144-217-89.net): 4 Time(s)
       unknown (60.30.92.74): 4 Time(s)
       unknown (68.183.190.251): 4 Time(s)
       unknown (conm200-116-105-213.epm.net.co): 4 Time(s)
       root (1.71.139.238): 3 Time(s)
       root (205.214.200.190): 3 Time(s)
       root (p5b1721f6.dip0.t-ipconnect.de): 3 Time(s)
       unknown (106.12.80.87): 3 Time(s)
       unknown (108.ip-51-83-72.eu): 3 Time(s)
       unknown (121.201.43.233): 3 Time(s)
       unknown (142.93.117.249): 3 Time(s)
       unknown (193.32.163.182): 3 Time(s)
       unknown (210-242-157-12.hinet-ip.hinet.net): 3 Time(s)
       unknown (220.76.205.178): 3 Time(s)
       unknown (72.11.190.157): 3 Time(s)
       unknown (82.208.177.139): 3 Time(s)
       unknown (ns349271.ip-91-121-110.eu): 3 Time(s)
       postgres (142.93.85.35): 2 Time(s)
       postgres (promotionness-physical.volia.net): 2 Time(s)
       root (103.52.16.35): 2 Time(s)
       root (129.211.106.144): 2 Time(s)
       root (132.145.170.174): 2 Time(s)
       root (138.197.103.160): 2 Time(s)
       root (139.59.46.243): 2 Time(s)
       root (140.143.228.67): 2 Time(s)
       root (190.180.161.143): 2 Time(s)
       root (192.3.177.213): 2 Time(s)
       root (200.146.232.97): 2 Time(s)
       root (218.149.106.172): 2 Time(s)
       root (27.254.206.238): 2 Time(s)
       root (37.139.0.226): 2 Time(s)
       root (82.117.245.189): 2 Time(s)
       unknown (103.52.16.35): 2 Time(s)
       unknown (129.211.106.144): 2 Time(s)
       unknown (132.145.170.174): 2 Time(s)
       unknown (139.59.180.53): 2 Time(s)
       unknown (159.89.172.215): 2 Time(s)
       unknown (162.ip-54-37-205.eu): 2 Time(s)
       unknown (37.139.0.226): 2 Time(s)
       unknown (oc-129-150-112-159.compute.oraclecloud.com): 2 Time(s)
       unknown (promotionness-physical.volia.net): 2 Time(s)
       backup (138.197.103.160): 1 Time(s)
       backup (170-226-144-85.ftth.glasoperator.nl): 1 Time(s)
       backup (205.214.200.190): 1 Time(s)
       jan (190.85.234.215): 1 Time(s)
       jan (p5b1721f6.dip0.t-ipconnect.de): 1 Time(s)
       lp (244.ip-164-132-230.eu): 1 Time(s)
       mailman (103.52.16.35): 1 Time(s)
       mysql (182.162.143.236): 1 Time(s)
       postgres (106.12.212.187): 1 Time(s)
       postgres (117.3.69.194): 1 Time(s)
       postgres (170-226-144-85.ftth.glasoperator.nl): 1 Time(s)
       postgres (178.128.183.90): 1 Time(s)
       postgres (243.ip-37-59-99.eu): 1 Time(s)
       postgres (27.254.206.238): 1 Time(s)
       postgres (93-61-134-60.ip146.fastwebnet.it): 1 Time(s)
       root (107.170.124.97): 1 Time(s)
       root (114.242.245.251): 1 Time(s)
       root (120.132.53.137): 1 Time(s)
       root (134.175.141.166): 1 Time(s)
       root (138.197.147.233): 1 Time(s)
       root (139.59.59.187): 1 Time(s)
       root (142.93.117.249): 1 Time(s)
       root (142.93.85.35): 1 Time(s)
       root (157.230.175.122): 1 Time(s)
       root (178.128.183.90): 1 Time(s)
       root (181.65.208.167): 1 Time(s)
       root (192.241.211.215): 1 Time(s)
       root (203.195.243.146): 1 Time(s)
       root (206.189.136.160): 1 Time(s)
       root (218.92.0.167): 1 Time(s)
       root (218.92.0.181): 1 Time(s)
       root (220.76.205.178): 1 Time(s)
       root (222.108.131.117): 1 Time(s)
       root (243.ip-37-59-99.eu): 1 Time(s)
