################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Sep 17 04:42:08 2019 Date Range Processed: yesterday ( 2019-Sep-16 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [632:630] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 119.39.46.54 -> zapf.wiki:443: 1 Time(s) 60.191.52.254 -> zapf.wiki:443: 1 Time(s) A total of 5 sites probed the server 172.104.242.173 194.61.24.29 223.111.224.194 61.219.11.153 66.240.236.119 Requests with error response codes 400 Bad Request null: 10 Time(s) /socket.io/?noteId=0WxklSeaRfOC2YAeonBpHA& ... JchsntITDPPAATI: 3 Time(s) mstshash=Administr: 3 Time(s) ../../mnt/custom/ProductDefinition: 2 Time(s) /socket.io/?noteId=0WxklSeaRfOC2YAeonBpHA& ... AOduHlvgq3MAATU: 2 Time(s) /socket.io/?noteId=0WxklSeaRfOC2YAeonBpHA& ... HpC5kW_IGowAATH: 2 Time(s) /socket.io/?noteId=0WxklSeaRfOC2YAeonBpHA& ... b0j3lIazSO5AATS: 2 Time(s) /socket.io/?noteId=8dxpYm7QThSSdg6vLrAwpA& ... s2XAAlDiqvDAAUF: 2 Time(s) /socket.io/?noteId=91aG6QXGQrqdgFLFVwnGTg& ... uEkq2Rt_eTLAAUJ: 2 Time(s) zapf.wiki:443: 2 Time(s) /: 1 Time(s) /robots.txt: 1 Time(s) /socket.io/?noteId=NO_WaDXmSQyP0hpZeMYwVw& ... bPvZWFChbdsAAT0: 1 Time(s) 403 Forbidden /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s) 404 Not Found /robots.txt: 23 Time(s) /berlin/apple-touch-icon.png: 6 Time(s) /wp-login.php: 4 Time(s) /reader/2016_sose_konstanz_lang.pdf: 1 Time(s) /resolutionen/sose14/reso_sose14_zusammenarbeitzapf-che.pdf: 1 Time(s) 500 Internal Server Error /: 12 Time(s) /robots.txt: 2 Time(s) 502 Bad Gateway /berlin/newsletter/newsletter-subscribe: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (138.68.12.43): 96 Time(s) unknown (106.12.203.177): 88 Time(s) unknown (201.52.45.218): 75 Time(s) unknown (116.196.87.71): 74 Time(s) unknown (163.172.67.123): 69 Time(s) unknown (45.118.144.31): 66 Time(s) unknown (138.197.162.28): 63 Time(s) unknown (constelacionesathy.com): 63 Time(s) unknown (138.197.93.133): 62 Time(s) unknown (139.59.149.75): 62 Time(s) unknown (148.81.16.135): 62 Time(s) unknown (195.29.105.125): 62 Time(s) unknown (198.27.90.106): 62 Time(s) unknown (46.105.227.206): 62 Time(s) unknown (107.173.145.168): 61 Time(s) unknown (113.ip-54-37-154.eu): 61 Time(s) unknown (142.93.85.35): 61 Time(s) unknown (15.ip-54-37-230.eu): 61 Time(s) unknown (212.129.38.146): 61 Time(s) unknown (217.32.246.90): 61 Time(s) unknown (29.ip-51-75-171.eu): 61 Time(s) unknown (mail.digitalindulgences.com): 61 Time(s) unknown (45.80.65.35): 60 Time(s) unknown (167.71.232.248): 59 Time(s) unknown (113.125.25.73): 58 Time(s) unknown (ip-107-180-68-110.ip.secureserver.net): 58 Time(s) unknown (109.248.219.66): 56 Time(s) unknown (157.230.171.210): 56 Time(s) unknown (112.64.170.166): 55 Time(s) unknown (213.14.214.229): 55 Time(s) unknown (188.166.228.244): 52 Time(s) unknown (222.73.36.73): 48 Time(s) unknown (113.125.19.85): 46 Time(s) unknown (49.234.18.158): 42 Time(s) unknown (128.199.143.163): 41 Time(s) unknown (139.59.87.250): 40 Time(s) unknown (129.28.152.11): 39 Time(s) unknown (117.55.241.4): 37 Time(s) unknown (37.252.190.224): 37 Time(s) unknown (122.228.89.67): 36 Time(s) unknown (104.40.8.62): 34 Time(s) unknown (165.22.141.239): 32 Time(s) unknown (ec2-54-80-20-69.compute-1.amazonaws.com): 28 Time(s) unknown (162.ip-137-74-44.eu): 25 Time(s) unknown (167.71.55.1): 21 Time(s) unknown (95-105-237-69.dynamic.orange.sk): 20 Time(s) unknown (223.243.29.102): 19 Time(s) unknown (mdh-16-81.tm.net.my): 12 Time(s) unknown (190.85.145.162): 11 Time(s) unknown (182.93.48.21): 10 Time(s) unknown (45.228.137.6): 10 Time(s) root (49.234.18.158): 9 Time(s) unknown (37.ip-51-68-123.eu): 9 Time(s) unknown (s010600f28b41237d.gv.shawcable.net): 9 Time(s) unknown (139.199.164.21): 8 Time(s) unknown (138.68.17.96): 7 Time(s) unknown (159.65.77.254): 7 Time(s) unknown (91.203.192.77): 7 Time(s) root (112.54.35.96): 6 Time(s) root (112.85.42.173): 6 Time(s) root (112.85.42.174): 6 Time(s) root (112.85.42.178): 6 Time(s) root (113.125.19.85): 6 Time(s) root (116.8.103.26): 6 Time(s) root (117.93.199.3): 6 Time(s) root (118.185.11.226): 6 Time(s) root (221.142.135.128): 6 Time(s) root (36-233-235-227.dynamic-ip.hinet.net): 6 Time(s) root (39.187.83.82): 6 Time(s) root (49.88.112.54): 6 Time(s) unknown (104.248.181.156): 6 Time(s) unknown (31.206.195.229): 6 Time(s) unknown (49.83.1.113): 6 Time(s) unknown (58.255.71.17): 6 Time(s) root (112.64.170.166): 5 Time(s) root (167.71.232.248): 5 Time(s) root (46.105.227.206): 5 Time(s) unknown (49.51.46.69): 5 Time(s) root (113.ip-54-37-154.eu): 4 Time(s) root (128.199.143.163): 4 Time(s) root (138.68.12.43): 4 Time(s) root (45.118.144.31): 4 Time(s) root (ip-107-180-68-110.ip.secureserver.net): 4 Time(s) unknown (193.32.163.182): 4 Time(s) root (106.12.203.177): 3 Time(s) root (138.197.162.28): 3 Time(s) root (139.59.87.250): 3 Time(s) root (165.22.141.239): 3 Time(s) root (188.166.228.244): 3 Time(s) root (213.14.214.229): 3 Time(s) root (mail.digitalindulgences.com): 3 Time(s) unknown (112.186.77.78): 3 Time(s) unknown (121.142.111.242): 3 Time(s) unknown (130.61.83.71): 3 Time(s) unknown (221.226.90.126): 3 Time(s) unknown (ns3077451.ip-188-165-242.eu): 3 Time(s) postgres (116.196.87.71): 2 Time(s) postgres (195.29.105.125): 2 Time(s) postgres (mail.digitalindulgences.com): 2 Time(s) root (113.125.25.73): 2 Time(s) root (116.196.87.71): 2 Time(s) root (117.55.241.4): 2 Time(s) root (122.228.89.67): 2 Time(s) root (138.197.93.133): 2 Time(s) root (139.59.149.75): 2 Time(s) root (148.81.16.135): 2 Time(s) root (15.ip-54-37-230.eu): 2 Time(s) root (163.172.67.123): 2 Time(s) root (198.27.90.106): 2 Time(s) root (217.32.246.90): 2 Time(s) root (222.73.36.73): 2 Time(s) root (29.ip-51-75-171.eu): 2 Time(s) root (37.252.190.224): 2 Time(s) root (45.80.65.35): 2 Time(s) root (constelacionesathy.com): 2 Time(s) temp (106.12.203.177): 2 Time(s) unknown (119.196.83.22): 2 Time(s) unknown (119.196.83.26): 2 Time(s) unknown (141.98.81.37): 2 Time(s) unknown (183.102.114.59): 2 Time(s) unknown (ip-89-176-6-6.net.upcbroadband.cz): 2 Time(s) backup (213.14.214.229): 1 Time(s) bind (106.12.203.177): 1 Time(s) irc (138.197.93.133): 1 Time(s) lp (45.118.144.31): 1 Time(s) lp (46.105.227.206): 1 Time(s) lp (mail.digitalindulgences.com): 1 Time(s) mail (109.248.219.66): 1 Time(s) mail (116.196.87.71): 1 Time(s) mail (182.93.48.21): 1 Time(s) mail (198.27.90.106): 1 Time(s) mailman (148.81.16.135): 1 Time(s) mysql (107.173.145.168): 1 Time(s) mysql (138.197.93.133): 1 Time(s) mysql (165.22.141.239): 1 Time(s) mysql (212.129.38.146): 1 Time(s) news (112.64.170.166): 1 Time(s) news (198.27.90.106): 1 Time(s) news (201.52.45.218): 1 Time(s) opendkim (157.230.171.210): 1 Time(s) postgres (106.12.203.177): 1 Time(s) postgres (109.248.219.66): 1 Time(s) postgres (113.125.19.85): 1 Time(s) postgres (113.125.25.73): 1 Time(s) postgres (122.228.89.67): 1 Time(s) postgres (15.ip-54-37-230.eu): 1 Time(s) postgres (201.52.45.218): 1 Time(s) postgres (45.80.65.35): 1 Time(s) postgres (49.234.18.158): 1 Time(s) proxy (109.248.219.66): 1 Time(s) root (104.40.8.62): 1 Time(s) root (107.173.145.168): 1 Time(s) root (109.248.219.66): 1 Time(s) root (112.186.77.78): 1 Time(s) root (119.196.83.26): 1 Time(s) root (129.28.152.11): 1 Time(s) root (141.98.81.37): 1 Time(s) root (142.93.85.35): 1 Time(s) root (157.230.171.210): 1 Time(s) root (195.29.105.125): 1 Time(s) root (212.129.38.146): 1 Time(s) root (221.226.90.126): 1 Time(s) root (49.51.46.69): 1 Time(s) root (ns3077451.ip-188-165-242.eu): 1 Time(s) smmsp (142.93.85.35): 1 Time(s) sshd (116.196.87.71): 1 Time(s) sshd (138.197.162.28): 1 Time(s) sshd (15.ip-54-37-230.eu): 1 Time(s) sshd (195.29.105.125): 1 Time(s) sshd (212.129.38.146): 1 Time(s) sshd (217.32.246.90): 1 Time(s) sshd (37.ip-51-68-123.eu): 1 Time(s) sync (106.12.203.177): 1 Time(s) sync (195.29.105.125): 1 Time(s) temp (107.173.145.168): 1 Time(s) temp (113.125.19.85): 1 Time(s) temp (113.ip-54-37-154.eu): 1 Time(s) temp (116.196.87.71): 1 Time(s) temp (128.199.143.163): 1 Time(s) temp (138.197.93.133): 1 Time(s) temp (213.14.214.229): 1 Time(s) temp (222.73.36.73): 1 Time(s) unknown (103.207.11.12): 1 Time(s) unknown (103.92.36.19): 1 Time(s) unknown (113.122.54.99): 1 Time(s) unknown (115.250.broadband5.iol.cz): 1 Time(s) unknown (116.148.141.193): 1 Time(s) unknown (125.109.148.158): 1 Time(s) unknown (141.98.81.38): 1 Time(s) unknown (156.202.62.100): 1 Time(s) unknown (162.243.74.129): 1 Time(s) unknown (167.99.131.243): 1 Time(s) unknown (188.226.250.69): 1 Time(s) unknown (189.125.2.234): 1 Time(s) unknown (200.165.167.10): 1 Time(s) unknown (232.ip-51-83-32.eu): 1 Time(s) unknown (31.146.97.210): 1 Time(s) unknown (77.91.207.141): 1 Time(s) unknown (86.57.192.246): 1 Time(s) unknown (92.63.194.26): 1 Time(s) unknown (94.158.83.31): 1 Time(s) unknown (host86-158-99-45.range86-158.btcentralplus.com): 1 Time(s) unknown (ns3016508.ip-51-254-47.eu): 1 Time(s) unknown (pppoe-static.82.209.223.100.telecom.mogilev.by): 1 Time(s) unknown (rrcs-108-176-0-2.nyc.biz.rr.com): 1 Time(s) unknown (static-47-180-89-23.lsan.ca.frontiernet.net): 1 Time(s) uucp (128.199.143.163): 1 Time(s) uucp (129.28.152.11): 1 Time(s) uuidd (138.197.162.28): 1 Time(s) www-data (195.29.105.125): 1 Time(s) www-data (29.ip-51-75-171.eu): 1 Time(s) www-data (45.80.65.35): 1 Time(s) Invalid Users: