04:42
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Tue Jul 20 04:42:05 2021
Date Range Processed: yesterday
( 2021-Jul-19 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [169:167]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 18 sites probed the server
134.122.43.75
138.68.162.162
143.110.208.55
144.126.212.121
147.182.179.241
147.182.179.245
161.35.230.183
161.35.230.3
165.227.42.8
167.99.184.39
167.99.189.51
172.105.28.119
195.154.200.175
205.185.115.135
209.141.41.98
34.82.21.192
5.188.210.227
61.241.170.104
Requests with error response codes
400 Bad Request
/: 21 Time(s)
null: 18 Time(s)
mstshash=Administr: 4 Time(s)
/_profiler/phpinfo: 1 Time(s)
/ab2g: 1 Time(s)
/ab2h: 1 Time(s)
/manager/html: 1 Time(s)
/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
http://5.188.210.227/echo.php: 1 Time(s)
404 Not Found
/robots.txt: 58 Time(s)
/.git/config: 4 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
/verein/vorstand/%7C: 2 Time(s)
/%7C: 1 Time(s)
/.env: 1 Time(s)
/sites/default/files/2009_SoSe_G%C3%B6ttingen.pdf: 1 Time(s)
/sites/default/files/2011_05_Stellungnahme_EQR-DQR_0.pdf: 1 Time(s)
/sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
/stapf: 1 Time(s)
/verein%7C: 1 Time(s)
/verein%7CZaPF: 1 Time(s)
/wp-admin/: 1 Time(s)
/wp-content/: 1 Time(s)
/wp-content/plugins/advanced_file_manager_ ... tor.minimal.php: 1 Time(s)
/wp-login.php: 1 Time(s)
499 (undefined)
/apple-touch-icon.png: 2 Time(s)
/build/6.cover-pack.fef3ca2736298be630a4.js: 1 Time(s)
/build/emojify.js/dist/images/basic/smile.png: 1 Time(s)
/favicon.png: 1 Time(s)
/screenshot.png: 1 Time(s)
500 Internal Server Error
/: 28 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 4 Time(s)
/web_shell_cmd.gch: 3 Time(s)
/?XDEBUG_SESSION_START=phpstorm: 2 Time(s)
/Autodiscover/Autodiscover.xml: 2 Time(s)
/_ignition/execute-solution: 2 Time(s)
/api/jsonws/invoke: 2 Time(s)
/console/: 2 Time(s)
/index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 2 Time(s)
/mifs/.;/services/LogService: 2 Time(s)
/robots.txt: 2 Time(s)
/wp-content/plugins/wp-file-manager/readme.txt: 2 Time(s)
/.env: 1 Time(s)
//login_sid.lua: 1 Time(s)
/ecp/Current/exporttool/microsoft.exchange ... ool.application: 1 Time(s)
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
/remote/fgt_lang?lang=/../../../..//////// ... lvpn_websession: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (121.4.149.179): 70 Time(s)
root (121.4.186.170): 70 Time(s)
root (143.110.239.119): 61 Time(s)
root (218.153.89.102): 59 Time(s)
root (104.225.236.41.16clouds.com): 56 Time(s)
root (162.243.237.90): 50 Time(s)
root (165.22.217.131): 50 Time(s)
root (187.87.192.98): 50 Time(s)
root (179.176.121.74): 49 Time(s)
root (222.99.52.216): 49 Time(s)
root (5.195.10.170): 47 Time(s)
root (164.90.212.168): 46 Time(s)
root (111.231.75.83): 42 Time(s)
root (119.82.135.244): 39 Time(s)
root (165.232.124.209): 37 Time(s)
root (157.230.47.241): 35 Time(s)
root (v133-130-118-86.a049.g.tyo1.static.cnode.io): 30 Time(s)
root (106.12.24.203): 29 Time(s)
root (115.182.105.68): 28 Time(s)
unknown (192.144.254.35): 28 Time(s)
root (27.128.168.225): 27 Time(s)
