################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Tue Oct 8 04:42:07 2019 Date Range Processed: yesterday ( 2019-Oct-07 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [299:297] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 2 sites probed the server 157.245.66.20 183.129.160.229 Requests with error response codes 400 Bad Request mstshash=Administr: 4 Time(s) ../../mnt/custom/ProductDefinition: 3 Time(s) /Pages/login.htm: 2 Time(s) null: 2 Time(s) /robots.txt: 1 Time(s) /setup.cgi?next_file=netgear.cfg&todo=sysc ... ntsetting.htm=1: 1 Time(s) 404 Not Found /robots.txt: 39 Time(s) /berlin/apple-touch-icon.png: 6 Time(s) /wp-login.php: 4 Time(s) /home/zapf: 1 Time(s) /reader/2016_sose_konstanz_lang.pdf: 1 Time(s) /reader/2017_SoSe_Berlin_lang.pdf: 1 Time(s) /reader/WiSe14_AK_GO_und_Satzungs%C3%A4nderung.pdf: 1 Time(s) /resolutionen/wise17/Akkreditierung_PosPap/Pospap_: 1 Time(s) /sites/default/files/Empfehlungen_der_ZaPF ... Fach_Physik.pdf: 1 Time(s) 413 Request Entity Too Large /msdn.cpp: 1 Time(s) 500 Internal Server Error /: 14 Time(s) /remote/login: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (12.38.141.34): 100 Time(s) root (177.134.159.164): 100 Time(s) root (218.3.139.85): 99 Time(s) root (ns380620.ip-188-165-250.eu): 98 Time(s) root (203.195.152.247): 96 Time(s) root (188.128.43.28): 94 Time(s) root (101.89.91.175): 93 Time(s) root (206.189.119.73): 82 Time(s) root (79.110.201.195): 82 Time(s) root (142.93.218.11): 80 Time(s) root (159.89.29.189): 80 Time(s) root (163-172-13-168.rev.poneytelecom.eu): 80 Time(s) root (202.28.64.1): 79 Time(s) root (189.112.109.185): 77 Time(s) root (202.131.126.142): 75 Time(s) root (51.15.190.180): 75 Time(s) root (103.48.193.7): 74 Time(s) root (71.254.73.34.bc.googleusercontent.com): 67 Time(s) root (181.48.116.50): 64 Time(s) root (36.111.36.83): 64 Time(s) root (165.227.53.241): 63 Time(s) root (178.62.79.227): 61 Time(s) root (37.139.2.218): 60 Time(s) root (46.101.11.213): 57 Time(s) unknown (123.31.47.20): 57 Time(s) unknown (128.199.95.163): 56 Time(s) root (180.76.100.178): 54 Time(s) root (ip233.ip-164-132-62.eu): 54 Time(s) unknown (106.54.160.59): 53 Time(s) unknown (115.238.236.74): 50 Time(s) root (106.13.135.235): 48 Time(s) root (124.207.193.119): 46 Time(s) root (181.49.117.130): 46 Time(s) root (250.120.103.87.rev.vodafone.pt): 45 Time(s) root (162.243.50.8): 43 Time(s) root (138.68.82.220): 42 Time(s) unknown (139.199.209.89): 42 Time(s) root (121.15.11.13): 41 Time(s) root (128.199.95.163): 40 Time(s) root (17.ip-54-39-97.net): 39 Time(s) unknown (17.ip-54-39-97.net): 39 Time(s) unknown (46.101.11.213): 39 Time(s) root (128.199.107.252): 38 Time(s) unknown (164-251-47-212.rev.cloud.scaleway.com): 38 Time(s) unknown (89.254.148.26): 38 Time(s) root (124.243.245.3): 37 Time(s) root (43.227.64.249): 36 Time(s) unknown (222.175.126.74): 36 Time(s) unknown (250.120.103.87.rev.vodafone.pt): 36 Time(s) unknown (cultadv.cloud): 36 Time(s) unknown (www.gogoski.fr): 36 Time(s) root (115.238.236.74): 34 Time(s) root (222.175.126.74): 34 Time(s) unknown (124.207.193.119): 34 Time(s) root (adityarama-dc.com): 33 Time(s) root (139.199.209.89): 32 Time(s) unknown (58.201-140-111.bestelclientes.com.mx): 30 Time(s) unknown (ip233.ip-164-132-62.eu): 30 Time(s) unknown (138.68.82.220): 29 Time(s) unknown (180.76.100.178): 29 Time(s) unknown (adityarama-dc.com): 28 Time(s) unknown (103.48.193.7): 27 Time(s) unknown (181.49.117.130): 27 Time(s) root (201.149.22.37): 26 Time(s) unknown (37.139.2.218): 26 Time(s) unknown (51.15.190.180): 26 Time(s) root (203.55.73.34.bc.googleusercontent.com): 25 Time(s) root (244.45.185.35.bc.googleusercontent.com): 25 Time(s) root (89.36.217.142): 25 Time(s) root (mourgos.di.uoa.gr): 25 Time(s) unknown (106.13.135.235): 24 Time(s) unknown (165.227.53.241): 24 Time(s) root (ip79.ip-142-44-184.net): 22 Time(s) unknown (71.254.73.34.bc.googleusercontent.com): 21 Time(s) unknown (121.15.11.13): 20 Time(s) unknown (121.15.2.178): 20 Time(s) unknown (189.112.109.185): 19 Time(s) unknown (ip79.ip-142-44-184.net): 19 Time(s) root (61.19.145.135): 17 Time(s) unknown (181.48.116.50): 17 Time(s) unknown (mourgos.di.uoa.gr): 17 Time(s) root (109.194.54.130): 16 Time(s) root (123.31.47.20): 16 Time(s) root (cultadv.cloud): 16 Time(s) unknown (202.131.126.142): 16 Time(s) root (106.54.160.59): 15 Time(s) root (116.196.90.181): 14 Time(s) root (187.64.1.64): 14 Time(s) root (94.191.47.240): 14 Time(s) unknown (202.28.64.1): 14 Time(s) unknown (206.189.119.73): 14 Time(s) unknown (79.110.201.195): 14 Time(s) unknown (142.93.218.11): 13 Time(s) unknown (163-172-13-168.rev.poneytelecom.eu): 13 Time(s) unknown (192.207.205.98): 13 Time(s) root (188.166.1.95): 12 Time(s) root (49.88.112.55): 12 Time(s) root (ip168.ip-149-56-251.net): 12 Time(s) unknown (106.13.10.159): 12 Time(s) unknown (203.55.73.34.bc.googleusercontent.com): 12 Time(s) unknown (178.62.79.227): 11 Time(s) unknown (ip168.ip-149-56-251.net): 10 Time(s) unknown (124.243.245.3): 9 Time(s) root (106.13.10.159): 8 Time(s) root (smartspace.wenet.my): 8 Time(s) root (115.156.34.4): 7 Time(s) root (139.59.83.239): 7 Time(s) unknown (139.59.83.239): 7 Time(s) root (112.85.42.173): 6 Time(s) root (121.46.93.230): 6 Time(s) root (164-251-47-212.rev.cloud.scaleway.com): 6 Time(s) root (218.92.0.134): 6 Time(s) root (218.92.0.139): 6 Time(s) root (218.92.0.167): 6 Time(s) root (68.234.115.188): 6 Time(s) root (cpe-74-132-16-221.kya.res.rr.com): 6 Time(s) unknown (101.89.91.175): 5 Time(s) unknown (188.128.43.28): 5 Time(s) unknown (244.45.185.35.bc.googleusercontent.com): 5 Time(s) unknown (61.19.145.135): 5 Time(s) root (121.15.2.178): 4 Time(s) root (213.33.244.187): 3 Time(s) root (58.201-140-111.bestelclientes.com.mx): 3 Time(s) unknown (102.165.35.137): 3 Time(s) unknown (193.32.163.182): 3 Time(s) unknown (ip130.ip-139-99-37.net): 3 Time(s) unknown (128.199.107.252): 2 Time(s) unknown (175.149.23.109.rev.sfr.net): 2 Time(s) unknown (203.195.152.247): 2 Time(s) unknown (45.169.110.199): 2 Time(s) unknown (ns380620.ip-188-165-250.eu): 2 Time(s) postgres (182.61.43.223): 1 Time(s) root (117.81.170.118): 1 Time(s) root (118-163-178-146.hinet-ip.hinet.net): 1 Time(s) root (118.192.66.91): 1 Time(s) root (122.154.59.66): 1 Time(s) root (124.204.36.138): 1 Time(s) root (www.gogoski.fr): 1 Time(s) unknown (103.132.171.18): 1 Time(s) unknown (112-135-58-66.gci.net): 1 Time(s) unknown (115.156.34.4): 1 Time(s) unknown (116.196.118.104): 1 Time(s) unknown (118.48.211.197): 1 Time(s) unknown (140.143.206.71): 1 Time(s) unknown (192.241.99.154): 1 Time(s) unknown (203186158178.ctinets.com): 1 Time(s) unknown (92.63.194.26): 1 Time(s) unknown (93-51-186-90.ip268.fastwebnet.it): 1 Time(s) unknown (correo.administradoraintegral.com): 1 Time(s) unknown (cpe149182c71446-cm00fc8d3aa430.cpe.net.cable.rogers.com): 1 Time(s) unknown (smartspace.wenet.my): 1 Time(s) unknown (static-100-37-253-46.nycmny.fios.verizon.net): 1 Time(s) Invalid Users: Unknown Account: 1234 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 21 Miscellaneous warnings 21.435K Bytes accepted 21,949 21.435K Bytes sent via SMTP 21,949 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 1 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 1 Total 4xx Rejects 100.00% ======== ================================================== 31 Connections 23 Connections lost (inbound) 31 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 9 Time(s) Failed logins from: 12.38.141.34: 100 times 34.73.55.203 (203.55.73.34.bc.googleusercontent.com): 25 times 34.73.254.71 (71.254.73.34.bc.googleusercontent.com): 67 times 35.185.45.244 (244.45.185.35.bc.googleusercontent.com): 25 times 36.111.36.83: 64 times 37.139.2.218 (pplmx.com): 60 times 43.227.64.249: 36 times 46.101.11.213: 57 times 49.88.112.55: 12 times 51.15.190.180 (51-15-190-180.rev.poneytelecom.eu): 75 times 51.254.37.192 (www.gogoski.fr): 1 time 54.39.97.17 (17.ip-54-39-97.net): 39 times 61.19.145.135: 17 times 68.234.115.188 (68-234-115-188.dsl.bluevalley.net): 6 times 74.132.16.221 (cpe-74-132-16-221.kya.res.rr.com): 6 times 79.110.201.195 (charlot.static.korbank.pl): 82 times 80.211.133.238 (cultadv.cloud): 16 times 87.103.120.250 (250.120.103.87.rev.vodafone.pt): 45 times 89.36.217.142 (host142-217-36-89.serverdedicati.aruba.it): 25 times 94.191.47.240: 14 times 101.89.91.175: 93 times 103.48.193.7: 74 times 106.13.10.159: 8 times 106.13.135.235: 48 times 106.54.160.59: 15 times 109.194.54.130 (109x194x54x130.static-business.kursk.ertelecom.ru): 16 times 112.85.42.173: 6 times 115.156.34.4: 7 times 115.238.236.74: 34 times 116.196.90.181: 14 times 117.81.170.118 (118.170.81.117.broad.sz.js.dynamic.163data.com.cn): 1 time 118.163.178.146 (118-163-178-146.HINET-IP.hinet.net): 1 time 118.192.66.91: 1 time 121.15.2.178: 4 times 121.15.11.13: 41 times 121.46.93.230: 6 times 122.154.59.66: 1 time 123.31.47.20 (static.vnpt.vn): 16 times 124.204.36.138: 1 time 124.207.193.119: 46 times 124.243.245.3: 37 times 128.199.95.163: 40 times 128.199.107.252: 38 times 128.199.202.206 (adityarama-dc.com): 33 times 138.68.82.220: 42 times 139.59.83.239: 7 times 139.199.209.89: 32 times 142.44.184.79 (ip79.ip-142-44-184.net): 22 times 142.93.218.11: 80 times 149.56.251.168 (ip168.ip-149-56-251.net): 12 times 159.89.29.189: 80 times 162.243.50.8 (dev.rcms.io): 43 times 163.172.13.168 (163-172-13-168.rev.poneytelecom.eu): 80 times 164.132.62.233 (ip233.ip-164-132-62.eu): 54 times 165.227.53.241 (268019.cloudwaysapps.com): 63 times 177.134.159.164 (177.134.159.164.dynamic.adsl.gvt.net.br): 100 times 178.62.79.227: 61 times 180.76.100.178: 54 times 181.48.116.50: 64 times 181.49.117.130: 46 times 182.61.43.223: 1 time 187.64.1.64 (bb400140.virtua.com.br): 14 times 188.128.43.28: 94 times 188.165.250.228 (ns380620.ip-188-165-250.eu): 98 times 188.166.1.95: 12 times 189.112.109.185 (189-112-109-185.static.ctbctelecom.com.br): 77 times 195.134.67.70 (mourgos.di.uoa.gr): 25 times 201.140.111.58 (58.201-140-111.bestelclientes.com.mx): 3 times 201.149.22.37 (37.22.149.201.in-addr.arpa): 26 times 202.28.64.1: 79 times 202.73.9.76 (smartspace.wenet.my): 8 times 202.131.126.142: 75 times 203.195.152.247: 96 times 206.189.119.73: 82 times 212.47.251.164 (164-251-47-212.rev.cloud.scaleway.com): 6 times 213.33.244.187 (213-33-244-187-gld.tecom.ru): 3 times 218.3.139.85: 99 times 218.92.0.134: 6 times 218.92.0.139: 6 times 218.92.0.167: 6 times 222.175.126.74: 34 times Illegal users from: undef: 1024 times 34.73.55.203 (203.55.73.34.bc.googleusercontent.com): 12 times 34.73.254.71 (71.254.73.34.bc.googleusercontent.com): 21 times 35.185.45.244 (244.45.185.35.bc.googleusercontent.com): 5 times 37.139.2.218 (pplmx.com): 26 times 45.169.110.199 (45-169-110-199.linkspeed.com.br): 2 times 46.101.11.213: 39 times 51.15.190.180 (51-15-190-180.rev.poneytelecom.eu): 26 times 51.254.37.192 (www.gogoski.fr): 36 times 54.39.97.17 (17.ip-54-39-97.net): 39 times 61.19.145.135: 5 times 66.58.135.112 (112-135-58-66.gci.net): 1 time 79.110.201.195 (charlot.static.korbank.pl): 14 times 80.211.133.238 (cultadv.cloud): 36 times 87.103.120.250 (250.120.103.87.rev.vodafone.pt): 36 times 89.254.148.26 (host.ostkom.lv): 38 times 92.63.194.26: 1 time 93.51.186.90 (93-51-186-90.ip268.fastwebnet.it): 1 time 100.37.253.46 (static-100-37-253-46.nycmny.fios.verizon.net): 1 time 101.89.91.175: 5 times 102.165.35.137: 3 times 103.48.193.7: 27 times 103.132.171.18: 1 time 106.13.10.159: 12 times 106.13.135.235: 24 times 106.54.160.59: 53 times 109.23.149.175 (175.149.23.109.rev.sfr.net): 2 times 115.156.34.4: 1 time 115.238.236.74: 50 times 116.196.118.104: 1 time 118.48.211.197: 1 time 121.15.2.178: 20 times 121.15.11.13: 20 times 123.31.47.20 (static.vnpt.vn): 57 times 124.207.193.119: 34 times 124.243.245.3: 9 times 128.199.95.163: 56 times 128.199.107.252: 2 times 128.199.202.206 (adityarama-dc.com): 28 times 138.68.82.220: 29 times 139.59.83.239: 7 times 139.99.37.130 (ip130.ip-139-99-37.net): 3 times 139.199.209.89: 42 times 140.143.206.71: 1 time 142.44.184.79 (ip79.ip-142-44-184.net): 19 times 142.93.218.11: 13 times 149.56.251.168 (ip168.ip-149-56-251.net): 10 times 163.172.13.168 (163-172-13-168.rev.poneytelecom.eu): 13 times 164.132.62.233 (ip233.ip-164-132-62.eu): 30 times 165.227.53.241 (268019.cloudwaysapps.com): 24 times 174.115.45.16 (CPE149182c71446-CM00fc8d3aa430.cpe.net.cable.rogers.com): 1 time 178.62.79.227: 11 times 180.76.100.178: 29 times 181.48.116.50: 17 times 181.49.117.130: 27 times 188.128.43.28: 5 times 188.165.250.228 (ns380620.ip-188-165-250.eu): 2 times 189.112.109.185 (189-112-109-185.static.ctbctelecom.com.br): 19 times 192.207.205.98 (static-192-207-205-98.alestra.net.mx): 13 times 192.241.99.154: 1 time 193.32.163.182 (hosting-by.cloud-home.me): 3 times 195.134.67.70 (mourgos.di.uoa.gr): 17 times 200.11.150.238 (correo.administradoraintegral.com): 1 time 201.140.111.58 (58.201-140-111.bestelclientes.com.mx): 30 times 202.28.64.1: 14 times 202.73.9.76 (smartspace.wenet.my): 1 time 202.131.126.142: 16 times 203.186.158.178 (203186158178.ctinets.com): 1 time 203.195.152.247: 2 times 206.189.119.73: 14 times 212.47.251.164 (164-251-47-212.rev.cloud.scaleway.com): 38 times 222.175.126.74: 36 times **Unmatched Entries** Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth] : 3 time(s) fatal: no matching cipher found: client aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 8 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################