################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Aug 12 04:42:07 2020 Date Range Processed: yesterday ( 2020-Aug-11 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 17:17 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 13 sites probed the server 111.206.250.229 111.206.250.230 144.217.190.197 172.93.99.2 185.220.101.199 185.39.11.105 27.115.124.10 27.115.124.74 27.115.124.75 27.115.124.9 5.188.210.227 66.240.205.34 93.174.93.91 Requests with error response codes 400 Bad Request null: 19 Time(s) mstshash=Administr: 6 Time(s) /: 3 Time(s) /cgi-bin/mainfunction.cgi?action=login&key ... er=a&loginPwd=a: 1 Time(s) /config/getuser?index=0: 1 Time(s) /manager/html: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) \x15I: 1 Time(s) http://5.188.210.227/echo.php: 1 Time(s) 403 Forbidden /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s) 404 Not Found /robots.txt: 78 Time(s) /wp-login.php: 26 Time(s) /dns-query: 2 Time(s) /mini.php: 2 Time(s) /new.php: 2 Time(s) /protokolle/Protokoll_MV_12.11.2016.pdf: 2 Time(s) /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 2 Time(s) //2018/wp-includes/wlwmanifest.xml: 1 Time(s) //2019/wp-includes/wlwmanifest.xml: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //media/wp-includes/wlwmanifest.xml: 1 Time(s) //news/wp-includes/wlwmanifest.xml: 1 Time(s) //shop/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //sito/wp-includes/wlwmanifest.xml: 1 Time(s) //test/wp-includes/wlwmanifest.xml: 1 Time(s) //web/wp-includes/wlwmanifest.xml: 1 Time(s) //website/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //wp1/wp-includes/wlwmanifest.xml: 1 Time(s) //wp2/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) /berlin/orientierung/apple-touch-icon.png: 1 Time(s) /ggaqayqrcjany.html: 1 Time(s) /node?page=1: 1 Time(s) /protokolle/Protokoll_MV_7.5.2016.pdf: 1 Time(s) /reader/1989-wi-berlin.pdf: 1 Time(s) /reader/1993-wi-reader_st93.pdf: 1 Time(s) /reader/1998-so-reader_ro98.pdf: 1 Time(s) /resolutionen/wise12/reso_wise12_openaccess.pdf;: 1 Time(s) /resolutionen/wise17/Akkreditierung_PosPap/Pospap_: 1 Time(s) /resolutionen/wise17/nullergebnisse/reso_n ... sse_ws1718.pdf;: 1 Time(s) /resolutionen/wise18/Reso_Novelle_BerlHG/G ... hulgesetzes.pdf: 1 Time(s) /sites/all/modules/radio_table/elfinder/sr ... er-src.php.html: 1 Time(s) /sites/default/files/1979_WiSe_Karlsruhe.pdf: 1 Time(s) /sites/default/files/1984_WiSe_Bonn.pdf: 1 Time(s) /sites/default/files/1987_SoSe_Aachen.pdf: 1 Time(s) /sites/default/files/2004_WiSe_Hamburg.pdf: 1 Time(s) /sites/default/files/2007_SoSe_Berlin.pdf: 1 Time(s) /sites/default/files/2011_05_Stellungnahme_EQR-DQR_0.