Logwatch for h2361197.stratoserver.net (Linux)

Montag, 14 Oktober 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Mon Oct 14 04:42:06 2019
        Date Range Processed: yesterday
                              ( 2019-Oct-13 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [204:205]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 Connection attempts using mod_proxy:
    112.66.103.93 -> zapf.wiki:443: 1 Time(s)
    60.191.52.254 -> zapf.wiki:443: 1 Time(s)
 
 A total of 2 sites probed the server 
    154.47.32.66
    61.219.11.153
 
 Requests with error response codes
    400 Bad Request
       mstshash=Administr: 4 Time(s)
       null: 2 Time(s)
       zapf.wiki:443: 2 Time(s)
       /manager/html: 1 Time(s)
       /manager/text/list: 1 Time(s)
    404 Not Found
       /robots.txt: 37 Time(s)
       /berlin/apple-touch-icon.png: 4 Time(s)
       /node: 2 Time(s)
       /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s)
       /reader/2016_sose_konstanz_lang.pdf: 1 Time(s)
       /resolutionen/sose17/gesellschaftlich_vera ... wantwortung.pdf: 1 Time(s)
       /wp-login.php: 1 Time(s)
    408 Request Timeout
       /reader/2014-SoSe_Duesseldorf.pdf: 1 Time(s)
    500 Internal Server Error
       /: 8 Time(s)
       /api/v1/pod: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (116.196.80.104): 100 Time(s)
       root (91.215.244.12): 91 Time(s)
       root (68.183.178.162): 90 Time(s)
       root (89.35.57.214): 89 Time(s)
       root (189.109.247.149): 84 Time(s)
       root (58.62.207.50): 78 Time(s)
       root (94.101.181.238): 77 Time(s)
       root (118.24.9.152): 76 Time(s)
       root (164.ip-51-255-174.eu): 75 Time(s)
       root (202.51.74.189): 75 Time(s)
       unknown (182.61.58.166): 69 Time(s)
       root (210.212.237.67): 67 Time(s)
       unknown (49.235.80.149): 66 Time(s)
       root (132.232.59.247): 65 Time(s)
       root (116.90.165.26): 64 Time(s)
       unknown (181.222.143.177): 58 Time(s)
       unknown (58.162.140.172): 58 Time(s)
       root (51.158.100.176): 57 Time(s)
       root (76.73.206.90): 54 Time(s)
       root (ns3133228.ip-51-75-52.eu): 53 Time(s)
       root (104.236.214.8): 52 Time(s)
       root (62.234.62.191): 52 Time(s)
       root (129.146.149.185): 50 Time(s)
       unknown (197.85.191.178): 50 Time(s)
       unknown (13.71.5.110): 49 Time(s)
       unknown (190.96.49.189): 48 Time(s)
       unknown (maq01.crcrj.org.br): 48 Time(s)
       root (178.62.118.53): 44 Time(s)
       root (ns3036126.ip-193-70-81.eu): 43 Time(s)
       unknown (62.234.62.191): 43 Time(s)
       unknown (159.65.13.203): 42 Time(s)
       unknown (118.89.221.36): 40 Time(s)
       root (200-98-1-189.tlf.dialuol.com.br): 37 Time(s)
       unknown (176.107.131.128): 37 Time(s)
       unknown (178.62.118.53): 37 Time(s)
       unknown (177.50.208.206): 36 Time(s)
       unknown (132.232.59.247): 35 Time(s)
       unknown (ns3036126.ip-193-70-81.eu): 34 Time(s)
       root (159.65.13.203): 33 Time(s)
       unknown (200-98-1-189.tlf.dialuol.com.br): 33 Time(s)
       root (l37-195-50-41.novotelecom.ru): 32 Time(s)
       root (51.15.159.7): 31 Time(s)
       unknown (129.146.149.185): 31 Time(s)
       unknown (178.128.59.109): 31 Time(s)
