################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Mon Sep 30 04:42:13 2019
Date Range Processed: yesterday
( 2019-Sep-29 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host:
h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [495:498]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 1 sites probed the server
61.219.11.153
Requests with error response codes
400 Bad Request
mstshash=Administr: 5 Time(s)
null: 2 Time(s)
../../mnt/custom/ProductDefinition: 1 Time(s)
/manager/html: 1 Time(s)
/setup.cgi?next_file=netgear.cfg&todo=sysc ... ntsetting.htm=1: 1 Time(s)
/shell?busybox: 1 Time(s)
404 Not Found
/robots.txt: 31 Time(s)
/berlin/apple-touch-icon.png: 4 Time(s)
/wp-login.php: 3 Time(s)
/berlin/helfikafaq/apple-touch-icon.png: 1 Time(s)
/protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s)
/sites/default/files/Bericht_WiSe15_Frankfurt.pdf: 1 Time(s)
/verein%7C: 1 Time(s)
500 Internal Server Error
/: 4 Time(s)
/robots.txt: 2 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (190.9.130.159): 94 Time(s)
unknown (129.211.147.91): 91 Time(s)
unknown (111.231.226.12): 84 Time(s)
unknown (82-117-190-170.mynts.ru): 78 Time(s)
unknown (106.12.202.181): 68 Time(s)
unknown (46.101.11.213): 66 Time(s)
unknown (1511.aguia.info): 62 Time(s)
unknown (41.223.142.211): 62 Time(s)
unknown (81.16.8.220): 62 Time(s)
unknown (138.197.129.38): 61 Time(s)
unknown (
193.ip-149-56-141.net): 61 Time(s)
unknown (214.ip-51-38-237.eu): 61 Time(s)
unknown (32.ip-91-134-140.eu): 61 Time(s)
unknown (
www.ugrakor.ru): 61 Time(s)
unknown (104.131.22.72): 59 Time(s)
unknown (162.243.165.39): 59 Time(s)
unknown (93.ip-51-38-232.eu): 57 Time(s)
unknown (178.128.194.116): 56 Time(s)
unknown (
ool-44c5cb87.dyn.optonline.net): 56 Time(s)
unknown (60.190.96.235): 55 Time(s)
unknown (115.231.231.3): 54 Time(s)
unknown (121.201.34.97): 54 Time(s)
unknown (ip251.ip-51-254-165.eu): 54 Time(s)
unknown (45.55.222.162): 53 Time(s)
unknown (123.126.20.90): 51 Time(s)
unknown (106.12.128.24): 48 Time(s)
unknown (58.254.132.140): 48 Time(s)
unknown (
c-67-184-64-224.hsd1.il.comcast.net): 48 Time(s)
unknown (123.207.142.31): 47 Time(s)
unknown (51.ip-51-255-171.eu): 46 Time(s)
unknown (109.252.231.164): 44 Time(s)
unknown (221.4.223.107): 43 Time(s)
unknown (
066-006-045-005.ip-addr.inexio.net): 32 Time(s)
unknown (user-83.96.infomir.com.ua): 30 Time(s)
unknown (
ks3357677.kimsufi.com): 28 Time(s)
unknown (178.128.162.10): 26 Time(s)
unknown (118.97.140.237): 24 Time(s)
unknown (chat.assefaz.org.br): 24 Time(s)
unknown (158.69.110.31): 23 Time(s)
unknown (ns3107227.ip-54-36-126.eu): 23 Time(s)
unknown (106.12.198.21): 22 Time(s)
unknown (117.139.166.203): 20 Time(s)
unknown (140.143.98.35): 19 Time(s)
unknown (154.8.164.214): 18 Time(s)
unknown (106.12.58.4): 17 Time(s)
unknown (243.ip-51-38-65.eu): 15 Time(s)
unknown (40.73.78.233): 14 Time(s)
root (220.191.173.222): 12 Time(s)
