################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sat Sep 14 04:42:10 2019 Date Range Processed: yesterday ( 2019-Sep-13 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [430:427] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ Connection attempts using mod_proxy: 115.200.232.68 -> zapf.wiki:443: 1 Time(s) A total of 6 sites probed the server 100.26.247.100 172.104.242.173 172.105.89.161 34.232.53.255 46.119.114.88 80.226.132.184 Requests with error response codes 400 Bad Request null: 6 Time(s) mstshash=Administr: 3 Time(s) /setup.cgi?next_file=netgear.cfg&todo=sysc ... ntsetting.htm=1: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) zapf.wiki:443: 1 Time(s) 404 Not Found /robots.txt: 25 Time(s) /berlin/apple-touch-icon.png: 9 Time(s) //wp-json/oembed/1.0/embed?url=https://zapfev.de/: 1 Time(s) //wp-json/wp/v2/users/: 1 Time(s) //xmlrpc.php: 1 Time(s) /home/verein: 1 Time(s) /home/zapf: 1 Time(s) /js/cmake.in: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/2016_sose_konstanz_lang.pdf: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 1 Time(s) /build/cover-styles-pack.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /build/cover.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /build/font-pack.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /build/index-styles-pack.2c73dce02b1eaa3a3b4e.css: 1 Time(s) /fonts/SourceSansPro-Regular.woff: 1 Time(s) 500 Internal Server Error /: 66 Time(s) /remote/login: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (138.68.29.52): 110 Time(s) unknown (mail.digitalindulgences.com): 103 Time(s) unknown (171.ip-54-38-241.eu): 101 Time(s) unknown (212.15.169.6): 100 Time(s) unknown (134.209.7.179): 98 Time(s) unknown (159.89.169.109): 98 Time(s) unknown (ns3019850.ip-54-38-192.eu): 98 Time(s) unknown (222.255.146.19): 94 Time(s) unknown (110.43.42.244): 92 Time(s) unknown (137.74.152.132): 92 Time(s) unknown (139.59.20.248): 89 Time(s) unknown (159.89.104.243): 87 Time(s) unknown (edtech.com.pk): 86 Time(s) unknown (150.107.213.168): 85 Time(s) unknown (103.27.238.202): 77 Time(s) unknown (116.228.58.93): 61 Time(s) unknown (180.66.207.67): 59 Time(s) unknown (server.etaaleem.com): 50 Time(s) unknown (201.41.148.228): 44 Time(s) unknown (c-98-246-48-95.hsd1.or.comcast.net): 44 Time(s) unknown (147.139.132.146): 37 Time(s) unknown (58.240.52.75): 36 Time(s) unknown (103.35.64.222): 35 Time(s) unknown (58.243.182.85): 31 Time(s) unknown (118.25.177.241): 20 Time(s) unknown (189-69-29-43.dsl.telesp.net.br): 17 Time(s) unknown (178.128.22.249): 16 Time(s) root (112.85.42.177): 12 Time(s) unknown (81.30.212.14.static.ufanet.ru): 11 Time(s) root (105.74.14.37.dynamic.jazztel.es): 6 Time(s) root (112.85.42.178): 6 Time(s) root (115.55.45.57): 6 Time(s) root (183.157.175.120): 6 Time(s) root (183.212.176.64): 6 Time(s) root (218.92.0.141): 6 Time(s) root (218.92.0.181): 6 Time(s) root (218.92.0.193): 6 Time(s) root (220.82.185.163): 6 Time(s) root (27.152.113.20): 6 Time(s) root (39.187.83.82): 6 Time(s) root (45.165.69.45): 6 Time(s) root (49.83.147.120): 6 Time(s) root (58.252.46.117): 6 Time(s) unknown (114.236.166.238): 6 Time(s) unknown (183.157.187.130): 6 Time(s) unknown (82.196.4.46): 6 Time(s) root (45.119.212.105): 5 Time(s) postgres (171.ip-54-38-241.eu): 4 Time(s) root (139.59.20.248): 4 Time(s) root (mail.digitalindulgences.com): 4 Time(s) postgres (116.228.58.93): 3 Time(s) postgres (134.209.7.179): 3 Time(s) postgres (139.59.20.248): 3 Time(s) postgres (150.107.213.168): 3 Time(s) postgres (edtech.com.pk): 3 Time(s) postgres (mail.digitalindulgences.com): 3 Time(s) root (103.27.238.202): 3 Time(s) root (138.68.29.52): 3 Time(s) root (150.107.213.168): 3 Time(s) root (159.89.169.109): 3 Time(s) root (58.243.182.85): 3 Time(s) root (edtech.com.pk): 3 Time(s) unknown (193.32.163.182): 3 Time(s) unknown (45.119.212.105): 3 Time(s) unknown (82-64-132-21.subs.proxad.net): 3 Time(s) www-data (110.43.42.244): 3 Time(s) www-data (171.ip-54-38-241.eu): 3 Time(s) www-data (c-98-246-48-95.hsd1.or.comcast.net): 3 Time(s) mysql (110.43.42.244): 2 Time(s) mysql (139.59.20.248): 2 Time(s) mysql (150.107.213.168): 2 Time(s) mysql (171.ip-54-38-241.eu): 2 Time(s) mysql (58.240.52.75): 2 Time(s) mysql (edtech.com.pk): 2 Time(s) postgres (103.27.238.202): 2 Time(s) postgres (212.15.169.6): 2 Time(s) postgres (222.255.146.19): 2 Time(s) root (103.35.64.222): 2 Time(s) root (118.25.177.241): 2 Time(s) root (137.74.152.132): 2 Time(s) root (159.89.104.243): 2 Time(s) root (171.ip-54-38-241.eu): 2 Time(s) root (ns3019850.ip-54-38-192.eu): 2 Time(s) temp (110.43.42.244): 2 Time(s) temp (139.59.20.248): 2 Time(s) temp (mail.digitalindulgences.com): 2 Time(s) unknown (s01067cb21b1bca5e.cg.shawcable.net): 2 Time(s) www-data (212.15.169.6): 2 Time(s) mysql (103.27.238.202): 1 Time(s) mysql (103.35.64.222): 1 Time(s) mysql (116.228.58.93): 1 Time(s) mysql (134.209.7.179): 1 Time(s) mysql (137.74.152.132): 1 Time(s) mysql (138.68.29.52): 1 Time(s) mysql (147.139.132.146): 1 Time(s) mysql (159.89.169.109): 1 Time(s) mysql (222.255.146.19): 1 Time(s) mysql (c-98-246-48-95.hsd1.or.comcast.net): 1 Time(s) postgres (103.35.64.222): 1 Time(s) postgres (110.43.42.244): 1 Time(s) postgres (118.25.177.241): 1 Time(s) postgres (137.74.152.132): 1 Time(s) postgres (147.139.132.146): 1 Time(s) postgres (159.89.169.109): 1 Time(s) postgres (178.128.22.249): 1 Time(s) postgres (201.41.148.228): 1 Time(s) postgres (49.235.85.98): 1 Time(s) postgres (58.240.52.75): 1 Time(s) postgres (ns3019850.ip-54-38-192.eu): 1 Time(s) root (118.121.201.83): 1 Time(s) root (121.157.82.170): 1 Time(s) root (189-69-29-43.dsl.telesp.net.br): 1 Time(s) root (201.41.148.228): 1 Time(s) root (212.15.169.6): 1 Time(s) root (222.255.146.19): 1 Time(s) root (58.240.52.75): 1 Time(s) root (81.30.212.14.static.ufanet.ru): 1 Time(s) root (82.196.4.46): 1 Time(s) root (83-233-93-146.cust.bredband2.com): 1 Time(s) root (c-98-246-48-95.hsd1.or.comcast.net): 1 Time(s) root (ns3016508.ip-51-254-47.eu): 1 Time(s) root (pppoe-static.86.57.226.4.telecom.mogilev.by): 1 Time(s) temp (103.27.238.202): 1 Time(s) temp (103.35.64.222): 1 Time(s) temp (118.25.177.241): 1 Time(s) temp (137.74.152.132): 1 Time(s) temp (159.89.104.243): 1 Time(s) temp (edtech.com.pk): 1 Time(s) temp (ns3019850.ip-54-38-192.eu): 1 Time(s) unknown (101.64.108.226): 1 Time(s) unknown (115.110.172.44): 1 Time(s) unknown (121.157.82.170): 1 Time(s) unknown (14.ip-144-217-4.net): 1 Time(s) unknown (159.203.17.176): 1 Time(s) unknown (167.71.203.147): 1 Time(s) unknown (173.239.37.152): 1 Time(s) unknown (203.199.141.158): 1 Time(s) unknown (206.81.21.129): 1 Time(s) unknown (220.92.16.82): 1 Time(s) unknown (222.114.225.136): 1 Time(s) unknown (222.131.235.67): 1 Time(s) unknown (41.39.189.84): 1 Time(s) unknown (92.63.194.26): 1 Time(s) unknown (mail2.bergschneider.de): 1 Time(s) unknown (ns3077451.ip-188-165-242.eu): 1 Time(s) unknown (sd.two-notes.net): 1 Time(s) www-data (103.27.238.202): 1 Time(s) www-data (134.209.7.179): 1 Time(s) www-data (137.74.152.132): 1 Time(s) www-data (147.139.132.146): 1 Time(s) www-data (222.255.146.19): 1 Time(s) www-data (81.30.212.14.static.ufanet.ru): 1 Time(s) www-data (edtech.com.pk): 1 Time(s) Invalid Users: Unknown Account: 1925 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 306 Miscellaneous warnings 18.264K Bytes accepted 18,702 18.264K Bytes sent via SMTP 18,702 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 5 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 5 Total 4xx Rejects 100.00% ======== ================================================== 383 Connections 305 Connections lost (inbound) 383 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Timeouts (inbound) 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 2 Time(s) root : 16 Time(s) Failed logins from: 27.152.113.20 (20.113.152.27.broad.xm.fj.dynamic.163data.com.cn): 6 times 37.14.74.105 (105.74.14.37.dynamic.jazztel.es): 6 times 39.187.83.82: 6 times 45.119.212.105: 5 times 45.165.69.45 (45.69.165.45.mikolnet.net.br): 6 times 49.83.147.120: 6 times 49.235.85.98: 1 time 51.254.47.198 (ns3016508.ip-51-254-47.eu): 1 time 54.38.192.96 (ns3019850.ip-54-38-192.eu): 4 times 54.38.241.171 (171.ip-54-38-241.eu): 11 times 58.240.52.75: 4 times 58.243.182.85: 3 times 58.252.46.117: 6 times 81.30.212.14 (81.30.212.14.static.ufanet.ru): 2 times 82.196.4.46: 1 time 83.233.93.146 (83-233-93-146.cust.bredband2.com): 1 time 86.57.226.4 (pppoe-static.86.57.226.4.telecom.mogilev.by): 1 time 98.246.48.95 (c-98-246-48-95.hsd1.or.comcast.net): 5 times 103.27.238.202: 8 times 103.35.64.222: 5 times 110.43.42.244: 8 times 112.85.42.177: 12 times 112.85.42.178: 6 times 115.55.45.57 (hn.kd.ny.adsl): 6 times 116.228.58.93: 4 times 118.25.177.241: 4 times 118.121.201.83: 1 time 121.157.82.170: 1 time 134.209.7.179: 5 times 137.74.152.132 (antiwolf.fr): 6 times 138.68.29.52: 4 times 