Logwatch for h2361197.stratoserver.net (Linux)

Samstag, 12 Oktober 2019

 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sat Oct 12 04:42:08 2019
        Date Range Processed: yesterday
                              ( 2019-Oct-11 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 

 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [289:291]

 ---------------------- fail2ban-messages End ------------------------- 

 --------------------- httpd Begin ------------------------ 

 A total of 3 sites probed the server 
    172.104.242.173
    176.58.124.134
    61.219.11.153

 Requests with error response codes
    400 Bad Request
       null: 4 Time(s)
       /: 3 Time(s)
       mstshash=Administr: 1 Time(s)
    404 Not Found
       /robots.txt: 26 Time(s)
       /berlin/apple-touch-icon.png: 5 Time(s)
       /user/register?destination=comment/reply/13%23comment-form: 2 Time(s)
       /user/register?destination=comment/reply/15%23comment-form: 2 Time(s)
       /user/register?destination=comment/reply/20%23comment-form: 2 Time(s)
       /user/register?destination=comment/reply/24%23comment-form: 2 Time(s)
       /user/register?destination=comment/reply/32%23comment-form: 2 Time(s)
       /user/register?destination=comment/reply/33%23comment-form: 2 Time(s)
       /user/register?destination=comment/reply/9%23comment-form: 2 Time(s)
       /neuigkeiten/einladung-mgv-ws2011: 1 Time(s)
       /sites/default/files/2004_WiSe_Hamburg.pdf: 1 Time(s)
       /sites/default/files/2009_WiSe_M%C3%BCnchen.pdf: 1 Time(s)
       /sites/default/files/2010-11-26%20vorgesch ... A4nderungen.pdf: 1 Time(s)
    500 Internal Server Error
       /: 116 Time(s)
       /api/v1/pod: 1 Time(s)

