################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Nov 25 04:42:04 2018 Date Range Processed: yesterday ( 2018-Nov-24 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 4:4 ] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 176.8.89.33 185.53.91.40 61.219.11.151 Requests with error response codes 400 Bad Request null: 8 Time(s) mstshash=Test: 4 Time(s) /: 2 Time(s) mstshash=Administr: 1 Time(s) 403 Forbidden /reader/: 1 Time(s) /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s) 404 Not Found /berlin/apple-touch-icon.png: 9 Time(s) /favicon.ico: 4 Time(s) /robots.txt: 2 Time(s) /user/register?destination=comment/reply/13%23comment-form: 2 Time(s) /user/register?destination=comment/reply/15%23comment-form: 2 Time(s) /user/register?destination=comment/reply/20%23comment-form: 2 Time(s) /user/register?destination=comment/reply/24%23comment-form: 2 Time(s) /user/register?destination=comment/reply/32%23comment-form: 2 Time(s) /user/register?destination=comment/reply/33%23comment-form: 2 Time(s) /user/register?destination=comment/reply/9%23comment-form: 2 Time(s) /.git/config: 1 Time(s) //blog/wp-includes/wlwmanifest.xml: 1 Time(s) //cms/wp-includes/wlwmanifest.xml: 1 Time(s) //site/wp-includes/wlwmanifest.xml: 1 Time(s) //wordpress/wp-includes/wlwmanifest.xml: 1 Time(s) //wp-includes/wlwmanifest.xml: 1 Time(s) //wp/wp-includes/wlwmanifest.xml: 1 Time(s) //xmlrpc.php?rsd: 1 Time(s) /admin/index.php: 1 Time(s) /berichte/WiSe14/Bericht_WiSe14-Bremen.pdf: 1 Time(s) /berlin/helfika/apple-touch-icon.png: 1 Time(s) /berlin/orientierung/apple-touch-icon.png: 1 Time(s) /download/reader_bw92.pdf: 1 Time(s) /download/reader_ka99.pdf: 1 Time(s) /download/reader_ma91.pdf: 1 Time(s) /neuigkeiten/mitgliederversammlung-2010-05-15: 1 Time(s) /reader/2016_SoSe_Konstanz_lang.pdf%7CLangversion: 1 Time(s) /sites/default/files/1987_SoSe_Aachen.pdf: 1 Time(s) /sites/default/files/2005_SoSe_Erlangen.pdf: 1 Time(s) /wp-content/themes/sehf/server/php/: 1 Time(s) 499 (undefined) /fonts/SourceSansPro-Regular.woff: 6 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 5 Time(s) /build/af7ae505a9eed503f8b8e6982036873e.woff2: 4 Time(s) /build/index-styles-pack.2c73dce02b1eaa3a3b4e.css: 4 Time(s) /build/260ef443edb4dfd026d82e2b21a4c75c.woff: 3 Time(s) /build/font-pack.2c73dce02b1eaa3a3b4e.css: 3 Time(s) /build/index.2c73dce02b1eaa3a3b4e.css: 3 Time(s) /fonts/SourceCodePro-Regular.woff: 3 Time(s) /fonts/SourceSansPro-Semibold.woff: 3 Time(s) /apple-touch-icon.png: 2 Time(s) /build/index-styles.2c73dce02b1eaa3a3b4e.css: 2 Time(s) /build/6.cover-pack.2c73dce02b1eaa3a3b4e.js: 1 Time(s) /build/emojify.js/dist/images/basic/smile.png: 1 Time(s) /favicon.png: 1 Time(s) /fonts/SourceCodePro-Medium.woff: 1 Time(s) 500 Internal Server Error /: 4 Time(s) //libs/js/iframe.js: 4 Time(s) 502 Bad Gateway /: 23 Time(s) /oauth/login: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (230.123.146.82.ipv4.evonet.be): 52 Time(s) unknown (178.62.214.85): 32 Time(s) unknown (v150-95-110-147.a00d.g.han1.static.cnode.io): 30 Time(s) unknown (207.ip-151-80-155.eu): 29 Time(s) unknown (81.131.58.249): 29 Time(s) unknown (138.197.216.54): 28 Time(s) unknown (ns3070189.ip-149-202-214.eu): 28 Time(s) unknown (134.175.184.238): 27 Time(s) unknown (98.ip-149-56-15.net): 27 Time(s) unknown (134-0-115-149.ovz.vps.regruhosting.ru): 26 Time(s) unknown (139.198.15.253): 26 Time(s) unknown (139.59.130.225): 26 Time(s) unknown (142.93.255.76): 26 Time(s) unknown (207.154.193.178): 26 Time(s) unknown (46.29.222.100): 26 Time(s) unknown (51.15.93.106): 26 Time(s) unknown (80.246.83.79.rev.sfr.net): 26 Time(s) unknown (ec2-54-173-247-117.compute-1.amazonaws.com): 26 Time(s) unknown (ns3003384.ip-5-196-75.eu): 26 Time(s) unknown (ns301984.ip-94-23-55.eu): 26 Time(s) unknown (ool-182c12fd.dyn.optonline.net): 26 Time(s) unknown (snow.seedhost.eu): 23 Time(s) unknown (185.109.55.63): 22 Time(s) unknown (162.243.253.67): 21 Time(s) unknown (209.97.140.142): 21 Time(s) unknown (c-73-136-41-228.hsd1.tx.comcast.net): 21 Time(s) unknown (ip-83-99-24-14.dyn.luxdsl.pt.lu): 21 Time(s) unknown (chat.cours-infos.com): 20 Time(s) unknown (212.159.18.107): 19 Time(s) unknown (46.101.165.95): 19 Time(s) unknown (210.122.34.231): 18 Time(s) unknown (200.141.223.80): 17 Time(s) unknown (213.26.2.162): 16 Time(s) unknown (37.107.81.117): 13 Time(s) unknown (104.248.209.144): 12 Time(s) unknown (106.75.13.93): 11 Time(s) unknown (89.36.221.229): 11 Time(s) unknown (ns203748.ovh.net): 11 Time(s) unknown (ks368105.kimsufi.com): 10 Time(s) unknown (zulu709.startdedicated.de): 9 Time(s) unknown (181.40.76.162): 8 Time(s) root (122-129-93-13.brain.net.pk): 6 Time(s) unknown (238.239.187.35.bc.googleusercontent.com): 6 Time(s) unknown (59.122.132.37.dynamic.jazztel.es): 6 Time(s) unknown (mail.eunikenathanabadi.com): 6 Time(s) unknown (125.21.187.66): 5 Time(s) unknown (52.243.61.147): 4 Time(s) postgres (ns301984.ip-94-23-55.eu): 3 Time(s) unknown (103.36.84.100): 3 Time(s) unknown (202.83.57.205): 3 Time(s) mysql (230.123.146.82.ipv4.evonet.be): 2 Time(s) mysql (98.ip-149-56-15.net): 2 Time(s) unknown (118-163-107-56.hinet-ip.hinet.net): 2 Time(s) unknown (119.192.239.192): 2 Time(s) unknown (197.149.137.86): 2 Time(s) unknown (200.196.240.60): 2 Time(s) unknown (azeroth-guides.de): 2 Time(s) unknown (jumpserver.angolatelecom.ao): 2 Time(s) unknown (jumpserver.angolatelecom.com): 2 Time(s) unknown (user-69-1-26-153.knology.net): 2 Time(s) backup (134.175.184.238): 1 Time(s) backup (209.97.140.142): 1 Time(s) backup (98.ip-149-56-15.net): 1 Time(s) bin (197.149.137.86): 1 Time(s) bin (80.246.83.79.rev.sfr.net): 1 Time(s) bin (snow.seedhost.eu): 1 Time(s) games (ec2-54-173-247-117.compute-1.amazonaws.com): 1 Time(s) games (ip-83-99-24-14.dyn.luxdsl.pt.lu): 1 Time(s) gnats (203.129.219.197): 1 Time(s) man (181.40.76.162): 1 Time(s) man (209.97.140.142): 1 Time(s) mysql (134-0-115-149.ovz.vps.regruhosting.ru): 1 Time(s) mysql (139.59.130.225): 1 Time(s) mysql (142.93.255.76): 1 Time(s) mysql (200.141.223.80): 1 Time(s) mysql (207.154.193.178): 1 Time(s) mysql (213.26.2.162): 1 Time(s) mysql (46.29.222.100): 1 Time(s) mysql (c-73-136-41-228.hsd1.tx.comcast.net): 1 Time(s) mysql (ks368105.kimsufi.com): 1 Time(s) mysql (ns3003384.ip-5-196-75.eu): 1 Time(s) mysql (ool-182c12fd.dyn.optonline.net): 1 Time(s) news (185.109.55.63): 1 Time(s) news (207.ip-151-80-155.eu): 1 Time(s) news (51.15.93.106): 1 Time(s) news (80.246.83.79.rev.sfr.net): 1 Time(s) news (snow.seedhost.eu): 1 Time(s) nobody (104.248.209.144): 1 Time(s) nobody (134.175.184.238): 1 Time(s) nobody (230.123.146.82.ipv4.evonet.be): 1 Time(s) nobody (ns301984.ip-94-23-55.eu): 1 Time(s) postfix (138.197.216.54): 1 Time(s) postgres (134-0-115-149.ovz.vps.regruhosting.ru): 1 Time(s) postgres (139.198.15.253): 1 Time(s) postgres (139.59.130.225): 1 Time(s) postgres (142.93.255.76): 1 Time(s) postgres (162.243.253.67): 1 Time(s) postgres (207.154.193.178): 1 Time(s) postgres (210.122.34.231): 1 Time(s) postgres (230.123.146.82.ipv4.evonet.be): 1 Time(s) postgres (46.29.222.100): 1 Time(s) postgres (ec2-54-173-247-117.compute-1.amazonaws.com): 1 Time(s) postgres (ns3003384.ip-5-196-75.eu): 1 Time(s) postgres (ool-182c12fd.dyn.optonline.net): 1 Time(s) root (117.34.107.50): 1 Time(s) root (119.192.239.192): 1 Time(s) root (129.213.101.79): 1 Time(s) root (138.197.216.54): 1 Time(s) root (139.198.15.253): 1 Time(s) root (181.40.76.162): 1 Time(s) root (185.244.25.108): 1 Time(s) root (209.97.140.142): 1 Time(s) root (210.122.34.231): 1 Time(s) root (230.123.146.82.ipv4.evonet.be): 1 Time(s) root (c-73-136-41-228.hsd1.tx.comcast.net): 1 Time(s) root (ec2-54-173-247-117.compute-1.amazonaws.com): 1 Time(s) unknown (107.170.95.116): 1 Time(s) unknown (111.230.67.43): 1 Time(s) unknown (129.213.101.79): 1 Time(s) unknown (134.175.175.88): 1 Time(s) unknown (159.203.139.128): 1 Time(s) unknown (159.226.20.83): 1 Time(s) unknown (181.225.99.251): 1 Time(s) unknown (183.195.134.90): 1 Time(s) unknown (185.244.25.108): 1 Time(s) unknown (187.51.24.194): 1 Time(s) unknown (203.160.128.99): 1 Time(s) unknown (203.74.203.51): 1 Time(s) unknown (218.89.241.68): 1 Time(s) unknown (37.114.140.153): 1 Time(s) unknown (5.188.10.76): 1 Time(s) uucp (80.246.83.79.rev.sfr.net): 1 Time(s) uucp (snow.seedhost.eu): 1 Time(s) www-data (230.123.146.82.ipv4.evonet.be): 1 Time(s) www-data (ks368105.kimsufi.com): 1 Time(s) Invalid Users: Unknown Account: 981 Time(s) sudo: Sessions Opened: deployment -> root: 1 Time(s) systemd-user: Unknown Entries: session closed for user deployment: 1 Time(s) session opened for user deployment by (uid=0): 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 41 Miscellaneous warnings 17.455K Bytes accepted 17,874 17.455K Bytes sent via SMTP 17,874 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 6 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 6 Total 4xx Rejects 100.00% ======== ================================================== 131 Connections 4 Connections lost (inbound) 131 Disconnections 1 Removed from queue 1 Sent via SMTP ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 1 Time(s) Failed logins from: 5.196.75.42 (ns3003384.ip-5-196-75.eu): 2 times 24.44.18.253 (ool-182c12fd.dyn.optonline.net): 2 times 37.48.89.149 (snow.seedhost.eu): 3 times 46.29.222.100: 2 times 51.15.93.106 (106-93-15-51.rev.cloud.scaleway.com): 1 time 54.173.247.117 (ec2-54-173-247-117.compute-1.amazonaws.com): 3 times 73.136.41.228 (c-73-136-41-228.hsd1.tx.comcast.net): 2 times 79.83.246.80 (80.246.83.79.rev.sfr.net): 3 times 82.146.123.230 (230.123.146.82.ipv4.evonet.be): 6 times 83.99.24.14 (ip-83-99-24-14.dyn.luxdsl.pt.lu): 1 time 94.23.30.183 (ks368105.kimsufi.com): 2 times 94.23.55.228 (ns301984.ip-94-23-55.eu): 4 times 104.248.209.144: 1 time 117.34.107.50: 1 time 119.192.239.192: 1 time 122.129.93.13 (122-129-93-13.brain.net.pk): 6 times 129.213.101.79: 1 time 134.0.115.149 (134-0-115-149.ovz.vps.regruhosting.ru): 2 times 134.175.184.238: 2 times 138.197.216.54: 2 times 139.59.130.225: 2 times 139.198.15.253: 2 times 142.93.255.76: 2 times 149.56.15.98 (98.ip-149-56-15.net): 3 times 151.80.155.207 (207.ip-151-80-155.eu): 1 time 162.243.253.67: 1 time 181.40.76.162 (pool-162-76-40-181.telecel.com.py): 2 times 185.109.55.63: 1 time 185.244.25.108 (Dedi06.customers.kvsolutions.nl): 1 time 