139.59.20.248: 11 times 147.139.132.146: 3 times 150.107.213.168 (node-150-107-213-168.alliancebroadband.in): 8 times 157.230.6.42 (mail.digitalindulgences.com): 9 times 159.89.104.243 (166473.cloudwaysapps.com): 3 times 159.89.169.109: 5 times 178.128.22.249: 1 time 183.157.175.120: 6 times 183.212.176.64: 6 times 188.165.211.99 (edtech.com.pk): 10 times 189.69.29.43 (189-69-29-43.dsl.telesp.net.br): 1 time 201.41.148.228 (201-41-148-228.mganm301b.ipd.brasiltelecom.net.br): 2 times 212.15.169.6: 5 times 218.92.0.141: 6 times 218.92.0.181: 6 times 218.92.0.193: 6 times 220.82.185.163: 6 times 222.255.146.19 (static.vnpt.vn): 5 times Illegal users from: undef: 436 times 41.39.189.84 (host-41.39.189.84.tedata.net): 1 time 45.119.212.105: 3 times 54.38.192.96 (ns3019850.ip-54-38-192.eu): 98 times 54.38.241.171 (171.ip-54-38-241.eu): 101 times 58.240.52.75: 36 times 58.243.182.85: 31 times 81.30.212.14 (81.30.212.14.static.ufanet.ru): 11 times 82.64.132.21 (82-64-132-21.subs.proxad.net): 3 times 82.149.162.78 (mail2.bergschneider.de): 1 time 82.196.4.46: 6 times 92.63.194.26: 1 time 98.246.48.95 (c-98-246-48-95.hsd1.or.comcast.net): 44 times 101.64.108.226: 5 times 103.27.238.202: 77 times 103.35.64.222: 35 times 110.43.42.244: 92 times 114.236.166.238: 6 times 115.110.172.44 (115.110.172.44.static-chennai.vsnl.net.in): 1 time 116.228.58.93: 61 times 118.25.177.241: 20 times 121.157.82.170: 1 time 134.209.7.179: 98 times 137.74.152.132 (antiwolf.fr): 92 times 138.68.29.52: 110 times 139.59.20.248: 89 times 144.217.4.14 (14.ip-144-217-4.net): 1 time 147.139.132.146: 37 times 150.107.213.168 (node-150-107-213-168.alliancebroadband.in): 85 times 157.230.6.42 (mail.digitalindulgences.com): 103 times 159.89.104.243 (166473.cloudwaysapps.com): 87 times 159.89.169.109: 98 times 159.203.17.176 (antovm-ubuntu-12.04-512mb-to): 1 time 162.214.14.3 (server.etaaleem.com): 50 times 163.172.93.131 (sd.two-notes.net): 1 time 167.71.203.147: 1 time 173.239.37.152: 1 time 174.0.106.205 (S01067cb21b1bca5e.cg.shawcable.net): 2 times 178.128.22.249: 16 times 180.66.207.67: 59 times 183.157.187.130: 6 times 188.165.211.99 (edtech.com.pk): 86 times 188.165.242.200 (ns3077451.ip-188-165-242.eu): 1 time 189.69.29.43 (189-69-29-43.dsl.telesp.net.br): 17 times 193.32.163.182 (hosting-by.cloud-home.me): 3 times 201.41.148.228 (201-41-148-228.mganm301b.ipd.brasiltelecom.net.br): 44 times 203.199.141.158 (203.199.141.158.pune-static.vsnl.net.in): 1 time 206.81.21.129 (arrangedflowers.co.uk): 1 time 212.15.169.6: 100 times 220.92.16.82: 1 time 222.114.225.136: 1 time 222.131.235.67: 5 times 222.255.146.19 (static.vnpt.vn): 94 times **Unmatched Entries** fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 8 time(s) fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,twofish-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 2 time(s) Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 3 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################