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /user: 1 Time(s) /verein/satzung/%7CSatzung: 1 Time(s) /zapf/reader/%7CTagungsreader: 1 Time(s) 500 Internal Server Error /: 78 Time(s) /admin//config.php: 4 Time(s) /ajax: 1 Time(s) /cgi-bin/config.exp: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (106.13.228.62): 70 Time(s) root (106.12.125.241): 63 Time(s) root (129.211.77.44): 61 Time(s) root (203.130.242.68): 59 Time(s) root (180.164.22.149): 58 Time(s) root (134.175.228.215): 57 Time(s) root (210.14.69.76): 55 Time(s) root (139.59.46.243): 52 Time(s) root (169.255.136.8): 51 Time(s) root (192.144.216.70): 50 Time(s) root (ll194-2-11-194-204-194.ll194-2.iam.net.ma): 50 Time(s) root (139.155.84.210): 49 Time(s) root (68.183.121.252): 49 Time(s) root (88.182.188.35.bc.googleusercontent.com): 46 Time(s) root (186.122.148.216): 45 Time(s) root (49.235.159.133): 45 Time(s) root (158.101.157.58): 43 Time(s) root (vps-91e9c584.vps.ovh.net): 43 Time(s) root (104.236.224.69): 42 Time(s) root (150.158.178.137): 42 Time(s) root (180.76.174.95): 42 Time(s) root (90-145-172-213.bbserv.nl): 42 Time(s) root (rtmp.witel.it): 42 Time(s) root (111.229.122.177): 40 Time(s) root (142.93.173.214): 40 Time(s) root (45.ip-54-37-159.eu): 40 Time(s) root (54.38.71.22): 40 Time(s) root (61.7.235.211): 40 Time(s) root (58.87.90.156): 39 Time(s) root (ip-132-148-166-225.ip.secureserver.net): 39 Time(s) root (1.56.207.130): 38 Time(s) root (181.48.46.195): 38 Time(s) root (36.ip-51-77-201.eu): 38 Time(s) root (119.45.137.52): 37 Time(s) root (178.128.219.170): 37 Time(s) root (182.61.49.107): 37 Time(s) root (203.195.191.249): 37 Time(s) root (221.155.59.5): 37 Time(s) root (159.65.152.201): 36 Time(s) root (210.75.240.13): 36 Time(s) root (139.59.90.31): 35 Time(s) root (148.70.236.74): 35 Time(s) root (193.112.138.148): 35 Time(s) root (111.161.74.113): 34 Time(s) root (139.59.135.84): 34 Time(s) root (180.250.247.45): 34 Time(s) root (181.126.83.37): 34 Time(s) root (103.90.233.35): 33 Time(s) root (106.12.192.91): 33 Time(s) root (180.66.207.67): 33 Time(s) root (39.101.192.128): 33 Time(s) root (103.210.72.49): 32 Time(s) root (129.211.66.195): 32 Time(s) root (106.53.249.204): 30 Time(s) root (118.25.27.67): 30 Time(s) root (123.207.250.132): 30 Time(s) root (120.92.80.120): 29 Time(s) root (132.232.1.8): 29 Time(s) root (81.70.9.97): 27 Time(s) root (152.136.36.250): 26 Time(s) root (198.46.152.161): 26 Time(s) root (40.79.25.254): 26 Time(s) root (81.68.123.65): 26 Time(s) root (86.133.240.35.bc.googleusercontent.com): 26 Time(s) root (onion2.hosting.ovh.web-et-solutions.com): 26 Time(s) root (27.17.3.90): 25 Time(s) root (49.233.14.115): 25 Time(s) root (ns329837.ip-37-187-117.eu): 25 Time(s) root (148.70.14.121): 24 Time(s) root (180.76.57.58): 24 Time(s) root (81.70.16.246): 24 Time(s) root (ns3099822.ip-37-59-61.eu): 24 Time(s) root (vps-cc98641f.vps.ovh.net): 23 Time(s) root (103.20.188.18): 22 Time(s) root (49.235.149.108): 22 Time(s) root (183.109.124.137): 21 Time(s) root (43.229.153.13): 21 Time(s) root (175.24.77.27): 20 Time(s) root (128.199.254.188): 19 Time(s) root (49.234.70.67): 19 Time(s) root (85.185.161.202): 19 Time(s) root (115.159.106.132): 18 Time(s) root (45.125.222.120): 18 Time(s) root (179.110.36.65): 17 Time(s) root (182.71.221.78): 17 