unknown (ip5f5a8e37.dynamic.kabel-deutschland.de): 10 Time(s)
unknown (123.206.13.46): 8 Time(s)
unknown (13.78.49.11): 8 Time(s)
unknown (178.128.107.61): 8 Time(s)
unknown (106.12.13.138): 7 Time(s)
unknown (
mvx-187-111-23-14.mundivox.com): 7 Time(s)
root (114.236.59.53): 6 Time(s)
root (115.231.231.3): 6 Time(s)
root (1511.aguia.info): 6 Time(s)
root (218.92.0.139): 6 Time(s)
root (81.16.8.220): 6 Time(s)
root (
ool-44c5cb87.dyn.optonline.net): 6 Time(s)
unknown (187.44.113.33): 6 Time(s)
root (214.ip-51-38-237.eu): 5 Time(s)
root (158.69.110.31): 4 Time(s)
root (32.ip-91-134-140.eu): 4 Time(s)
root (58.254.132.140): 4 Time(s)
root (ip251.ip-51-254-165.eu): 4 Time(s)
unknown (118.24.231.209): 4 Time(s)
root (104.131.22.72): 3 Time(s)
root (106.12.202.181): 3 Time(s)
root (123.206.13.46): 3 Time(s)
root (
193.ip-149-56-141.net): 3 Time(s)
root (41.223.142.211): 3 Time(s)
root (60.190.96.235): 3 Time(s)
root (82-117-190-170.mynts.ru): 3 Time(s)
root (93.ip-51-38-232.eu): 3 Time(s)
root (
c-67-184-64-224.hsd1.il.comcast.net): 3 Time(s)
unknown (112.186.77.78): 3 Time(s)
unknown (121.142.111.222): 3 Time(s)
unknown (123.135.124.238): 3 Time(s)
unknown (148.70.41.33): 3 Time(s)
unknown (175.211.112.254): 3 Time(s)
unknown (193.32.163.182): 3 Time(s)
unknown (211.252.19.254): 3 Time(s)
backup (82-117-190-170.mynts.ru): 2 Time(s)
postgres (123.207.142.31): 2 Time(s)
root (109.252.231.164): 2 Time(s)
root (111.231.226.12): 2 Time(s)
root (123.207.142.31): 2 Time(s)
root (138.197.129.38): 2 Time(s)
root (162.243.165.39): 2 Time(s)
root (178.128.194.116): 2 Time(s)
root (187.44.113.33): 2 Time(s)
root (243.ip-51-38-65.eu): 2 Time(s)
root (40.73.78.233): 2 Time(s)
root (51.ip-51-255-171.eu): 2 Time(s)
root (ip5f5a8e37.dynamic.kabel-deutschland.de): 2 Time(s)
temp (115.231.231.3): 2 Time(s)
temp (41.223.142.211): 2 Time(s)
unknown (116.86.166.93): 2 Time(s)
unknown (5072a466.static.ziggozakelijk.nl): 2 Time(s)
unknown (92.63.194.26): 2 Time(s)
unknown (98.64-247-81.adsl-dyn.isp.belgacom.be): 2 Time(s)
unknown (
host-92-3-69-231.as43234.net): 2 Time(s)
unknown (
pool-72-68-125-94.nwrknj.fios.verizon.net): 2 Time(s)
backup (104.131.22.72): 1 Time(s)
backup (111.231.226.12): 1 Time(s)
bin (106.12.128.24): 1 Time(s)
bin (106.12.58.4): 1 Time(s)
daemon (111.231.226.12): 1 Time(s)
gnats (111.231.226.12): 1 Time(s)
gnats (129.211.147.91): 1 Time(s)
gnats (81.16.8.220): 1 Time(s)
lp (117.139.166.203): 1 Time(s)
lp (32.ip-91-134-140.eu): 1 Time(s)
mail (106.12.198.21): 1 Time(s)
mail (158.69.110.31): 1 Time(s)
mailman (111.231.226.12): 1 Time(s)
mailman (178.128.107.61): 1 Time(s)
man (115.231.231.3): 1 Time(s)
mysql (104.131.22.72): 1 Time(s)
mysql (123.207.142.31): 1 Time(s)
news (
www.ugrakor.ru): 1 Time(s)
postgres (106.12.202.181): 1 Time(s)
postgres (115.231.231.3): 1 Time(s)
postgres (187.44.113.33): 1 Time(s)
postgres (243.ip-51-38-65.eu): 1 Time(s)
postgres (46.101.11.213): 1 Time(s)