       root (61.148.194.162): 1 Time(s)
       root (82.208.177.139): 1 Time(s)
       root (93-61-134-60.ip146.fastwebnet.it): 1 Time(s)
       root (ip235.ip-51-79-129.net): 1 Time(s)
       root (ip75.ip-54-37-44.eu): 1 Time(s)
       root (noobs.at.lamers.zone): 1 Time(s)
       root (pd9eea671.dip0.t-ipconnect.de): 1 Time(s)
       temp (170-226-144-85.ftth.glasoperator.nl): 1 Time(s)
       temp (190.85.234.215): 1 Time(s)
       unknown (1.255.242.238): 1 Time(s)
       unknown (106.13.43.242): 1 Time(s)
       unknown (109.110.52.77): 1 Time(s)
       unknown (117.158.88.118): 1 Time(s)
       unknown (118.24.101.182): 1 Time(s)
       unknown (123.20.108.114): 1 Time(s)
       unknown (128.199.69.86): 1 Time(s)
       unknown (132.255.29.228): 1 Time(s)
       unknown (139.59.17.173): 1 Time(s)
       unknown (139.59.59.187): 1 Time(s)
       unknown (139.59.74.143): 1 Time(s)
       unknown (140.143.230.156): 1 Time(s)
       unknown (159.65.144.233): 1 Time(s)
       unknown (174.138.56.93): 1 Time(s)
       unknown (178.128.124.83): 1 Time(s)
       unknown (178.128.195.6): 1 Time(s)
       unknown (178.128.3.152): 1 Time(s)
       unknown (180.114.99.86): 1 Time(s)
       unknown (181.111.181.50): 1 Time(s)
       unknown (188.166.237.191): 1 Time(s)
       unknown (201.216.193.65): 1 Time(s)
       unknown (202.114.122.193): 1 Time(s)
       unknown (202.88.241.107): 1 Time(s)
       unknown (206.189.197.48): 1 Time(s)
       unknown (209.97.187.108): 1 Time(s)
       unknown (221.160.100.14): 1 Time(s)
       unknown (244.ip-164-132-230.eu): 1 Time(s)
       unknown (27.50.24.83): 1 Time(s)
       unknown (37.114.149.168): 1 Time(s)
       unknown (37.139.21.75): 1 Time(s)
       unknown (37.189.158.91): 1 Time(s)
       unknown (46.101.1.198): 1 Time(s)
       unknown (54.ip-51-68-230.eu): 1 Time(s)
       unknown (58.82.129.142): 1 Time(s)
       unknown (crushdigital.co.uk): 1 Time(s)
       unknown (ip-132-148-129-180.ip.secureserver.net): 1 Time(s)
       unknown (ns3016508.ip-51-254-47.eu): 1 Time(s)
       unknown (server.herojus.lt): 1 Time(s)
    Invalid Users:
       Unknown Account: 759 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        1   Miscellaneous warnings  
 
   20.034K  Bytes accepted                              20,515
   20.034K  Bytes sent via SMTP                         20,515
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        7   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        7   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       86   Connections             
       74   Connections lost (inbound) 
       86   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        1   SMTP dialog errors      
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 1 Time(s)
 
 Failed logins from:
    1.71.139.238: 3 times
    27.254.206.238 (238.206.254.27.static-ip.csloxinfo.net): 3 times
    37.59.99.243 (243.ip-37-59-99.eu): 2 times
    37.139.0.226: 2 times
    51.79.129.235 (ip235.ip-51-79-129.net): 1 time
    54.37.44.75 (ip75.ip-54-37-44.eu): 1 time
    61.148.194.162: 1 time
    82.117.245.189 (82-117-245-189.gpon.sta.kh.velton.ua): 2 times
    82.208.177.139 (clinicanova-gheorghetatarescu2-fo.b.astral.ro): 1 time
    85.144.226.170 (170-226-144-85.ftth.glasoperator.nl): 3 times
