04:42
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Wed Oct 9 04:42:05 2019
Date Range Processed: yesterday
( 2019-Oct-08 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: h2361197.stratoserver.net
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [341:346]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
A total of 3 sites probed the server
125.64.94.220
183.129.160.229
66.240.205.34
Requests with error response codes
400 Bad Request
mstshash=Administr: 4 Time(s)
null: 3 Time(s)
/setup.cgi?next_file=netgear.cfg&todo=sysc ... ntsetting.htm=1: 1 Time(s)
404 Not Found
/robots.txt: 27 Time(s)
/berlin/apple-touch-icon.png: 4 Time(s)
/wp-login.php: 3 Time(s)
/berlin/helfika/apple-touch-icon.png: 1 Time(s)
/protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s)
/reader/commit/f296a13ca2c01c535b80f726f1d0e62f3620d14e: 1 Time(s)
/resolutionen/sose17/studiengebuehren/stud ... _D3EC20zJOs\x22: 1 Time(s)
/sites/default/files/1999_SoSe_Karlsruhe.pdf: 1 Time(s)
/verein%7C: 1 Time(s)
500 Internal Server Error
/: 110 Time(s)
/a2billing/admin/Public/index.php: 1 Time(s)
/admin/assets/js/views/login.js: 1 Time(s)
/admin/config.php: 1 Time(s)
/admin/i18n/readme.txt: 1 Time(s)
/favicon.ico: 1 Time(s)
/recordings/theme/main.css: 1 Time(s)
/version: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (134.209.16.36): 100 Time(s)
root (178.62.189.46): 100 Time(s)
root (76.72.8.136): 98 Time(s)
root (114.118.91.64): 96 Time(s)
root (139.59.80.65): 89 Time(s)
root (94.191.50.114): 89 Time(s)
root (192.144.148.163): 85 Time(s)
root (182.116.56.228): 84 Time(s)
root (178.128.202.35): 80 Time(s)
root (103.92.85.202): 76 Time(s)
root (178.128.39.92): 74 Time(s)
root (89.36.217.142): 74 Time(s)
root (cpc69977-sand12-2-0-cust226.16-1.cable.virginm.net): 66 Time(s)
root (cpe-66-108-165-215.nyc.res.rr.com): 64 Time(s)
root (185.250.221.220): 61 Time(s)
root (50-250-231-41-static.hfc.comcastbusiness.net): 59 Time(s)
root (113.31.102.157): 58 Time(s)
root (142.93.47.125): 56 Time(s)
root (51.254.248.18): 56 Time(s)
root (75.60.67.34.bc.googleusercontent.com): 56 Time(s)
unknown (213.33.244.187): 54 Time(s)
root (119.29.62.104): 52 Time(s)
root (140.143.183.71): 52 Time(s)
root (188.254.0.182): 50 Time(s)
root (122.224.175.218): 48 Time(s)
root (115.238.236.74): 47 Time(s)
root (203.55.73.34.bc.googleusercontent.com): 46 Time(s)
root (213.33.244.187): 46 Time(s)
root (ns3262586.ip-5-39-77.eu): 46 Time(s)
unknown (128.199.107.252): 46 Time(s)
unknown (182.61.175.71): 46 Time(s)
root (106.75.210.147): 44 Time(s)
root (89.216.47.154): 44 Time(s)
unknown (161.117.195.97): 44 Time(s)
unknown (bake.isdeveloping.com): 44 Time(s)
unknown (106.52.174.139): 43 Time(s)
root (121.15.2.178): 41 Time(s)
unknown (216.213.198.180): 41 Time(s)
unknown (72.2.6.128): 40 Time(s)
unknown (182.18.208.27): 39 Time(s)
unknown (54.39.191.188): 39 Time(s)
unknown (190.113.142.197): 37 Time(s)
root (36.111.36.83): 36 Time(s)
root (72.2.6.128): 36 Time(s)
unknown (106.75.210.147): 35 Time(s)
unknown (138.197.176.130): 35 Time(s)
unknown (smartspace.wenet.my): 35 Time(s)
unknown (122.224.175.218): 34 Time(s)