postgres (ip5f5a8e37.dynamic.kabel-deutschland.de): 1 Time(s)
postgres (
www.ugrakor.ru): 1 Time(s)
root (106.12.128.24): 1 Time(s)
root (106.12.58.4): 1 Time(s)
root (117.139.166.203): 1 Time(s)
root (118.97.140.237): 1 Time(s)
root (121.142.111.222): 1 Time(s)
root (121.201.34.97): 1 Time(s)
root (123.126.20.90): 1 Time(s)
root (129.211.147.91): 1 Time(s)
root (140.143.98.35): 1 Time(s)
root (154.8.164.214): 1 Time(s)
root (190.9.130.159): 1 Time(s)
root (45.55.222.162): 1 Time(s)
root (46.101.11.213): 1 Time(s)
root (59.25.197.138): 1 Time(s)
root (79.1.212.37): 1 Time(s)
root (chat.assefaz.org.br): 1 Time(s)
root (ns3107227.ip-54-36-126.eu): 1 Time(s)
root (
ns543625.ip-144-217-78.net): 1 Time(s)
root (
www.ugrakor.ru): 1 Time(s)
sync (158.69.110.31): 1 Time(s)
temp (106.12.128.24): 1 Time(s)
temp (106.12.198.21): 1 Time(s)
temp (106.12.58.4): 1 Time(s)
temp (117.139.166.203): 1 Time(s)
temp (158.69.110.31): 1 Time(s)
temp (178.128.162.10): 1 Time(s)
temp (58.254.132.140): 1 Time(s)
temp (81.16.8.220): 1 Time(s)
temp (
c-67-184-64-224.hsd1.il.comcast.net): 1 Time(s)
temp (
ks3357677.kimsufi.com): 1 Time(s)
temp (
ool-44c5cb87.dyn.optonline.net): 1 Time(s)
unknown (106.12.34.56): 1 Time(s)
unknown (110.164.205.133): 1 Time(s)
unknown (113.173.183.45): 1 Time(s)
unknown (113.190.141.166): 1 Time(s)
unknown (114.113.152.183): 1 Time(s)
unknown (114.236.59.105): 1 Time(s)
unknown (117.50.46.176): 1 Time(s)
unknown (124.161.8.66): 1 Time(s)
unknown (130.61.83.71): 1 Time(s)
unknown (139.155.112.94): 1 Time(s)
unknown (14.63.221.108): 1 Time(s)
unknown (190.144.145.146): 1 Time(s)
unknown (194.158.192.175): 1 Time(s)
unknown (212.98.73.146): 1 Time(s)
unknown (221.132.17.75): 1 Time(s)
unknown (31.154.182.230): 1 Time(s)
unknown (46.61.235.111): 1 Time(s)
unknown (59.25.197.138): 1 Time(s)
unknown (59.25.197.162): 1 Time(s)
unknown (84.79.42.135): 1 Time(s)
unknown (86.57.171.99): 1 Time(s)
unknown (91-233-156-25.interkonekt.pl): 1 Time(s)
unknown (
host210.sub-63-41-9.myvzw.com): 1 Time(s)
unknown (
host86-183-148-162.range86-183.btcentralplus.com): 1 Time(s)
unknown (ipagstaticip-6ec5a3f7-38e0-3835-ad06-d9119227ac99.sdsl.bell.ca): 1
Time(s)
unknown (pppoe-static.82.209.197.111.telecom.mogilev.by): 1 Time(s)
unknown (web101.bouncer4you.de): 1 Time(s)
uucp (1511.aguia.info): 1 Time(s)
uucp (81.16.8.220): 1 Time(s)
www-data (106.12.128.24): 1 Time(s)
www-data (138.197.129.38): 1 Time(s)
www-data (46.101.11.213): 1 Time(s)
Invalid Users:
Unknown Account: 2365 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
22.284K Bytes accepted 22,819
22.284K Bytes sent via SMTP 22,819
======== ==================================================
1 Accepted 100.00%
-------- --------------------------------------------------
1 Total 100.00%
======== ==================================================
2 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
2 Total 4xx Rejects 100.00%
======== ==================================================
