################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Sep 12 04:42:09 2019 Date Range Processed: yesterday ( 2019-Sep-11 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [100:100] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 5.188.210.101 Requests with error response codes 400 Bad Request mstshash=Administr: 5 Time(s) null: 2 Time(s) ../../mnt/custom/ProductDefinition: 1 Time(s) /robots.txt: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) http://5.188.210.101/echo.php: 1 Time(s) 404 Not Found /robots.txt: 25 Time(s) /berlin/apple-touch-icon.png: 10 Time(s) /wp-login.php: 2 Time(s) /berichte/SoSe16/www.zapfev.de/resolutione ... diensysteme.pdf: 1 Time(s) /berichte/SoSe16/www.zapfev.de/resolutione ... e16/CHE/che.pdf: 1 Time(s) /berichte/SoSe16/www.zapfev.de/resolutione ... esterzeiten.pdf: 1 Time(s) /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 1 Time(s) /berichte/WiSe16/www.zapfev.de/resolutione ... hraenkungen.pdf: 1 Time(s) /berlin/helfika/apple-touch-icon.png: 1 Time(s) /reader/2017_SoSe_Berlin_vorlaeufig.pdf: 1 Time(s) /reader/Sammlung_aller_Resolutionen.pdf: 1 Time(s) /reader/SoSe13_AK_MatheVorkurs.pdf: 1 Time(s) /reader/SoSe14_AK_Kommentierte_Studienordnungen.pdf: 1 Time(s) /reader/SoSe14_AK_Pr%C3%BCfungssystem_Sammlung.pdf: 1 Time(s) /reader/SoSe14_AK_Zivilklausel.pdf: 1 Time(s) /reader/SoSe15_AK_Studienf%C3%BChrer.pdf: 1 Time(s) /reader/ZiP_Zivilklausel.pdf: 1 Time(s) /reader/commit/82b5625412a9488dc60b801646d3cc89c9316610: 1 Time(s) /reader/commit/bc29b23744db65c1ce152b44c6d6b27a7e79fd5f: 1 Time(s) /reader/commit/da0fd0463ced8baff84cce5549ee7c76a5e7ca05: 1 Time(s) /resolutionen/wise12/Reso_WiSe12_Zivilgesellschaftliches: 1 Time(s) /sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s) 499 (undefined) /build/index-styles-pack.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /build/index-styles.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /build/index.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /fonts/SourceCodePro-Regular.woff: 1 Time(s) 500 Internal Server Error /: 56 Time(s) /aastra.cfg: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (ip4d16ba69.dynamic.kabel-deutschland.de): 115 Time(s) unknown (cs-176-221-51-167.to2.ccws.it): 112 Time(s) unknown (192.144.148.163): 109 Time(s) unknown (124.93.18.202): 106 Time(s) unknown (157.230.140.180): 106 Time(s) unknown (58.145.168.162): 104 Time(s) unknown (106.13.139.163): 103 Time(s) unknown (111.230.13.11): 103 Time(s) unknown (82.162.61.207): 102 Time(s) unknown (91.217.66.114): 102 Time(s) unknown (ns68.cloudnuvem.com.br): 102 Time(s) unknown (212.112.108.98): 96 Time(s) unknown (71.189.47.10): 93 Time(s) unknown (52.231.33.96): 87 Time(s) unknown (138.68.74.107): 85 Time(s) unknown (62.234.219.27): 85 Time(s) unknown (178.128.76.6): 83 Time(s) unknown (211.ip-51-77-137.eu): 76 Time(s) unknown (202.70.89.55): 64 Time(s) unknown (8n607612d0.main.ad.rit.edu): 62 Time(s) unknown (103.130.218.125): 58 Time(s) unknown (159.203.139.128): 58 Time(s) unknown (145.239.15.234): 57 Time(s) unknown (183.82.99.107): 54 Time(s) unknown (106.12.48.30): 53 Time(s) unknown (121.46.29.116): 52 Time(s) unknown (134.175.153.238): 52 Time(s) unknown (106.53.71.176): 50 Time(s) unknown (147.50.3.30): 