Unknown Account: 2696 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 13 Miscellaneous warnings 20.319K Bytes accepted 20,807 20.319K Bytes sent via SMTP 20,807 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 78 Connections 18 Connections lost (inbound) 78 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 3 Time(s) root : 11 Time(s) Failed logins from: 36.233.235.227 (36-233-235-227.dynamic-ip.hinet.net): 6 times 37.252.190.224: 2 times 39.187.83.82: 6 times 45.80.65.35: 4 times 45.118.144.31: 5 times 46.105.227.206: 6 times 49.51.46.69: 1 time 49.88.112.54: 6 times 49.234.18.158: 10 times 51.68.123.37 (37.ip-51-68-123.eu): 1 time 51.75.171.29 (29.ip-51-75-171.eu): 3 times 54.37.154.113 (113.ip-54-37-154.eu): 5 times 54.37.230.15 (15.ip-54-37-230.eu): 4 times 104.40.8.62: 1 time 106.12.203.177: 8 times 107.170.65.115 (constelacionesathy.com): 2 times 107.173.145.168 (107-173-145-168-host.colocrossing.com): 3 times 107.180.68.110 (ip-107-180-68-110.ip.secureserver.net): 4 times 109.248.219.66: 4 times 112.54.35.96: 6 times 112.64.170.166: 6 times 112.85.42.173: 6 times 112.85.42.174: 6 times 112.85.42.178: 6 times 112.186.77.78: 1 time 113.125.19.85: 8 times 113.125.25.73: 3 times 116.8.103.26: 6 times 116.196.87.71: 7 times 117.55.241.4: 2 times 117.93.199.3 (3.199.93.117.broad.yc.js.dynamic.163data.com.cn): 6 times 118.185.11.226: 6 times 119.196.83.26: 1 time 122.228.89.67: 3 times 128.199.143.163: 6 times 129.28.152.11: 2 times 138.68.12.43: 4 times 138.197.93.133: 5 times 138.197.162.28: 5 times 139.59.87.250: 3 times 139.59.149.75: 2 times 141.98.81.37: 1 time 142.93.85.35: 2 times 148.81.16.135: 3 times 157.230.6.42 (mail.digitalindulgences.com): 6 times 157.230.171.210: 2 times 163.172.67.123 (163-172-67-123.rev.poneytelecom.eu): 2 times 165.22.141.239: 4 times 167.71.232.248: 5 times 182.93.48.21 (n18293z48l21.static.ctmip.net): 1 time 188.165.242.200 (ns3077451.ip-188-165-242.eu): 1 time 188.166.228.244: 3 times 195.29.105.125: 6 times 198.27.90.106 (ip106.ip-198-27-90.net): 4 times 201.52.45.218 (c9342dda.virtua.com.br): 2 times 212.129.38.146 (212-129-38-146.rev.poneytelecom.eu): 3 times 213.14.214.229 (host-213-14-214-229.reverse.superonline.net): 5 times 217.32.246.90: 3 times 221.142.135.128: 6 times 221.226.90.126: 1 time 222.73.36.73: 3 times Illegal users from: undef: 1848 times 31.146.97.210 (31-146-97-210.dsl.utg.ge): 1 time 31.206.195.229: 6 times 37.252.190.224: 37 times 45.80.65.35: 60 times 45.118.144.31: 66 times 45.228.137.6 (6.137.228.45.consoft.com.py): 10 times 46.105.227.206: 62 times 47.180.89.23 (static-47-180-89-23.lsan.ca.frontiernet.net): 1 time 49.51.46.69: 6 times 49.83.1.113: 6 times 49.234.18.158: 42 times 51.68.123.37 (37.ip-51-68-123.eu): 9 times 51.75.171.29 (29.ip-51-75-171.eu): 61 times 51.83.32.232 (232.ip-51-83-32.eu): 1 time 51.254.47.198 (ns3016508.ip-51-254-47.eu): 1 time 54.37.154.113 (113.ip-54-37-154.eu): 61 times 54.37.230.15 (15.ip-54-37-230.eu): 61 times 54.80.20.69 (ec2-54-80-20-69.compute-1.amazonaws.com): 28 times 58.255.71.17: 6 times 77.91.207.141 (not-assigned): 1 time 82.209.223.100 (pppoe-static.82.209.223.100.telecom.mogilev.by): 1 time 86.57.192.246 (246-192-57-86-static.mgts.by): 1 time 86.158.99.45 (host86-158-99-45.range86-158.btcentralplus.com): 1 time 88.100.250.115 (115.250.broadband5.iol.cz): 1 time 89.176.6.6 (ip-89-176-6-6.net.upcbroadband.cz): 2 times 91.203.192.77: 7 times 92.63.194.26: 1 time 94.158.83.31: 1 time 95.105.237.69 (95-105-237-69.dynamic.orange.sk): 20 times 103.92.36.19 (ip-103-92-36-19.metrasat.co.id): 5 times 103.207.11.12: 1 time 104.40.8.62: 34 times 104.248.181.156: 6 times 106.12.203.177: 88 times 107.170.65.115 (constelacionesathy.com): 63 times 107.173.145.168 (107-173-145-168-host.colocrossing.com): 61 times 107.180.68.110 (ip-107-180-68-110.ip.secureserver.net): 58 times 108.176.0.2 (rrcs-108-176-0-2.nyc.biz.rr.com): 1 time 109.248.219.66: 56 times 112.64.170.166: 55 times 112.186.77.78: 3 times 113.122.54.99: 5 times 113.125.19.85: 46 times 113.125.25.73: 58 times 116.148.141.193: 5 times 116.196.87.71: 74 times 117.55.241.4: 37 times 119.196.83.22: 2 times 119.196.83.26: 2 times 121.142.111.242: 3 times 122.228.89.67: 36 times 125.109.148.158: 5 times 128.199.143.163: 41 times 129.28.152.11: 39 times 130.61.83.71: 3 times 137.74.44.162 (162.ip-137-74-44.eu): 25 times 138.68.12.43: 96 times 138.68.17.96: 7 times 138.197.93.133: 62 times 138.197.162.28: 63 times 139.59.87.250: 40 times 139.59.149.75: 62 times 139.199.164.21: 8 times 141.98.81.37: 2 times 141.98.81.38: 1 time 142.93.85.35: 61 times 148.81.16.135: 62 times 156.202.62.100 (host-156.202.100.62-static.tedata.net): 1 time 157.230.6.42 (mail.digitalindulgences.com): 61 times 157.230.171.210: 56 times 159.65.77.254: 7 times 162.243.74.129: 1 time 163.172.67.123 (163-172-67-123.rev.poneytelecom.eu): 69 times 165.22.141.239: 32 times 167.71.55.1: 21 times 167.71.232.248: 59 times 167.99.131.243: 1 time 182.93.48.21 (n18293z48l21.static.ctmip.net): 10 times 183.102.114.59: 2 times 184.66.248.150 (S010600f28b41237d.gv.shawcable.net): 9 times 188.165.242.200 (ns3077451.ip-188-165-242.eu): 3 times 188.166.228.244: 52 times 188.226.250.69: 1 time 189.125.2.234 (234.2.125.189.static.impsat.net.br): 1 time 190.85.145.162: 11 times 193.32.163.182 (hosting-by.cloud-home.me): 4 times 195.29.105.125: 62 times 198.27.90.106 (ip106.ip-198-27-90.net): 62 times 200.165.167.10: 1 time 201.52.45.218 (c9342dda.virtua.com.br): 75 times 212.129.38.146 (212-129-38-146.rev.poneytelecom.eu): 61 times 213.14.214.229 (host-213-14-214-229.reverse.superonline.net): 55 times 217.32.246.90: 61 times 219.92.16.81 (mdh-16-81.tm.net.my): 12 times 221.226.90.126: 3 times 222.73.36.73: 48 times 223.243.29.102: 19 times **Unmatched Entries** error: Received disconnect from 141.98.81.37: 14: Unable to connect using the available authentication methods [preauth] : 3 time(s) error: Received disconnect from 141.98.81.38: 14: Unable to connect using the available authentication methods [preauth] : 1 time(s) fatal: Unable to negotiate a key exchange method [preauth] : 1 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 4 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################