root (101.33.120.154): 24 Time(s)
root (106.54.107.127): 24 Time(s)
unknown (106.55.25.102): 23 Time(s)
unknown (106.54.238.208): 22 Time(s)
unknown (189.4.128.122): 22 Time(s)
unknown (182.61.132.137): 21 Time(s)
unknown (188.166.22.79): 21 Time(s)
root (103.231.46.66): 20 Time(s)
root (106.12.98.175): 20 Time(s)
root (117.211.126.230): 19 Time(s)
root (118.136.54.136): 19 Time(s)
unknown (1.15.50.218): 19 Time(s)
unknown (140.143.251.29): 19 Time(s)
unknown (200-101-209-240.user3p.brasiltelecom.net.br): 19 Time(s)
unknown (58.250.176.94): 19 Time(s)
unknown (141.98.10.27): 18 Time(s)
unknown (catv-89-132-226-36.catv.broadband.hu): 18 Time(s)
unknown (42.192.76.45): 16 Time(s)
unknown (45.146.166.111): 16 Time(s)
root (81.70.39.239): 15 Time(s)
unknown (205.185.125.109): 15 Time(s)
root (167.172.142.20): 13 Time(s)
unknown (119.73.179.114): 13 Time(s)
root (120.52.93.191): 12 Time(s)
root (89.219.16.149): 12 Time(s)
unknown (221.122.73.130): 12 Time(s)
root (200-101-209-240.user3p.brasiltelecom.net.br): 11 Time(s)
unknown (111.229.1.180): 11 Time(s)
unknown (139.5.146.112): 11 Time(s)
root (125.141.139.9): 10 Time(s)
unknown (141.98.10.56): 10 Time(s)
root (221.122.73.130): 9 Time(s)
root (45.146.166.111): 9 Time(s)
root (189.4.128.122): 8 Time(s)
root (106.54.238.208): 7 Time(s)
root (182.61.132.137): 7 Time(s)
unknown (176.111.173.156): 7 Time(s)
root (106.12.204.81): 6 Time(s)
root (106.55.25.102): 6 Time(s)
root (119.45.16.97): 6 Time(s)
root (119.73.179.114): 6 Time(s)
root (192.144.254.35): 6 Time(s)
root (2.180.220.134): 6 Time(s)
root (catv-89-132-226-36.catv.broadband.hu): 6 Time(s)
unknown (106.12.98.175): 6 Time(s)
unknown (141.98.10.179): 6 Time(s)
unknown (141.98.10.203): 6 Time(s)
unknown (37.0.11.249): 6 Time(s)
root (121.4.98.173): 5 Time(s)
root (140.143.251.29): 5 Time(s)
root (58.250.176.94): 5 Time(s)
unknown (104.248.20.236): 5 Time(s)
unknown (195.133.40.104): 5 Time(s)
unknown (196.175.251.17): 5 Time(s)
unknown (45.146.165.72): 5 Time(s)
root (180.162.6.173): 4 Time(s)
root (188.166.22.79): 4 Time(s)
root (190.131.219.142): 4 Time(s)
unknown (193.169.254.113): 4 Time(s)
root (111.229.1.180): 3 Time(s)
root (139.5.146.112): 3 Time(s)
root (42.192.173.196): 3 Time(s)
root (42.192.76.45): 3 Time(s)
root (45.135.232.165): 3 Time(s)
root (47.211.75.144): 3 Time(s)
unknown (141.98.10.29): 3 Time(s)
unknown (142.93.105.220): 3 Time(s)
unknown (205.185.127.25): 3 Time(s)
unknown (209.97.186.17): 3 Time(s)
root (1.15.50.218): 2 Time(s)
root (107.189.6.214): 2 Time(s)
root (176.111.173.156): 2 Time(s)
root (219.136.75.173): 2 Time(s)
unknown (104.244.79.92): 2 Time(s)
unknown (107.189.30.47): 2 Time(s)
unknown (107.189.6.214): 2 Time(s)
unknown (115.72.132.86): 2 Time(s)
unknown (149.7.217.27): 2 Time(s)
unknown (171.251.26.14): 2 Time(s)
unknown (171.251.27.144): 2 Time(s)
unknown (x4db60fe4.dyn.telefonica.de): 2 Time(s)
deployment (111.229.1.180): 1 Time(s)
mysql (189.4.128.122): 1 Time(s)
mysql (192.144.254.35): 1 Time(s)
postgres (catv-89-132-226-36.catv.broadband.hu): 1 Time(s)
root (103.133.57.250): 1 Time(s)
root (104.236.52.94): 1 Time(s)