 ---------------------- httpd End ------------------------- 

 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (b2b-94-79-181-162.unitymedia.biz): 99 Time(s)
       root (s0106bc9b68acafab.vc.shawcable.net): 96 Time(s)
       root (222.127.86.135): 95 Time(s)
       root (114.5.12.186): 91 Time(s)
       root (1.71.129.49): 89 Time(s)
       root (195-133-216-215.in-addr.mastertelecom.ru): 86 Time(s)
       root (186.5.109.211): 83 Time(s)
       root (180.179.120.70): 78 Time(s)
       root (179.182.102.178): 75 Time(s)
       root (47-40-20-138.dhcp.stls.mo.charter.com): 73 Time(s)
       root (213.6.8.38): 71 Time(s)
       root (23.94.46.192): 71 Time(s)
       root (183.207.181.138): 69 Time(s)
       root (106.13.189.240): 66 Time(s)
       root (177.96.10.150): 61 Time(s)
       root (59.10.5.156): 61 Time(s)
       root (109.129.78.127): 58 Time(s)
       root (182.61.27.149): 53 Time(s)
       root (106.12.94.65): 52 Time(s)
       root (106.75.7.70): 52 Time(s)
       root (118.26.135.145): 51 Time(s)
       root (ns323499.ip-94-23-41.eu): 51 Time(s)
       root (104.248.187.179): 49 Time(s)
       root (103.207.11.10): 48 Time(s)
       unknown (104.211.216.173): 47 Time(s)
       root (181.49.254.230): 46 Time(s)
       root (197.248.16.118): 46 Time(s)
       unknown (58.254.132.156): 46 Time(s)
       root (51.15.159.7): 45 Time(s)
       root (77.238.120.100): 45 Time(s)
       unknown (58.56.32.238): 44 Time(s)
       root (49.235.226.43): 42 Time(s)
       root (203.230.6.175): 41 Time(s)
       root (58.254.132.156): 40 Time(s)
       root (101.68.70.14): 39 Time(s)
       root (36.36.200.181): 39 Time(s)
       root (52.187.17.107): 39 Time(s)
       unknown (46.101.77.5): 39 Time(s)
       unknown (147.red-83-48-89.staticip.rima-tde.net): 36 Time(s)
       root (27.254.90.106): 35 Time(s)
       unknown (212.30.52.243): 35 Time(s)
       unknown (36.36.200.181): 35 Time(s)
       unknown (103.207.11.10): 34 Time(s)
       unknown (103.8.78.94): 34 Time(s)
       unknown (182.61.27.149): 34 Time(s)
       unknown (4.16.43.2): 34 Time(s)
       unknown (77.238.120.100): 34 Time(s)
       unknown (85.132.100.24): 34 Time(s)
       root (221.150.22.201): 33 Time(s)
       unknown (104.248.187.179): 33 Time(s)
       unknown (106.12.94.65): 32 Time(s)
       root (4.16.43.2): 31 Time(s)
       unknown (197.248.16.118): 31 Time(s)
       unknown (ns323499.ip-94-23-41.eu): 31 Time(s)
       root (103.52.52.22): 30 Time(s)
       root (147.red-83-48-89.staticip.rima-tde.net): 30 Time(s)
       unknown (106.75.7.70): 30 Time(s)
       unknown (121.15.7.26): 30 Time(s)
       unknown (213.6.8.38): 30 Time(s)
       root (58.56.32.238): 29 Time(s)
       unknown (109.129.78.127): 28 Time(s)
       unknown (177.96.10.150): 28 Time(s)
       root (122.224.232.243): 27 Time(s)
       root (67.55.92.90): 27 Time(s)
       root (46.101.77.5): 26 Time(s)
       unknown (49.235.226.43): 26 Time(s)
       unknown (122.224.232.243): 25 Time(s)
       root (104.211.216.173): 24 Time(s)
       root (221.226.48.78): 24 Time(s)
       root (212.30.52.243): 23 Time(s)
       root (85.132.100.24): 23 Time(s)
       unknown (106.13.189.240): 23 Time(s)
       unknown (180.179.120.70): 23 Time(s)
       unknown (103.52.52.22): 22 Time(s)
       unknown (179.182.102.178): 21 Time(s)
