################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Jun 5 04:42:09 2019 Date Range Processed: yesterday ( 2019-Jun-04 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [389:387] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 172.104.242.173 61.219.11.153 66.240.205.34 Requests with error response codes 400 Bad Request null: 5 Time(s) mstshash=Administr: 3 Time(s) /: 2 Time(s) 7: 1 Time(s) 403 Forbidden /resolutionen/sose17/gesellschaftlich_verantwortung/: 1 Time(s) 404 Not Found /robots.txt: 22 Time(s) /berlin/apple-touch-icon.png: 4 Time(s) /wp-login.php: 2 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) 499 (undefined) /build/font-pack.2c73dce02b1eaa3a3b4e.css: 5 Time(s) /apple-touch-icon.png: 4 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 3 Time(s) /build/index-styles-pack.2c73dce02b1eaa3a3b4e.css: 3 Time(s) /build/index-styles.2c73dce02b1eaa3a3b4e.css: 3 Time(s) /build/index.2c73dce02b1eaa3a3b4e.css: 2 Time(s) /favicon.png: 2 Time(s) /fonts/SourceSansPro-Regular.woff: 1 Time(s) 500 Internal Server Error /: 38 Time(s) 502 Bad Gateway /berlin/newsletter/newsletter-subscribe: 1 Time(s) 503 Service Unavailable /robots.txt: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (196.43.112.58): 64 Time(s) unknown (121.126.79.157): 63 Time(s) unknown (139.59.38.252): 60 Time(s) unknown (pbsincusa.com): 58 Time(s) unknown (123.231.61.180): 51 Time(s) unknown (187.0.211.99): 51 Time(s) unknown (static-9-178-24-46.ipcom.comunitel.net): 51 Time(s) unknown (111.68.19.177): 50 Time(s) unknown (111.93.190.157): 50 Time(s) unknown (139.199.115.210): 50 Time(s) unknown (28.179.247.35.bc.googleusercontent.com): 50 Time(s) unknown (45.55.184.78): 50 Time(s) unknown (122.225.60.26): 49 Time(s) unknown (194.37.92.50): 48 Time(s) unknown (178.128.108.22): 47 Time(s) unknown (142.93.170.244): 44 Time(s) unknown (89.32.124.241): 44 Time(s) unknown (ns337826.ip-91-121-211.eu): 42 Time(s) unknown (121.49.99.12): 39 Time(s) unknown (140.143.206.82): 36 Time(s) unknown (ec2-52-83-176-167.cn-northwest-1.compute.amazonaws.com.cn): 36 Time(s) unknown (189.39.39.181): 35 Time(s) unknown (209.97.164.36): 32 Time(s) unknown (ip125.ip-54-38-5.eu): 27 Time(s) unknown (174.90.202.1): 26 Time(s) unknown (14.142.57.66): 20 Time(s) unknown (49.247.207.56): 20 Time(s) unknown (118.175.58.12): 17 Time(s) unknown (1.236.151.31): 16 Time(s) unknown (106.12.199.98): 15 Time(s) unknown (189-039-039-181.static.spo.ctbc.com.br): 15 Time(s) unknown (178.128.124.241): 14 Time(s) unknown (p57878027.dip0.t-ipconnect.de): 14 Time(s) unknown (134.175.62.14): 12 Time(s) unknown (68.183.21.151): 12 Time(s) unknown (bb115-66-226-14.singnet.com.sg): 12 Time(s) root (188.16.37.141): 6 Time(s) root (201.180.194.84): 6 Time(s) root (218.92.0.133): 6 Time(s) root (27.46.22.150): 6 Time(s) unknown (142.93.22.180): 6 Time(s) unknown (189.152.95.148): 6 Time(s) unknown (96-35-69-1.dhcp.bycy.mi.charter.com): 5 Time(s) unknown (114.112.81.182): 4 Time(s) postgres (194.37.92.50): 3 Time(s) unknown (118.25.128.19): 3 Time(s) nobody (pbsincusa.com): 2 Time(s) unknown (178-118-78-75.access.telenet.be): 