50 Time(s) unknown (139.ip-167-114-152.net): 44 Time(s) unknown (catv-89-132-191-139.catv.broadband.hu): 42 Time(s) unknown (117.81.4.40): 39 Time(s) unknown (116.196.83.179): 33 Time(s) unknown (116.196.90.254): 33 Time(s) unknown (134.175.73.93): 28 Time(s) unknown (209.94.195.212): 28 Time(s) unknown (94.191.21.35): 28 Time(s) unknown (2.91.251.16): 26 Time(s) unknown (59.179.17.140): 26 Time(s) unknown (123.215.174.101): 25 Time(s) unknown (2.91.255.46): 25 Time(s) unknown (51.235.175.127): 24 Time(s) unknown (210.212.237.67): 22 Time(s) unknown (104.248.181.156): 20 Time(s) unknown (202.69.66.130): 20 Time(s) unknown (mail.wan-tech.net): 20 Time(s) unknown (140.246.229.195): 18 Time(s) unknown (68.183.178.162): 17 Time(s) unknown (182.253.186.10): 16 Time(s) unknown (45.55.225.152): 14 Time(s) unknown (mail.wantech.com.hk): 13 Time(s) root (218.98.40.142): 12 Time(s) unknown (1.52.166.239): 8 Time(s) unknown (120.92.133.32): 8 Time(s) unknown (ec2-3-16-83-219.us-east-2.compute.amazonaws.com): 8 Time(s) root (157.230.140.180): 7 Time(s) unknown (115.72.189.164): 7 Time(s) unknown (c-73-255-213-29.hsd1.fl.comcast.net): 7 Time(s) root (106.111.169.93): 6 Time(s) root (112.85.42.178): 6 Time(s) root (123.175.52.251): 6 Time(s) root (183.157.170.113): 6 Time(s) root (189.61.253.52): 6 Time(s) root (218.92.0.141): 6 Time(s) root (218.92.0.212): 6 Time(s) root (218.98.26.162): 6 Time(s) root (218.98.26.163): 6 Time(s) root (218.98.26.175): 6 Time(s) root (218.98.40.133): 6 Time(s) root (218.98.40.145): 6 Time(s) root (219.241.212.2): 6 Time(s) root (60.184.129.54): 6 Time(s) unknown (183.157.171.150): 6 Time(s) unknown (27.77.254.179): 5 Time(s) unknown (95.110.235.17): 5 Time(s) unknown (ec2-52-66-198-88.ap-south-1.compute.amazonaws.com): 5 Time(s) postgres (138.68.74.107): 4 Time(s) postgres (91.217.66.114): 4 Time(s) postgres (catv-89-132-191-139.catv.broadband.hu): 4 Time(s) root (192.144.148.163): 4 Time(s) root (212.112.108.98): 4 Time(s) root (218.98.26.167): 4 Time(s) root (218.98.26.169): 4 Time(s) root (218.98.26.170): 4 Time(s) root (218.98.26.182): 4 Time(s) root (218.98.40.135): 4 Time(s) root (218.98.40.143): 4 Time(s) root (218.98.40.151): 4 Time(s) unknown (118.36.139.75): 4 Time(s) mysql (106.13.139.163): 3 Time(s) mysql (157.230.140.180): 3 Time(s) mysql (178.128.76.6): 3 Time(s) mysql (212.112.108.98): 3 Time(s) postgres (183.82.99.107): 3 Time(s) postgres (58.145.168.162): 3 Time(s) postgres (71.189.47.10): 3 Time(s) postgres (82.162.61.207): 3 Time(s) root (106.13.139.163): 3 Time(s) root (178.128.76.6): 3 Time(s) root (218.98.26.168): 3 Time(s) root (218.98.26.183): 3 Time(s) root (218.98.40.137): 3 Time(s) root (82.162.61.207): 3 Time(s) root (91.217.66.114): 3 Time(s) root (94.191.21.35): 3 Time(s) temp (211.ip-51-77-137.eu): 3 Time(s) unknown (193.32.163.182): 3 Time(s) unknown (200.150.87.131): 3 Time(s) mysql (cs-176-221-51-167.to2.ccws.it): 2 Time(s) postgres (103.130.218.125): 2 Time(s) postgres (116.196.90.254): 2 Time(s) postgres (124.93.18.202): 2 Time(s) postgres (147.50.3.30): 2 Time(s) postgres (178.128.76.6): 2 Time(s) postgres (210.212.237.67): 2 Time(s) postgres (211.ip-51-77-137.eu): 2 Time(s) postgres (212.112.108.98): 2 Time(s) root (1.52.166.239): 2 Time(s) root (106.53.71.176): 2 Time(s) root (121.46.29.116): 2 Time(s) root (138.68.74.107): 2 Time(s) root (140.246.229.195): 2 Time(s) root (2.91.255.46): 2 Time(s) root (211.ip-51-77-137.eu): 2 Time(s) root (62.234.219.27): 2 Time(s) root (8n607612d0.main.ad.rit.edu): 2 Time(s) root (catv-89-132-191-139.catv.broadband.hu): 2 Time(s) root (cs-176-221-51-167.to2.ccws.it): 2 Time(s) root (ns68.cloudnuvem.com.br): 2 Time(s) unknown (116.110.95.195): 2 Time(s) unknown (121.157.82.222): 2 Time(s) unknown (126.175.141.77.rev.sfr.net): 2 Time(s) unknown (155.93.242.191): 2 Time(s) unknown (176.red-81-38-63.dynamicip.rima-tde.net): 2 Time(s) unknown (59.21.33.83): 2 Time(s) unknown (89.22.166.70): 2 Time(s) unknown (92.63.194.26): 2 Time(s) www-data (106.12.48.30): 2 Time(s) www-data (212.112.108.98): 2 Time(s) www-data (58.145.168.162): 2 Time(s) bin (112.186.77.126): 1 Time(s) games (62.234.219.27): 1 Time(s) lp (94.191.21.35): 1 Time(s) mysql (103.130.218.125): 1 Time(s) mysql (106.53.71.176): 1 Time(s) mysql (116.196.83.179): 1 Time(s) mysql (138.68.74.107): 1 Time(s) mysql (183.82.99.107): 1 Time(s) mysql (192.144.148.163): 1 Time(s) mysql (2.91.255.46): 1 Time(s) mysql (202.69.66.130): 1 Time(s) mysql (210.212.237.67): 1 Time(s) mysql (59.179.17.140): 1 Time(s) mysql (71.189.47.10): 1 Time(s) mysql (82.162.61.207): 1 Time(s) mysql (91.217.66.114): 1 Time(s) mysql (ip4d16ba69.dynamic.kabel-deutschland.de): 1 Time(s) mysql (mail.wantech.com.hk): 1 Time(s) mysql (ns68.cloudnuvem.com.br): 1 Time(s) news (62.234.219.27): 1 Time(s) postgres (104.248.181.156): 1 Time(s) postgres (106.53.71.176): 1 Time(s) postgres (111.230.13.11): 1 Time(s) postgres (134.175.153.238): 1 Time(s) postgres (134.175.73.93): 1 Time(s) postgres (159.203.139.128): 1 Time(s) postgres (192.144.148.163): 1 Time(s) postgres (2.91.255.46): 1 Time(s) postgres (209.94.195.212): 1 Time(s) postgres (45.55.225.152): 1 Time(s) postgres (51.235.175.127): 1 Time(s) postgres (52.231.33.96): 1 Time(s) postgres (59.179.17.140): 1 Time(s) postgres (61.183.35.44): 1 Time(s) postgres (68.183.178.162): 1 Time(s) postgres (cs-176-221-51-167.to2.ccws.it): 1 Time(s) postgres (ec2-3-16-83-219.us-east-2.compute.amazonaws.com): 1 Time(s) postgres (ns68.cloudnuvem.com.br): 1 Time(s) root (103.246.10.93.rev.sfr.net): 1 Time(s) root (112.186.77.126): 1 Time(s) root (115.213.137.157): 1 Time(s) root (116.110.95.195): 1 Time(s) root (116.196.90.254): 1 Time(s) root (124.93.18.202): 1 Time(s) root (183.82.99.107): 1 Time(s) root (202.69.66.130): 1 Time(s) root (202.70.89.55): 1 Time(s) root (27.77.254.179): 1 Time(s) root (58.145.168.162): 1 Time(s) root (59.179.17.140): 1 Time(s) root (61.183.35.44): 1 Time(s) root (68.183.178.162): 1 Time(s) root (71.189.47.10): 1 Time(s) root (host-2-102-134-168.as13285.net): 1 Time(s) temp (103.130.218.125): 1 Time(s) temp (106.13.139.163): 1 Time(s) temp (121.46.29.116): 1 Time(s) temp (124.93.18.202): 1 Time(s) temp (138.68.74.107): 1 Time(s) temp (192.144.148.163): 1 Time(s) temp (82.162.61.207): 1 Time(s) temp (mail.wan-tech.net): 1 Time(s) unknown (1.62.227.9): 1 Time(s) unknown (112.186.77.126): 1 Time(s) unknown (115.213.137.157): 1 Time(s) unknown (122.96.251.154): 1 Time(s) unknown (170.210.52.126): 1 Time(s) unknown (180.126.140.247): 1 Time(s) unknown (197.251.129.210): 1 Time(s) unknown (40.74.120.190): 1 Time(s) unknown (41.230.23.169): 1 Time(s) unknown (61.183.35.44): 1 Time(s) unknown (ns3016508.ip-51-254-47.eu): 1 Time(s) www-data (116.196.90.254): 1 Time(s) www-data (121.46.29.116): 1 Time(s) www-data (138.68.74.107): 1 Time(s) www-data (140.246.229.195): 1 Time(s) www-data (157.230.140.180): 1 Time(s) www-data (159.203.139.128): 1 Time(s) www-data (2.91.255.46): 1 Time(s) www-data (202.69.66.130): 1 Time(s) www-data (51.235.175.127): 1 Time(s) www-data (52.231.33.96): 1 Time(s) www-data (82.162.61.207): 1 Time(s) www-data (cs-176-221-51-167.to2.ccws.it): 1 Time(s) www-data (mail.wan-tech.net): 1 Time(s) Invalid Users: Unknown Account: 3045 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 6 Miscellaneous warnings 22.630K Bytes accepted 23,173 22.630K Bytes sent via SMTP 23,173 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 3 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 3 Total 4xx Rejects 100.00% ======== ================================================== 63 Connections 4 Connections lost (inbound) 63 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 9 Time(s) Failed logins from: 1.52.166.239: 2 times 2.91.255.46: 5 times 2.102.134.168 (host-2-102-134-168.as13285.net): 1 time 3.16.83.219 (ec2-3-16-83-219.us-east-2.compute.amazonaws.com): 1 time 27.77.254.179 (localhost): 1 time 45.55.225.152: 1 time 51.77.137.211 (211.ip-51-77-137.eu): 7 times 51.235.175.127: 2 times 52.231.33.96: 2 times 58.145.168.162: 6 times 59.179.17.140 (triband-del-59.179.17.140.bol.net.in): 3 times 60.184.129.54 (54.129.184.60.broad.ls.zj.dynamic.163data.com.cn): 6 times 61.183.35.44: 2 times 62.234.219.27: 4 times 68.183.178.162: 2 times 71.189.47.10 (mail.ehmsllc.com): 5 times 77.22.186.105 (ip4d16ba69.dynamic.kabel-deutschland.de): 1 time 82.162.61.207: 9 times 89.132.191.139 (catv-89-132-191-139.catv.broadband.hu): 6 times 91.217.66.114: 8 times 93.10.246.103 (103.246.10.93.rev.sfr.net): 1 time 94.191.21.35: 4 times 103.130.218.125: 4 times 104.248.181.156: 1 time 106.12.48.30: 2 times 106.13.139.163: 7 times 106.53.71.176: 4 times 106.111.169.93: 6 times 111.230.13.11: 1 time 112.85.42.178: 6 times 112.186.77.126: 2 times 115.213.137.157: 4 times 116.110.95.195: 1 time 116.196.83.179: 1 time 116.196.90.254: 4 times 121.46.29.116: 4 times 123.175.52.251: 6 times 124.93.18.202: 4 times 129.21.226.211 (8n607612d0.main.ad.rit.edu): 2 times 134.175.73.93: 1 time 134.175.153.238: 1 time 138.68.74.107: 9 times 140.246.229.195: 3 times 147.50.3.30: 2 times 157.230.140.180: 11 times 159.203.139.128: 2 times 167.114.47.68 (ns68.cloudnuvem.com.br): 4 times 176.221.51.167 (cs-176-221-51-167.to2.ccws.it): 6 times 178.128.76.6: 8 times 183.82.99.107 (broadband.actcorp.in): 5 times 183.157.170.113: 6 times 189.61.253.52 (bd3dfd34.virtua.com.br): 6 times 192.144.148.163: 7 times 202.69.66.130 (mail.wan-tech.net): 6 times 202.70.89.55: 1 time 209.94.195.212 (209.94.195.212.business.static.tstt.net.tt): 1 time 210.212.237.67: 3 times 212.112.108.98 (212-112-108-98.aknet.kg): 11 times 218.92.0.141: 6 times 218.92.0.212: 6 times 218.98.26.162: 6 times 218.98.26.163: 6 times 218.98.26.167: 6 times 218.98.26.168: 3 times 