56 Connections
13 Connections lost (inbound)
56 Disconnections
1 Removed from queue
1 Sent via SMTP
1 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End
-------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 2 Time(s)
Failed logins from:
37.187.22.227 (
ks3357677.kimsufi.com): 1 time
40.73.78.233: 2 times
41.223.142.211: 5 times
45.55.222.162: 1 time
46.101.11.213: 3 times
51.38.65.243 (243.ip-51-38-65.eu): 3 times
51.38.232.93 (93.ip-51-38-232.eu): 3 times
51.38.237.214 (214.ip-51-38-237.eu): 5 times
51.254.165.251 (ip251.ip-51-254-165.eu): 4 times
51.255.171.51 (51.ip-51-255-171.eu): 2 times
54.36.126.81 (ns3107227.ip-54-36-126.eu): 1 time
58.254.132.140: 5 times
59.25.197.138: 1 time
60.190.96.235: 3 times
67.184.64.224 (
c-67-184-64-224.hsd1.il.comcast.net): 4 times
68.197.203.135 (
ool-44c5cb87.dyn.optonline.net): 7 times
79.1.212.37: 1 time
80.68.76.181 (
www.ugrakor.ru): 3 times
81.16.8.220 (host-220.8.16.81.ucom.am): 9 times
82.117.190.170 (82-117-190-170.mynts.ru): 5 times
91.134.140.32 (32.ip-91-134-140.eu): 5 times
92.222.88.22 (1511.aguia.info): 7 times
95.90.142.55 (ip5f5a8e37.dynamic.kabel-deutschland.de): 3 times
104.131.22.72: 5 times
106.12.58.4: 3 times
106.12.128.24: 4 times
106.12.198.21: 2 times
106.12.202.181: 4 times
109.252.231.164: 2 times
111.231.226.12: 6 times
114.236.59.53: 6 times
115.231.231.3: 10 times
117.139.166.203: 3 times
118.97.140.237 (237.subnet118-97-140.static.astinet.telkom.net.id): 1 time
121.142.111.222: 1 time
121.201.34.97: 1 time
123.126.20.90: 1 time
123.206.13.46: 3 times
123.207.142.31: 5 times
129.211.147.91: 2 times
138.197.129.38: 3 times
140.143.98.35: 1 time
144.217.78.76 (
ns543625.ip-144-217-78.net): 1 time
149.56.141.193 (
193.ip-149-56-141.net): 3 times
154.8.164.214: 1 time
158.69.110.31: 7 times
162.243.165.39: 2 times
177.69.118.197 (chat.assefaz.org.br): 1 time
178.128.107.61: 1 time
178.128.162.10: 1 time
178.128.194.116: 2 times
187.44.113.33 (static-187-44-113-33.optitel.net.br): 3 times
190.9.130.159: 1 time
218.92.0.139: 6 times
220.191.173.222: 12 times
Illegal users from:
undef: 1598 times
5.45.6.66 (
066-006-045-005.ip-addr.inexio.net): 32 times
13.78.49.11: 8 times
14.63.221.108: 1 time
31.154.182.230 (
barvanet.com): 5 times
37.187.22.227 (
ks3357677.kimsufi.com): 28 times
40.73.78.233: 14 times
41.223.142.211: 62 times
45.55.222.162: 53 times
46.61.235.111: 1 time
46.101.11.213: 66 times
51.38.65.243 (243.ip-51-38-65.eu): 15 times
51.38.232.93 (93.ip-51-38-232.eu): 57 times
51.38.237.214 (214.ip-51-38-237.eu): 61 times
51.254.165.251 (ip251.ip-51-254-165.eu): 54 times
51.255.171.51 (51.ip-51-255-171.eu): 46 times
54.36.126.81 (ns3107227.ip-54-36-126.eu): 23 times
58.254.132.140: 48 times
59.25.197.138: 1 time
59.25.197.162: 1 time
60.190.96.235: 55 times
63.41.9.210 (
host210.sub-63-41-9.myvzw.com): 1 time
67.184.64.224 (
c-67-184-64-224.hsd1.il.comcast.net): 48 times
68.197.203.135 (