root (211-75-136-208.hinet-ip.hinet.net): 32 Time(s)
root (smartspace.wenet.my): 32 Time(s)
unknown (119.29.62.104): 32 Time(s)
root (188.166.1.95): 31 Time(s)
root (161.117.195.97): 30 Time(s)
unknown (150.ip-51-79-86.net): 30 Time(s)
unknown (ip168.ip-149-56-251.net): 30 Time(s)
root (bake.isdeveloping.com): 29 Time(s)
unknown (113.31.102.157): 29 Time(s)
unknown (142.93.47.125): 29 Time(s)
unknown (75.60.67.34.bc.googleusercontent.com): 29 Time(s)
root (182.61.175.71): 28 Time(s)
unknown (115.238.236.74): 28 Time(s)
unknown (211-75-136-208.hinet-ip.hinet.net): 28 Time(s)
unknown (51.254.248.18): 28 Time(s)
unknown (140.143.183.71): 27 Time(s)
root (128.199.212.82): 26 Time(s)
root (134.175.189.153): 26 Time(s)
unknown (162.243.50.8): 25 Time(s)
unknown (185.250.221.220): 25 Time(s)
unknown (89.216.47.154): 25 Time(s)
root (219.93.20.155): 24 Time(s)
root (54.39.191.188): 24 Time(s)
root (178.62.79.227): 23 Time(s)
root (ip79.ip-142-44-184.net): 23 Time(s)
root (ns329837.ip-37-187-117.eu): 23 Time(s)
unknown (cpe-66-108-165-215.nyc.res.rr.com): 23 Time(s)
root (216.213.198.180): 22 Time(s)
unknown (cpc69977-sand12-2-0-cust226.16-1.cable.virginm.net): 22 Time(s)
unknown (124.243.245.3): 21 Time(s)
unknown (ns329837.ip-37-187-117.eu): 20 Time(s)
root (182.18.208.27): 19 Time(s)
unknown (121.15.11.13): 18 Time(s)
unknown (213.128.67.212): 18 Time(s)
root (157.230.113.218): 17 Time(s)
root (162.243.50.8): 17 Time(s)
unknown (178.128.39.92): 17 Time(s)
unknown (mourgos.di.uoa.gr): 17 Time(s)
unknown (ip79.ip-142-44-184.net): 16 Time(s)
unknown (103.92.85.202): 15 Time(s)
unknown (ns3262586.ip-5-39-77.eu): 14 Time(s)
root (213.128.67.212): 13 Time(s)
unknown (50-250-231-41-static.hfc.comcastbusiness.net): 13 Time(s)
root (138.68.82.220): 12 Time(s)
root (adityarama-dc.com): 12 Time(s)
unknown (ip5f5a8e37.dynamic.kabel-deutschland.de): 12 Time(s)
unknown (182.116.56.228): 10 Time(s)
unknown (192.144.148.163): 9 Time(s)
unknown (121.15.2.178): 8 Time(s)
unknown (139.59.80.65): 8 Time(s)
unknown (94.191.50.114): 8 Time(s)
unknown (203.55.73.34.bc.googleusercontent.com): 7 Time(s)
root (059148043097.ctinets.com): 6 Time(s)
root (112.85.42.173): 6 Time(s)
root (190.113.142.197): 6 Time(s)
root (218.92.0.181): 6 Time(s)
unknown (adityarama-dc.com): 6 Time(s)
unknown (mail2.bergschneider.de): 6 Time(s)
root (77.81.230.143): 4 Time(s)
root (server.multixservices.net): 4 Time(s)
unknown (102.165.35.137): 4 Time(s)
unknown (112.186.77.78): 4 Time(s)
unknown (188.254.0.182): 4 Time(s)
unknown (193.32.163.182): 4 Time(s)
root (121.15.11.13): 3 Time(s)
unknown (178.128.202.35): 3 Time(s)
unknown (222.120.192.106): 3 Time(s)
unknown (76.72.8.136): 3 Time(s)
root (106.52.174.139): 2 Time(s)
root (138.197.176.130): 2 Time(s)
unknown (112.186.77.102): 2 Time(s)
unknown (114.118.91.64): 2 Time(s)
unknown (121.139.146.162): 2 Time(s)
unknown (188.4.5.183.dsl.dyn.forthnet.gr): 2 Time(s)
unknown (220.92.16.86): 2 Time(s)
unknown (220.94.205.218): 2 Time(s)
unknown (39.64.193.37): 2 Time(s)
unknown (59.25.197.150): 2 Time(s)
unknown (89.36.217.142): 2 Time(s)
unknown (ool-2f168252.static.optonline.net): 2 Time(s)
unknown (ool-2f168746.static.optonline.net): 2 Time(s)