    91.23.33.246 (p5B1721F6.dip0.t-ipconnect.de): 4 times
    93.61.134.60 (93-61-134-60.ip146.fastwebnet.it): 2 times
    93.74.144.223 (promotionness-physical.volia.net): 2 times
    103.52.16.35: 3 times
    106.12.212.187: 1 time
    107.170.124.97: 1 time
    114.242.245.251: 1 time
    116.54.192.234 (234.192.54.116.broad.km.yn.dynamic.163data.com.cn): 6 times
    117.3.69.194: 1 time
    120.132.53.137: 1 time
    129.211.106.144: 2 times
    132.145.170.174: 2 times
    134.175.141.166: 1 time
    138.197.103.160: 3 times
    138.197.147.233: 1 time
    139.59.46.243: 2 times
    139.59.59.187: 1 time
    140.143.228.67: 2 times
    142.93.85.35: 3 times
    142.93.117.249: 1 time
    157.230.175.122: 1 time
    164.132.230.244 (244.ip-164-132-230.eu): 1 time
    178.128.183.90: 2 times
    181.65.208.167: 1 time
    182.162.143.236: 1 time
    190.85.234.215: 2 times
    190.180.161.143: 2 times
    192.3.177.213 (192-3-177-213-host.colocrossing.com): 2 times
    192.241.211.215: 1 time
    200.146.232.97 (200-146-232-097.xf-static.algartelecom.com.br): 2 times
    203.195.243.146: 1 time
    205.214.200.190: 4 times
    206.189.136.160: 1 time
    213.32.18.189 (noobs.at.lamers.zone): 1 time
    217.238.166.113 (pD9EEA671.dip0.t-ipconnect.de): 1 time
    218.92.0.167: 3 times
    218.92.0.181: 1 time
    218.149.106.172: 2 times
    220.76.205.178: 1 time
    222.108.131.117: 1 time
 
 Illegal users from:
    undef: 568 times
    1.71.139.238: 17 times
    1.255.242.238: 1 time
    27.50.24.83 (ip-27-50-24-83.cepat.net.id): 1 time
    27.254.206.238 (238.206.254.27.static-ip.csloxinfo.net): 14 times
    37.59.99.243 (243.ip-37-59-99.eu): 15 times
    37.114.149.168: 1 time
    37.139.0.226: 2 times
    37.139.21.75: 1 time
    37.189.158.91 (bl28-158-91.dsl.telepac.pt): 1 time
    41.82.254.90: 5 times
    46.101.1.198: 1 time
    46.101.88.10 (crushdigital.co.uk): 1 time
    46.101.163.220 (server.herojus.lt): 1 time
    46.164.155.9 (46-164-155-9.datagroup.ua): 4 times
    51.68.230.54 (54.ip-51-68-230.eu): 1 time
    51.79.129.235 (ip235.ip-51-79-129.net): 5 times
    51.83.72.108 (108.ip-51-83-72.eu): 3 times
    51.254.47.198 (ns3016508.ip-51-254-47.eu): 1 time
    54.37.44.75 (ip75.ip-54-37-44.eu): 15 times
    54.37.205.162 (162.ip-54-37-205.eu): 2 times
    58.82.129.142: 1 time
    58.215.121.36: 5 times
    60.30.92.74 (no-data): 4 times
    60.250.164.169 (mail.ustv.com.tw): 19 times
    61.148.194.162: 15 times
    68.183.190.251: 4 times
    72.11.190.157 (72-11-190-157.static.cpe.axion.ca): 3 times
    73.15.91.251 (c-73-15-91-251.hsd1.ca.comcast.net): 5 times
    79.157.240.57 (57.red-79-157-240.dynamicip.rima-tde.net): 10 times
    81.46.224.37 (81-46-224-37.redes.acens.net): 5 times
    81.133.189.239 (host81-133-189-239.in-addr.btopenworld.com): 6 times
    82.117.245.189 (82-117-245-189.gpon.sta.kh.velton.ua): 13 times
    82.208.177.139 (clinicanova-gheorghetatarescu2-fo.b.astral.ro): 3 times
    85.144.226.170 (170-226-144-85.ftth.glasoperator.nl): 17 times
    91.23.33.246 (p5B1721F6.dip0.t-ipconnect.de): 17 times
    91.121.110.50 (ns349271.ip-91-121-110.eu): 3 times
    93.51.29.92: 6 times
    93.61.134.60 (93-61-134-60.ip146.fastwebnet.it): 17 times
    93.74.144.223 (promotionness-physical.volia.net): 2 times