ool-44c5cb87.dyn.optonline.net): 56 times
70.50.249.215 (ipagstaticip-6ec5a3f7-38e0-3835-ad06-d9119227ac99.sdsl.bell.ca): 1
time
72.68.125.94 (
pool-72-68-125-94.nwrknj.fios.verizon.net): 2 times
80.68.76.181 (
www.ugrakor.ru): 61 times
80.114.164.102 (5072A466.static.ziggozakelijk.nl): 2 times
81.16.8.220 (host-220.8.16.81.ucom.am): 62 times
81.247.64.98 (98.64-247-81.adsl-dyn.isp.belgacom.be): 2 times
82.117.190.170 (82-117-190-170.mynts.ru): 78 times
82.209.197.111 (pppoe-static.82.209.197.111.telecom.mogilev.by): 1 time
84.79.42.135: 1 time
86.57.171.99 (171.57.86.99.ripe.vitebsk.by): 1 time
86.183.148.162 (
host86-183-148-162.range86-183.btcentralplus.com): 1 time
91.134.140.32 (32.ip-91-134-140.eu): 61 times
91.233.156.25 (91-233-156-25.interkonekt.pl): 1 time
92.3.69.231 (
host-92-3-69-231.as43234.net): 2 times
92.63.194.26: 2 times
92.222.88.22 (1511.aguia.info): 62 times
95.90.142.55 (ip5f5a8e37.dynamic.kabel-deutschland.de): 10 times
104.131.22.72: 59 times
106.12.13.138: 7 times
106.12.34.56: 1 time
106.12.58.4: 17 times
106.12.128.24: 48 times
106.12.198.21: 22 times
106.12.202.181: 68 times
109.252.231.164: 44 times
110.164.205.133 (mx-ll-110.164.205-133.static.3bb.co.th): 1 time
111.231.226.12: 84 times
112.186.77.78: 3 times
113.173.183.45 (static.vnpt.vn): 1 time
113.190.141.166 (static.vnpt.vn): 1 time
114.113.152.183: 1 time
114.236.59.105: 5 times
115.231.231.3: 54 times
116.86.166.93 (93.166.86.116.starhub.net.sg): 2 times
117.50.46.176: 1 time
117.139.166.203: 20 times
118.24.231.209: 4 times
118.97.140.237 (237.subnet118-97-140.static.astinet.telkom.net.id): 24 times
121.142.111.222: 3 times
121.201.34.97: 54 times
123.126.20.90: 51 times
123.135.124.238: 3 times
123.206.13.46: 8 times
123.207.142.31: 47 times
124.161.8.66: 1 time
129.211.147.91: 91 times
130.61.83.71: 1 time
138.197.129.38: 61 times
139.155.112.94: 1 time
140.143.98.35: 19 times
148.70.41.33: 3 times
149.56.141.193 (
193.ip-149-56-141.net): 61 times
154.8.164.214: 18 times
158.69.110.31: 23 times
162.243.165.39: 59 times
175.211.112.254: 3 times
177.69.118.197 (chat.assefaz.org.br): 24 times
178.128.107.61: 8 times
178.128.162.10: 26 times
178.128.194.116: 56 times
187.44.113.33 (static-187-44-113-33.optitel.net.br): 6 times
187.111.23.14 (
mvx-187-111-23-14.mundivox.com): 7 times
190.9.130.159: 94 times
190.144.145.146: 1 time
193.32.163.182 (hosting-by.cloud-home.me): 3 times
194.158.192.175 (static.byfly.gomel.by): 1 time
211.252.19.254: 3 times
212.98.73.146: 1 time
212.224.65.254 (web101.bouncer4you.de): 1 time
217.73.83.96 (user-83.96.infomir.com.ua): 30 times
221.4.223.107: 43 times
221.132.17.75: 1 time
**Unmatched Entries**
fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 6 time(s)
Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 3 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/vzfs 400G 242G 159G 61% /
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################