Logwatch for h2361197.stratoserver.net (Linux)

Sonntag, 13 Oktober 2019


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Sun Oct 13 04:42:07 2019
        Date Range Processed: yesterday
                              ( 2019-Oct-12 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [284:284]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 1 sites probed the server 
    183.129.160.229
 
 Requests with error response codes
    400 Bad Request
       mstshash=Administr: 6 Time(s)
       /: 2 Time(s)
       ../../mnt/custom/ProductDefinition: 1 Time(s)
       null: 1 Time(s)
    404 Not Found
       /robots.txt: 28 Time(s)
       /berlin/apple-touch-icon.png: 4 Time(s)
       /wp-login.php: 4 Time(s)
       /berlin/orientierung/apple-touch-icon.png: 1 Time(s)
       /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s)
       /sites/default/files/2011_WiSe_Bonn.pdf: 1 Time(s)
       /sites/default/files/Empfehlungen_der_ZaPF ... 7CStellungnahme: 1 Time(s)
    500 Internal Server Error
       /: 93 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (118.89.27.248): 100 Time(s)
       root (85.136.47.215.dyn.user.ono.com): 100 Time(s)
       root (211-75-194-80.hinet-ip.hinet.net): 99 Time(s)
       root (90.122.225.35.bc.googleusercontent.com): 99 Time(s)
       root (182.61.136.53): 96 Time(s)
       root (111.223.73.20): 95 Time(s)
       root (128.199.128.215): 93 Time(s)
       root (li2015-22.members.linode.com): 90 Time(s)
       root (host35-78.ip.pdlsk.cifra1.ru): 89 Time(s)
       root (192.144.151.30): 88 Time(s)
       root (92.86.127.175): 87 Time(s)
       root (45.6.72.17.leonetprovedor.com.br): 86 Time(s)
       root (183.95.84.34): 85 Time(s)
       root (58.150.46.6): 81 Time(s)
       root (60.190.148.2): 79 Time(s)
       root (117.50.95.121): 77 Time(s)
       root (ks3097275.kimsufi.com): 77 Time(s)
       root (152.136.101.65): 76 Time(s)
       root (176.31.182.125): 76 Time(s)
       root (64.79.101.52): 72 Time(s)
       root (217.32.246.90): 70 Time(s)
       root (l37-195-50-41.novotelecom.ru): 68 Time(s)
       root (182.72.139.6): 67 Time(s)
       root (49.207.180.197): 65 Time(s)
       root (115.231.231.3): 63 Time(s)
       root (187.32.120.215): 62 Time(s)
       root (168.232.156.205): 61 Time(s)
       root (32.ip-192-99-57.net): 59 Time(s)
       root (165.227.69.39): 58 Time(s)
       root (203.110.215.219): 57 Time(s)
       root (217.61.17.7): 57 Time(s)
       root (ir.unilag.edu.ng): 57 Time(s)
       root (129.211.1.224): 55 Time(s)
       root (190.8.80.42): 55 Time(s)
       root (52.187.17.107): 55 Time(s)
       root (106.13.181.68): 54 Time(s)
       unknown (62.234.9.150): 48 Time(s)
       root (1.193.160.164): 47 Time(s)
       root (118.26.135.145): 47 Time(s)
       unknown (103.36.84.100): 47 Time(s)
       root (149.129.252.83): 44 Time(s)
       root (118.25.27.102): 43 Time(s)
       unknown (217.ip-51-255-192.eu): 43 Time(s)
       root (37.17.65.154): 42 Time(s)
       unknown (95-105-233-209.static.orange.sk): 42 Time(s)
       root (118.25.143.199): 41 Time(s)
       unknown (168.232.156.205): 41 Time(s)
       unknown (176.31.182.125): 41 Time(s)
       root (206.189.91.97): 39 Time(s)
       root (62.234.9.150): 39 Time(s)
       root (87.ip-51-38-238.eu): 38 Time(s)
       unknown (118.25.143.199): 37 Time(s)
       unknown (118.25.27.102): 37 Time(s)
       unknown (182.254.172.159): 37 Time(s)
       unknown (37.17.65.154): 37 Time(s)
       unknown (149.129.252.83): 36 Time(s)
       root (182.254.172.159): 35 Time(s)
       root (95-105-233-209.static.orange.sk): 35 Time(s)
       unknown (129.211.1.224): 35 Time(s)
       unknown (14.225.11.25): 35 Time(s)
       unknown (151.ip-151-80-60.eu): 35 Time(s)
       root (14.225.11.25): 34 Time(s)
       root (177.50.208.206): 34 Time(s)
       unknown (206.189.91.97): 34 Time(s)
       unknown (203.110.215.219): 31 Time(s)
       root (132.232.40.86): 30 Time(s)
       unknown (190.8.80.42): 30 Time(s)
       unknown (106.13.181.68): 29 Time(s)
       root (217.ip-51-255-192.eu): 27 Time(s)