       unknown (221.150.22.201): 20 Time(s)
       unknown (101.68.70.14): 19 Time(s)
       unknown (23.94.46.192): 19 Time(s)
       unknown (58.47.177.160): 19 Time(s)
       root (112.85.42.171): 18 Time(s)
       unknown (47-40-20-138.dhcp.stls.mo.charter.com): 18 Time(s)
       root (194.ip-5-196-29.eu): 17 Time(s)
       unknown (194.ip-5-196-29.eu): 17 Time(s)
       root (58.47.177.160): 16 Time(s)
       unknown (106.13.8.112): 16 Time(s)
       unknown (27.254.90.106): 16 Time(s)
       unknown (51.15.159.7): 16 Time(s)
       unknown (23.94.133.77): 15 Time(s)
       root (107.172.30.143): 14 Time(s)
       root (103.8.78.94): 13 Time(s)
       unknown (186.5.109.211): 12 Time(s)
       unknown (36.108.170.241): 12 Time(s)
       root (58.87.92.153): 11 Time(s)
       unknown (195-133-216-215.in-addr.mastertelecom.ru): 11 Time(s)
       root (64.79.101.52): 9 Time(s)
       unknown (114.5.12.186): 9 Time(s)
       unknown (181.110.240.194): 9 Time(s)
       root (121.15.7.26): 8 Time(s)
       unknown (58.87.92.153): 8 Time(s)
       root (92.86.127.175): 7 Time(s)
       unknown (36.110.78.62): 7 Time(s)
       root (183.109.170.68): 6 Time(s)
       root (49.88.112.54): 6 Time(s)
       unknown (183.207.181.138): 6 Time(s)
       root (148.70.60.190): 5 Time(s)
       root (151.ip-164-132-225.eu): 4 Time(s)
       root (81.30.212.14.static.ufanet.ru): 4 Time(s)
       unknown (210.120.63.89): 4 Time(s)
       unknown (218.150.220.230): 4 Time(s)
       unknown (220.92.16.66): 4 Time(s)
       unknown (52.187.17.107): 4 Time(s)
       root (36.108.170.241): 3 Time(s)
       unknown (106.12.127.183): 3 Time(s)
       unknown (193.32.163.182): 3 Time(s)
       unknown (rrcs-108-176-0-2.nyc.biz.rr.com): 3 Time(s)
       unknown (s0106bc9b68acafab.vc.shawcable.net): 3 Time(s)
       root (106.12.127.183): 2 Time(s)
       root (181.110.240.194): 2 Time(s)
       root (218.88.164.159): 2 Time(s)
       root (218.92.0.145): 2 Time(s)
       unknown (107.172.30.143): 2 Time(s)
       unknown (118.141.215.184): 2 Time(s)
       unknown (118.26.135.145): 2 Time(s)
       unknown (194-118-3-160.hdsl.highway.telekom.at): 2 Time(s)
       unknown (218.88.164.159): 2 Time(s)
       unknown (221.226.48.78): 2 Time(s)
       unknown (b2b-94-79-181-162.unitymedia.biz): 2 Time(s)
       unknown (c-73-241-43-46.hsd1.ca.comcast.net): 2 Time(s)
       unknown (ool-2f168746.static.optonline.net): 2 Time(s)
       mysql (222.87.147.62): 1 Time(s)
       root (187.60.32.153): 1 Time(s)
       root (23.94.133.77): 1 Time(s)
       root (36.110.78.62): 1 Time(s)
       root (45.67.14.179): 1 Time(s)
       root (ool-8e366592.static.optonline.net): 1 Time(s)
       unknown (104.131.113.106): 1 Time(s)
       unknown (118-163-178-146.hinet-ip.hinet.net): 1 Time(s)
       unknown (118.173.121.37): 1 Time(s)
       unknown (196.203.31.154): 1 Time(s)
       unknown (203186158178.ctinets.com): 1 Time(s)
       unknown (221.160.100.14): 1 Time(s)
       unknown (42.116.255.216): 1 Time(s)
       unknown (90-224-203-221-no2755.tbcn.telia.com): 1 Time(s)
       unknown (92.63.194.26): 1 Time(s)
       unknown (drmons0544w-156-57-165-26.dhcp-dynamic.fibreop.ns.bellaliant.net): 1
Time(s)
       unknown (ool-addccea2.static.optonline.net): 1 Time(s)
    Invalid Users:
       Unknown Account: 1205 Time(s)