root (104.244.79.92): 1 Time(s)
root (118.97.119.130): 1 Time(s)
root (165.22.249.19): 1 Time(s)
root (171.251.18.85): 1 Time(s)
root (177.158.211.77): 1 Time(s)
root (181.30.28.174): 1 Time(s)
root (193.169.254.113): 1 Time(s)
root (196.175.251.17): 1 Time(s)
root (209.97.186.17): 1 Time(s)
root (210.212.207.129): 1 Time(s)
root (45.146.165.72): 1 Time(s)
root (45.153.160.140): 1 Time(s)
root (47-211-75-144.pnvlcmta01.res.dyn.suddenlink.net): 1 Time(s)
root (49.51.186.177): 1 Time(s)
root (5.183.209.217): 1 Time(s)
root (5.2.77.22): 1 Time(s)
root (61.182.57.161): 1 Time(s)
root (82.221.128.191): 1 Time(s)
root (engfac.incidiumgroup.com): 1 Time(s)
root (static-201-163-162-179.alestra.net.mx): 1 Time(s)
unknown (101.32.34.76): 1 Time(s)
unknown (171.251.18.85): 1 Time(s)
unknown (180.162.6.173): 1 Time(s)
unknown (190.131.219.142): 1 Time(s)
unknown (199.195.253.100): 1 Time(s)
unknown (47.211.75.144): 1 Time(s)
unknown (5.195.10.170): 1 Time(s)
unknown (d27-96-116-245.evv.wideopenwest.com): 1 Time(s)
www-data (176.111.173.156): 1 Time(s)
Invalid Users:
Unknown Account: 444 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
2 Miscellaneous warnings
13.625K Bytes accepted 13,952
13.625K Bytes sent via SMTP 13,952
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
6 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
6 Total 4xx Rejects 100.00%
======== ==================================================
747 Connections
630 Connections lost (inbound)
747 Disconnections
1 Removed from queue
1 Sent via SMTP
46 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End
-------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 2 Time(s)
Failed logins from:
1.15.50.218: 2 times
2.180.220.134: 6 times
5.2.77.22: 1 time
5.183.209.217: 1 time
5.195.10.170: 47 times
27.128.168.225: 27 times
42.192.76.45: 3 times
42.192.173.196: 3 times
45.135.232.165: 3 times
45.146.165.72: 1 time
45.146.166.111: 9 times
45.153.160.140: 1 time
47.211.75.144 (47-211-75-144.pnvlcmta01.res.dyn.suddenlink.net): 4 times
49.51.186.177: 1 time
58.250.176.94: 5 times
61.182.57.161: 1 time
81.70.39.239: 15 times
82.221.128.191: 1 time
89.132.226.36 (catv-89-132-226-36.catv.broadband.hu): 7 times
89.219.16.149: 12 times
101.33.120.154: 24 times
103.133.57.250: 1 time
103.231.46.66: 20 times
104.225.236.41 (104.225.236.41.16clouds.com): 56 times
104.236.52.94: 1 time
104.244.79.92: 1 time
106.12.24.203: 29 times
106.12.98.175: 20 times
106.12.204.81: 6 times
106.54.107.127: 24 times
106.54.238.208: 7 times
106.55.25.102: 6 times
107.189.6.214: 2 times
111.229.1.180: 4 times
111.231.75.83: 42 times
115.182.105.68: 29 times
117.211.126.230: 19 times
118.97.119.130: 1 time
118.136.54.136 (fm-dyn-118-136-54-136.fast.net.id): 19 times
119.45.16.97: 6 times
119.73.179.114: 6 times
119.82.135.244 (static.cmcti.vn): 39 times
120.52.93.191: 12 times
121.4.98.173: 5 times
121.4.149.179: 70 times
121.4.186.170: 70 times
125.141.139.9: 10 times
133.130.118.86 (v133-130-118-86.a049.g.tyo1.static.cnode.io): 30 times
139.5.146.112 (rev-dns-cloud-bkk-112-146-5-139-th.nipa.cloud): 3 times
140.143.251.29: 5 times