       unknown (106.12.133.247): 27 Time(s)
       unknown (165.227.69.39): 27 Time(s)
       unknown (ir.unilag.edu.ng): 27 Time(s)
       unknown (115.231.231.3): 26 Time(s)
       unknown (32.ip-192-99-57.net): 26 Time(s)
       root (103.36.84.100): 25 Time(s)
       unknown (1.193.160.164): 25 Time(s)
       root (59.10.5.156): 24 Time(s)
       unknown (187.32.120.215): 24 Time(s)
       unknown (87.ip-51-38-238.eu): 23 Time(s)
       unknown (182.72.139.6): 22 Time(s)
       unknown (176.107.131.128): 21 Time(s)
       unknown (221.150.22.201): 21 Time(s)
       unknown (60.190.148.2): 21 Time(s)
       unknown (217.32.246.90): 20 Time(s)
       unknown (152.136.101.65): 18 Time(s)
       unknown (49.207.180.197): 18 Time(s)
       root (103.52.52.22): 17 Time(s)
       unknown (177.42.73.75): 17 Time(s)
       unknown (125.213.128.213): 15 Time(s)
       root (151.ip-151-80-60.eu): 14 Time(s)
       unknown (117.50.95.121): 14 Time(s)
       unknown (103.52.52.22): 13 Time(s)
       unknown (64.79.101.52): 13 Time(s)
       root (104.236.214.8): 12 Time(s)
       unknown (45.6.72.17.leonetprovedor.com.br): 12 Time(s)
       root (179.179.255.151): 11 Time(s)
       root (125.213.128.213): 10 Time(s)
       unknown (59.10.5.156): 10 Time(s)
       root (106.12.133.247): 9 Time(s)
       root (176.107.131.128): 9 Time(s)
       unknown (192.144.151.30): 9 Time(s)
       unknown (ks3097275.kimsufi.com): 9 Time(s)
       unknown (183.95.84.34): 8 Time(s)
       unknown (host35-78.ip.pdlsk.cifra1.ru): 8 Time(s)
       root (177.42.73.75): 7 Time(s)
       unknown (128.199.128.215): 7 Time(s)
       unknown (li2015-22.members.linode.com): 7 Time(s)
       root (210.212.237.67): 6 Time(s)
       root (43.243.128.213): 6 Time(s)
       unknown (178.128.55.52): 6 Time(s)
       unknown (216.14.66.150): 6 Time(s)
       unknown (193.201.224.232): 5 Time(s)
       unknown (92.86.127.175): 5 Time(s)
       unknown (111.223.73.20): 4 Time(s)
       unknown (119.196.83.10): 4 Time(s)
       unknown (217.61.17.7): 4 Time(s)
       unknown (ns3077451.ip-188-165-242.eu): 4 Time(s)
       root (118.122.196.104): 3 Time(s)
       unknown (118.122.196.104): 3 Time(s)
       unknown (182.61.136.53): 3 Time(s)
       unknown (193.32.163.182): 3 Time(s)
       unknown (43.243.128.213): 3 Time(s)
       root (221.150.22.201): 2 Time(s)
       root (51.15.159.7): 2 Time(s)
       unknown (112.186.77.98): 2 Time(s)
       unknown (117.0.35.153): 2 Time(s)
       unknown (211-75-194-80.hinet-ip.hinet.net): 2 Time(s)
       unknown (222.120.192.122): 2 Time(s)
       unknown (90.122.225.35.bc.googleusercontent.com): 2 Time(s)
       unknown (aup83-1-78-195-178-119.fbx.proxad.net): 2 Time(s)
       backup (178.128.55.52): 1 Time(s)
       mailman (178.128.55.52): 1 Time(s)
       root (111.85.191.131): 1 Time(s)
       root (119.29.52.46): 1 Time(s)
       root (152.136.141.227): 1 Time(s)
       root (167.71.215.72): 1 Time(s)
       root (178.128.55.52): 1 Time(s)
       root (181.48.134.65): 1 Time(s)
       root (183.203.96.105): 1 Time(s)
       root (221.194.137.28): 1 Time(s)
       root (45.122.221.42): 1 Time(s)
       root (61.157.91.159): 1 Time(s)
       root (81.30.212.14.static.ufanet.ru): 1 Time(s)
       unknown (106.12.40.53): 1 Time(s)
       unknown (110.77.247.180): 1 Time(s)
       unknown (119.42.127.226): 1 Time(s)
       unknown (123.133.78.91): 1 Time(s)
       unknown (130.61.122.5): 1 Time(s)
       unknown (132.232.40.86): 1 Time(s)
       unknown (138.197.105.79): 1 Time(s)
       unknown (159.65.149.131): 1 Time(s)
       unknown (177.50.208.206): 1 Time(s)
       unknown (61.183.35.44): 1 Time(s)
       unknown (92.63.194.26): 1 Time(s)
       unknown (95-31-97-102.broadband.corbina.ru): 1 Time(s)
       unknown (c-76-27-163-60.hsd1.va.comcast.net): 1 Time(s)
       unknown (ool-2f168252.static.optonline.net): 1 Time(s)
       unknown (static-100-37-253-46.nycmny.fios.verizon.net): 1 Time(s)
    Invalid Users:
       Unknown Account: 1240 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