Time(s) unknown (49.234.70.67): 17 Time(s) root (23.95.85.68): 16 Time(s) root (49.232.101.33): 16 Time(s) root (80.241.46.6): 13 Time(s) root (111.229.78.199): 12 Time(s) root (119.29.234.23): 12 Time(s) root (122.51.180.15): 12 Time(s) root (208.68.39.124): 12 Time(s) root (1.234.13.176): 11 Time(s) root (125.124.117.226): 11 Time(s) root (105.184.68.180): 10 Time(s) root (118.163.101.206): 10 Time(s) root (129.226.170.181): 9 Time(s) root (134.122.134.228): 9 Time(s) root (106.12.204.81): 8 Time(s) root (111.231.21.153): 8 Time(s) root (118.163.101.205): 8 Time(s) root (49.234.16.16): 8 Time(s) root (177.12.227.131): 7 Time(s) root (61.144.96.219): 7 Time(s) root (mail3.lydsec.com): 7 Time(s) root (107.174.39.87): 6 Time(s) root (174.110.88.87): 6 Time(s) root (202.168.205.181): 6 Time(s) root (60.224.81.70): 6 Time(s) root (144.48.243.5): 5 Time(s) root (170.ip-51-91-110.eu): 5 Time(s) root (98.ip-51-68-227.eu): 5 Time(s) root (201.ip-51-91-127.eu): 4 Time(s) root (43.225.181.48): 4 Time(s) root (88.ip-54-37-157.eu): 4 Time(s) root (204.93.169.50): 3 Time(s) root (49.234.116.40): 3 Time(s) root (118.163.101.207): 2 Time(s) root (85.209.0.252): 2 Time(s) unknown (80.249.112.7): 2 Time(s) unknown (c15-95.i12-04.melita.com): 2 Time(s) root (101.255.124.93): 1 Time(s) root (106.12.14.183): 1 Time(s) root (106.12.36.3): 1 Time(s) root (106.13.137.83): 1 Time(s) root (106.54.208.123): 1 Time(s) root (107.182.191.188.16clouds.com): 1 Time(s) root (111.229.204.148): 1 Time(s) root (111.229.251.35): 1 Time(s) root (116.126.102.68): 1 Time(s) root (119.29.3.45): 1 Time(s) root (120.133.1.16): 1 Time(s) root (123.206.7.96): 1 Time(s) root (128.199.167.161): 1 Time(s) root (132.232.59.78): 1 Time(s) root (14.143.3.30): 1 Time(s) root (156.96.106.18): 1 Time(s) root (159.65.144.102): 1 Time(s) root (160.124.50.93): 1 Time(s) root (177.72.4.74): 1 Time(s) root (180.76.151.189): 1 Time(s) root (181.52.249.177): 1 Time(s) root (185.132.53.11): 1 Time(s) root (195.146.59.157): 1 Time(s) root (200.159.63.178): 1 Time(s) root (201.48.115.236): 1 Time(s) root (36.94.100.74): 1 Time(s) root (42.118.242.189): 1 Time(s) root (42.194.200.28): 1 Time(s) root (58.211.152.116): 1 Time(s) root (58.23.16.254): 1 Time(s) root (58.49.76.100): 1 Time(s) root (60.220.247.89): 1 Time(s) root (62.234.145.195): 1 Time(s) root (64.64.233.198.16clouds.com): 1 Time(s) root (69.28.234.137): 1 Time(s) root (70.ip-51-161-11.net): 1 Time(s) root (85.209.0.102): 1 Time(s) root (hsi-kbw-078-042-135-089.hsi3.kabel-badenwuerttemberg.de): 1 Time(s) root (ip-109196055045.syrion.pl): 1 Time(s) root (mail.visual.com.py): 1 Time(s) root (shirtclub.net): 1 Time(s) root (vps-7bf01e47.vps.ovh.ca): 1 Time(s) root (www.fm-net.ne.jp): 1 Time(s) Invalid Users: Unknown Account: 21 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 840 Miscellaneous warnings 18.424K Bytes accepted 18,866 18.424K Bytes sent via SMTP 18,866 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 12 