 ---------------------- pam_unix End ------------------------- 

 --------------------- Postfix Begin ------------------------ 

      580   Miscellaneous warnings  

   19.573K  Bytes accepted                              20,043
   19.573K  Bytes sent via SMTP                         20,043
 ========   ==================================================

        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================

        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================

      644   Connections             
      631   Connections lost (inbound) 
      644   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           

        2   Timeouts (inbound)      
        1   Hostname verification errors (FCRDNS) 

 ---------------------- Postfix End ------------------------- 

 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)

 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Disconnecting after too many authentication failures for user:
    root : 5 Time(s)

 Failed logins from:
    1.71.129.49: 89 times
    4.16.43.2: 31 times
    5.196.29.194 (194.ip-5-196-29.eu): 17 times
    23.94.46.192 (23-94-46-192-host.colocrossing.com): 71 times
    23.94.133.77 (23-94-133-77-host.colocrossing.com): 1 time
    27.254.90.106: 35 times
    36.36.200.181: 39 times
    36.108.170.241: 3 times
    36.110.78.62 (62.78.110.36.static.bjtelecom.net): 1 time
    45.67.14.179: 1 time
    46.101.77.5 (barclays.chatbot.capco.io): 26 times
    47.40.20.138 (47-40-20-138.dhcp.stls.mo.charter.com): 73 times
    49.88.112.54: 6 times
    49.235.226.43: 42 times
    50.64.152.76 (S0106bc9b68acafab.vc.shawcable.net): 96 times
    51.15.159.7 (51-15-159-7.rev.poneytelecom.eu): 45 times
    52.187.17.107: 39 times
    58.47.177.160: 16 times
    58.56.32.238: 29 times
    58.87.92.153: 11 times
    58.254.132.156: 40 times
    59.10.5.156: 61 times
    64.79.101.52 (64.79.101.52.rdns.continuumdatacenters.com): 9 times
    67.55.92.90: 27 times
    77.238.120.100: 45 times
    81.30.212.14 (81.30.212.14.static.ufanet.ru): 4 times
    83.48.89.147 (147.red-83-48-89.staticip.rima-tde.net): 30 times
    85.132.100.24: 23 times
    92.86.127.175 (adsl92-86-127-175.romtelecom.net): 7 times
    94.23.41.222 (ns323499.ip-94-23-41.eu): 51 times
    94.79.181.162 (b2b-94-79-181-162.unitymedia.biz): 99 times
    101.68.70.14: 39 times
    103.8.78.94: 13 times
    103.52.52.22: 30 times
    103.207.11.10: 48 times
    104.211.216.173: 24 times
    104.248.187.179: 49 times
    106.12.94.65: 52 times
    106.12.127.183: 2 times
    106.13.189.240: 66 times
    106.75.7.70: 52 times
    107.172.30.143 (107-172-30-143-host.colocrossing.com): 14 times
    109.129.78.127: 58 times
    112.85.42.171: 18 times
    114.5.12.186 (114-5-12-186.resources.indosat.com): 91 times
    118.26.135.145: 51 times
    121.15.7.26: 8 times
    122.224.232.243: 27 times
    142.54.101.146 (ool-8e366592.static.optonline.net): 1 time
    148.70.60.190: 5 times
    164.132.225.151 (151.ip-164-132-225.eu): 4 times
    177.96.10.150 (177.96.10.150.dynamic.adsl.gvt.net.br): 61 times
    179.182.102.178 (179.182.102.178.dynamic.adsl.gvt.net.br): 75 times
    180.179.120.70: 78 times
    181.49.254.230: 46 times
    181.110.240.194 (host194.181-110-240.telecom.net.ar): 2 times
    182.61.27.149: 53 times
    183.109.170.68: 6 times
    183.207.181.138 (138.181.207.183.static.js.chinamobile.com): 69 times
    186.5.109.211: 83 times
    187.60.32.153: 1 time
    195.133.216.215 (195-133-216-215.in-addr.mastertelecom.ru): 86 times
    197.248.16.118 (197-248-16-118.safaricombusiness.co.ke): 46 times
    203.230.6.175: 41 times
    212.30.52.243: 23 times
    213.6.8.38: 71 times
    218.88.164.159 (159.164.88.218.broad.cd.sc.dynamic.163data.com.cn): 2 times
    218.92.0.145: 7 times
    221.150.22.201: 33 times
    221.226.48.78: 24 times
    222.87.147.62: 1 time
    222.127.86.135: 95 times