        3   Miscellaneous warnings  
 
   18.092K  Bytes accepted                              18,526
   18.092K  Bytes sent via SMTP                         18,526
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       35   Connections             
       23   Connections lost (inbound) 
       35   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        2   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    invalid : 2 Time(s)
 
 Failed logins from:
    1.193.160.164: 47 times
    14.225.11.25 (static.vnpt.vn): 34 times
    35.225.122.90 (90.122.225.35.bc.googleusercontent.com): 99 times
    37.17.65.154: 42 times
    37.195.50.41 (l37-195-50-41.novotelecom.ru): 68 times
    43.243.128.213: 6 times
    45.6.72.17 (45.6.72.17.leonetprovedor.com.br): 86 times
    45.122.221.42: 1 time
    49.207.180.197 (broadband.actcorp.in): 65 times
    51.15.159.7 (51-15-159-7.rev.poneytelecom.eu): 2 times
    51.38.238.87 (87.ip-51-38-238.eu): 38 times
    51.255.192.217 (217.ip-51-255-192.eu): 27 times
    52.187.17.107: 55 times
    58.150.46.6: 81 times
    59.10.5.156: 24 times
    60.190.148.2: 79 times
    61.157.91.159 (159.91.157.61.dial.dy.sc.dynamic.163data.com.cn): 1 time
    62.234.9.150: 39 times
    64.79.101.52 (64.79.101.52.rdns.continuumdatacenters.com): 72 times
    81.30.212.14 (81.30.212.14.static.ufanet.ru): 1 time
    85.136.47.215 (85.136.47.215.dyn.user.ono.com): 100 times
    92.86.127.175 (adsl92-86-127-175.romtelecom.net): 87 times
    94.23.198.73 (ks3097275.kimsufi.com): 77 times
    95.105.233.209 (95-105-233-209.static.orange.sk): 35 times
    103.36.84.100: 25 times
    103.52.52.22: 17 times
    104.236.214.8: 12 times
    106.12.133.247: 9 times
    106.13.181.68: 54 times
    111.85.191.131: 1 time
    111.223.73.20: 95 times
    115.231.231.3: 63 times
    117.50.95.121: 77 times
    118.25.27.102: 43 times
    118.25.143.199: 41 times
    118.26.135.145: 47 times
    118.89.27.248: 100 times
    118.122.196.104: 3 times
    119.29.52.46: 1 time
    125.213.128.213: 10 times
    128.199.128.215: 93 times
    129.211.1.224: 55 times
    132.232.40.86: 30 times
    149.129.252.83: 44 times
    151.80.60.151 (151.ip-151-80-60.eu): 14 times
    152.136.101.65: 76 times
    152.136.141.227: 1 time
    165.227.69.39: 58 times
    167.71.215.72: 1 time
    168.232.156.205: 61 times
    172.105.122.22 (li2015-22.members.linode.com): 90 times
    176.31.182.125 (solofarmaciveterinari.it): 76 times
    176.107.131.128 (host128-131-107-176.static.arubacloud.pl): 9 times
    177.42.73.75 (177.42.73.75.static.host.gvt.net.br): 7 times
    177.50.208.206 (206.208.50.177.isp.timbrasil.com.br): 34 times
    178.128.55.52: 3 times
    179.179.255.151 (179.179.255.151.dynamic.adsl.gvt.net.br): 11 times
    181.48.134.65: 1 time
    182.61.136.53: 96 times
    182.72.139.6 (nsg-static-006.139.72.182.airtel.in): 67 times
    182.254.172.159: 35 times
    183.95.84.34: 85 times
    183.203.96.105: 1 time
    187.32.120.215 (187-032-120-215.static.ctbctelecom.com.br): 62 times
    190.8.80.42 (static.190.8.80.42.gtdinternet.com): 55 times
    192.99.57.32 (32.ip-192-99-57.net): 59 times
    192.144.151.30: 88 times
    196.45.48.59 (ir.unilag.edu.ng): 57 times
    203.110.215.219: 57 times
    206.189.91.97: 39 times
    210.212.237.67: 6 times
    211.75.194.80 (211-75-194-80.HINET-IP.hinet.net): 99 times
    212.152.35.78 (host35-78.ip.pdlsk.cifra1.ru): 89 times
    217.32.246.90: 70 times
    217.61.17.7 (host7-17-61-217.static.arubacloud.com): 57 times
    221.150.22.201: 2 times
    221.194.137.28: 1 time
 
