################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Feb 13 04:42:03 2019 Date Range Processed: yesterday ( 2019-Feb-12 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 10:9 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 4 sites probed the server 108.178.16.154 129.213.21.173 142.4.26.198 46.17.47.173 Requests with error response codes 400 Bad Request null: 7 Time(s) /: 3 Time(s) /a2billing/customer/templates/default/footer.tpl: 1 Time(s) /recordings/: 1 Time(s) /robots.txt: 1 Time(s) /vtigercrm/vtigerservice.php: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 7: 1 Time(s) 404 Not Found /robots.txt: 34 Time(s) /wp-login.php: 10 Time(s) /berlin/apple-touch-icon.png: 6 Time(s) /favicon.ico: 5 Time(s) /adminer: 2 Time(s) /user/register?destination=comment/reply/13%23comment-form: 2 Time(s) /user/register?destination=comment/reply/15%23comment-form: 2 Time(s) /user/register?destination=comment/reply/20%23comment-form: 2 Time(s) /user/register?destination=comment/reply/24%23comment-form: 2 Time(s) /user/register?destination=comment/reply/32%23comment-form: 2 Time(s) /user/register?destination=comment/reply/33%23comment-form: 2 Time(s) /user/register?destination=comment/reply/9%23comment-form: 2 Time(s) /.well-known/apple-app-site-association: 1 Time(s) /HNAP1/: 1 Time(s) /ads.txt: 1 Time(s) /apple-app-site-association: 1 Time(s) /berlin/orientierung/apple-touch-icon.png: 1 Time(s) /blog/wp-login.php: 1 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s) /resolutionen/wise18/Reso_BAf%C3%83%C2%B6G ... 3%83%C2%B6G.pdf: 1 Time(s) /user/register?destination=comment%2Freply ... %23comment-form: 1 Time(s) /wordpress/wp-login.php: 1 Time(s) /wp-admin/admin-ajax.php: 1 Time(s) 500 Internal Server Error /: 6 Time(s) /a2billing/customer/templates/default/footer.tpl: 1 Time(s) /recordings/: 1 Time(s) /vtigercrm/vtigerservice.php: 1 Time(s) 502 Bad Gateway /: 26 Time(s) /robots.txt: 7 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (121.175.129.241): 6 Time(s) root (175.204.125.29): 6 Time(s) root (188.187.3.121): 6 Time(s) root (197.249.46.152): 6 Time(s) root (218.92.1.169): 6 Time(s) root (223.241.29.142): 6 Time(s) root (43.241.108.220): 6 Time(s) root (5.136.255.243): 6 Time(s) unknown (222.209.29.138): 6 Time(s) unknown (zf231094.ppp.dion.ne.jp): 6 Time(s) unknown (132.232.81.218): 2 Time(s) unknown (202.196.52.8): 2 Time(s) unknown (63.142.101.182): 2 Time(s) postgres (200.178.253.213): 1 Time(s) root (100.red-80-25-203.staticip.rima-tde.net): 1 Time(s) root (185.244.25.105): 1 Time(s) root (5-49-163-128.hfc.dyn.abo.bbox.fr): 1 Time(s) root (78.193.64.254): 1 Time(s) sshd (enn63-1-78-245-164-146.fbx.proxad.net): 1 Time(s) unknown (103.229.116.75): 1 Time(s) unknown (106.12.205.168): 1 Time(s) unknown (106.12.90.234): 1 Time(s) unknown (110.10.129.226): 1 Time(s) unknown (112.196.35.197): 1 Time(s) unknown (114-34-53-178.hinet-ip.hinet.net): 1 Time(s) unknown (115.94.103.170): 1 Time(s) unknown (116.104.36.180): 1 Time(s) unknown (118.179.136.26): 1 Time(s) unknown (121.185.124.20): 1 Time(s) unknown (125.124.32.11): 1 Time(s) unknown (150.109.127.114): 1 Time(s) unknown (156.194.51.214): 1 Time(s) unknown (176.192.33.214): 1 Time(s) unknown (177.206.128.131): 1 Time(s) unknown (185.244.25.105): 1 Time(s) unknown (185.58.53.66): 1 Time(s) unknown (187.120.189.246): 1 Time(s) unknown (206.189.167.33): 1 Time(s) unknown (208.157.149.209): 1 Time(s) unknown (58.26.43.39): 1 Time(s) unknown (60-249-222-64.hinet-ip.hinet.net): 1 Time(s) unknown (91.219.253.183): 1 Time(s) unknown (91.82.92.50): 1 Time(s) unknown (c-68-37-52-95.hsd1.mi.comcast.net): 1 Time(s) unknown (d1.ajeel.be): 1 Time(s) unknown (net-2-38-17-130.cust.vodafonedsl.it): 1 Time(s) unknown (preprod.web-rougevif.fr): 1 Time(s) unknown (qui56-1-78-245-125-220.fbx.proxad.net): 1 Time(s) Invalid Users: Unknown Account: 47 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 40 Miscellaneous warnings 7.974K Bytes accepted 8,165 7.974K Bytes sent via SMTP 8,165 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 14 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 14 Total 4xx Rejects 100.00% ======== ================================================== 243 Connections 138 Connections lost (inbound) 243 Disconnections 1 Removed from queue 1 Sent via SMTP 1 SMTP protocol violations ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 2 Time(s) root : 8 Time(s) Failed logins from: 5.49.163.128 (5-49-163-128.hfc.dyn.abo.bbox.fr): 1 time 5.136.255.243: 6 times 43.241.108.220: 6 times 78.193.64.254 (ber34-3-78-193-64-254.fbxo.proxad.net): 1 time 78.245.164.146 (enn63-1-78-245-164-146.fbx.proxad.net): 1 time 80.25.203.100 (100.red-80-25-203.staticip.rima-tde.net): 1 time 121.175.129.241: 6 times 175.204.125.29: 6 times 185.244.25.105 (Dedi08.customers.kvsolutions.nl): 1 time 188.187.3.121 (188x187x3x121.static-business.spb.ertelecom.ru): 6 times 197.249.46.152 (cust152-46-249-197.netcabo.co.mz): 6 times 200.178.253.213: 1 time 218.92.1.169: 6 times 223.241.29.142: 6 times Illegal users from: undef: 29 times 2.38.17.130 (net-2-38-17-130.cust.vodafonedsl.it): 1 time 58.26.43.39: 1 time 60.249.222.64 (60-249-222-64.HINET-IP.hinet.net): 1 time 63.142.101.182: 2 times 68.37.52.95 (c-68-37-52-95.hsd1.mi.comcast.net): 1 time 78.245.125.220 (qui56-1-78-245-125-220.fbx.proxad.net): 1 time 91.82.92.50: 1 time 91.121.159.6 (preprod.web-rougevif.fr): 1 time 91.219.253.183: 1 time 94.23.212.137 (d1.ajeel.be): 1 time 103.229.116.75: 1 time 106.12.90.234: 1 time 106.12.205.168: 1 time 110.10.129.226: 1 time 112.196.35.197: 1 time 114.34.53.178 (114-34-53-178.HINET-IP.hinet.net): 1 time 115.94.103.170: 1 time 116.104.36.180: 1 time 118.179.136.26: 1 time 121.185.124.20: 1 time 125.124.32.11: 1 time 132.232.81.218: 2 times 139.162.122.110 (scan-8.security.ipip.net): 1 time 150.109.127.114: 1 time 156.194.51.214 (host-156.194.214.51-static.tedata.net): 1 time 176.192.33.214 (ip-176-192-33-214.bb.netbynet.ru): 1 time 177.206.128.131 (177.206.128.131.static.gvt.net.br): 1 time 185.58.53.66 (185-58-53-66.customers.tirolnet.com): 1 time 185.244.25.105 (Dedi08.customers.kvsolutions.nl): 1 time 187.120.189.246: 1 time 202.196.52.8: 2 times 206.189.167.33: 1 time 208.157.149.209: 1 time 222.1.231.94 (ZF231094.ppp.dion.ne.jp): 6 times 222.209.29.138 (138.29.209.222.broad.cd.sc.dynamic.163data.com.cn): 6 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################