################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Jun 19 04:42:08 2019 Date Range Processed: yesterday ( 2019-Jun-18 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: h2361197.stratoserver.net ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [279:276] ---------------------- fail2ban-messages End ------------------------- --------------------- httpd Begin ------------------------ A total of 3 sites probed the server 167.99.92.176 198.245.53.247 5.188.210.101 Requests with error response codes 400 Bad Request null: 7 Time(s) /: 2 Time(s) /p_/webdav/xmltools/minidom/xml/sax/saxuti ... s/popen2?cmd=cd: 1 Time(s) 7: 1 Time(s) http://5.188.210.101/echo.php: 1 Time(s) mstshash=Administr: 1 Time(s) 404 Not Found /robots.txt: 35 Time(s) /wp-login.php: 7 Time(s) /admin: 5 Time(s) /admin.php: 5 Time(s) /administrator/: 5 Time(s) /administrator/index.php: 5 Time(s) /wp-admin/: 5 Time(s) /wp-config.php.backup: 2 Time(s) /.git//index: 1 Time(s) /.well-known/openpgpkey/hu/1gm6knecomg4mwo ... 36?l=mitglieder: 1 Time(s) /.well-known/openpgpkey/hu/qs1j67f594iidts ... qm5t?l=vorstand: 1 Time(s) /protokolle/ergebnisprotokoll_mv_09.06.2017.pdf: 1 Time(s) /reader/2016_sose_konstanz_lang.pdf: 1 Time(s) /sites/default/files/2004_WiSe_Hamburg.pdf: 1 Time(s) 499 (undefined) /apple-touch-icon.png: 3 Time(s) /build/af7ae505a9eed503f8b8e6982036873e.woff2: 2 Time(s) /build/emojify.js/dist/css/basic/emojify.min.css: 2 Time(s) /fonts/SourceSansPro-Regular.woff: 2 Time(s) /favicon.png: 1 Time(s) /fonts/SourceSansPro-Semibold.woff: 1 Time(s) 500 Internal Server Error /: 59 Time(s) /downloader/index.php: 3 Time(s) /errors/503.php: 3 Time(s) /index.php/admin/: 3 Time(s) /.env: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (drone.xulepth.fr): 61 Time(s) unknown (118.24.197.246): 52 Time(s) unknown (211-22-154-225.hinet-ip.hinet.net): 50 Time(s) unknown (41.67.236.40): 49 Time(s) unknown (115-186-156-164.nayatel.pk): 48 Time(s) unknown (122.52.48.92): 48 Time(s) unknown (106.51.54.198): 45 Time(s) unknown (118.24.152.187): 42 Time(s) unknown (139.199.24.69): 41 Time(s) unknown (net-188-219-40-66.cust.vodafonedsl.it): 40 Time(s) unknown (106.13.33.181): 38 Time(s) unknown (113.ip-51-38-51.eu): 38 Time(s) unknown (139.199.183.185): 38 Time(s) unknown (7.ip-217-182-71.eu): 38 Time(s) unknown (server.biocuckoo.org): 38 Time(s) unknown (145.239.29.13): 36 Time(s) unknown (122.144.198.18): 34 Time(s) unknown (49.5.3.5): 34 Time(s) unknown (128.ip-51-38-37.eu): 29 Time(s) unknown (h88-129-13-207.cust.a3fiber.se): 21 Time(s) unknown (210.4.119.59): 16 Time(s) unknown (c-174-61-104-176.hsd1.fl.comcast.net): 15 Time(s) unknown (mail.adsign.no): 15 Time(s) unknown (12.ip-54-37-159.eu): 12 Time(s) unknown (132.232.32.54): 12 Time(s) unknown (177.81.228.23): 12 Time(s) unknown (27.17.102.102): 10 Time(s) root (112.235.117.87): 6 Time(s) unknown (117.60.83.71): 6 Time(s) unknown (91.177.144.114): 6 Time(s) root (139.199.183.185): 5 Time(s) root (41.67.236.40): 4 Time(s) root (49.5.3.5): 4 Time(s) root (net-188-219-40-66.cust.vodafonedsl.it): 4 Time(s) root (106.51.54.198): 3 Time(s) root (122.52.48.92): 3 Time(s) root (128.ip-51-38-37.eu): 3 Time(s) root (139.199.24.69): 3 Time(s) root (145.239.29.13): 3 Time(s) root (c-174-61-104-176.hsd1.fl.comcast.net): 3 Time(s) backup (118.24.197.246): 2 Time(s) bin (118.24.152.187): 2 Time(s) nobody (106.51.54.198): 2 Time(s) root (113.ip-51-38-51.eu): 2 Time(s) root (118.24.197.246): 2 Time(s) root (122.144.198.18): 2 Time(s) root (211-22-154-225.hinet-ip.hinet.net): 2 Time(s) unknown (151.ip-164-132-225.eu): 2 Time(s) unknown (95.247.241.135): 2 Time(s) backup (106.51.54.198): 1 Time(s) backup (139.199.183.185): 1 Time(s) backup (139.199.24.69): 1 Time(s) backup (145.239.29.13): 1 Time(s) backup (177.81.228.23): 1 Time(s) backup (49.5.3.5): 1 Time(s) backup (7.ip-217-182-71.eu): 1 Time(s) bin (106.51.54.198): 1 Time(s) bin (128.ip-51-38-37.eu): 1 Time(s) bin (41.67.236.40): 1 Time(s) bin (7.ip-217-182-71.eu): 1 Time(s) daemon (139.199.24.69): 1 Time(s) daemon (49.5.3.5): 1 Time(s) games (106.51.54.198): 1 Time(s) games (118.24.197.246): 1 Time(s) gnats (12.ip-54-37-159.eu): 1 Time(s) irc (118.24.152.187): 1 Time(s) lp (115-186-156-164.nayatel.pk): 1 Time(s) lp (122.52.48.92): 1 Time(s) lp (128.ip-51-38-37.eu): 1 Time(s) lp (145.239.29.13): 1 Time(s) lp (210.4.119.59): 1 Time(s) mail (106.13.33.181): 1 Time(s) mail (106.51.54.198): 1 Time(s) mail (128.ip-51-38-37.eu): 1 Time(s) mail (139.199.183.185): 1 Time(s) mail (net-188-219-40-66.cust.vodafonedsl.it): 1 Time(s) mysql (115-186-156-164.nayatel.pk): 1 Time(s) mysql (118.24.152.187): 1 Time(s) mysql (118.24.197.246): 1 Time(s) mysql (122.144.198.18): 1 Time(s) mysql (122.52.48.92): 1 Time(s) mysql (139.199.24.69): 1 Time(s) mysql (177.81.228.23): 1 Time(s) mysql (h88-129-13-207.cust.a3fiber.se): 1 Time(s) news (128.ip-51-38-37.eu): 1 Time(s) news (41.67.236.40): 1 Time(s) nobody (128.ip-51-38-37.eu): 1 Time(s) nobody (mail.adsign.no): 1 Time(s) postfix (139.199.24.69): 1 Time(s) root (106.13.33.181): 1 Time(s) root (112.85.42.174): 1 Time(s) root (112.85.42.176): 1 Time(s) root (115-186-156-164.nayatel.pk): 1 Time(s) root (118.24.152.187): 1 Time(s) root (177.81.228.23): 1 Time(s) root (210.4.119.59): 1 Time(s) root (27.17.102.102): 1 Time(s) root (drone.xulepth.fr): 1 Time(s) root (h88-129-13-207.cust.a3fiber.se): 1 Time(s) root (server.biocuckoo.org): 1 Time(s) smmsp (210.4.119.59): 1 Time(s) smmsp (49.5.3.5): 1 Time(s) smmsp (net-188-219-40-66.cust.vodafonedsl.it): 1 Time(s) sshd (106.51.54.198): 1 Time(s) sshd (118.24.197.246): 1 Time(s) sync (106.51.54.198): 1 Time(s) sync (server.biocuckoo.org): 1 Time(s) unknown (115.224.195.138): 1 Time(s) unknown (118.24.125.159): 1 Time(s) unknown (121.190.213.206): 1 Time(s) unknown (190.151.144.57): 1 Time(s) unknown (193.32.163.89): 1 Time(s) unknown (37.114.146.36): 1 Time(s) unknown (54.56-65-87.adsl-dyn.isp.belgacom.be): 1 Time(s) unknown (58.42.226.103): 1 Time(s) unknown (ip-198.net-89-3-30.rev.numericable.fr): 1 Time(s) unknown (mail.support-info.info): 1 Time(s) unknown (static-201-245-200-122.static.etb.net.co): 1 Time(s) uucp (122.52.48.92): 1 Time(s) uucp (139.199.183.185): 1 Time(s) www-data (net-188-219-40-66.cust.vodafonedsl.it): 1 Time(s) Invalid Users: Unknown Account: 943 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 11 Miscellaneous warnings 15.449K Bytes accepted 15,820 15.449K Bytes sent via SMTP 15,820 ======== ================================================== 1 Accepted 100.00% -------- -------------------------------------------------- 1 Total 100.00% ======== ================================================== 30 Connections 27 Connections lost (inbound) 30 Disconnections 1 Removed from queue 1 Sent via SMTP 1 Hostname verification errors (FCRDNS) ---------------------- Postfix End ------------------------- --------------------- sendmail-largeboxes (large mail spool files) Begin ------------------------ Large Mailbox threshold: 40MB (41943040 bytes) Warning: Large mailbox: mailman.gz (1747199807) Warning: Large mailbox: mailman (235703599967) ---------------------- sendmail-largeboxes (large mail spool files) End ------------------------- --------------------- SSHD Begin ------------------------ Disconnecting after too many authentication failures for user: invalid : 1 Time(s) root : 1 Time(s) Failed logins from: 27.17.102.102: 1 time 41.67.236.40: 6 times 46.105.124.52 (drone.xulepth.fr): 1 time 49.5.3.5: 7 times 51.38.37.128 (128.ip-51-38-37.eu): 8 times 51.38.51.113 (113.ip-51-38-51.eu): 2 times 54.37.159.12 (12.ip-54-37-159.eu): 1 time 79.161.218.122 (mail.adsign.no): 1 time 88.129.13.207 (h88-129-13-207.cust.a3fiber.se): 2 times 106.13.33.181: 2 times 106.51.54.198 (broadband.actcorp.in): 11 times 112.85.42.174: 3 times 112.85.42.176: 3 times 112.235.117.87: 6 times 115.186.156.164 (115-186-156-164.nayatel.pk): 3 times 118.24.152.187: 5 times 118.24.197.246: 7 times 122.52.48.92 (122.52.48.92.static.pldt.net): 6 times 122.144.198.18: 3 times 139.199.24.69: 7 times 139.199.183.185: 8 times 145.239.29.13 (ip-145-239-29.eu): 5 times 174.61.104.176 (c-174-61-104-176.hsd1.fl.comcast.net): 3 times 177.81.228.23 (b151e417.virtua.com.br): 3 times 188.219.40.66 (net-188-219-40-66.cust.vodafonedsl.it): 7 times 192.163.224.116 (server.biocuckoo.org): 2 times 210.4.119.59: 3 times 211.22.154.225 (211-22-154-225.HINET-IP.hinet.net): 2 times 217.182.71.7 (7.ip-217-182-71.eu): 2 times Illegal users from: undef: 779 times 27.17.102.102: 10 times 37.114.146.36: 1 time 41.67.236.40: 49 times 46.105.124.52 (drone.xulepth.fr): 61 times 49.5.3.5: 34 times 51.38.37.128 (128.ip-51-38-37.eu): 29 times 51.38.51.113 (113.ip-51-38-51.eu): 38 times 54.37.159.12 (12.ip-54-37-159.eu): 12 times 58.42.226.103: 1 time 79.161.218.122 (mail.adsign.no): 15 times 87.65.56.54 (54.56-65-87.adsl-dyn.isp.belgacom.be): 1 time 88.129.13.207 (h88-129-13-207.cust.a3fiber.se): 21 times 89.3.30.198 (ip-198.net-89-3-30.rev.numericable.fr): 1 time 91.177.144.114 (114.144-177-91.adsl-dyn.isp.belgacom.be): 6 times 95.247.241.135 (host135-241-dynamic.247-95-r.retail.telecomitalia.it): 2 times 106.13.33.181: 38 times 106.51.54.198 (broadband.actcorp.in): 45 times 115.186.156.164 (115-186-156-164.nayatel.pk): 48 times 115.224.195.138: 5 times 117.60.83.71 (71.83.60.117.dial.wx.js.dynamic.163data.com.cn): 6 times 118.24.125.159: 1 time 118.24.152.187: 42 times 118.24.197.246: 52 times 121.190.213.206: 1 time 122.52.48.92 (122.52.48.92.static.pldt.net): 48 times 122.144.198.18: 34 times 132.232.32.54: 12 times 139.199.24.69: 41 times 139.199.183.185: 38 times 145.239.29.13 (ip-145-239-29.eu): 36 times 164.132.225.151 (151.ip-164-132-225.eu): 2 times 174.61.104.176 (c-174-61-104-176.hsd1.fl.comcast.net): 15 times 177.81.228.23 (b151e417.virtua.com.br): 12 times 188.219.40.66 (net-188-219-40-66.cust.vodafonedsl.it): 40 times 190.151.144.57 (57.144.151.190.cabletel.net.ar): 1 time 192.163.224.116 (server.biocuckoo.org): 38 times 193.32.163.89 (srv.eqaltech.su): 1 time 201.245.200.122 (static-201-245-200-122.static.etb.net.co): 1 time 210.4.119.59: 16 times 211.22.154.225 (211-22-154-225.HINET-IP.hinet.net): 50 times 213.136.89.189 (mail.support-info.info): 1 time 217.182.71.7 (7.ip-217-182-71.eu): 38 times ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/vzfs 400G 242G 159G 61% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################