mysql (118-163-193-82.hinet-ip.hinet.net): 1 Time(s)
mysql (190.113.142.197): 1 Time(s)
postgres (212.147.15.213): 1 Time(s)
postgres (220.92.16.86): 1 Time(s)
postgres (pool-108-36-110-110.phlapa.fios.verizon.net): 1 Time(s)
root (107.13.186.21): 1 Time(s)
root (117.158.15.171): 1 Time(s)
root (195.56.253.49): 1 Time(s)
root (202.131.126.142): 1 Time(s)
root (220.92.16.86): 1 Time(s)
root (5.195.233.41): 1 Time(s)
root (61.161.125.1): 1 Time(s)
root (92.188.124.228): 1 Time(s)
root (mail2.bergschneider.de): 1 Time(s)
root (ns301667.ip-94-23-50.eu): 1 Time(s)
unknown (1.238.117.37): 1 Time(s)
unknown (118-163-178-146.hinet-ip.hinet.net): 1 Time(s)
unknown (139.59.78.236): 1 Time(s)
unknown (156.212.127.151): 1 Time(s)
unknown (162.ip-54-37-205.eu): 1 Time(s)
unknown (189.254.33.157): 1 Time(s)
unknown (191.98.205.37): 1 Time(s)
unknown (206.189.166.172): 1 Time(s)
unknown (222.252.25.241): 1 Time(s)
unknown (41.46.82.151): 1 Time(s)
unknown (42.116.255.216): 1 Time(s)
unknown (45.117.83.36): 1 Time(s)
unknown (81.12.159.146): 1 Time(s)
unknown (91.195.122.91): 1 Time(s)
unknown (92.63.194.26): 1 Time(s)
unknown (93-51-186-90.ip268.fastwebnet.it): 1 Time(s)
unknown (correo.administradoraintegral.com): 1 Time(s)
unknown (fixed-187-189-65-79.totalplay.net): 1 Time(s)
unknown (host81-130-161-44.in-addr.btopenworld.com): 1 Time(s)
unknown (ip-132-148-129-180.ip.secureserver.net): 1 Time(s)
unknown (server.multixservices.net): 1 Time(s)
Invalid Users:
Unknown Account: 1333 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
14 Miscellaneous warnings
18.970K Bytes accepted 19,425
18.970K Bytes sent via SMTP 19,425
======== ==================================================
2 Accepted 100.00%
-------- --------------------------------------------------
2 Total 100.00%
======== ==================================================
1 4xx Reject relay denied 100.00%
-------- --------------------------------------------------
1 Total 4xx Rejects 100.00%
======== ==================================================
131 Connections
120 Connections lost (inbound)
131 Disconnections
2 Removed from queue
2 Sent via SMTP
2 Hostname verification errors (FCRDNS)
---------------------- Postfix End -------------------------
--------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------
Large Mailbox threshold: 40MB (41943040 bytes)
Warning: Large mailbox: mailman.gz (1747199807)
Warning: Large mailbox: mailman (235703599967)
---------------------- sendmail-largeboxes (large mail spool files) End
-------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 3 Time(s)
Failed logins from:
5.39.77.117 (ns3262586.ip-5-39-77.eu): 46 times
5.195.233.41: 1 time
34.67.60.75 (75.60.67.34.bc.googleusercontent.com): 56 times
34.73.55.203 (203.55.73.34.bc.googleusercontent.com): 46 times
36.111.36.83: 36 times
37.187.117.187 (ns329837.ip-37-187-117.eu): 23 times
50.250.231.41 (50-250-231-41-static.hfc.comcastbusiness.net): 59 times
51.254.248.18: 56 times
54.39.191.188: 24 times
59.148.43.97 (059148043097.ctinets.com): 6 times
61.161.125.1: 1 time
66.108.165.215 (cpe-66-108-165-215.nyc.res.rr.com): 64 times