143.110.239.119: 61 times
157.230.47.241: 35 times
161.35.204.228 (engfac.incidiumgroup.com): 1 time
162.243.237.90: 50 times
164.90.212.168: 46 times
165.22.217.131: 50 times
165.22.249.19: 1 time
165.232.124.209: 37 times
167.172.142.20: 13 times
171.251.18.85 (dynamic-ip-adsl.viettel.vn): 1 time
176.111.173.156: 3 times
177.158.211.77 (177.158.211.77.dynamic.adsl.gvt.net.br): 1 time
179.176.121.74: 49 times
180.162.6.173: 4 times
181.30.28.174 (174-28-30-181.fibertel.com.ar): 1 time
182.61.132.137: 7 times
187.87.192.98 (187-87-192-98.pdntelecom.com.br): 50 times
188.166.22.79: 4 times
189.4.128.122 (bd04807a.virtua.com.br): 9 times
190.131.219.142: 4 times
192.144.254.35: 7 times
193.169.254.113: 1 time
196.175.251.17: 1 time
200.101.209.240 (200-101-209-240.user3p.brasiltelecom.net.br): 11 times
201.163.162.179 (static-201-163-162-179.alestra.net.mx): 1 time
209.97.186.17: 1 time
210.212.207.129: 1 time
218.153.89.102: 59 times
219.136.75.173 (173.75.136.219.broad.gz.gd.dynamic.163data.com.cn): 2 times
221.122.73.130 (mx-lt49-130.meituan.com): 9 times
222.99.52.216: 49 times
Illegal users from:
undef: 243 times
1.15.50.218: 19 times
5.195.10.170: 1 time
37.0.11.249: 6 times
42.192.76.45: 16 times
45.146.165.72: 5 times
45.146.166.111: 16 times
47.211.75.144 (47-211-75-144.pnvlcmta01.res.dyn.suddenlink.net): 1 time
58.250.176.94: 19 times
65.49.20.68 (scan-19.shadowserver.org): 1 time
77.182.15.228 (x4db60fe4.dyn.telefonica.de): 2 times
89.132.226.36 (catv-89-132-226-36.catv.broadband.hu): 18 times
96.27.245.116 (d27-96-116-245.evv.wideopenwest.com): 1 time
101.32.34.76: 1 time
104.244.79.92: 2 times
104.248.20.236: 5 times
106.12.98.175: 6 times
106.54.238.208: 22 times
106.55.25.102: 23 times
107.189.6.214: 2 times
107.189.30.47: 2 times
111.229.1.180: 11 times
115.72.132.86 (adsl.viettel.vn): 2 times
119.73.179.114: 13 times
139.5.146.112 (rev-dns-cloud-bkk-112-146-5-139-th.nipa.cloud): 11 times
140.143.251.29: 19 times
141.98.10.27: 18 times
141.98.10.29: 3 times
141.98.10.56: 10 times
141.98.10.179 (er.includeswitche.com): 6 times
141.98.10.203: 6 times
142.93.105.220: 3 times
149.7.217.27: 2 times
171.251.18.85 (dynamic-ip-adsl.viettel.vn): 1 time
171.251.26.14 (dynamic-ip-adsl.viettel.vn): 2 times
171.251.27.144 (dynamic-ip-adsl.viettel.vn): 2 times
176.111.173.156: 7 times
180.162.6.173: 1 time
182.61.132.137: 21 times
188.166.22.79: 21 times
189.4.128.122 (bd04807a.virtua.com.br): 22 times
190.131.219.142: 1 time
192.144.254.35: 28 times
193.169.254.113: 4 times
195.133.40.104: 5 times
196.175.251.17: 5 times
199.195.253.100: 1 time
200.101.209.240 (200-101-209-240.user3p.brasiltelecom.net.br): 19 times
205.185.125.109: 15 times
205.185.127.25 (serveroperations.com): 3 times
209.97.186.17: 3 times
221.122.73.130 (mx-lt49-130.meituan.com): 12 times
**Unmatched Entries**
fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 3 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/ploop23974p1 394G 242G 132G 65% /
none 4.0G 0 4.0G 0% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
1554
days inactive
1554
days old
0 comments
1 participants
participants (1)
-
root@zapf.in