218.98.26.169: 6 times 218.98.26.170: 6 times 218.98.26.175: 6 times 218.98.26.182: 4 times 218.98.26.183: 3 times 218.98.40.133: 6 times 218.98.40.135: 6 times 218.98.40.137: 3 times 218.98.40.142: 12 times 218.98.40.143: 6 times 218.98.40.145: 6 times 218.98.40.151: 6 times 219.241.212.2: 6 times Illegal users from: undef: 641 times 1.52.166.239: 9 times 1.62.227.9: 5 times 2.91.251.16: 26 times 2.91.255.46: 25 times 3.16.83.219 (ec2-3-16-83-219.us-east-2.compute.amazonaws.com): 8 times 27.77.254.179 (localhost): 5 times 40.74.120.190: 1 time 41.230.23.169: 1 time 45.55.225.152: 14 times 51.77.137.211 (211.ip-51-77-137.eu): 76 times 51.235.175.127: 24 times 51.254.47.198 (ns3016508.ip-51-254-47.eu): 1 time 52.66.198.88 (ec2-52-66-198-88.ap-south-1.compute.amazonaws.com): 5 times 52.231.33.96: 87 times 58.145.168.162: 104 times 59.21.33.83: 2 times 59.179.17.140 (triband-del-59.179.17.140.bol.net.in): 26 times 61.183.35.44: 1 time 62.234.219.27: 85 times 68.183.178.162: 17 times 71.189.47.10 (mail.ehmsllc.com): 93 times 73.255.213.29 (c-73-255-213-29.hsd1.fl.comcast.net): 7 times 77.22.186.105 (ip4d16ba69.dynamic.kabel-deutschland.de): 115 times 77.141.175.126 (126.175.141.77.rev.sfr.net): 2 times 81.38.63.176 (176.red-81-38-63.dynamicip.rima-tde.net): 2 times 82.162.61.207: 102 times 89.22.166.70: 2 times 89.132.191.139 (catv-89-132-191-139.catv.broadband.hu): 42 times 91.217.66.114: 102 times 92.63.194.26: 2 times 94.191.21.35: 28 times 95.110.235.17 (host17-235-110-95.serverdedicati.aruba.it): 5 times 103.130.218.125: 58 times 104.248.181.156: 20 times 106.12.48.30: 53 times 106.13.139.163: 103 times 106.53.71.176: 50 times 111.230.13.11: 103 times 112.186.77.126: 1 time 115.72.189.164 (adsl.viettel.vn): 7 times 115.213.137.157: 2 times 116.110.95.195: 3 times 116.196.83.179: 33 times 116.196.90.254: 33 times 117.81.4.40 (40.4.81.117.broad.sz.js.dynamic.163data.com.cn): 39 times 118.36.139.75: 4 times 120.92.133.32: 8 times 121.46.29.116: 52 times 121.157.82.222: 2 times 122.96.251.154: 1 time 123.215.174.101: 25 times 124.93.18.202: 106 times 129.21.226.211 (8n607612d0.main.ad.rit.edu): 62 times 134.175.73.93: 28 times 134.175.153.238: 52 times 138.68.74.107: 85 times 140.246.229.195: 18 times 145.239.15.234 (ip-145-239-15.eu): 57 times 147.50.3.30: 50 times 155.93.242.191: 2 times 157.230.140.180: 106 times 159.203.139.128: 58 times 167.114.47.68 (ns68.cloudnuvem.com.br): 102 times 167.114.152.139 (139.ip-167-114-152.net): 44 times 170.210.52.126: 1 time 176.221.51.167 (cs-176-221-51-167.to2.ccws.it): 112 times 178.128.76.6: 83 times 180.126.140.247: 5 times 182.253.186.10: 16 times 183.82.99.107 (broadband.actcorp.in): 54 times 183.157.171.150: 6 times 192.144.148.163: 109 times 193.32.163.182 (hosting-by.cloud-home.me): 3 times 197.251.129.210: 1 time 200.150.87.131 (131.87.150.200.static.copel.net): 3 times 202.69.66.130 (mail.wan-tech.net): 53 times 202.70.89.55: 64 times 209.94.195.212 (209.94.195.212.business.static.tstt.net.tt): 28 times 210.212.237.67: 22 times 212.112.108.98 (212-112-108-98.aknet.kg): 96 times **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 4 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 3 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################