################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat May 25 04:42:10 2019 Date Range Processed: yesterday ( 2019-May-24 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [479:482] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Requests with error response codes 400 Bad Request /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) /moo: 1 Time(s) http://179.35.205.225:7005/03brz0jgftsw3h4 ... tshb8ouy464unmi: 1 Time(s) 404 Not Found /robots.txt: 31 Time(s) /CHANGELOG.txt: 1 Time(s) /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 1 Time(s) /berlin//apple-touch-icon.png: 1 Time(s) /berlin/helfika/apple-touch-icon.png: 1 Time(s) /core/misc/drupal.js: 1 Time(s) /download/zapfev_satzung.pdf: 1 Time(s) /home/verein: 1 Time(s) /home/zapf: 1 Time(s) /media/system/js/core.js: 1 Time(s) /misc/drupal.js: 1 Time(s) /reader/2016_sose_konstanz_lang.pdf: 1 Time(s) /sites/default/files/1983_WiSe_Darmstadt.pdf: 1 Time(s) /t3lib/jsfunc.menu.js: 1 Time(s) /user: 1 Time(s) /wp-includes/js/quicktags.js: 1 Time(s) 500 Internal Server Error /: 32 Time(s) /admin//config.php: 1 Time(s) /robots.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (41.82.208.182): 98 Time(s) unknown (119.27.188.153): 62 Time(s) unknown (132.232.116.82): 62 Time(s) unknown (172.81.248.249): 62 Time(s) unknown (218.25.227.40): 61 Time(s) unknown (106.13.9.75): 60 Time(s) unknown (188.131.244.80): 60 Time(s) unknown (218.22.166.62): 60 Time(s) unknown (121.132.17.79): 56 Time(s) unknown (123.207.141.94): 53 Time(s) unknown (134.175.27.130): 51 Time(s) unknown (5.188.115.64): 51 Time(s) unknown (ns355006.ip-91-121-116.eu): 51 Time(s) unknown (122.3.139.131): 50 Time(s) unknown (135.ip-192-99-245.net): 50 Time(s) unknown (139.199.14.128): 50 Time(s) unknown (217.61.2.97): 50 Time(s) unknown (net203-173-179.mclink.it): 49 Time(s) unknown (216.ip-51-77-210.eu): 48 Time(s) unknown (h1bc6.n2.ips.mtn.co.ug): 46 Time(s) unknown (177.71.74.230): 41 Time(s) unknown (62.234.8.213): 41 Time(s) unknown (ns332025.ip-37-187-122.eu): 39 Time(s) unknown (182.70.253.202): 38 Time(s) unknown (68.183.132.245): 36 Time(s) unknown (206.189.184.81): 30 Time(s) unknown (196.205.110.229): 29 Time(s) unknown (124.206.188.50): 27 Time(s) unknown (66.115.168.210): 27 Time(s) unknown (msmail.mouthshut.com): 27 Time(s) unknown (178.128.13.21): 21 Time(s) unknown (104.248.181.156): 19 Time(s) unknown (201-156-176-245.reservada.static.axtel.net): 19 Time(s) unknown (112.64.33.38): 18 Time(s) unknown (server.kit.co.id): 18 Time(s) unknown (142.93.72.131): 14 Time(s) unknown (106.12.204.44): 13 Time(s) unknown (91.183.90.237): 13 Time(s) unknown (137.63.195.2): 12 Time(s) unknown (220.90.129.103): 12 Time(s) unknown (173-166-5-158-newengland.hfc.comcastbusiness.net): 10 Time(s) unknown (185.46.191.40): 9 Time(s) unknown (ip5b40283d.dynamic.kabel-deutschland.de): 9 Time(s) unknown (adsl-89-217-177-134.adslplus.ch): 8 Time(s) unknown (lstlambert-658-1-222-136.w80-13.abo.wanadoo.fr): 8 Time(s) root (218.92.0.172): 6 Time(s) unknown (104.248.46.187): 6 Time(s) unknown (112.87.223.13): 6 Time(s) root (exit1.ipredator.se): 5 Time(s) unknown (182.254.146.167): 5 Time(s) unknown (193.32.163.89): 4 Time(s) root (exit4.tor-network.net): 3 Time(s) mysql (182.70.253.202): 2 Time(s) root (zrh-exit.privateinternetaccess.com): 2 Time(s) backup (106.13.9.75): 1 Time(s) backup (139.199.14.128): 1 Time(s) backup (h1bc6.n2.ips.mtn.co.ug): 1 Time(s) backup (net203-173-179.mclink.it): 1 Time(s) daemon (132.232.116.82): 1 Time(s) gnats (123.207.141.94): 1 Time(s) mysql (106.13.9.75): 1 Time(s) mysql (119.27.188.153): 1 Time(s) mysql (139.199.14.128): 1 Time(s) mysql (172.81.248.249): 1 Time(s) mysql (218.22.166.62): 1 Time(s) mysql (218.25.227.40): 1 Time(s) mysql (h1bc6.n2.ips.mtn.co.ug): 1 Time(s) postgres (119.27.188.153): 1 Time(s) postgres (121.132.17.79): 1 Time(s) postgres (139.199.14.128): 1 Time(s) postgres (188.131.244.80): 1 Time(s) postgres (206.189.184.81): 1 Time(s) postgres (216.ip-51-77-210.eu): 1 Time(s) postgres (217.61.2.97): 1 Time(s) postgres (68.183.132.245): 1 Time(s) proxy (217.61.2.97): 1 Time(s) root (117.102.122.189): 1 Time(s) root (85.214.77.25): 1 Time(s) temp (132.232.116.82): 1 Time(s) temp (139.199.14.128): 1 Time(s) temp (188.131.244.80): 1 Time(s) temp (201-156-176-245.reservada.static.axtel.net): 1 Time(s) temp (net203-173-179.mclink.it): 1 Time(s) unknown (107.170.244.110): 1 Time(s) unknown (118.34.12.35): 1 Time(s) unknown (121.184.64.15): 1 Time(s) unknown (122.224.65.197): 1 Time(s) unknown (124.205.9.241): 1 Time(s) unknown (129.204.64.166): 1 Time(s) unknown (143.101.2.93.rev.sfr.net): 1 Time(s) unknown (148.70.65.131): 1 Time(s) unknown (168.235.66.100): 1 Time(s) unknown (193.112.181.34): 1 Time(s) unknown (193.112.72.126): 1 Time(s) unknown (198.228.145.150): 1 Time(s) unknown (206.189.185.202): 1 Time(s) unknown (206.19.238.177): 1 Time(s) unknown (207-210-68-42.verisoft.com.br): 1 Time(s) unknown (222.254.2.106): 1 Time(s) unknown (249.ip-51-68-220.eu): 1 Time(s) unknown (25.ip-51-75-195.eu): 1 Time(s) unknown (27.73.190.56): 1 Time(s) unknown (36.111.35.10): 1 Time(s) unknown (36.91.50.251): 1 Time(s) unknown (60.241.23.58): 1 Time(s) unknown (antonand.dedicated.co.za): 1 Time(s) unknown (bld25-1-78-214-125-119.fbx.proxad.net): 1 Time(s) unknown (c-67-171-17-78.hsd1.wa.comcast.net): 1 Time(s) unknown (cpe-67-245-146-49.nyc.res.rr.com): 1 Time(s) unknown (h1bbe.n2.ips.mtn.co.ug): 1 Time(s) unknown (mail.lexxunity.de): 1 Time(s) unknown (mx01.unseen.tw): 1 Time(s) unknown (ns397581.ip-151-80-40.eu): 1 Time(s) unknown (p54bd1050.dip0.t-ipconnect.de): 1 Time(s) unknown (rrcs-71-78-219-198.sw.biz.rr.com): 1 Time(s) unknown (srv1.bylaichi.com.ar): 1 Time(s) unknown (tasked.me): 1 Time(s) www-data (122.3.139.131): 1 Time(s) www-data (123.207.141.94): 1 Time(s) www-data (172.81.248.249): 1 Time(s) www-data (h1bc6.n2.ips.mtn.co.ug): 1 Time(s) www-data (ns332025.ip-37-187-122.eu): 1 Time(s) Invalid Users: Unknown Account: 1723 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 1 Miscellaneous warnings 18.312K Bytes accepted 18,752 18.312K Bytes sent via SMTP 18,752 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 289 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 289 Total 4xx Rejects 100.00% ======== ================================================== 1598 Connections 434 Connections lost (inbound) 1598 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Timeouts (inbound) 289 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- rsyslogd Begin ------------------------ **** Unmatched entries **** [origin software="rsyslogd" swVersion="8.4.2" x-pid="301" x-info="http://www.rsyslog.com"] exiting on signal 15. : 1 Times ---------------------- rsyslogd End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** systemd-logind: New seat seat0.: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ SSHD Killed: 1 Time(s) SSHD Started: 2 Time(s) Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 1 Time(s) Failed logins from: 31.220.40.54 (exit4.tor-network.net): 3 times 37.187.122.195 (ns332025.ip-37-187-122.eu): 1 time 51.77.210.216 (216.ip-51-77-210.eu): 1 time 68.183.132.245: 1 time 85.214.77.25 (chriss-74.de): 1 time 106.13.9.75: 2 times 117.102.122.189: 1 time 119.27.188.153: 2 times 121.132.17.79: 1 time 122.3.139.131 (122.3.139.131.pldt.net): 1 time 123.207.141.94: 2 times 132.232.116.82: 2 times 139.199.14.128: 4 times 172.81.248.249: 2 times 182.70.253.202 (abts-mp-dynamic-202.253.70.182.airtelbroadband.in): 2 times 188.131.244.80: 2 times 195.206.105.217 (zrh-exit.privateinternetaccess.com): 