    103.52.16.35: 2 times
    103.109.53.3: 19 times
    106.12.80.87: 3 times
    106.12.212.187: 16 times
    106.13.43.242: 1 time
    107.170.124.97: 13 times
    109.110.52.77: 1 time
    114.242.245.251: 4 times
    115.186.156.164 (115-186-156-164.nayatel.pk): 19 times
    117.3.69.194: 16 times
    117.66.243.77: 6 times
    117.158.88.118: 1 time
    118.24.101.182: 1 time
    119.204.246.89: 5 times
    120.132.53.137: 9 times
    121.201.43.233: 3 times
    123.20.108.114: 1 time
    123.206.6.57: 4 times
    123.206.190.82: 4 times
    128.199.69.86: 1 time
    129.150.112.159 (oc-129-150-112-159.compute.oraclecloud.com): 2 times
    129.211.106.144: 2 times
    132.145.170.174: 2 times
    132.148.129.180 (ip-132-148-129-180.ip.secureserver.net): 1 time
    132.255.29.228 (132-255-29-228.informac.com.br): 1 time
    134.175.141.166: 6 times
    138.197.103.160: 15 times
    138.197.147.233: 15 times
    139.59.17.173: 1 time
    139.59.46.243: 16 times
    139.59.59.187: 1 time
    139.59.74.143: 1 time
    139.59.180.53: 2 times
    139.162.122.110 (scan-8.security.ipip.net): 1 time
    140.143.228.67: 15 times
    140.143.230.156: 1 time
    142.93.85.35: 15 times
    142.93.117.249: 3 times
    144.217.4.14 (14.ip-144-217-4.net): 5 times
    144.217.89.55 (55.ip-144-217-89.net): 4 times
    146.185.157.31: 6 times
    148.255.187.188 (188.187.255.148.d.dyn.claro.net.do): 6 times
    157.230.175.122: 5 times
    159.65.144.233: 1 time
    159.89.172.215: 2 times
    164.132.230.244 (244.ip-164-132-230.eu): 1 time
    165.227.122.251 (loopit.studio-1518718386894-s-2vcpu-4gb-nyc3-01): 14 times
    174.138.56.93: 1 time
    178.128.3.152: 1 time
    178.128.124.83 (ehalal.io): 1 time
    178.128.183.90: 14 times
    178.128.195.6: 1 time
    180.114.99.86: 5 times
    181.65.208.167: 5 times
    181.111.181.50 (host50.181-111-181.telecom.net.ar): 1 time
    182.162.143.236: 18 times
    186.96.101.91: 10 times
    187.115.128.212 (187.115.128.212.static.gvt.net.br): 15 times
    188.166.237.191: 1 time
    188.173.80.134 (188-173-80-134.next-gen.ro): 4 times
    190.85.234.215: 17 times
    190.180.161.143: 16 times
    191.184.203.71 (bfb8cb47.virtua.com.br): 6 times
    192.3.177.213 (192-3-177-213-host.colocrossing.com): 13 times
    192.241.211.215: 5 times
    193.32.163.182 (hosting-by.cloud-home.me): 3 times
    200.116.105.213 (conm200-116-105-213.epm.net.co): 4 times
    200.146.232.97 (200-146-232-097.xf-static.algartelecom.com.br): 5 times
    201.216.193.65 (customer-static-201-216-193.65.iplannetworks.net): 1 time
    202.88.241.107 (107.241.88.202.asianet.co.in): 1 time
    202.114.122.193: 1 time
    203.195.243.146: 16 times
    205.214.200.190: 14 times
    206.189.197.48: 1 time
    209.97.187.108: 1 time
    210.120.112.18: 5 times
    210.242.157.12 (210-242-157-12.HINET-IP.hinet.net): 3 times
    212.140.166.211: 14 times
    213.32.18.189 (noobs.at.lamers.zone): 15 times
    218.149.106.172: 4 times
    220.76.205.178: 3 times
    221.160.100.14: 1 time
    222.108.131.117: 14 times
 
 **Unmatched Entries**
 fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 67 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  242G  159G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016