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 12 Total 4xx Rejects 100.00% ======== ================================================== 1175 Connections 1138 Connections lost (inbound) 1175 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Timeouts (inbound) 1 SMTP dialog errors 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 1.56.207.130: 38 times 1.234.13.176: 11 times 14.143.3.30 (14.143.3.30.static-Bangalore.vsnl.net.in): 1 time 23.95.85.68 (23-95-85-68-host.colocrossing.com): 16 times 27.17.3.90: 25 times 35.188.182.88 (88.182.188.35.bc.googleusercontent.com): 46 times 35.240.133.86 (86.133.240.35.bc.googleusercontent.com): 26 times 36.94.100.74: 1 time 37.59.61.13 (ns3099822.ip-37-59-61.eu): 24 times 37.187.117.187 (ns329837.ip-37-187-117.eu): 25 times 39.101.192.128: 33 times 40.79.25.254: 26 times 42.118.242.189: 1 time 42.194.200.28: 1 time 43.225.181.48: 4 times 43.229.153.13: 21 times 45.125.222.120 (45-125-222-120.dhaka.carnival.com.bd): 18 times 49.232.101.33: 16 times 49.233.14.115: 25 times 49.234.16.16: 8 times 49.234.70.67: 19 times 49.234.116.40: 3 times 49.235.149.108: 22 times 49.235.159.133: 45 times 51.68.227.98 (98.ip-51-68-227.eu): 5 times 51.77.201.36 (36.ip-51-77-201.eu): 38 times 51.91.110.170 (170.ip-51-91-110.eu): 5 times 51.91.127.201 (201.ip-51-91-127.eu): 4 times 51.161.11.70 (70.ip-51-161-11.net): 1 time 51.178.53.233 (vps-91e9c584.vps.ovh.net): 43 times 51.210.107.15 (vps-cc98641f.vps.ovh.net): 23 times 54.37.157.88 (88.ip-54-37-157.eu): 4 times 54.37.159.45 (45.ip-54-37-159.eu): 40 times 54.38.71.22: 40 times 58.23.16.254: 1 time 58.49.76.100: 1 time 58.87.90.156: 39 times 58.211.152.116: 1 time 60.220.247.89 (89.247.220.60.adsl-pool.sx.cn): 1 time 60.224.81.70: 6 times 61.7.235.211: 40 times 61.144.96.219: 7 times 62.234.145.195: 1 time 64.64.233.198 (64.64.233.198.16clouds.com): 1 time 68.183.121.252: 49 times 69.28.234.137: 1 time 78.42.135.89 (HSI-KBW-078-042-135-089.hsi3.kabel-badenwuerttemberg.de): 1 time 80.241.46.6: 13 times 81.68.123.65: 26 times 81.70.9.97: 27 times 81.70.16.246: 24 times 85.185.161.202: 19 times 85.209.0.102: 1 time 85.209.0.252: 2 times 90.145.172.213 (90-145-172-213.bbserv.nl): 42 times 91.204.248.42 (rtmp.witel.it): 42 times 101.255.124.93 (available93.armindogroup.com): 1 time 103.20.188.18: 22 times 103.90.233.35: 33 times 103.210.72.49: 32 times 104.236.224.69: 42 times 105.184.68.180 (68-184-105-180.east.dsl.telkomsa.net): 10 times 106.12.14.183: 1 time 106.12.36.3: 1 time 106.12.125.241: 63 times 106.12.192.91: 33 times 106.12.204.81: 8 times 106.13.137.83: 1 time 106.13.228.62: 70 times 106.53.249.204: 30 times 106.54.208.123: 1 time 107.174.39.87 (107-174-39-87-host.colocrossing.com): 6 times 107.182.191.188 (107.182.191.188.16clouds.com): 1 time 109.196.55.45 (ip-109196055045.syrion.pl): 1 time 111.161.74.113 (dns113.online.tj.cn): 34 times 111.229.78.199: 12 times 111.229.122.177: 40 times 111.229.204.148: 1 time 111.229.251.35: 1 time 111.231.21.153: 8 times 