197.149.137.86: 1 time 200.141.223.80 (200-141-223-80.user.veloxzone.com.br): 1 time 203.129.219.197: 1 time 207.154.193.178: 2 times 209.97.140.142: 3 times 210.122.34.231: 2 times 213.26.2.162: 1 time Illegal users from: undef: 461 times 5.188.10.76: 1 time 5.196.75.42 (ns3003384.ip-5-196-75.eu): 26 times 24.44.18.253 (ool-182c12fd.dyn.optonline.net): 26 times 35.187.239.238 (238.239.187.35.bc.googleusercontent.com): 6 times 37.48.89.149 (snow.seedhost.eu): 23 times 37.107.81.117: 13 times 37.114.140.153: 1 time 37.132.122.59 (59.122.132.37.dynamic.jazztel.es): 6 times 46.29.222.100: 26 times 46.101.165.95: 19 times 51.15.93.106 (106-93-15-51.rev.cloud.scaleway.com): 26 times 51.68.123.89 (chat.cours-infos.com): 20 times 52.243.61.147: 4 times 54.173.247.117 (ec2-54-173-247-117.compute-1.amazonaws.com): 26 times 69.1.26.153 (user-69-1-26-153.knology.net): 2 times 73.136.41.228 (c-73-136-41-228.hsd1.tx.comcast.net): 21 times 79.83.246.80 (80.246.83.79.rev.sfr.net): 26 times 81.131.58.249: 29 times 82.146.123.230 (230.123.146.82.ipv4.evonet.be): 52 times 83.99.24.14 (ip-83-99-24-14.dyn.luxdsl.pt.lu): 21 times 89.36.221.229 (host229-221-36-89.serverdedicati.aruba.it): 11 times 89.163.227.116 (azeroth-guides.de): 2 times 94.23.0.13 (ns203748.ovh.net): 11 times 94.23.30.183 (ks368105.kimsufi.com): 10 times 94.23.55.228 (ns301984.ip-94-23-55.eu): 26 times 103.36.84.100: 3 times 104.248.209.144: 12 times 106.75.13.93: 11 times 107.170.95.116: 1 time 111.230.67.43: 1 time 118.163.107.56 (118-163-107-56.HINET-IP.hinet.net): 2 times 119.192.239.192: 3 times 125.21.187.66: 5 times 129.213.101.79: 1 time 134.0.115.149 (134-0-115-149.ovz.vps.regruhosting.ru): 26 times 134.175.175.88: 1 time 134.175.184.238: 27 times 138.197.216.54: 28 times 139.59.130.225: 26 times 139.198.15.253: 26 times 142.93.255.76: 26 times 149.56.15.98 (98.ip-149-56-15.net): 27 times 149.202.214.11 (ns3070189.ip-149-202-214.eu): 28 times 150.95.110.147 (v150-95-110-147.a00d.g.han1.static.cnode.io): 30 times 151.80.155.207 (207.ip-151-80-155.eu): 29 times 159.203.139.128: 1 time 159.226.20.83: 1 time 162.243.253.67: 21 times 178.62.214.85: 32 times 181.40.76.162 (pool-162-76-40-181.telecel.com.py): 8 times 181.225.99.251 (azteca-comunicaciones.com): 1 time 182.253.184.20 (mail.eunikenathanabadi.com): 6 times 183.195.134.90 (.): 1 time 185.109.55.63: 22 times 185.244.25.108 (Dedi06.customers.kvsolutions.nl): 1 time 187.51.24.194 (187-51-24-194.customer.tdatabrasil.net.br): 1 time 188.138.100.56 (zulu709.startdedicated.de): 9 times 197.149.137.86: 2 times 197.216.3.224 (jumpserver.angolatelecom.ao): 4 times 200.141.223.80 (200-141-223-80.user.veloxzone.com.br): 17 times 200.196.240.60: 2 times 202.83.57.205 (205.57.83.202.asianet.co.in): 3 times 203.74.203.51 (cht20351.coowo.com): 1 time 203.160.128.99 (gerbang.bdg.grid.lipi.go.id): 1 time 207.154.193.178: 26 times 209.97.140.142: 21 times 210.122.34.231: 18 times 212.159.18.107 (pc1-home.stillnetwork.com): 19 times 213.26.2.162: 16 times 218.89.241.68: 1 time Users logging in through sshd: deployment: 194.94.98.184: 1 time ---------------------- SSHD End ------------------------- --------------------- Sudo (secure-log) Begin ------------------------ deployment => root ------------------ /bin/bash - 1 Time(s). ---------------------- Sudo (secure-log) End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 240G 161G 60% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################