################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Oct 5 04:42:09 2019 Date Range Processed: yesterday ( 2019-Oct-04 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [233:234] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 6 sites probed the server 142.93.131.109 171.67.70.96 172.104.242.173 172.105.89.161 183.129.160.229 5.188.210.101 Requests with error response codes 400 Bad Request /Pages/login.htm: 7 Time(s) null: 7 Time(s) mstshash=Administr: 2 Time(s) /: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 7: 1 Time(s) http://5.188.210.101/echo.php: 1 Time(s) 403 Forbidden /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s) 404 Not Found /robots.txt: 40 Time(s) /berlin/apple-touch-icon.png: 6 Time(s) /manager/ldskflks: 2 Time(s) /berlin//apple-touch-icon.png: 1 Time(s) /manager/index.php: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s) /verein/satzung/%7CSatzung: 1 Time(s) /wp-login.php: 1 Time(s) 500 Internal Server Error /: 100 Time(s) /robots.txt: 1 Time(s) 502 Bad Gateway /berlin/newsletter/newsletter-subscribe: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (213.74.203.106): 93 Time(s) root (218.60.41.227): 89 Time(s) root (45.ip-51-38-112.eu): 86 Time(s) root (103.120.225.79): 76 Time(s) root (mail.mcmsecurity.com): 72 Time(s) root (vmi284881.contaboserver.net): 70 Time(s) root (178.62.64.107): 69 Time(s) root (106.ip-51-254-38.eu): 68 Time(s) root (106.13.7.253): 67 Time(s) root (213.150.207.5): 65 Time(s) root (alefragkis.ece.upatras.gr): 65 Time(s) root (hwsrv-574169.hostwindsdns.com): 65 Time(s) unknown (106.75.91.43): 65 Time(s) root (106.13.10.159): 62 Time(s) root (104.131.91.148): 58 Time(s) root (146.185.181.64): 57 Time(s) root (123.138.18.35): 55 Time(s) root (125.ip-92-222-71.eu): 54 Time(s) root (132.232.101.100): 53 Time(s) root (159.89.160.91): 49 Time(s) root (178.62.244.194): 49 Time(s) root (182.254.184.247): 47 Time(s) root (13.ip-51-75-170.eu): 46 Time(s) unknown (132.232.101.100): 45 Time(s) root (182.61.130.121): 43 Time(s) unknown (142.93.198.152): 43 Time(s) root (191.235.91.156): 41 Time(s) root (81.30.212.14.static.ufanet.ru): 41 Time(s) unknown (154.ip-193-70-114.eu): 41 Time(s) unknown (182.254.184.247): 41 Time(s) root (182.61.44.136): 40 Time(s) unknown (182.61.44.136): 40 Time(s) root (15.red-79-159-202.dynamicip.rima-tde.net): 39 Time(s) unknown (16.ip-51-83-46.eu): 38 Time(s) unknown (grob.status-telecom.ru): 37 Time(s) unknown (183.102.114.59): 35 Time(s) unknown (183.196.90.14): 35 Time(s) root (210.14.77.102): 34 Time(s) root (ns3118043.ip-51-38-57.eu): 34 Time(s) unknown (13.ip-51-75-170.eu): 34 Time(s) root (grob.status-telecom.ru): 32 Time(s) unknown (106.13.7.253): 32 Time(s) unknown (159.89.160.91): 32 Time(s) unknown (hwsrv-574169.hostwindsdns.com): 32 Time(s) root (142.93.198.152): 30 Time(s) unknown (125.ip-92-222-71.eu): 29 Time(s) root (114.141.181.2): 28 Time(s) unknown (146.185.181.64): 28 Time(s) unknown (81.30.212.14.static.ufanet.ru): 28 Time(s) unknown (182.61.48.178): 27 Time(s) root (182.61.18.254): 26 Time(s) unknown (106.13.10.159): 24 Time(s) unknown (123.138.18.35): 24 Time(s) root (106.75.91.43): 23 Time(s) root (16.ip-51-83-46.eu): 23 Time(s) root (183.196.90.14): 23 Time(s) root (64.79.101.52): 23 Time(s) unknown (213.150.207.5): 23 Time(s) unknown (alefragkis.ece.upatras.gr): 22 Time(s) unknown (vmi284881.contaboserver.net): 22 Time(s) unknown (104.131.91.148): 21 Time(s) unknown (106.ip-51-254-38.eu): 21 Time(s) unknown (15.red-79-159-202.dynamicip.rima-tde.net): 21 Time(s) unknown (mail.mcmsecurity.com): 21 Time(s) unknown (178.62.64.107): 20 Time(s) unknown (103.120.225.79): 18 Time(s) unknown (212.64.44.246): 18 Time(s) unknown (119.29.11.242): 17 Time(s) unknown (47.74.190.56): 15 Time(s) root (182.93.48.21): 14 Time(s) unknown (200.196.249.170): 11 Time(s) unknown (182.93.48.21): 10 