2 Time(s) unknown (185.110.187.194): 2 Time(s) backup (121.49.99.12): 1 Time(s) backup (122.225.60.26): 1 Time(s) backup (ns337826.ip-91-121-211.eu): 1 Time(s) backup (static-9-178-24-46.ipcom.comunitel.net): 1 Time(s) daemon (189.39.39.181): 1 Time(s) games (1.236.151.31): 1 Time(s) games (111.68.19.177): 1 Time(s) gnats (68.183.21.151): 1 Time(s) irc (111.68.19.177): 1 Time(s) irc (111.93.190.157): 1 Time(s) jan (45.55.184.78): 1 Time(s) mail (178.128.108.22): 1 Time(s) mail (194.37.92.50): 1 Time(s) mail (45.55.184.78): 1 Time(s) man (139.59.38.252): 1 Time(s) man (pbsincusa.com): 1 Time(s) mysql (49.247.207.56): 1 Time(s) news (106.12.199.98): 1 Time(s) nobody (ns337826.ip-91-121-211.eu): 1 Time(s) postfix (121.126.79.157): 1 Time(s) postfix (187.0.211.99): 1 Time(s) postfix (189-039-039-181.static.spo.ctbc.com.br): 1 Time(s) postfix (209.97.164.36): 1 Time(s) postfix (28.179.247.35.bc.googleusercontent.com): 1 Time(s) postgres (106.12.199.98): 1 Time(s) postgres (121.126.79.157): 1 Time(s) postgres (ns337826.ip-91-121-211.eu): 1 Time(s) proxy (178.128.108.22): 1 Time(s) proxy (194.37.92.50): 1 Time(s) proxy (209.97.164.36): 1 Time(s) root (218.92.0.157): 1 Time(s) smmsp (121.126.79.157): 1 Time(s) smmsp (196.43.112.58): 1 Time(s) smmsp (pbsincusa.com): 1 Time(s) sshd (121.126.79.157): 1 Time(s) sshd (ec2-52-83-176-167.cn-northwest-1.compute.amazonaws.com.cn): 1 Time(s) sync (118.175.58.12): 1 Time(s) sync (123.231.61.180): 1 Time(s) sync (28.179.247.35.bc.googleusercontent.com): 1 Time(s) sync (pbsincusa.com): 1 Time(s) sys (194.37.92.50): 1 Time(s) temp (122.225.60.26): 1 Time(s) temp (ns337826.ip-91-121-211.eu): 1 Time(s) unknown (14.187.99.18): 1 Time(s) unknown (182.184.44.6): 1 Time(s) unknown (201.142.245.62.dsl.dyn.telnor.net): 1 Time(s) unknown (221.156.116.51): 1 Time(s) unknown (78-21-57-20.access.telenet.be): 1 Time(s) unknown (78.193.58.53): 1 Time(s) unknown (99-46-143-22.lightspeed.sntcca.sbcglobal.net): 1 Time(s) uucp (pbsincusa.com): 1 Time(s) www-data (111.93.190.157): 1 Time(s) www-data (121.126.79.157): 1 Time(s) www-data (139.59.38.252): 1 Time(s) www-data (194.37.92.50): 1 Time(s) Invalid Users: Unknown Account: 1355 Time(s) systemd-user: Unknown Entries: session closed for user root: 1 Time(s) session opened for user root by (uid=0): 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 3 Miscellaneous warnings 16.091K Bytes accepted 16,477 16.091K Bytes sent via SMTP 16,477 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 7 4xx Reject relay denied 100.00% -------- -------------------------------------------------- 7 Total 4xx Rejects 100.00% ======== ================================================== 120 Connections 82 Connections lost (inbound) 120 Disconnections 1 Removed from queue 1 Sent via SMTP 3 SMTP dialog errors ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: root : 4 Time(s) Failed logins from: 1.236.151.31: 1 time 27.46.22.150: 6 times 35.247.179.28 (28.179.247.35.bc.googleusercontent.com): 2 times 45.55.184.78: 2 times 46.24.178.9 (static-9-178-24-46.ipcom.comunitel.net): 1 time 49.247.207.56: 1 time 52.83.176.167 (ec2-52-83-176-167.cn-northwest-1.compute.amazonaws.com.cn): 1 time 68.183.21.151: 1 time 89.36.220.145 (pbsincusa.com): 6 times 91.121.211.34 (ns337826.ip-91-121-211.eu): 4 times 106.12.199.98: 2 times 111.68.19.177: 2 times 111.93.190.157 (static-157.190.93.111-tataidc.co.in): 2 times 118.175.58.12 (118-175-58-12.adsl.totbb.net): 1 time 121.49.99.12: 1 time 121.126.79.157: 5 times 122.225.60.26: 2 times 123.231.61.180: 1 time 139.59.38.252: 2 times 178.128.108.22: 2 times 187.0.211.99: 1 time 188.16.37.141: 6 times 189.39.39.181 (189-039-039-181.static.spo.ctbc.com.br): 2 times 194.37.92.50: 7 times 196.43.112.58 (ip-net-196-43-112-58.africaonline.co.zw): 1 time 201.180.194.84 (201-180-194-84.speedy.com.ar): 6 times 209.97.164.36: 2 times 218.92.0.133: 6 times 218.92.0.157: 4 times Illegal users from: undef: 1003 times 1.236.151.31: 16 times 14.142.57.66 (14.142.57.66.static-Delhi.vsnl.net.in): 20 times 14.187.99.18 (static.vnpt.vn): 1 time 35.247.179.28 (28.179.247.35.bc.googleusercontent.com): 50 times 45.55.184.78: 50 times 46.24.178.9 (static-9-178-24-46.ipcom.comunitel.net): 51 times 49.247.207.56: 20 times 52.83.176.167 (ec2-52-83-176-167.cn-northwest-1.compute.amazonaws.com.cn): 36 times 54.38.5.125 (ip125.ip-54-38-5.eu): 27 times 68.183.21.151: 12 times 78.21.57.20 (78-21-57-20.access.telenet.be): 1 time 78.193.58.53 (bou91-3-78-193-58-53.fbxo.proxad.net): 1 time 87.135.128.39 (p57878027.dip0.t-ipconnect.de): 14 times 89.32.124.241 (hosting.ndorser.com): 44 times 89.36.220.145 (pbsincusa.com): 58 times 91.121.211.34 (ns337826.ip-91-121-211.eu): 42 times 96.35.69.1 (96-35-69-1.dhcp.bycy.mi.charter.com): 5 times 99.46.143.22 (99-46-143-22.lightspeed.sntcca.sbcglobal.net): 1 time 106.12.199.98: 15 times 111.68.19.177: 50 times 111.93.190.157 (static-157.190.93.111-tataidc.co.in): 50 times 114.112.81.182: 4 times 115.66.226.14 (bb115-66-226-14.singnet.com.sg): 12 times 118.25.128.19: 3 times 118.175.58.12 (118-175-58-12.adsl.totbb.net): 17 times 121.49.99.12: 39 times 121.126.79.157: 63 times 122.225.60.26: 49 times 123.231.61.180: 51 times 134.175.62.14: 12 times 139.59.38.252: 60 times 139.199.115.210: 50 times 140.143.206.82: 36 times 142.93.22.180: 6 times 142.93.170.244: 44 times 174.90.202.1: 26 times 178.118.78.75 (178-118-78-75.access.telenet.be): 2 times 178.128.108.22: 47 times 178.128.124.241: 14 times 182.184.44.6: 1 time 185.110.187.194 (c-185-110-187-194.customer.ggaweb.ch): 2 times 187.0.211.99: 51 times 189.39.39.181 (189-039-039-181.static.spo.ctbc.com.br): 50 times 189.152.95.148 (dsl-189-152-95-148-dyn.prod-infinitum.com.mx): 6 times 194.37.92.50: 48 times 196.43.112.58 (ip-net-196-43-112-58.africaonline.co.zw): 64 times 201.142.245.62 (201.142.245.62.dsl.dyn.telnor.net): 1 time 209.97.164.36: 32 times 221.156.116.51: 1 time Users logging in through sshd: root: 176.94.82.115 (business-176-094-082-115.static.arcor-ip.net): 1 time **Unmatched Entries** fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,twofish-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 241G 160G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################