72.2.6.128 (h72-2-6-128.bigpipeinc.com): 36 times
76.72.8.136 (76-72-8-136.swr.dyn.lusfiber.net): 98 times
77.81.230.143 (host143-230-81-77.serverdedicati.aruba.it): 4 times
77.103.0.227 (cpc69977-sand12-2-0-cust226.16-1.cable.virginm.net): 66 times
82.149.162.78 (mail2.bergschneider.de): 1 time
89.36.217.142 (host142-217-36-89.serverdedicati.aruba.it): 74 times
89.216.47.154: 44 times
92.188.124.228 (228.124.188.92.dynamic.ftth.abo.nordnet.fr): 1 time
94.23.50.194 (ns301667.ip-94-23-50.eu): 1 time
94.191.50.114: 89 times
103.92.85.202: 76 times
106.52.174.139: 2 times
106.75.210.147: 44 times
107.13.186.21 (mta-107-13-186-21.nc.rr.com): 1 time
108.36.110.110 (pool-108-36-110-110.phlapa.fios.verizon.net): 1 time
112.85.42.173: 6 times
113.31.102.157: 58 times
114.118.91.64: 96 times
115.238.236.74: 47 times
117.158.15.171: 1 time
118.163.193.82 (118-163-193-82.HINET-IP.hinet.net): 1 time
119.29.62.104: 52 times
121.15.2.178: 41 times
121.15.11.13: 3 times
122.224.175.218: 48 times
128.199.202.206 (adityarama-dc.com): 12 times
128.199.212.82 (94123-73017.cloudwaysapps.com): 26 times
134.175.189.153: 26 times
134.209.16.36: 100 times
138.68.82.220: 12 times
138.68.86.55 (bake.isdeveloping.com): 29 times
138.197.176.130: 2 times
139.59.80.65: 89 times
140.143.183.71: 52 times
142.44.184.79 (ip79.ip-142-44-184.net): 23 times
142.93.47.125 (voucher.tusass.lab): 56 times
157.230.113.218: 17 times
161.117.195.97: 30 times
162.241.178.219 (server.multixservices.net): 4 times
162.243.50.8 (dev.rcms.io): 17 times
178.62.79.227: 23 times
178.62.189.46: 100 times
178.128.39.92 (188227.cloudwaysapps.com): 74 times
178.128.202.35: 80 times
182.18.208.27: 19 times
182.61.175.71: 28 times
182.116.56.228 (hn.kd.ny.adsl): 84 times
185.250.221.220: 61 times
188.166.1.95: 31 times
188.254.0.182: 50 times
190.113.142.197 (190-113-142-197.supercanal.com.ar): 7 times
192.144.148.163: 85 times
195.56.253.49: 1 time
202.73.9.76 (smartspace.wenet.my): 32 times
202.131.126.142: 1 time
211.75.136.208 (211-75-136-208.HINET-IP.hinet.net): 32 times
212.147.15.213 (mail.willemin-macodel.com): 1 time
213.33.244.187 (213-33-244-187-gld.tecom.ru): 46 times
213.128.67.212 (server-213.128.67.212.as42926.net): 13 times
216.213.198.180: 22 times
218.92.0.181: 6 times
219.93.20.155: 24 times
220.92.16.86: 2 times
Illegal users from:
undef: 1061 times
1.238.117.37: 1 time
5.39.77.117 (ns3262586.ip-5-39-77.eu): 14 times
34.67.60.75 (75.60.67.34.bc.googleusercontent.com): 29 times
34.73.55.203 (203.55.73.34.bc.googleusercontent.com): 7 times
37.187.117.187 (ns329837.ip-37-187-117.eu): 20 times
39.64.193.37: 2 times
41.46.82.151 (host-41.46.82.151.tedata.net): 1 time
42.116.255.216: 1 time
45.117.83.36: 1 time
47.22.130.82 (ool-2f168252.static.optonline.net): 2 times
47.22.135.70 (ool-2f168746.static.optonline.net): 2 times
50.250.231.41 (50-250-231-41-static.hfc.comcastbusiness.net): 13 times
51.79.86.150 (150.ip-51-79-86.net): 30 times
51.254.248.18: 28 times
54.37.205.162 (162.ip-54-37-205.eu): 1 time
54.39.191.188: 39 times
59.25.197.150: 2 times
66.108.165.215 (cpe-66-108-165-215.nyc.res.rr.com): 23 times