Time(s) unknown (45.ip-51-38-112.eu): 9 Time(s) root (177.8.244.38): 8 Time(s) unknown (213.74.203.106): 8 Time(s) root (112.85.42.178): 6 Time(s) root (116.127.229.37): 6 Time(s) root (122.55.251.114): 6 Time(s) root (185.216.132.15): 6 Time(s) root (218.92.0.181): 6 Time(s) root (218.93.69.234): 6 Time(s) root (183.102.114.59): 5 Time(s) unknown (218.60.41.227): 5 Time(s) root (167.99.83.237): 4 Time(s) unknown (178.62.244.194): 4 Time(s) unknown (182.61.18.254): 4 Time(s) unknown (191.235.91.156): 3 Time(s) unknown (193.32.163.182): 3 Time(s) unknown (64.79.101.52): 3 Time(s) root (102.165.35.137): 2 Time(s) root (154.ip-193-70-114.eu): 2 Time(s) root (182.253.107.139): 2 Time(s) root (47.74.190.56): 2 Time(s) unknown (174.87.205.225): 2 Time(s) unknown (190.190.40.203): 2 Time(s) unknown (ool-2f168746.static.optonline.net): 2 Time(s) unknown (softbank126207247025.bbtec.net): 2 Time(s) postgres (47.74.190.56): 1 Time(s) root (106.12.189.235): 1 Time(s) root (106.12.24.170): 1 Time(s) root (117.50.74.191): 1 Time(s) root (129.226.56.22): 1 Time(s) root (159.224.194.240): 1 Time(s) root (159.65.149.131): 1 Time(s) root (182.73.245.70): 1 Time(s) root (200.196.249.170): 1 Time(s) root (212.147.15.213): 1 Time(s) root (220.94.205.234): 1 Time(s) root (37.139.21.75): 1 Time(s) root (41.221.146.138): 1 Time(s) root (45.55.42.17): 1 Time(s) root (60.228.150.96): 1 Time(s) root (81.118.52.78): 1 Time(s) root (ip-132-148-129-180.ip.secureserver.net): 1 Time(s) root (ool-2f168252.static.optonline.net): 1 Time(s) root (ool-addccea2.static.optonline.net): 1 Time(s) unknown (114.141.181.2): 1 Time(s) unknown (128.106.195.126): 1 Time(s) unknown (142.93.39.29): 1 Time(s) unknown (146.185.149.245): 1 Time(s) unknown (159.65.54.221): 1 Time(s) unknown (162.ip-54-37-205.eu): 1 Time(s) unknown (167.99.75.174): 1 Time(s) unknown (180.255.10.159): 1 Time(s) unknown (184.82.161.0): 1 Time(s) unknown (189.254.33.157): 1 Time(s) unknown (200.69.250.253): 1 Time(s) unknown (206.189.136.160): 1 Time(s) unknown (207.154.232.160): 1 Time(s) unknown (220.94.205.234): 1 Time(s) unknown (42.116.255.216): 1 Time(s) unknown (92.63.194.26): 1 Time(s) unknown (ool-2f168252.static.optonline.net): 1 Time(s) Invalid Users: Unknown Account: 1034 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 13 Miscellaneous warnings 21.756K Bytes accepted 22,278 21.756K Bytes sent via SMTP 22,278 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 289 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 289 Total 4xx Rejects 100.00% ======== ================================================== 321 Connections 311 Connections lost (inbound) 321 Disconnections 1 Removed from queue 1 Sent via SMTP 2 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 4 Time(s) Failed logins from: 37.139.21.75: 1 time 41.221.146.138: 1 time 45.55.42.17: 1 time 47.22.130.82 (ool-2f168252.static.optonline.net): 1 time 47.74.190.56: 3 times 51.38.57.78 (ns3118043.ip-51-38-57.eu): 34 times 51.38.112.45 (45.ip-51-38-112.eu): 86 times 51.75.170.13 (13.ip-51-75-170.eu): 46 times 51.83.46.16 (16.ip-51-83-46.eu): 23 times 51.254.38.106 (106.ip-51-254-38.eu): 68 times 60.228.150.96 (cpe-60-228-150-96.bp1w-r-962.wel.wa.bigpond.net.au): 1 time 64.79.101.52 (64.79.101.52.rdns.continuumdatacenters.com): 23 times 79.159.202.15 (15.red-79-159-202.dynamicip.rima-tde.net): 39 times 81.30.212.14 (81.30.212.14.static.ufanet.ru): 41 times 81.118.52.78: 1 time 82.141.237.225 (mail.mcmsecurity.com): 72 times 91.221.109.251 (grob.status-telecom.ru): 32 times 92.222.71.125 (125.ip-92-222-71.eu): 54 times 102.165.35.137: 3 times 103.120.225.79: 76 times 104.131.91.148: 58 times 104.168.199.165 (hwsrv-574169.hostwindsdns.com): 65 times 106.12.24.170: 1 time 106.12.189.235: 1 time 106.13.7.253: 67 times 106.13.10.159: 62 times 106.75.91.43: 23 times 112.85.42.178: 6 times 114.141.181.2: 28 times 116.127.229.37: 