115.159.106.132: 18 times 116.126.102.68: 1 time 118.25.27.67: 30 times 118.163.101.205 (mail3.lydsec.com): 8 times 118.163.101.206 (lydsec.com): 17 times 118.163.101.207 (mail3.lydsec.com): 2 times 119.29.3.45: 1 time 119.29.234.23: 12 times 119.45.137.52: 37 times 120.92.80.120: 29 times 120.133.1.16: 1 time 122.51.180.15: 12 times 123.206.7.96: 1 time 123.207.250.132: 30 times 125.124.117.226: 11 times 128.199.167.161: 1 time 128.199.254.188: 19 times 129.211.66.195: 32 times 129.211.77.44: 61 times 129.226.170.181: 9 times 132.148.166.225 (ip-132-148-166-225.ip.secureserver.net): 39 times 132.232.1.8: 29 times 132.232.59.78: 1 time 133.242.155.85 (www.fm-net.ne.jp): 1 time 134.122.134.228: 9 times 134.175.228.215: 57 times 139.59.46.243: 52 times 139.59.90.31: 35 times 139.59.135.84: 34 times 139.99.239.230 (vps-7bf01e47.vps.ovh.ca): 1 time 139.155.84.210: 49 times 142.93.173.214: 40 times 144.48.243.5: 5 times 148.70.14.121: 24 times 148.70.236.74: 35 times 150.158.178.137: 42 times 152.136.36.250: 26 times 156.96.106.18: 1 time 158.101.157.58: 43 times 159.65.144.102: 1 time 159.65.152.201: 36 times 159.89.86.142 (shirtclub.net): 1 time 160.124.50.93: 1 time 169.255.136.8: 51 times 174.110.88.87 (mta-174-110-88-87.nc.rr.com): 6 times 175.24.77.27: 20 times 177.12.227.131: 7 times 177.72.4.74 (static-74.4.72.177-ttvi.com.br): 1 time 178.33.216.187 (onion2.hosting.ovh.web-et-solutions.com): 26 times 178.128.219.170: 37 times 179.110.36.65 (179-110-36-65.dsl.telesp.net.br): 17 times 180.66.207.67: 33 times 180.76.57.58: 24 times 180.76.151.189: 1 time 180.76.174.95: 42 times 180.164.22.149: 58 times 180.250.247.45: 34 times 181.48.46.195: 38 times 181.52.249.177 (static-ip-181520249177.cable.net.co): 1 time 181.126.83.37 (pool-37-83-126-181.telecel.com.py): 34 times 182.61.49.107: 37 times 182.71.221.78 (nsg-static-078.221.71.182.airtel.in): 17 times 183.109.124.137: 21 times 185.132.53.11: 1 time 186.122.148.216 (host216.186-122-148.telmex.net.ar): 45 times 190.128.239.146 (mail.visual.com.py): 1 time 192.144.216.70: 50 times 193.112.138.148: 35 times 194.204.194.11 (ll194-2-11-194-204-194.ll194-2.iam.net.ma): 50 times 195.146.59.157: 1 time 198.46.152.161 (198-46-152-161-host.colocrossing.com): 26 times 200.159.63.178 (200-159-63-178.customer.tdatabrasil.net.br): 1 time 201.48.115.236 (mx1.biinternational.com.br): 1 time 202.168.205.181: 6 times 203.130.242.68 (ts14.techscape.co.id): 59 times 203.195.191.249: 37 times 204.93.169.50 (ondetto.com.au): 3 times 208.68.39.124: 12 times 210.14.69.76: 55 times 210.75.240.13: 36 times 221.155.59.5: 37 times Illegal users from: undef: 20 times 49.234.70.67: 17 times 80.249.112.7: 2 times 139.162.122.110 (scan-8.security.ipip.net): 1 time 141.8.15.95 (c15-95.i12-04.melita.com): 2 times **Unmatched Entries** fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,twofish-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 2 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################