 Illegal users from:
    undef: 956 times
    4.16.43.2: 34 times
    5.196.29.194 (194.ip-5-196-29.eu): 17 times
    23.94.46.192 (23-94-46-192-host.colocrossing.com): 19 times
    23.94.133.77 (23-94-133-77-host.colocrossing.com): 15 times
    27.254.90.106: 16 times
    36.36.200.181: 35 times
    36.108.170.241: 12 times
    36.110.78.62 (62.78.110.36.static.bjtelecom.net): 7 times
    42.116.255.216: 1 time
    46.101.77.5 (barclays.chatbot.capco.io): 39 times
    47.22.135.70 (ool-2f168746.static.optonline.net): 2 times
    47.40.20.138 (47-40-20-138.dhcp.stls.mo.charter.com): 18 times
    49.235.226.43: 26 times
    50.64.152.76 (S0106bc9b68acafab.vc.shawcable.net): 3 times
    51.15.159.7 (51-15-159-7.rev.poneytelecom.eu): 16 times
    52.187.17.107: 4 times
    58.47.177.160: 19 times
    58.56.32.238: 44 times
    58.87.92.153: 8 times
    58.254.132.156: 46 times
    73.241.43.46 (c-73-241-43-46.hsd1.ca.comcast.net): 2 times
    77.238.120.100: 34 times
    83.48.89.147 (147.red-83-48-89.staticip.rima-tde.net): 36 times
    85.132.100.24: 34 times
    90.224.203.221 (90-224-203-221-no2755.tbcn.telia.com): 1 time
    92.63.194.26: 1 time
    94.23.41.222 (ns323499.ip-94-23-41.eu): 31 times
    94.79.181.162 (b2b-94-79-181-162.unitymedia.biz): 2 times
    101.68.70.14: 19 times
    103.8.78.94: 34 times
    103.52.52.22: 22 times
    103.207.11.10: 34 times
    104.131.113.106: 1 time
    104.211.216.173: 47 times
    104.248.187.179: 33 times
    106.12.94.65: 32 times
    106.12.127.183: 3 times
    106.13.8.112: 16 times
    106.13.189.240: 23 times
    106.75.7.70: 30 times
    107.172.30.143 (107-172-30-143-host.colocrossing.com): 2 times
    108.176.0.2 (rrcs-108-176-0-2.nyc.biz.rr.com): 3 times
    109.129.78.127: 28 times
    114.5.12.186 (114-5-12-186.resources.indosat.com): 9 times
    118.26.135.145: 2 times
    118.141.215.184 (sr-184-215-141-118-on-nets.com): 2 times
    118.163.178.146 (118-163-178-146.HINET-IP.hinet.net): 1 time
    118.173.121.37 (node-nxh.pool-118-173.dynamic.totinternet.net): 1 time
    121.15.7.26: 30 times
    122.224.232.243: 25 times
    139.162.122.110 (scan-8.security.ipip.net): 1 time
    156.57.165.26 (drmons0544w-156-57-165-26.dhcp-dynamic.fibreop.ns.bellaliant.net): 1
time
    173.220.206.162 (ool-addccea2.static.optonline.net): 1 time
    177.96.10.150 (177.96.10.150.dynamic.adsl.gvt.net.br): 28 times
    179.182.102.178 (179.182.102.178.dynamic.adsl.gvt.net.br): 21 times
    180.179.120.70: 23 times
    181.110.240.194 (host194.181-110-240.telecom.net.ar): 9 times
    182.61.27.149: 34 times
    183.207.181.138 (138.181.207.183.static.js.chinamobile.com): 6 times
    186.5.109.211: 12 times
    193.32.163.182 (hosting-by.cloud-home.me): 3 times
    194.118.3.160 (194-118-3-160.hdsl.highway.telekom.at): 2 times
    195.133.216.215 (195-133-216-215.in-addr.mastertelecom.ru): 11 times
    196.203.31.154: 1 time
    197.248.16.118 (197-248-16-118.safaricombusiness.co.ke): 31 times
    203.186.158.178 (203186158178.ctinets.com): 1 time
    210.120.63.89: 4 times
    212.30.52.243: 35 times
    213.6.8.38: 30 times
    218.88.164.159 (159.164.88.218.broad.cd.sc.dynamic.163data.com.cn): 2 times
    218.150.220.230: 4 times
    220.92.16.66: 4 times
    221.150.22.201: 20 times
    221.160.100.14: 1 time
    221.226.48.78: 2 times

 **Unmatched Entries**
 Disconnecting: Packet corrupt [preauth] : 1 time(s)
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 7 time(s)
 Bad packet length 521343747. [preauth] : 1 time(s)
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 2 time(s)

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End ######################### 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016