       unknown (76.73.206.90): 31 Time(s)
       unknown (ns3133228.ip-51-75-52.eu): 31 Time(s)
       root (139.199.48.217): 30 Time(s)
       root (148.70.65.131): 30 Time(s)
       root (49.235.80.149): 30 Time(s)
       unknown (51.158.100.176): 29 Time(s)
       root (182.61.58.166): 27 Time(s)
       root (197.85.191.178): 27 Time(s)
       root (181.222.143.177): 24 Time(s)
       unknown (116.90.165.26): 24 Time(s)
       unknown (217.61.17.7): 24 Time(s)
       root (13.71.5.110): 23 Time(s)
       root (maq01.crcrj.org.br): 23 Time(s)
       unknown (157.245.103.117): 23 Time(s)
       root (58.162.140.172): 22 Time(s)
       root (178.128.59.109): 20 Time(s)
       unknown (164.ip-51-255-174.eu): 19 Time(s)
       root (43.243.128.213): 18 Time(s)
       unknown (210.212.237.67): 18 Time(s)
       unknown (118.24.9.152): 17 Time(s)
       root (157.245.103.117): 16 Time(s)
       unknown (148.70.65.131): 16 Time(s)
       unknown (202.51.74.189): 16 Time(s)
       root (201.114.252.23): 14 Time(s)
       unknown (104.236.214.8): 14 Time(s)
       unknown (139.199.48.217): 13 Time(s)
       unknown (51.15.159.7): 13 Time(s)
       root (118.89.221.36): 12 Time(s)
       root (182.61.176.53): 12 Time(s)
       unknown (177.42.73.75): 12 Time(s)
       unknown (189.109.247.149): 11 Time(s)
       root (177.50.208.206): 10 Time(s)
       unknown (58.62.207.50): 10 Time(s)
       root (60.191.82.107): 8 Time(s)
       unknown (68.183.178.162): 8 Time(s)
       root (107.173.145.168): 6 Time(s)
       root (190.96.49.189): 6 Time(s)
       root (203.129.199.163): 6 Time(s)
       root (27.210.143.2): 6 Time(s)
       root (net-2-36-67-194.cust.vodafonedsl.it): 6 Time(s)
       unknown (112.171.248.197): 6 Time(s)
       unknown (157.red-81-47-160.staticip.rima-tde.net): 6 Time(s)
       unknown (91.215.244.12): 6 Time(s)
       root (oc-129-158-73-144.compute.oraclecloud.com): 5 Time(s)
       unknown (192.red-79-155-112.dynamicip.rima-tde.net): 5 Time(s)
       unknown (ip46.ip-151-80-203.eu): 5 Time(s)
       root (ns3003413.ip-5-196-75.eu): 4 Time(s)
       unknown (114.119.4.74): 4 Time(s)
       unknown (185.88.197.15): 4 Time(s)
       unknown (193.32.163.182): 4 Time(s)
       unknown (203.160.91.226): 4 Time(s)
       unknown (43.243.128.213): 4 Time(s)
       unknown (team.holonix.biz): 4 Time(s)
       unknown (213.32.31.116): 3 Time(s)
       unknown (45.ip-51-75-16.eu): 3 Time(s)
       unknown (51.15.178.114): 3 Time(s)
       unknown (ns3108173.ip-54-37-253.eu): 3 Time(s)
       unknown (ns323907.ip-94-23-16.eu): 3 Time(s)
       unknown (ns359239.ip-91-121-156.eu): 3 Time(s)
       root (server.multixservices.net): 2 Time(s)
       root (static-100-37-253-46.nycmny.fios.verizon.net): 2 Time(s)
       unknown (50.ip-193-70-2.eu): 2 Time(s)
       unknown (60.191.82.107): 2 Time(s)
       unknown (82-64-25-207.subs.proxad.net): 2 Time(s)
       unknown (84.ip-54-38-186.eu): 2 Time(s)
       unknown (91.134.173.103): 2 Time(s)
       unknown (93.152.158.132): 2 Time(s)
       unknown (94.156.119.230): 2 Time(s)
       unknown (ns365771.ovh.net): 2 Time(s)
       unknown (static-84-242-116-94.net.upcbroadband.cz): 2 Time(s)
       backup (sds-155.hosteur.net): 1 Time(s)