 Illegal users from:
    undef: 953 times
    1.193.160.164: 25 times
    14.225.11.25 (static.vnpt.vn): 35 times
    35.225.122.90 (90.122.225.35.bc.googleusercontent.com): 2 times
    37.17.65.154: 37 times
    43.243.128.213: 3 times
    45.6.72.17 (45.6.72.17.leonetprovedor.com.br): 12 times
    47.22.130.82 (ool-2f168252.static.optonline.net): 1 time
    49.207.180.197 (broadband.actcorp.in): 18 times
    51.38.238.87 (87.ip-51-38-238.eu): 23 times
    51.255.192.217 (217.ip-51-255-192.eu): 43 times
    59.10.5.156: 10 times
    60.190.148.2: 21 times
    61.183.35.44: 1 time
    62.234.9.150: 48 times
    64.79.101.52 (64.79.101.52.rdns.continuumdatacenters.com): 13 times
    76.27.163.60 (c-76-27-163-60.hsd1.va.comcast.net): 1 time
    78.195.178.119 (aup83-1-78-195-178-119.fbx.proxad.net): 2 times
    92.63.194.26: 1 time
    92.86.127.175 (adsl92-86-127-175.romtelecom.net): 5 times
    94.23.198.73 (ks3097275.kimsufi.com): 9 times
    95.31.97.102 (95-31-97-102.broadband.corbina.ru): 1 time
    95.105.233.209 (95-105-233-209.static.orange.sk): 42 times
    100.37.253.46 (static-100-37-253-46.nycmny.fios.verizon.net): 1 time
    103.36.84.100: 47 times
    103.52.52.22: 13 times
    106.12.40.53: 1 time
    106.12.133.247: 27 times
    106.13.181.68: 29 times
    110.77.247.180: 1 time
    111.223.73.20: 4 times
    112.186.77.98: 2 times
    115.231.231.3: 26 times
    117.0.35.153: 2 times
    117.50.95.121: 14 times
    118.25.27.102: 37 times
    118.25.143.199: 37 times
    118.122.196.104: 3 times
    119.42.127.226: 1 time
    119.196.83.10: 4 times
    123.133.78.91: 1 time
    125.213.128.213: 15 times
    128.199.128.215: 7 times
    129.211.1.224: 35 times
    130.61.122.5: 1 time
    132.232.40.86: 1 time
    138.197.105.79: 1 time
    149.129.252.83: 36 times
    151.80.60.151 (151.ip-151-80-60.eu): 35 times
    152.136.101.65: 18 times
    159.65.149.131 (187449.cloudwaysapps.com): 1 time
    165.227.69.39: 27 times
    168.232.156.205: 41 times
    172.105.122.22 (li2015-22.members.linode.com): 7 times
    176.31.182.125 (solofarmaciveterinari.it): 41 times
    176.107.131.128 (host128-131-107-176.static.arubacloud.pl): 21 times
    177.42.73.75 (177.42.73.75.static.host.gvt.net.br): 17 times
    177.50.208.206 (206.208.50.177.isp.timbrasil.com.br): 1 time
    178.128.55.52: 6 times
    182.61.136.53: 3 times
    182.72.139.6 (nsg-static-006.139.72.182.airtel.in): 22 times
    182.254.172.159: 37 times
    183.95.84.34: 8 times
    187.32.120.215 (187-032-120-215.static.ctbctelecom.com.br): 24 times
    188.165.242.200 (ns3077451.ip-188-165-242.eu): 4 times
    190.8.80.42 (static.190.8.80.42.gtdinternet.com): 30 times
    192.99.57.32 (32.ip-192-99-57.net): 26 times
    192.144.151.30: 9 times
    193.32.163.182 (hosting-by.cloud-home.me): 3 times
    193.201.224.232: 6 times
    196.45.48.59 (ir.unilag.edu.ng): 27 times
    203.110.215.219: 31 times
    205.185.127.36: 16 times
    206.189.91.97: 34 times
    211.75.194.80 (211-75-194-80.HINET-IP.hinet.net): 2 times
    212.152.35.78 (host35-78.ip.pdlsk.cifra1.ru): 8 times
    216.14.66.150: 6 times
    217.32.246.90: 20 times
    217.61.17.7 (host7-17-61-217.static.arubacloud.com): 4 times
    221.150.22.201: 21 times
    222.120.192.122: 2 times
 
 **Unmatched Entries**
 fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 3 time(s)
 Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 3 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/vzfs       400G  241G  160G  61% /
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016