72.2.6.128 (h72-2-6-128.bigpipeinc.com): 40 times
76.72.8.136 (76-72-8-136.swr.dyn.lusfiber.net): 3 times
77.103.0.227 (cpc69977-sand12-2-0-cust226.16-1.cable.virginm.net): 22 times
81.12.159.146: 1 time
81.130.161.44 (host81-130-161-44.in-addr.btopenworld.com): 1 time
82.149.162.78 (mail2.bergschneider.de): 6 times
89.36.217.142 (host142-217-36-89.serverdedicati.aruba.it): 2 times
89.216.47.154: 25 times
91.195.122.91: 1 time
92.63.194.26: 1 time
93.51.186.90 (93-51-186-90.ip268.fastwebnet.it): 1 time
94.191.50.114: 8 times
95.90.142.55 (ip5f5a8e37.dynamic.kabel-deutschland.de): 12 times
102.165.35.137: 4 times
103.92.85.202: 15 times
106.52.174.139: 43 times
106.75.210.147: 35 times
112.186.77.78: 4 times
112.186.77.102: 2 times
113.31.102.157: 29 times
114.118.91.64: 2 times
115.238.236.74: 28 times
118.163.178.146 (118-163-178-146.HINET-IP.hinet.net): 1 time
119.29.62.104: 32 times
121.15.2.178: 8 times
121.15.11.13: 18 times
121.139.146.162: 2 times
122.224.175.218: 34 times
124.243.245.3: 21 times
128.199.107.252: 46 times
128.199.202.206 (adityarama-dc.com): 6 times
132.148.129.180 (ip-132-148-129-180.ip.secureserver.net): 1 time
138.68.86.55 (bake.isdeveloping.com): 44 times
138.197.176.130: 35 times
139.59.78.236: 1 time
139.59.80.65: 8 times
140.143.183.71: 27 times
142.44.184.79 (ip79.ip-142-44-184.net): 16 times
142.93.47.125 (voucher.tusass.lab): 29 times
149.56.251.168 (ip168.ip-149-56-251.net): 30 times
156.212.127.151 (host-156.212.151.127-static.tedata.net): 1 time
161.117.195.97: 44 times
162.241.178.219 (server.multixservices.net): 1 time
162.243.50.8 (dev.rcms.io): 25 times
178.128.39.92 (188227.cloudwaysapps.com): 17 times
178.128.202.35: 3 times
182.18.208.27: 39 times
182.61.175.71: 46 times
182.116.56.228 (hn.kd.ny.adsl): 10 times
185.250.221.220: 25 times
187.189.65.79 (fixed-187-189-65-79.totalplay.net): 1 time
188.4.5.183 (188.4.5.183.dsl.dyn.forthnet.gr): 2 times
188.254.0.182: 4 times
189.254.33.157 (customer-189-254-33-157-sta.uninet-ide.com.mx): 1 time
190.113.142.197 (190-113-142-197.supercanal.com.ar): 37 times
191.98.205.37: 1 time
192.144.148.163: 9 times
193.32.163.182 (hosting-by.cloud-home.me): 4 times
195.134.67.70 (mourgos.di.uoa.gr): 17 times
200.11.150.238 (correo.administradoraintegral.com): 1 time
202.73.9.76 (smartspace.wenet.my): 35 times
206.189.166.172: 1 time
211.75.136.208 (211-75-136-208.HINET-IP.hinet.net): 28 times
213.33.244.187 (213-33-244-187-gld.tecom.ru): 54 times
213.128.67.212 (server-213.128.67.212.as42926.net): 18 times
216.213.198.180: 41 times
220.92.16.86: 2 times
220.94.205.218: 2 times
222.120.192.106: 3 times
222.252.25.241 (static.vnpt-hanoi.com.vn): 1 time
**Unmatched Entries**
Disconnecting: Change of username or service not allowed: (admin,ssh-connection) ->
(user,ssh-connection) [preauth] : 3 time(s)
fatal: no matching cipher found: client
aes256-cbc,rijndael-cbc(a)lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth] : 5 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/vzfs 400G 241G 160G 61% /
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
2202
days inactive
2202
days old
0 comments
1 participants
participants (1)
-
root@zapf.in