       daemon (ns359239.ip-91-121-156.eu): 1 Time(s)
       mysql (236.ip-92-222-70.eu): 1 Time(s)
       postgres (team.holonix.biz): 1 Time(s)
       root (118.187.31.11): 1 Time(s)
       root (124.29.198.212): 1 Time(s)
       root (157.red-81-47-160.staticip.rima-tde.net): 1 Time(s)
       root (168.255.251.126): 1 Time(s)
       root (178.33.216.209): 1 Time(s)
       root (222.91.150.250): 1 Time(s)
       root (23.94.133.28): 1 Time(s)
       root (84.ip-54-38-186.eu): 1 Time(s)
       root (93.152.158.132): 1 Time(s)
       root (94.156.119.230): 1 Time(s)
       root (ip46.ip-151-80-203.eu): 1 Time(s)
       root (ns359239.ip-91-121-156.eu): 1 Time(s)
       root (ool-2f168252.static.optonline.net): 1 Time(s)
       root (sds-155.hosteur.net): 1 Time(s)
       root (static-84-242-116-94.net.upcbroadband.cz): 1 Time(s)
       unknown (103.204.244.131): 1 Time(s)
       unknown (110.ip-217-182-204.eu): 1 Time(s)
       unknown (113.190.232.244): 1 Time(s)
       unknown (138.68.89.76): 1 Time(s)
       unknown (14.227.43.135): 1 Time(s)
       unknown (140.ip-164-132-49.eu): 1 Time(s)
       unknown (15.ip-92-222-84.eu): 1 Time(s)
       unknown (162.ip-54-37-205.eu): 1 Time(s)
       unknown (163.172.94.72): 1 Time(s)
       unknown (178.33.216.209): 1 Time(s)
       unknown (236.ip-92-222-70.eu): 1 Time(s)
       unknown (37.114.172.151): 1 Time(s)
       unknown (37.114.186.205): 1 Time(s)
       unknown (46.ip-51-254-114.eu): 1 Time(s)
       unknown (92.63.194.26): 1 Time(s)
       unknown (95-31-97-102.broadband.corbina.ru): 1 Time(s)
       unknown (ip-83-99-35-116.dyn.luxdsl.pt.lu): 1 Time(s)
       unknown (ns3002401.ovh.net): 1 Time(s)
       unknown (ns333056.ip-37-187-125.eu): 1 Time(s)
       unknown (ns335893.ip-37-59-17.eu): 1 Time(s)
       unknown (ool-2f168252.static.optonline.net): 1 Time(s)
       unknown (sds-155.hosteur.net): 1 Time(s)
       www-data (84.ip-54-38-186.eu): 1 Time(s)
    Invalid Users:
       Unknown Account: 1284 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        2   Miscellaneous warnings  
 
   18.092K  Bytes accepted                              18,526
   18.092K  Bytes sent via SMTP                         18,526
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        3   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        3   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
     1485   Connections             
     1468   Connections lost (inbound) 
     1484   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        5   Timeouts (inbound)      
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    invalid : 1 Time(s)
    root : 3 Time(s)
 
 Failed logins from:
    2.36.67.194 (net-2-36-67-194.cust.vodafonedsl.it): 6 times
    5.196.75.47 (ns3003413.ip-5-196-75.eu): 4 times
    13.71.5.110: 23 times
    23.94.133.28 (23-94-133-28-host.colocrossing.com): 1 time
    27.210.143.2: 6 times
    37.187.74.146 (team.holonix.biz): 1 time
    37.195.50.41 (l37-195-50-41.novotelecom.ru): 32 times
    43.243.128.213: 18 times
    46.182.7.35 (sds-155.hosteur.net): 2 times
    47.22.130.82 (ool-2f168252.static.optonline.net): 1 time
    49.235.80.149: 30 times