6 times 117.50.74.191: 1 time 122.55.251.114 (122.55.251.114.static.pldt.net): 6 times 123.138.18.35: 55 times 129.226.56.22: 1 time 132.148.129.180 (ip-132-148-129-180.ip.secureserver.net): 1 time 132.232.101.100: 53 times 142.93.198.152: 30 times 146.185.181.64: 57 times 150.140.189.33 (alefragkis.ece.upatras.gr): 65 times 159.65.149.131 (187449.cloudwaysapps.com): 1 time 159.89.160.91: 49 times 159.224.194.240 (240.194.224.159.triolan.net): 1 time 164.68.109.231 (vmi284881.contaboserver.net): 70 times 167.99.83.237: 4 times 173.220.206.162 (ool-addccea2.static.optonline.net): 1 time 177.8.244.38: 8 times 178.62.64.107: 69 times 178.62.244.194: 49 times 182.61.18.254: 26 times 182.61.44.136: 40 times 182.61.130.121: 43 times 182.73.245.70: 1 time 182.93.48.21 (n18293z48l21.static.ctmip.net): 14 times 182.253.107.139: 2 times 182.254.184.247: 47 times 183.102.114.59: 5 times 183.196.90.14: 23 times 185.216.132.15: 6 times 191.235.91.156: 41 times 193.70.114.154 (154.ip-193-70-114.eu): 2 times 200.196.249.170: 1 time 210.14.77.102: 34 times 212.147.15.213 (mail.willemin-macodel.com): 1 time 213.74.203.106 (host-213-74-203-106.superonline.net): 93 times 213.150.207.5 (smtp.bronbergwisp.co.za): 65 times 218.60.41.227: 89 times 218.92.0.181: 6 times 218.93.69.234: 6 times 220.94.205.234: 1 time Illegal users from: undef: 802 times 42.116.255.216: 1 time 47.22.130.82 (ool-2f168252.static.optonline.net): 1 time 47.22.135.70 (ool-2f168746.static.optonline.net): 2 times 47.74.190.56: 15 times 51.38.112.45 (45.ip-51-38-112.eu): 9 times 51.75.170.13 (13.ip-51-75-170.eu): 34 times 51.83.46.16 (16.ip-51-83-46.eu): 38 times 51.254.38.106 (106.ip-51-254-38.eu): 21 times 54.37.205.162 (162.ip-54-37-205.eu): 1 time 64.79.101.52 (64.79.101.52.rdns.continuumdatacenters.com): 3 times 79.159.202.15 (15.red-79-159-202.dynamicip.rima-tde.net): 21 times 81.30.212.14 (81.30.212.14.static.ufanet.ru): 28 times 82.141.237.225 (mail.mcmsecurity.com): 21 times 91.221.109.251 (grob.status-telecom.ru): 37 times 92.63.194.26: 1 time 92.222.71.125 (125.ip-92-222-71.eu): 29 times 103.120.225.79: 18 times 104.131.91.148: 21 times 104.168.199.165 (hwsrv-574169.hostwindsdns.com): 32 times 106.13.7.253: 32 times 106.13.10.159: 24 times 106.75.91.43: 65 times 114.141.181.2: 1 time 119.29.11.242: 17 times 123.138.18.35: 24 times 126.207.247.25 (softbank126207247025.bbtec.net): 2 times 128.106.195.126 (bb128-106-195-126.singnet.com.sg): 1 time 132.232.101.100: 45 times 142.93.39.29: 1 time 142.93.198.152: 43 times 146.185.149.245: 1 time 146.185.181.64: 28 times 150.140.189.33 (alefragkis.ece.upatras.gr): 22 times 159.65.54.221: 1 time 159.89.160.91: 32 times 164.68.109.231 (vmi284881.contaboserver.net): 22 times 167.99.75.174: 1 time 174.87.205.225: 2 times 178.62.64.107: 20 times 178.62.244.194: 4 times 180.255.10.159: 1 time 182.61.18.254: 4 times 182.61.44.136: 40 times 182.61.48.178: 28 times 182.93.48.21 (n18293z48l21.static.ctmip.net): 10 times 182.254.184.247: 41 times 183.102.114.59: 35 times 183.196.90.14: 35 times 184.82.161.0 (184-82-161-0.24.public.rone-mser01.myaisfibre.com): 1 time 189.254.33.157 (customer-189-254-33-157-sta.uninet-ide.com.mx): 1 time 190.190.40.203 (203-40-190-190.cab.prima.net.ar): 2 times 191.235.91.156: 3 times 193.32.163.182 (hosting-by.cloud-home.me): 3 times 193.70.114.154 (154.ip-193-70-114.eu): 41 times 200.69.250.253 (customer-static-250-253.iplannetworks.net): 1 time 200.196.249.170: 11 times 206.189.136.160: 1 time 207.154.232.160: 1 time 212.64.44.246: 18 times 213.74.203.106 (host-213-74-203-106.superonline.net): 8 times 213.150.207.5 (smtp.bronbergwisp.co.za): 23 times 218.60.41.227: 5 times 220.94.205.234: 1 time **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 3 time(s) fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 9 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################