2 times 197.231.221.211 (exit1.ipredator.se): 5 times 201.156.176.245 (201-156-176-245.reservada.static.axtel.net): 1 time 206.189.184.81: 1 time 212.88.123.198 (h1bc6.n2.ips.mtn.co.ug): 3 times 213.203.173.179 (net203-173-179.mclink.it): 2 times 217.61.2.97 (host97-2-61-217.static.arubacloud.de): 2 times 218.22.166.62: 1 time 218.25.227.40: 1 time 218.92.0.172: 6 times Illegal users from: undef: 1110 times 5.188.115.64: 51 times 27.73.190.56 (localhost): 1 time 36.91.50.251: 1 time 36.111.35.10: 1 time 37.187.122.195 (ns332025.ip-37-187-122.eu): 39 times 41.82.208.182: 98 times 51.68.220.249 (249.ip-51-68-220.eu): 1 time 51.75.195.25 (25.ip-51-75-195.eu): 1 time 51.77.210.216 (216.ip-51-77-210.eu): 48 times 60.241.23.58 (avramidesfamily.com): 1 time 62.234.8.213: 41 times 65.49.34.250 (mx01.unseen.tw): 1 time 66.115.168.210 (bilz4.2012londonbad.com): 27 times 67.171.17.78 (c-67-171-17-78.hsd1.wa.comcast.net): 1 time 67.245.146.49 (cpe-67-245-146-49.nyc.res.rr.com): 1 time 68.183.132.245: 36 times 71.78.219.198 (rrcs-71-78-219-198.sw.biz.rr.com): 1 time 78.214.125.119 (bld25-1-78-214-125-119.fbx.proxad.net): 1 time 80.13.241.136 (lstlambert-658-1-222-136.w80-13.abo.wanadoo.fr): 8 times 84.189.16.80 (p54BD1050.dip0.t-ipconnect.de): 1 time 85.25.91.142 (mail.lexxunity.de): 1 time 89.217.177.134 (adsl-89-217-177-134.adslplus.ch): 8 times 91.64.40.61 (ip5b40283d.dynamic.kabel-deutschland.de): 9 times 91.121.116.74 (ns355006.ip-91-121-116.eu): 51 times 91.183.90.237 (237.90-183-91.adsl-static.isp.belgacom.be): 13 times 93.2.101.143 (143.101.2.93.rev.sfr.net): 1 time 104.248.46.187: 6 times 104.248.181.156: 19 times 106.12.204.44: 13 times 106.13.9.75: 60 times 107.170.244.110: 1 time 112.64.33.38: 18 times 112.87.223.13: 6 times 118.34.12.35: 1 time 119.27.188.153: 62 times 121.132.17.79: 56 times 121.184.64.15: 1 time 122.3.139.131 (122.3.139.131.pldt.net): 50 times 122.224.65.197: 1 time 123.207.141.94: 53 times 124.205.9.241: 1 time 124.206.188.50: 27 times 129.204.64.166: 1 time 132.232.116.82: 62 times 134.175.27.130: 51 times 137.63.195.2: 12 times 139.199.14.128: 50 times 142.93.72.131: 14 times 148.70.65.131: 1 time 151.80.40.199 (ns397581.ip-151-80-40.eu): 1 time 154.0.164.73 (antonand.dedicated.co.za): 1 time 159.89.205.130 (server.kit.co.id): 18 times 168.235.66.100 (main.mallardsoftworks.com): 1 time 172.81.248.249: 62 times 173.166.5.158 (173-166-5-158-newengland.hfc.comcastbusiness.net): 10 times 177.71.74.230 (host-177-71-74-230.brip.net.br): 41 times 178.128.13.21: 21 times 180.179.174.247 (msmail.mouthshut.com): 27 times 181.110.239.235 (srv1.bylaichi.com.ar): 1 time 182.70.253.202 (abts-mp-dynamic-202.253.70.182.airtelbroadband.in): 38 times 182.254.146.167: 5 times 185.46.191.40 (185-46-191-40-ptr.langate.ua): 9 times 188.131.244.80: 60 times 192.99.245.135 (135.ip-192-99-245.net): 50 times 193.32.163.89 (srv.eqaltech.su): 4 times 193.112.72.126: 1 time 193.112.181.34: 1 time 196.205.110.229 (host-196-205-109-229.static.link.com.eg): 29 times 198.228.145.150: 1 time 201.156.176.245 (201-156-176-245.reservada.static.axtel.net): 19 times 206.19.238.177: 1 time 206.189.72.217 (tasked.me): 1 time 206.189.184.81: 30 times 206.189.185.202: 1 time 207.210.68.42 (207-210-68-42.verisoft.com.br): 1 time 212.88.123.190 (h1bbe.n2.ips.mtn.co.ug): 1 time 212.88.123.198 (h1bc6.n2.ips.mtn.co.ug): 46 times 213.203.173.179 (net203-173-179.mclink.it): 49 times 217.61.2.97 (host97-2-61-217.static.arubacloud.de): 50 times 218.22.166.62: 60 times 218.25.227.40: 61 times 220.90.129.103: 12 times 222.254.2.106 (static.vnpt.vn): 1 time **Unmatched Entries** fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,twofish-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 2 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################