    51.15.159.7 (51-15-159-7.rev.poneytelecom.eu): 31 times
    51.75.52.195 (ns3133228.ip-51-75-52.eu): 53 times
    51.158.100.176 (176-100-158-51.rev.cloud.scaleway.com): 57 times
    51.255.174.164 (164.ip-51-255-174.eu): 75 times
    54.38.186.84 (84.ip-54-38-186.eu): 2 times
    58.62.207.50: 78 times
    58.162.140.172: 22 times
    60.191.82.107: 8 times
    62.234.62.191: 52 times
    68.183.178.162: 90 times
    76.73.206.90 (circlorama.mybizpronetwork.net): 54 times
    81.47.160.157 (157.red-81-47-160.staticip.rima-tde.net): 1 time
    84.242.116.94 (static-84-242-116-94.net.upcbroadband.cz): 1 time
    89.35.57.214: 89 times
    91.121.156.27 (ns359239.ip-91-121-156.eu): 2 times
    91.215.244.12: 91 times
    92.222.70.236 (236.ip-92-222-70.eu): 1 time
    93.152.158.132: 1 time
    94.101.181.238: 77 times
    94.156.119.230: 1 time
    100.37.253.46 (static-100-37-253-46.nycmny.fios.verizon.net): 2 times
    104.236.214.8: 52 times
    107.173.145.168 (107-173-145-168-host.colocrossing.com): 6 times
    116.90.165.26 (IP-90-165-26.dtp.net.id): 64 times
    116.196.80.104: 100 times
    118.24.9.152: 76 times
    118.89.221.36: 12 times
    118.187.31.11: 1 time
    124.29.198.212: 1 time
    129.146.149.185: 50 times
    129.158.73.144 (oc-129-158-73-144.compute.oraclecloud.com): 5 times
    132.232.59.247: 65 times
    139.199.48.217: 30 times
    148.70.65.131: 30 times
    151.80.203.46 (ip46.ip-151-80-203.eu): 1 time
    157.245.103.117: 16 times
    159.65.13.203: 33 times
    162.241.178.219 (server.multixservices.net): 2 times
    168.255.251.126: 1 time
    177.50.208.206 (206.208.50.177.isp.timbrasil.com.br): 10 times
    178.33.216.209: 1 time
    178.62.118.53: 44 times
    178.128.59.109: 20 times
    181.222.143.177 (b5de8fb1.virtua.com.br): 24 times
    182.61.58.166: 27 times
    182.61.176.53: 12 times
    189.109.247.149 (189-109-247-149.customer.tdatabrasil.net.br): 84 times
    190.96.49.189: 6 times
    193.70.81.201 (ns3036126.ip-193-70-81.eu): 43 times
    197.85.191.178 (197-85-191-178.cpt.virtualservers.co.za): 27 times
    200.98.1.189 (200-98-1-189.tlf.dialuol.com.br): 37 times
    201.76.178.51 (maq01.crcrj.org.br): 23 times
    201.114.252.23 (dsl-201-114-252-23-dyn.prod-infinitum.com.mx): 14 times
    202.51.74.189: 75 times
    203.129.199.163: 6 times
    210.212.237.67: 67 times
    222.91.150.250: 1 time
 
 Illegal users from:
    undef: 1000 times
    13.71.5.110: 49 times
    14.227.43.135 (static.vnpt.vn): 1 time
    37.59.17.24 (ns335893.ip-37-59-17.eu): 1 time
    37.59.51.51 (ns3002401.ovh.net): 1 time
    37.114.172.151: 1 time
    37.114.186.205: 1 time
    37.187.74.146 (team.holonix.biz): 4 times
    37.187.125.87 (ns333056.ip-37-187-125.eu): 1 time
    43.243.128.213: 4 times
    46.182.7.35 (sds-155.hosteur.net): 1 time
    47.22.130.82 (ool-2f168252.static.optonline.net): 1 time
    49.235.80.149: 66 times
    51.15.159.7 (51-15-159-7.rev.poneytelecom.eu): 13 times
    51.15.178.114 (51-15-178-114.rev.poneytelecom.eu): 3 times
    51.75.16.45 (45.ip-51-75-16.eu): 3 times
    51.75.52.195 (ns3133228.ip-51-75-52.eu): 31 times
    51.158.100.176 (176-100-158-51.rev.cloud.scaleway.com): 29 times
    51.254.114.46 (46.ip-51-254-114.eu): 1 time
    51.255.174.164 (164.ip-51-255-174.eu): 19 times
    54.37.205.162 (162.ip-54-37-205.eu): 1 time
    54.37.253.161 (ns3108173.ip-54-37-253.eu): 3 times
    54.38.186.84 (84.ip-54-38-186.eu): 2 times
    58.62.207.50: 10 times
    58.162.140.172: 58 times
    60.191.82.107: 2 times
    62.234.62.191: 43 times
    68.183.178.162: 8 times
    76.73.206.90 (circlorama.mybizpronetwork.net): 31 times
    79.155.112.192 (192.red-79-155-112.dynamicip.rima-tde.net): 5 times
    81.47.160.157 (157.red-81-47-160.staticip.rima-tde.net): 6 times
    82.64.25.207 (82-64-25-207.subs.proxad.net): 2 times
    83.99.35.116 (ip-83-99-35-116.dyn.luxdsl.pt.lu): 1 time
    84.242.116.94 (static-84-242-116-94.net.upcbroadband.cz): 2 times
    85.35.109.166: 1 time
    91.121.156.27 (ns359239.ip-91-121-156.eu): 3 times
    91.134.173.103: 2 times
    91.215.244.12: 6 times
    92.63.194.26: 1 time
    92.222.70.236 (236.ip-92-222-70.eu): 1 time
    92.222.84.15 (15.ip-92-222-84.eu): 1 time
    93.152.158.132: 2 times
    94.23.5.135 (ns365771.ovh.net): 2 times
    94.23.16.30 (ns323907.ip-94-23-16.eu): 3 times
    94.156.119.230: 2 times
    95.31.97.102 (95-31-97-102.broadband.corbina.ru): 1 time
    103.204.244.131: 1 time
    104.236.214.8: 14 times
    112.171.248.197: 6 times
    113.190.232.244 (static.vnpt.vn): 1 time
    114.119.4.74: 4 times
    116.90.165.26 (IP-90-165-26.dtp.net.id): 24 times
    118.24.9.152: 17 times
    118.89.221.36: 40 times
    129.146.149.185: 31 times
    132.232.59.247: 35 times
    138.68.89.76: 1 time
    139.199.48.217: 13 times
    148.70.65.131: 16 times
    151.80.203.46 (ip46.ip-151-80-203.eu): 5 times
    157.245.103.117: 23 times
    159.65.13.203: 42 times
    163.172.94.72 (163-172-94-72.rev.poneytelecom.eu): 1 time
    164.132.49.140 (140.ip-164-132-49.eu): 1 time
    176.107.131.128 (host128-131-107-176.static.arubacloud.pl): 37 times
    177.42.73.75 (177.42.73.75.static.host.gvt.net.br): 12 times
    177.50.208.206 (206.208.50.177.isp.timbrasil.com.br): 36 times
    178.33.216.209: 1 time
    178.62.118.53: 37 times
    178.128.59.109: 31 times
    181.222.143.177 (b5de8fb1.virtua.com.br): 58 times
    182.61.58.166: 69 times
    185.88.197.15 (not-updated.castle-it.net): 4 times
    189.109.247.149 (189-109-247-149.customer.tdatabrasil.net.br): 11 times
    190.96.49.189: 48 times
    193.32.163.182 (hosting-by.cloud-home.me): 4 times
    193.70.2.50 (50.ip-193-70-2.eu): 2 times
    193.70.81.201 (ns3036126.ip-193-70-81.eu): 34 times
    197.85.191.178 (197-85-191-178.cpt.virtualservers.co.za): 50 times
    200.98.1.189 (200-98-1-189.tlf.dialuol.com.br): 33 times
    201.76.178.51 (maq01.crcrj.org.br): 48 times
    202.51.74.189: 16 times
    203.160.91.226: 4 times
    210.212.237.67: 18 times
    213.32.31.116: 3 times
    217.61.17.7 (host7-17-61-217.static.arubacloud.com): 24 times
    217.182.204.110 (110.ip-217-182-204.eu): 1 time
 
 **Unmatched Entries**
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 4 time(s)
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 3 time(s)
 error: Received disconnect from 81.47.160.157: 3: com.jcraft.jsch.JSchException: Auth
fail [preauth] : 6 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016